Skip to content

Instantly share code, notes, and snippets.

View itsnikolayy's full-sized avatar
💭
#UseApacheTrafficServer

nikolay itsnikolayy

💭
#UseApacheTrafficServer
1 follower · 0 following
  • usa
  • 19:47 (UTC -06:00)
View GitHub Profile
@itsnikolayy
itsnikolayy / Barracuda-Firewall.md
Created July 31, 2025 02:15

Barracuda Web App Firewall tech stack / backend infrastructure

Makes use of the following, not sure if its the primary way the firewall is implemented:

NGINX https://nginx.org/

Rules: Snort (Open Source Intrusion Prevention System) https://snort.org/

Seems to utilize mostly Ruby for its infrastructure. Snort rules appear to be called with fast-cgi via NGINX.

@itsnikolayy
itsnikolayy / Bunny-CDN-Tech-Stack.md
Created July 31, 2025 01:34
@itsnikolayy
itsnikolayy / Cloudflare-Tech-Stack.md
Last active July 31, 2025 04:42

This is the Cloudflare tech stack / backend infrastructure (I want to thank Cloudflare for being so open about their infrastructure and services. They are arguably one of my biggest inspirations.)

Proxy: Pingora [Rust] [Apache-2.0 license] https://github.com/cloudflare/pingora (Formerly, Cloudflare used NGINX)

REST APIs: Golang (mostly) (runs on kubernetes pods)

Databases: PostgreSQL (for REST API and Dashboard) ClickHouse for logs

@itsnikolayy
itsnikolayy / Fastly-Tech-Stack.md
Last active July 31, 2025 01:30

This is the Fastly tech stack / backend infrastructure

Reverse proxy / TLS termination / load balancing: h2o https://github.com/h2o/h2o/tree/master [MIT license] (https://h2o.examp1e.net/configure/proxy_directives.html)

Caching server: Varnish Enterprise https://www.varnish-software.com/products/varnish-enterprise/ [not open source] (there is an open source version of varnish)

Authoratative DNS server: NSD https://github.com/NLnetLabs/nsd [BSD-3-Clause license] (https://www.nlnetlabs.nl/projects/nsd/about/) (does not offer authoratative DNS to customers, but does give customers a CNAME that is tied to Fastly nameservers running NSD)

Web App Firewall (WAF): Signal Sciences https://github.com/signalsciences [not open source] (https://www.fastly.com/products/web-application-api-protection)

@itsnikolayy
itsnikolayy / Aamazon-AWS-CloudFront-Tech-Stack.md
Created July 31, 2025 01:04

This is the AWS (Amazon Web Services) CloudFront tech stack / backend infrastructure

Proxy: NGINX https://nginx.org/ (an in-house proxy built with Rust is used if the client protocol is QUIC)

Cache: Squid https://www.squid-cache.org/

@itsnikolayy
itsnikolayy / README.md
Last active December 16, 2023 07:26

You can find me at GitGud:

@itsnikolayy
itsnikolayy / Barracuda-CloudGen-WAF-nginx-rest.conf
Created August 5, 2023 07:22
location ~ ^/restapi/(v\d+(\.\d+)?)/(.+)$ {
set $directive "RESTful File Handle";
limit_req zone=apilimit burst=10 nodelay;
upload_pass @rest;
upload_store /data/tmp/nginx_uploads 1;
upload_set_form_field $upload_field_name.name "$upload_file_name";
@itsnikolayy
itsnikolayy / Barracuda-CloudGen-WAF-nginx.conf
Created August 5, 2023 07:21
user nobody nogroup;
worker_processes 2;
pid /var/run/nginx.pid;
http {
types {
application/javascript js;
application/json json;
application/pdf pdf;
application/xml xml;
@itsnikolayy
itsnikolayy / Barracuda-ethernet-codes.txt
Created August 5, 2023 07:02
0:0:0 XEROX CORPORATION
0:0:1 XEROX CORPORATION
0:0:10 SYTEK INC.
0:0:11 NORMEREL SYSTEMES
0:0:12 INFORMATION TECHNOLOGY LIMITED
0:0:13 CAMEX
0:0:14 NETRONIX
0:0:15 DATAPOINT CORPORATION
0:0:16 DU PONT PIXEL SYSTEMS .
0:0:17 TEKELEC
@itsnikolayy
itsnikolayy / Barracuda-http-attack-ips.txt
Created August 5, 2023 07:01
create knownHttpAttackSourcesSet0 hash:ip family inet hashsize 1024 maxelem 65536
add knownHttpAttackSourcesSet0 1.0.134.179
add knownHttpAttackSourcesSet0 1.0.209.23
add knownHttpAttackSourcesSet0 1.1.163.86
add knownHttpAttackSourcesSet0 1.1.224.206
add knownHttpAttackSourcesSet0 1.1.224.57
add knownHttpAttackSourcesSet0 1.1.228.9
add knownHttpAttackSourcesSet0 1.10.140.44
add knownHttpAttackSourcesSet0 1.10.188.93
add knownHttpAttackSourcesSet0 1.197.16.37