Paul Braren

My feedback

  1. 11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Service Improvement » Security  ·  Flag idea as inappropriate…  ·  Admin →
    Paul Braren commented  · 

    Any progress?

    Paul Braren commented  · 

    If folks are interested in a bit more detail about why OCSP stapling would be good, see also my brief write-up at:
    https://TinkerTry.com/about#certificate
    https://TinkerTry.com/testing-of-http2-underway-at-tinkertry#jul-08-2016-update

    Paul Braren commented  · 

    +1

    Paul Braren supported this idea  · 
  2. 84 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    25 comments  ·  Service Improvement » General  ·  Flag idea as inappropriate…  ·  Admin →
    Paul Braren commented  · 

    +1

    Paul Braren supported this idea  · 
  3. 33 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Paul Braren supported this idea  · 
  4. 11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Service Improvement » Website Improvements  ·  Flag idea as inappropriate…  ·  Admin →
    Paul Braren shared this idea  · 
  5. 41 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    19 comments  ·  Service Improvement » Website Improvements  ·  Flag idea as inappropriate…  ·  Admin →
    Paul Braren commented  · 

    +1!

    Paul Braren supported this idea  · 
  6. 322 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    46 comments  ·  Service Improvement » Security  ·  Flag idea as inappropriate…  ·  Admin →

    After some difficulties with Cloudflare, we have spoken now with Sucuri (https://sucuri.net/). They offer malware removal, website firewall (providing DDoS protection among other things, requires DNS redirection to point to their firewalls) and site scanning (via local agent). All features independent (we can offer all or some).

    We are thinking that a better approach to solving our customers problems when it comes to security and performance will be to offer (as add-ons) Sucuri (security centric and very focused on our most common apps) and MaxCDN (pure CDN focused on performance).

    Any one has had experience with Sucuri? We have already tested (and in talks with them) and looks very promising.

    Let us know thoughts on this (Sucuri + MaxCDN) approach (vs Cloudfront). We know this is well overdue and want to get it rolling.

    Cloudways Team

    Paul Braren commented  · 

    Another approach would be partnering with AWS CloudFront and their CDN, if they're willing to handle DDoS protection too, see http://aws.amazon.com/security/. Also nice if using zone apex that Route 53 offers, see http://aws.amazon.com/route53/faqs/ (so you don't need the www).

    I temporarily tested AWS CloudFront to run my entire site a couple weeks back, so an nslookup on my site name would show a CloudFront pool of IPs. In the end, we got tripped up with .htaccess issues, and simply ran out of time to resolve it (.htaccess issues were resolved by Cloudways support)

    When it was up for a few days though, the speed was excellent, and much improved outside of north america. See this network diagram and follow the numbers to (hopefully) understand make what I'm describing a bit clearer:
    https://cdn.tinkertry.com/files/This-is-how-AWS-CloudFront-is-seamlessly-and-securely-serving-up-all-of-tinkertry.com-sanitized.png

    Using AWS CloudFront had the nice side effect of automatic CDN'ing of all my site's images, without any re-coding. That also meant URLs then never needed a CNAME like cdn.tinkertry.com/path/filename.png , instead, simply tinkertry.com/path/filename.png worked fine.

Feedback and Knowledge Base