August 17th, 2009
The server has just undergone some modifications – previously I was using Lighttpd to serve all of the content, I liked the traffic shaping features and low memory footprint that it had. But I also sorely missed the mod_rewrite functionality and mod_php that was provided by Apache.
The solution was simple. Apache 2.2.13 to serve the Dynamic PHP files and Lighttpd to serve the static files via the Apache Proxy plugin. This results in gaining all the features of Apache but only when I need them; using Lighttpd to serve static content.
The basic setup is simple. Lighttpd runs on port 81, 127.0.0.1 and Apache runs on port 80 of idontplaydarts.com, both point to the same root directory and when Apache sees a request for a file located in either wp-content or wp-includes it instructs lighttpd to handle it. My config file looks something like this.
ProxyPass /wp-content http://127.0.0.1:81/wp-content
ProxyPassReverse /wp-content http://127.0.0.1:81/wp-content
ProxyPass /wp-includes http://127.0.0.1:81/wp-includes
ProxyPassReverse /wp-includes http://127.0.0.1:81/wp-includes
The only issue at the moment is that the latest version of Apache doesn’t yet support the ProxyPassMatch directive. This would let me specify a regular expression such as *.txt to tell Apache to pass all the requests for text files to Lighttpd.
ProxyPassMatch ^(/.*\.txt)$ http://idontplaydarts.com/$1
PassProxyMatch is due to be introduced in Apache 2.2.5, we’re only Apache 2.1.3 at the moment so there is going to be a bit of a wait before I can change my configuration files and allow support for regular expressions with PassProxy.
Its worth mentioning that you can do the proxy the other way round, lighttpd front passing it to Apache but there is not much benefit and you dont get to take advantage of the nice Apache rewrite rules
Tags: apache, Lighttpd, PHP, Proxy
Posted in HTML, Linux, PHP | 3 Comments »
July 1st, 2009
So i’m totally loving the new HTML5 – no more bothering to encode your video files into flv, you just insert them straight in with the<video></video> tags
<video width=”480″ src=”http://www.idontplaydarts.com/wp-content/uploads/sample.ogg” controls=”true”>
Sorry, your browser doesn’t support the video tag…
</video>
So that ends up looking something like
Hah, awesome. Cant wait for Firefox 3.5 to support all the other cool HTML5 features. In case your wondering what the video is – its the cold cold rain we get in England… during “summer”.. (note there isn’t any sound)
Tags: html5
Posted in HTML | No Comments »
July 1st, 2009
Just a word of warning, something seems to have changed between PHP 5.3RC3 and PHP 5.3, namely one of the test cases to do with ob_start() – if you don’t have much memory (I’ve got 256mb + 256swap) don’t run make test. You’ll run out of memory very quickly.
Tags: PHP 5.3
Posted in Linux, PHP | No Comments »
June 25th, 2009
If you look at the number of hacking incidents that have been reported 58% of the incidents are known or suspected to have come from outsiders, 27% from insiders, and 15% from an unknown origin.
That is to say it is the very employees of an organisation are responsible for about 30% of the over all hacks. Disgruntled employees, in particular system administrators are in a prime position to sabotage their former businesses and with the onset of the recession the number who might be tempted to take data with them (or even worse, cripple the system) when they leave is ever increasing.
The threat from insiders is far more dangerous than that of an external hacker – insiders know how the system works and are in an excellent position to cause chaos and then expertly cover their tracks.
What can we do? Well if you do have to make someone redundant or need to fire them – make sure they don’t see it coming so they have no time to prepare and no time to retaliate. When they are in the bosses office hearing the news you need to be disabling their user account and all of their access to the system. If you don’t do this then you risk a major security breach.
In an ideal world each user should only have access to the data that they need in order to do their job. Other methods such as two person control should also be in place for important tasks such as removing money or making external payments. System administrators should review each others logs on a regular basis to ensure nothing untoward is occuring.
Insider threat is very real and cannot afford to be dismissed.
Tags: hacking, Insider threat
Posted in Security | No Comments »
June 19th, 2009
If you don’t know, DKIM keys are the replacement for Yahoo!’s Domain Keys that were introduced to combat spam. Its basically a digital signature in the header of the email message to enable the mail server to determine the message source accurately.
I’ve been trying to get dkimproxy.out to work with postfix – which I’ve managed to do. The only issue is that it doesn’t seem to be signing the messages correctly – not quite sure whats wrong.
Delivered-To: xxx.xxxxx@gmail.com
Received: by 10.103.243.5 with SMTP id v5cs118747mur;
Fri, 19 Jun 2009 11:18:43 -0700 (PDT)
Received: by 10.210.30.10 with SMTP id d10mr1099509ebd.14.1245435522990;
Fri, 19 Jun 2009 11:18:42 -0700 (PDT)
Return-Path:
Received: from idpd.vm.bytemark.co.uk ([80.68.93.52])
by mx.google.com with ESMTP id 6si6760399ewy.54.2009.06.19.11.18.42;
Fri, 19 Jun 2009 11:18:42 -0700 (PDT)
Received-SPF: pass (google.com: domain of test@idontplaydarts.com designates 80.68.93.52 as permitted sender) client-ip=80.68.93.52;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of test@idontplaydarts.com designates 80.68.93.52 as permitted sender) smtp.mail=test@idontplaydarts.com; dkim=neutral (bad format) header.i=test@idontplaydarts.com
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
by idpd.vm.bytemark.co.uk (Postfix) with SMTP id 82728722DD
for
; Fri, 19 Jun 2009 19:19:01 +0100 (BST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=idontplaydarts.com; h=
subject; s=selector1; bh=uoq1oCgLlTqpdDX/iUbLy7J1Wic=; b=X6q/deT
OiqL1ea8qZiP3qsIKDmoWTdlt4Zgd36FfY3kAhLv1JZf1q6h93REQLqLl
subject: Hello world
Message-Id: <20090619181901.82728722DD@idpd.vm.bytemark.co.uk>
Date: Fri, 19 Jun 2009 19:19:01 +0100 (BST)
From: test@idontplaydarts.com
To: undisclosed-recipients:;
Hey there test!!
I’ve checked the DKIM entry on the TXT records – it seems to be accurate and the encryption appears to be working (according to the mail.log output). Anyone got any ideas why I’m getting this “bad format” in the header? I’m guessing its something to do with the message header being incorrect….
So far I have:
- I tried reducing the size of the key – down to 384-bits from 1024-bit
- Changing the selector name
Any ideas anyone?
Update: So it appears that my crude method of sending emails using
telnet localhost 25
MAIL FROM:test@idontplaydarts.com
RCPT TO:xxx.xxxx@gmail.com
DATA
Subject: woot
hello world
.
Is a little crude and missing the To and From headers after the DATA – turns out you need to specify them. *doh* – Its all working fine now, just going to increase the size of the keys now back to 1024bits.
Tags: DKIM, Postfix
Posted in Linux, Security | 1 Comment »