20 September 2011 ~ 3 Comments

Making sure SSLv2 is disabled in Apache (and Nginx)

Uncategorized

Tweet Edit Jan 24, 2012: Deleted all the crap from this story and just left the recommended Apache and Nginx SSL cipher suites for maximum security without SSLv2 and without BEAST vulnerability (at least according to Qualys). Apache httpd SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM; SSLHonorCipherOrder on nginx ssl_protocols SSLv3 TLSv1; ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM; ssl_prefer_server_ciphers on; [...]

Continue Reading

Tags: , , , , , , , , , , , , , ,

08 August 2011 ~ 1 Comment

Logging RT username in Apache access_log

Uncategorized

TweetRT has its own internal accounting & tracking system for logging activity, but I was interested in even more granular stuff, like seeing who looked at which tickets. I figured it wouldn’t be that hard to log this in Apache. Well, I was kind of right, in that it wasn’t “hard,” but it took me [...]

Continue Reading

Tags: , , , , , , , , , , ,

08 October 2010 ~ 0 Comments

Putting up a "down for maintenance" message using mod_rewrite

Uncategorized

TweetPutting this here for safekeeping so my future self can find it. Mod_rewrite is one of my favorite tools, but it’s easy to spend 30 minutes crafting a 2-line directive that actually does what you want. I put this in a .htaccess file in the DocumentRoot of the server, put a “We’re down” message in [...]

Continue Reading

Tags: , , ,

20 September 2010 ~ 1 Comment

Forcing WordPress administration over SSL

Uncategorized

TweetI never like typing a password into a non-SSL site, no matter how trivial it is. In order to give my own site this ability I simply used mod_rewrite to force requests to WordPress’s admin pages to go over SSL. The .htaccess file for the site looks like this: # BEGIN WordPress <ifModule mod_rewrite.c> RewriteEngine [...]

Continue Reading

Tags: , , , , , , ,

13 August 2010 ~ 0 Comments

Blocking comment spammers by IP

Uncategorized

TweetI use Akismet to block comment spam, but it still annoys me that it even exists. Last night I put a simple IP ban into my httpd config. But who to block? I used a grep & Perl to get a rough guess of which IPs were submitting the most comments (working on the assumption [...]

Continue Reading

Tags: , , , , , , , ,

08 January 2010 ~ 1 Comment

LDAP-Active Directory authentication, Part 3

Uncategorized

TweetSo I got everything working with .htaccess and AD/LDAP authentication. Just add LDAPVerifyServerCert Off to the httpd config to let Apache authenticate against an AD server with a self-signed certificate (without dealing with the annoyance of putting the cert on each Apache server). With that piece of the puzzle largely solved, I moved on to [...]

Continue Reading

Tags: , , , , , , ,

31 August 2009 ~ 0 Comments

Monitoring SSL certificate expiration with ssl-cert-check

Uncategorized

TweetI was about to write a script using OpenSSL to monitor the SSL certificate expiration dates for a few servers when it dawned on me that someone had probably done this already. The ssl-cert-check shell script takes a list of hosts/ports and prints out the expiration date (and how many days away that date is). [...]

Continue Reading

Tags: , ,