i know it`s not recommended expose kestrel web server outside world, performance lost placing kestrel behind iis not thing can ignored. (in fact 1 might lose performance gained migrating .net core.)
so give try:
im wondering if there thing should aware of when exposing kestrel outside world, specially in terms of security?
thanks in advance.
the security risks ill-defined, basic answer kestrel not have hardening against attacks more mature web servers (like iis) do.
a full write-up available in documentation: https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/. here relevant section:
the important reason using reverse proxy edge deployments (exposed traffic internet) security. kestrel relatively new , not yet have full complement of defenses against attacks. includes isn't limited appropriate timeouts, size limits, , concurrent connection limits.
Comments
Post a Comment