cjyabraham
commented
1 year ago Some observations and questions:
1) Is https://www.lfasiallc.cn/ still served by the Alibaba mirror? It doesn't look like it is anymore. In this case, should we set a canonical redirect for it to the https://www.lfasiallc.com/ url so we're not splitting SEO juice, serving duplicate content etc?
2) While s-maxage isn’t explicitly set, my understand is that it should take the max-age value, in this case 18000. So I doubt changing those headers further would really increase the cache rate. I agree, however, that it’d be better to set each independently so that we could have a shorter expiration for remote caches.
3) Does the Pantheon Global CDN even recognize s-maxage? They are currently getting me a full answer on this.
In the wake of the DDOS attack on the LF Projects sites last week, we should harden our CNCF and LFEvents sites to make sure we're prepared for any attack. LF IT has done a thorough analysis of the event and left some notes here. The gist of this is getting the CDN to serve over 95% of requests. They recommend implementing the following headers which are more sophisticated than what we currently have.
They also note that Cerber of Wordfence are not needed and we're better without them. In fact it was the Cerber plugin that was the cause of a massive slowdown during the LF Project attack. Our goal here is to keep the CDN cache strong even when our PHP boxes are getting pounded with DDOS requests and those plugins can't help with that.