One Approach to Complying with a "script-src 'self'" Content Security Policy

I recently encountered this error when working with plugin code on an application: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:". The cause of the e… more »

Deny Access Based on Accept-Language Header

It can be difficult to determine the source of a request to a server. You can use geolocation to lookup an IP address, one excellent service is IP2Location. However, if the goal is to deny access to servers from outside the country, language may be… more »

Some Apache RewriteRules for Improved Security

A set of Apache RewriteRules, including curl commands to test them. Always test the rules, using a browser if possible, and curl. The curl output has been edited to make it easier to read. Remember to write the rules carefully so you don't deny acc… more »

Linux - Using file -i instead of the input accept attribute

The file input allows an accept attribute to indicate what type of file may be submitted. The type is the client's MIME type, which may vary by operating system, installed applications, and end user configuration. A sample set of MIME types used for… more »

Mozilla/4.0 (compatible;)

This user agent was in the middle of many page requests in my Apache logs, requesting content referenced by link tags in the head section. After a bit of research on one of the link tag URLs, I ran this script: CodeIPS=`grep Author access_log | cut… more »

:: Next >>