User Rating: 4 / 5

Star Active Star Active Star Active Star Active Star Inactive

HTTP/2 (originally named HTTP/2.0) is a major revision of the HTTP network protocol used by the World Wide Web. It was derived from the earlier experimental SPDY protocol, originally developed by Google. HTTP/2 was developed by the Hypertext Transfer Protocol working group httpbis (where bis means "second") of the Internet Engineering Task Force. HTTP/2 is the first new version of HTTP since HTTP 1.1, which was standardized in RFC 2068 in 1997. The Working Group presented HTTP/2 to IESG for consideration as a Proposed Standard in December 2014, and IESG approved it to publish as Proposed Standard on February 17, 2015. The HTTP/2 specification was published as RFC 7540 in May 2015.

The standardization effort was supported by Chrome, Opera, Firefox, Internet Explorer 11, Safari, Amazon Silk, and Edge browsers. Most major browsers had added HTTP/2 support by the end of 2015.

According to W3Techs, as of November 2018, 31.8% of the top 10 million websites supported HTTP/2.

Read more: How to Enable HTTP/2 in CentOS 7


User Rating: 5 / 5

Star Active Star Active Star Active Star Active Star Active

Content Delivery Network or CDN is the next tip to speed up your website. There are many reasons, but the main one has to be with your machine. Depending on the browser, you may have one or multiple threads requesting HTTP objects in parallel. I read someone else, that Chrome has a 6 thread limit (I am not sure, but bear with me, it is a small number). Additionally, a web server that hosts everything generally does it in a FIFO way, the first request is the first attended. So, so far there are two bottlenecks we need to get rid of.

To show you I will use my business website and I will use Google PageSpeed Insights as the metric.

Read more: Speeding Up your Website Tip: Use a CDN

User Rating: 5 / 5

Star Active Star Active Star Active Star Active Star Active

If you have installed FusionPBX from the installation scripts you will notice it has already some fail2ban configurations. If you are using my RPM's, it doe not include any kind of this configuration as my philosophy is to specialize in the package to do one thing, not a do-it-all. Anyway, if you are only using FusionPBX with FreeSWITCH as a personal PBX those rules should be more than enough.

I recommend you do a quick reading of my previous fail2ban post where I describe the gap between Layer 7 exposures versus Layer 3 controls. You will understand my thinking.

If you are being more serious about your PBX or you are running a business you will find at one point those rules are not enough. I will explain myself a little more. As a commercial service, your exposure to the world is bigger; your domain is advertised, telephones do DNS, HTTP and SIP request to your servers and sooner than later you will start getting your first kiddy scripts targeting your servers. As you grow, you will find your customers are far to be technical; they do many dumb things (wrong password because they changed something on the service or inside jobs from tech staff are some examples) which leads to fail2ban rule applications.

There is nothing more harmful than a bad review from an ignorant customer. They do not know why they are being blocked. So, here is where we need to tun fail2ban and add some important information to pre-block offending IP's.

Read more: Taking the Hardening of FusionPBX / FreeSWITCH further