0

we deploy ceph S3 object storage and want secure RGW. Is there any solution or any user experience about it? Is it common to use WAF ?

neuro
  • 14,948
  • 3
  • 36
  • 59
Mohammad Kefayati
  • 11
  • 1

1 Answers1

0

Anyone using Ceph Object Storage will require a access_key and secret_key to interact with the service. This provides one level of security.

Firewalls on the server level (e.g. iptables) and firewalls on the network devices to only permit access from specific sources (unless you need RGW open to the world) could provide another.

Perhaps DDoS mitigation using something like Cloudbric, Akamai, or Cloudflare? Or even simply Fail2Ban banning IPs after a certain of number of incorrect credentials?

You haven't provided many details about your deployment and use-case, so it's hard to advise.

n7s
  • 399
  • 1
  • 7
  • Tnx for response. we want deploy object storage as a cloud service provider to public customer so security is important. I set up nginx reverse proxy front of RGW servers for improve performance.I understand that nginx work with modesecurity for WAF. Can is setup this for improve security of RWG server? – Mohammad Kefayati Apr 10 '20 at 10:00