1. 28

  2. 6

    I’m bookmarking this and I will be using it as a guide when I do the go1.8 upgrade. Overall I haven’t found problems running some very big sites with Go exposed on the internet. I won’t claim that the go stdlib alone can get you cloudflare-level protection, but I know of multiple alexa top100 usa sites that run go on the public internet. They receive a fair amount of malicious traffic and go generally handles it pretty well. Things that help go:

    • The runtime is basically a big epoll library. It’s pretty efficient at handling multiple connections and slowloris attacks.
    • The builtin map actually uses a cryptographically secure hashing function (AESNI instructions are used where available). DOS attacks due to storing query strings in a map aren’t possible.
    • The community has had an effort to do lots of fuzzing.
    1. 1

      I did use this today to test out some cert chains from a different provider with poor documentation. I really like the fact that it wouldn’t even run if the certs were poorly chained.