《极致时延游戏体验的网络与安全实践.pdf》由会员分享,可在线阅读,更多相关《极致时延游戏体验的网络与安全实践.pdf(46页珍藏版)》请在三个皮匠报告上搜索。
1、?Amazon?31?4?99?32?Local Zone?21?400+?13?115+?GovCloud?GovCloud?Amazon?A m a z o n?400 Gbps?245?Region,Local Zone?务?Oversubscription?TCP Congestionx?TCP?Scalable Reliable Datagram(SRD)?SRD?EFAEBSENA?&?-?Amazon Cloud WANAmazon Cloud WANRegion 3Region 2Region 1Core networkDevelopmentProductionVPCVPCVP
2、CVPCVPCVPCTGWSecurityVPCVPCAmazon Direct Connect GatewayVPCRemote usersSandboxHybridVPN SitesDX SiteBranchofficesRemote usersClient VPNVPCConnectDX SiteVPNSD-WAN sitesDX Site?务?务?VPC REACHABILITY ANALYZERVPC NETWORK ACCESS ANALYZERCLOUD WANIP ADDRESS MANAGER(IPAM)Amazon Network Manager?SCREENSHOT?-?
3、Internet?ASN?Amazon CloudWatch Internet Monitor?/?ISP/ASN?/ASN?Region?Local ISPNetwork ABCDEF?Global Acceleratoredge PoPLocal ISP?(?)?(?)?,API,WebSockets?HTTP?WebSocket?(?)?TCP/TLS?TCP/UDP?HTTP?TCP/UDP?HTTP?(BGP Anycast)?TCP?Public InternetPublic Internet?CloudFront?Public Internet?Global Accelerato
4、rNetworkFirewallEncryptionAmazon ShieldSecurity Groups and ACLsPartner AppliancesDNS FirewallNATGatewayGateway Load BalancerAmazon WAF?Viewer requestOrigin requestBot controlAmazon WAFShield Advanced?DDoS?Shield AdvancedDDoS?AmazonShield?(SRT)Web?Amazon WAF?(AMRs)OWASP Top 10 AMR?Amazon WAF Bot Cont
5、rol?good bots?bad bots?2021,Amazon Web Services,Inc.or its affiliates.All rights reserved.?-WAF?rule group.?IP CIDR?IPs,?IPs,etc.?“Allow”?rule group.?IP CIDR?.?XFF?.?“Block”?“Count”(if you wish)?label:“bot:verified”?URL?Scope Down?2021,Amazon Web Services,Inc.or its affiliates.All rights reserved.?-
6、Log WAF Hub?Kinesis FirehoseDelivery Stream?WAF 日志写入方式 2快且便宜推荐!1WAF?11S3?SQS?SQS2?Lambda?3?4OpenSearch?5?Log ProcessorWAFWeb ACLhttps:/log-hub.docs.solutions.gcr.aws.dev/2021,Amazon Web Services,Inc.or its affiliates.All rights reserved.2021,Amazon Web Services,Inc.or its affiliates.All rights reser
7、ved.2021,Amazon Web Services,Inc.or its affiliates.All rights reserved.?Top AS?2021,Amazon Web Services,Inc.or its affiliates.All rights reserved.2021,Amazon Web Services,Inc.or its affiliates.All rights reserved.?(proof-of-work)?https:/en.wikipedia.org/wiki/Proof_of_work?WAF JavaScript SDK 2021,Ama
8、zon Web Services,Inc.or its affiliates.All rights reserved.Login PageClick on the below button to loginLoginasync function login()let user=name:username,surname:surname;const response=await AwsWafIntegration.fetch(https:/ responseText=await response.text()document.getElementById(display).innerText=r
9、esponseTextconsole.log(responseText)Hello WAF!2021,Amazon Web Services,Inc.or its affiliates.All rights reserved.四 疏而不失-URL签名?CloudFront?URL?CloudFront?CDN?CloudFront PoP403无签名或过期签名请求提交带签名的请求验证请求Origins验证请求的站点通过验证则授予URL对应签名 2021,Amazon Web Services,Inc.or its affiliates.All rights reserved.?Shield A
10、dvanceWAF?Bot-Control/Challenge/CaptchaShield?(PoP/Region)WAF?(PoP/Region)Web/L7UDP?SYN floodsSlowlorisSSL abuseUDP?HTTP?Crawlers scrapers?SQL?(CC?)?(CC?)L3/L4 LayerWeb/L7Web/L7+DDoS SRT Team?+DDoS?2021,Amazon Web Services,Inc.or its affiliates.All rights reserved.DDoS protection:Health-based detect
11、ionShield 2021,Amazon Web Services,Inc.or its affiliates.All rights reserved.2021,Amazon Web Services,Inc.or its affiliates.All rights reserved.?Shield Advance?2021,Amazon Web Services,Inc.or its affiliates.All rights reserved.?OriginLatency?2022,Amazon Web Services,Inc.or its affiliates.All rights reserved.?Region/PoP?Shield?2022,Amazon Web Services,Inc.or its affiliates.All rights reserved.?WAF Rule+Log Hub?WAF Top AS?WAF JavaScript SDK?URL?Shield AdvanceTHANKS!