Add this to proftpd.conf and restart proftpd: TLSOptions NoSessionReuseRequired
ProFTPd: 425 Unable to build data connection: Operation not permitted
CORS Proxy by Means of nginx
A CORS proxy is a service that allows sites to access resources from other websites, without having to own that website in case when no Access-Control-Allow-Origin header is present on the requested resource. This article shows how to create one with the help of nginx and without writing a single line of code.
SQL Diff Using SQLite Session API
SQLite Session Extension provides a convenient way to create “diffs” between two versions of a table. These “diffs” are binary and are usually much more compact than their SQL counterparts. This article shows how to create and apply such “diffs” to tables.
How to Enforce Read-Only Mounting of USB Drives
A Facebook user asked how to forbid write access to an external USB drive, allowing only for read-only access. This article explains how to do that with the help of udev.
How to Make System Logs Append-Only
During an intrusion, an intruder leaves signs of his actions in various system logs. Without reliable logs, it could be very difficult to figure out how the attacker got in, or where the attack came from. This information is crucial in analyzing the incident. It is evident that the logs are a valuable audit trail that should be well protected.
Of course, when an intruder gets in to the system, they will try to remove all traces. So, how can we stop an intruder from removing evidence?
Yoast SEO: How to Use a Custom Stylesheet for Sitemaps
The article describes a way to use custom XML stylesheets for sitemaps generated by Yoast SEO plugin. Custom stylesheets can be good if you want to get rid of spammy links back to Yoast website in every generated sitemap file.
Newer Is Not Necessarily Better: Updated Yoast SEO to 8.3
Yesterday I made a terrible mistake by updating Yoast SEO plugin to its latest version (8.3) without prior testing. This resulted in significant server load. Luckily, the fix was easy.
nginx: Mitigating the BREACH Vulnerability with Perl and SSI or Addition or Substitution Modules
BREACH (Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext) is a security exploit against HTTPS when using HTTP compression. This article shows several ways to deal with BREACH using Length Hiding technique with nginx’s builtin modules.
How to Import Cloudflare IP List into nginx ACL Automatically
When using Cloudflare to hide IP address of the origin server (for example, to protect against DoS attacks), it is important to configure ACLs to allow connections to the origin server only from Cloudflare IPs. However, the list of Cloudflare IP ranges is not static, it changes over time. This post describes how to import this list into nginx automatically.
How to Get Maximum Score in SSL Labs Test (nginx)
This article provides a configuration for nginx that successfully passes SSL Labs tests with A or A+ mark, and 100% score for all metrics (certificate, protocol support, key exchange, cipher strength).