I’m bookmarking this and I will be using it as a guide when I do the go1.8 upgrade. Overall I haven’t found problems running some very big sites with Go exposed on the internet. I won’t claim that the go stdlib alone can get you cloudflare-level protection, but I know of multiple alexa top100 usa sites that run go on the public internet. They receive a fair amount of malicious traffic and go generally handles it pretty well. Things that help go:
The runtime is basically a big epoll library. It’s pretty efficient at handling multiple connections and slowloris attacks.
The builtin map actually uses a cryptographically secure hashing function (AESNI instructions are used where available). DOS attacks due to storing query strings in a map aren’t possible.
The community has had an effort to do lots of fuzzing.
I did use this today to test out some cert chains from a different provider with poor documentation. I really like the fact that it wouldn’t even run if the certs were poorly chained.
I’m bookmarking this and I will be using it as a guide when I do the go1.8 upgrade. Overall I haven’t found problems running some very big sites with Go exposed on the internet. I won’t claim that the go stdlib alone can get you cloudflare-level protection, but I know of multiple alexa top100 usa sites that run go on the public internet. They receive a fair amount of malicious traffic and go generally handles it pretty well. Things that help go:
I did use this today to test out some cert chains from a different provider with poor documentation. I really like the fact that it wouldn’t even run if the certs were poorly chained.