Additional server security

Inbound access

While AVAA strives to be secure itself, it is recommended to configure the firewall (or Security Group) to allow only inbound access from specific IP addresses (or ranges), the ones belonging to the expected AVAA Server users.

This will greatly reduce the potential attacks as the server will not be completely opened to the world.

Make also sure the database server is only accepting connections from localhost.

Custom origins

Custom origins protect from unwanted domain connections, but ultimately there is no certainty that connections will truly come from a valid user in a browser. An attacker might be crafting handshakes and payloads, therefore filtering origins offers only partial protection.