Hacking Book | Free Online Hacking Learning


striving for miracles: an example of security in web architecture

Posted by forbes at 2020-02-27


In a test of online business, I met a strange problem. After investigation, it is related to the synchronization of LVS and back-end application services. Now I share it as follows; and I make a simple summary of the basic knowledge of Web architecture and the possible problems of my personal experience.



After the operation and maintenance troubleshooting, it was found that the root cause was the inconsistent configuration of multiple servers at the back end. For example, the code of three servers was the latest, with a protection policy, while the code of one server was not updated, without a protection policy. When multiple requests were made, LVS pointed the traffic to the server without a protection policy, and there was no requirement map for the response package Shape validation or response is normal, resulting in packets in multiple requests that do not need to be validated.

Test method and utilization

Multithreaded, highly concurrent requests; the normal requests in these large number of abnormal packets may also be utilized. For example, if LVS is a polling algorithm, there will be one available request every n times.


Nowadays, web application is not the era of single server. There is always a huge web architecture to support an application. I have learned some basic knowledge and listed the possible problems in these architectures based on my experience.

Used to record knowledge through mind map, please click or right-click to view the large HD map:

Please visit GitHub to get the XMIND source file.