The following responses to Frequently Asked Questions (FAQs) are geared towards system administrators.
Installation
Q: How do I configure the Lucity Web application to use SSL?
A: During the Lucity Web install there is a screen that asks if the application should be installed normally or under SSL. Please read the install manual for more information about doing this.
Q: What if I already installed Lucity Web and want to switch to using SSL?
A: You will need to uninstall and reinstall the web using the SSL option. Don't worry, you won't lose any dashboard setup or configuration that you have done.
DOS Attacks
Question: Do you have any techniques for stopping Denial of Service (DOS) attacks from the internet?
Answer: We have implemented one technique for stopping these attacks. A DOS is when someone attempts to crash a web site by bombarding it with multiple requests. This is only implemented in the Web Citizen application. By default, if the Citizen application receives more than 1000 requests within 10 minutes from a single IP address, it will stop accepting requests from that IP address for the duration of the 10 minutes. These values are configurable. The default values are hard-coded in the program; they are not in the appsettings file, but adding entries in appsettings can override the defaults.
<add key="DOSREQUESTS" value="1000" /> (This is the number of hits that should occur within the duration before blocking the IP address).
<add key="DOSPERIOD" value="10" /> (This is the number of minutes of the duration).
Note: This technique only works for short periods and only against a single IP address. This provides protection against localized DOS attacks. Mitigation of large scale distributed denial of service attacks (DDOS) should be handled by routers and networks.