Iqela labaphandi Ukusuka kwiYunivesithi yasePeking, iYunivesithi yaseTsinghua kunye neDyunivesithi yaseTexas ikhuphe ulwazi malunga umsebenzi wakho owenziweyo ukuze ukwazi ukuchonga iklasi entsha yohlaselo lwe-DoS abathi igama "RangeAmp" kwaye esekwe ekusetyenzisweni kwentloko yesihloko seHTTP ukulungiselela ukwandiswa kwezithuthi kuthungelwano lokuhanjiswa komxholo (CDN).
Undoqo wendlela eyona nto yile, ngenxa ye-quirk yokuqhubekeka kwezihloko zeRange kwii-CDNs ezininzi, umhlaseli ingacela i-byte kwifayile enkulu ngeCDN, kodwa I-CDN iya kukhuphela yonke ifayile okanye ibhloko enkulu kakhulu yedatha kwiseva yokuya kuyo yolondolozo.
Inqanaba lokunyusa itrafikhi ngexesha lokuhlaselwa kolu hlobo, ngokwe-CDN, ngamaxesha angama-724 ukuya kuma-43330, anokusetyenziselwa ukugcwalisa ukugcwala kwe-CDN engenayo okanye ukunciphisa umda wokuhamba komjelo wonxibelelwano wokugqibela kwindawo yexhoba.
I-header Range ivumela umxhasi ukuba amisele uluhlu lwezikhundla kwifayile ekufuneka ilayishwe endaweni yokubuyisa yonke ifayile.
Umzekelo, umxhasi angachaza "Uluhlu: bytes = 0-1023" kwaye iserver iya kudlulisa kuphela ii-byte ezili-1024 zedatha yokuqala. Eli nqaku likwimfuno ephezulu xa ukhuphela iifayile ezinkulu: umsebenzisi unokumisa ukhuphelo kwaye emva koko awuqhubeke kwindawo ephazanyisiweyo. Xa ucacisa "byte = 0-0", umgangatho umisela ukunika i-byte yokuqala kwifayile, "byte = -1" - eyokugqibela, "byte = 1-" - ukusuka kwi-1 byte ukuya esiphelweni sefayile. Ungadlulisa amanqanaba amaninzi kwintloko enye, umzekelo "Uluhlu: bytes = 0-1023.8192-10240".
Kwakhona, Uhlaselo lwesibini lwacetyiswa (ibizwa ngokuba kukuhlaselwa kweRangeAmp Byte Ranges (OBR), yenzelwe ukwandisa umthwalo wenethiwekhi xa ukugcwala kugqithiselwa kwenye i-CDN, esetyenziswa njenge-proxy (umzekelo, xa i-Cloudflare isebenza njenge-frontend (i-FCDN) kunye ne-Akamai isebenza njenge-backend (BCDN). Indlela ifana nohlaselo lokuqala, kodwa ibekwe ngaphakathi kwiiCDNs kwaye ikuvumela ukuba wandise ukugcwala xa ufikelela kwezinye iiCDN, ukwandisa umthwalo kwiziseko zophuhliso kunye nokunciphisa umgangatho wenkonzo.
Umbono ngowokuba umhlaseli athumele uluhlu oluninzi kwisicelo secala le-CDN, ezinje nge "byte = 0-, 0-, 0 - ...", "bytes = 1-, 0-, 0 - ..." okanye "iibhayithi = - 1024,0-, 0 -…«.
Izicelo ziqulathe inani elikhulu le "0-" uluhlu, oko kuthetha ukubuya kwefayile ukusuka ekuqaleni ukuya esiphelweni. Ngenxa yokwahlulahlula okungachanekanga xa i-CDN yokuqala ibhekisa kweyesibini, ifayile epheleleyo ibuyiselwa kwibhendi nganye engu- "0-" (uluhlu aludityaniswanga, kodwa iyalelwa ngokulandelelana) ukuba uphinda-phindo lomqolo kunye nokudibana kukho kwisicelo sokuhlaselwa esasingenisiwe ekuqaleni. Inqanaba lokukhulisa itrafikhi kolu hlaselo luphakathi kwama-53 ukuya kuma-7432 amaxesha.
Isifundo sivavanye indlela yokuziphatha kwe-13 CDNs: Akamai, Alibaba Cloud, Azure, CDN77, CDNsun, Cloudflare, CloudFront, Ngokukhawuleza, G-Core Labs, Huawei Cloud, KeyCDN, StackPath, kunye Tencent Cloud.
Ngelishwa, nangona besithumela i-imeyile amatyeli amaninzi kwaye sizama ukuqhakamshelana neenkonzo zabo zabathengi, iStackPath khange ibonelele nganto, utshilo iqela lophando.
“Kukonke, senze konke okusemandleni ethu ukunika ingxelo yokuba sesichengeni kwaye sinike nezisombululo. Ababoneleli beCDN abanxulumene noko sele bephantse ukuba ziinyanga ezisixhenxe zokuphumeza iindlela zokuphucula ngaphambi kokuba kupapashwe olu xwebhu. "
Zonke iiCDN ziqwalaselwe zavumela uhlobo lokuqala lokuhlaselwa kwiseva ekujoliswe kuyo. Inguqulelo yesibini yohlaselo lweCDN yavela kwiinkonzo ezi-6, ezine ezinokuthi zisebenze njengonxibelelwano kuhlaselo (CDN77, CDNsun, Cloudflare kunye neStackPath) kwaye zintathu kwindima yokubuyela umva (Akamai, Azure kunye neStackPath).
Eyona nzuzo iphezulu ifezekisiwe eAkamai naseStackPath, ekuvumela ukuba ubonise ngaphezulu kwama-10 erenki kwisihloko seRank.
Abanini beCDN baziswa malunga yobuthathaka malunga neenyanga ezi-7 ezidlulileyo kwaye ngexesha lokuxelwa koluntu, ii-CDN ezili-12 kwezili-13 zisombulule iingxaki ezichongiweyo okanye zabonisa ukuvuma ukuzisombulula.
Umthombo: https://www.liubaojun.org