Tag Cloud

389-directoryserver 3 ansible 7 apache 15 aws 3 azure 1 bash 13 bind 6 centos 25 cert-manager 1 chef 1 cloud 4 cockpit 1 comptia 1 database 1 devops 4 docker 3 drupal 2 fedora 1 freebsd 7 ganglia 2 git 4 github 3 gitlab 1 glusterfs 1 go 2 google 5 gparted 1 gpg 1 iptables 4 jekyll 2 jenkins 5 kerberos 2 kernel 1 keycloak 1 kubernetes 11 kubestronaut 3 kustomize 1 kvm 5 ldap 2 letsencrypt 2 logstash 1 lvm 1 macos 4 memcached 1 metasploit 2 monitoring 8 mysql 6 nagios 17 networking 13 nginx 7 ntp 1 opensuse 1 perl 10 pf 3 php 16 postfix 1 prometheus 2 python 6 rancher 4 regex 2 rhce 5 rhel 6 ruby 8 security 19 sendmail 1 smtp 1 solaris 7 svn 1 systemd 1 terraform 1 testing 3 ubuntu 21 vagrant 3 varnish 9 vim 1 virtualbox 4 web-development 2 wordpress 7 zfs 6

Currently Reading

Certified Kubernetes Administrator (CKA) Study Guide

38 / 155 Pages

Latest Book Reviews

• Certified Kubernetes Application Developer (CKAD) Study Guide, 2nd Edition Posted on January 11, 2025
• Rancher Deep Dive Posted on March 31, 2023
• Leveraging Kustomize for Kubernetes Manifests Posted on March 24, 2023
• Automating Workflows with GitHub Actions Posted on October 13, 2022
• Deep-Dive Terraform on Azure Posted on August 30, 2022
All Book Reviews

Latest Posts

• Packt Publishing Free E-Books crawler Posted on December 8, 2015
• Locking Down WordPress Access with Varnish 3.x Posted on November 9, 2015
• Locking Down Drupal Access with Nginx Posted on November 9, 2015
• My Home Lab Network Diagram Posted on October 31, 2015
• Grepping for PHP system level command functions Posted on September 20, 2015

---

December 8, 2015

Packt Publishing Free E-Books crawler

by Alpha01

I’m a big fan of Packt Publishing, and have purchased quite a few books from them. So when I first heard a couple of months back that they were going to give out free e-books everyday, my jaw literally dropped. https://www.packtpub.com/packt/offers/free-learning

I’ve normally been manually checking the site everyday for books that I might be interested on reading. The problem with this, is that their have been days that I missed out getting some free books that I would’ve love to read. So I wrote a short script that would notify me if there’s a free book available that I might be interested in reading. I would’ve love if Packt Publishing provided an rss feed so I can easily get notifications of their free books. Thus said, I really can’t complain since they’re already kind enough to give the world free e-books to spread knowledge.

https://github.com/alpha01/Packt-Publishing-Free-Learning

Tags: [ php ]

---

November 9, 2015

Locking Down WordPress Access with Varnish 3.x

by Alpha01

I have Varnish in front of all my WordPress sites and configured all /wp-admin traffic use https via Nginx. See https://www.rubysecurity.org/wordpress_admin-ssl

So to lock down access to my WordPress site’s requires both Varnish and Nginx configs to be modified.

Block at the http Varnish level:

sub vcl_recv {
    if ((req.url ~ "wp-(login|admin)") && (client.ip !~ MY-IP-ADDRESS)) {
                error 403 "Fuck off";
        }
}

Block at the https Nginx level (using shit.alpha01.org as an example):

location /wp-admin {
        allow   MY-IP-ADDRESS;
        deny all;
        proxy_pass https://shit.alpha01.org/wp-admin;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
}
location /wp-login.php {
        allow MY-IP-ADDRESS;
        deny all;
        proxy_pass https://shit.alpha01.org/wp-login.php;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
}

Tags: [ security varnish nginx wordpress ]

---

November 9, 2015

Locking Down Drupal Access with Nginx

by Alpha01

This site is powered by Drupal. Drupal and WordPress for that matter, are well targeted platforms, mainly because of their large install base on the internet. Quite frankly the reason I bother using both Drupal and WordPress instead of a flat-file based CMS is because I have to deal with these web applications at work on a daily basis, so it’s a great way to keep myself current with the technology that’s paying my bills.

I have Nginx acting as an SSL proxy for www.rubysecurity.org, which is hosted on an Apache back-end. So I have a few configs that I’ve enabled to lock down access to my Drupal site. The configs are made at the Nginx proxy level, so they can never reach Apache.

Firstly, I have all of Drupal’s /admin locked out from outside access:

location = /admin {
    allow MY-HOME-IP-ADDRESS;
    deny all;
    return 403;
}

Next, I only allow login access from my home ip address:

location = /user {
    allow MY-HOME-IP-ADDRESS;
    deny all;
    
    proxy_pass https://www.rubysecurity.org/user;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
}

Lastly, since Nginx is unable to process query strings at the location block level, I’ve setup an additional config to drop all user login query requests.

if ($args ~* "q=user") {
    set $blockme  M;
}
if ($remote_addr != MY-HOME-IP-ADDRESS) {
    set $blockme  "${blockme}E";
}
if ($blockme = ME) {
    return 403;
}

Tags: [ security nginx drupal ]

---

October 31, 2015

My Home Lab Network Diagram

by Alpha01

It’s Friday night, I don’t have anything interesting to do, so I created a diagram of my current home lab setup.

Tags: [ ubuntu networking kvm virtualbox ]

---

September 20, 2015

Grepping for PHP system level command functions

by Alpha01

 grep --color -r -E -e '(escapeshellarg|escapeshellcmd|exec|passthru|proc_close|proc_get_status|proc_nice|proc_open|proc_terminate|shell_exec|system)(\s+)?\(' ./

Tags: [ php security ]

---