This is an automated email from the ASF dual-hosted git repository.
fanningpj pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/pekko-http.git
The following commit(s) were added to refs/heads/main by this push:
new e7d706a8d docs: add basic security model (#722)
e7d706a8d is described below
commit e7d706a8d5680e7bd38bd29053cf6520a3497aea
Author: Arnout Engelen <[email protected]>
AuthorDate: Mon Aug 25 16:56:50 2025 +0200
docs: add basic security model (#722)
based on
https://github.com/apache/pekko-http/issues/332#issuecomment-1774822482
---
docs/src/main/paradox/security.md | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/docs/src/main/paradox/security.md
b/docs/src/main/paradox/security.md
index c9f6c5fe6..364c0a977 100644
--- a/docs/src/main/paradox/security.md
+++ b/docs/src/main/paradox/security.md
@@ -1,5 +1,11 @@
# ! Security Announcements !
+## Security model
+
+Pekko HTTP-based applications should not be exposed to the public internet
directly.
+We believe Pekko HTTP behaves pretty well under most known Denial of Service
attacks, but if you want the best security, you should use an enterprise grade
routing solution.
+Even using a load balancing solution like an up-to-date version of [Apache
HTTP Server](https://httpd.apache.org/) or [Nginx](https://nginx.org/) would be
safer than exposing Pekko HTTP-based applications directly to the public
internet.
+
## Receiving Security Advisories
The best way to receive any and all security announcements is to subscribe to
the [Apache Announce Mailing
List](https://lists.apache.org/[email protected]).
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
