Category: "Security"

CentOS 7 - Fail2Ban with Apache ModSecurity
Oct 16th
One of the tools I am using to secure a server is Fail2ban. It was working well for SSH and I wanted to extend it to provide more protection for Apache. I installed it and enabled it. jail.d/apache-modsecurity.conf [apache-modsecurity] enabled = true… more »

One Approach to Complying with a "script-src 'self'" Content Security Policy
Mar 23rd
I recently encountered this error when working with plugin code on an application:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:".
The cause of the e… more »

Deny Access Based on Accept-Language Header
Sep 15th
It can be difficult to determine the source of a request to a server. You can use geolocation to lookup an IP address, one excellent service is IP2Location.
However, if the goal is to deny access to servers from outside the country, language may be… more »

Some Apache RewriteRules for Improved Security
Feb 23rd
A set of Apache RewriteRules, including curl commands to test them. Always test the rules, using a browser if possible, and curl. The curl output has been edited to make it easier to read.
Remember to write the rules carefully so you don't deny acc… more »

Linux - Using file -i instead of the input accept attribute
Sep 8th
The file input allows an accept attribute to indicate what type of file may be submitted. The type is the client's MIME type, which may vary by operating system, installed applications, and end user configuration.
A sample set of MIME types used for… more »