web notes - a blog

One of the tools I am using to secure a server is Fail2ban. It was working well for SSH and I wanted to extend it to provide more protection for Apache. I installed it and enabled it. jail.d/apache-modsecurity.conf [apache-modsecurity] enabled = true… more »

I recently encountered this error when working with plugin code on an application: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:". The cause of the e… more »

It can be difficult to determine the source of a request to a server. You can use geolocation to lookup an IP address, one excellent service is IP2Location. However, if the goal is to deny access to servers from outside the country, language may be… more »

A set of Apache RewriteRules, including curl commands to test them. Always test the rules, using a browser if possible, and curl. The curl output has been edited to make it easier to read. Remember to write the rules carefully so you don't deny acc… more »

The file input allows an accept attribute to indicate what type of file may be submitted. The type is the client's MIME type, which may vary by operating system, installed applications, and end user configuration. A sample set of MIME types used for… more »