Thank you so much.
Thus, The Front end and Back end servers are same about the security.
What does "handle backend server down" mean?
On Tuesday, March 9, 2021, 04:30:01 PM GMT+3:30, James Smith
wrote:
Yes - you should harden the front-end as this is what is likely to be
compromised
Hi,
I've a resource generated by a CGI script (the result changes, it
depends on the X-Forwarded-For header). Now the server receives requests
for this resource.
The requests have set the "If-Modified-Since" header
to the current timestamp. The server now *always* responds with "Not
Modified".
Yes - you should harden the front-end as this is what is likely to be
compromised by general attacking.
Run SSL, run a static server & proxy server, set security headers, handle
backend server down, handle http -> https redirects, handle basic auth (you can
have a general rule for wordpress ad