Fail2ban: unblock an ip

Bschelst/ August 7, 2017/ Linux

Find IP Address to Unblock Log in to your server via SSH and type in the following command: iptables -L -n Look for the IP address you want to unblock / unban. Now we must find the jail name this IP address is in. To do so, type the following: fail2ban-client status unban the IP: fail2ban-client set ssh unbanip

Fail2ban: whitelist an ip

Bschelst/ August 7, 2017/ Linux

First, edit the config file : vi /etc/fail2ban/jail.conf Then, check the line : ignoreip = Add now add all ip you want. Each IP or range IP must be placed here with a space. Ex: Save. And restart Fail2Ban: service fail2ban restart

HAProxy: redirect http traffic to https

Bschelst/ August 4, 2017/ Linux

Within HAProxy it is possible to redirect all http traffic to https.It is sufficient to add the following rule within the frontend section: frontend incoming80 bind redirect scheme https if !{ ssl_fc }

HAProxy: configure transparent proxy

Bschelst/ August 4, 2017/ Linux

If you configure HAProxy by default, the backends will receive the IP address of the HAProxy as incoming IP address. Some applications (or people) don’t want that. It is possible to configure haproxy as transparent proxy, so that the IP of the client is being used. First of all you need to ensure that you have a Linux kernel with

Read More

Linux: increase inodes on EXT4 file system

Bschelst/ April 6, 2017/ Linux

If you have a file system with a lot of small files, it it possible that you are running out of inodes.Unfortunately it is not possible to increase the number of inodes on the fly.In order achieve this, you will need to create a new file system, using the N option, and then copy the data to that new fs:

Read More

ModSecurity: Mod Security rules for wordpress/joomla/drupal

Bschelst/ March 29, 2017/ Linux

You can use the following mod_security rules for wordpress/joomla/drupal ## Rules for the CWP ## SecRuleRemoveById 910006SecRuleRemoveById 950000SecRuleRemoveById 950001SecRuleRemoveById 950005SecRuleRemoveById 950006SecRuleRemoveById 950117SecRuleRemoveById 950907SecRuleRemoveById 958039SecRuleRemoveById 958051SecRuleRemoveById 958291SecRuleRemoveById 959006SecRuleRemoveById 959151SecRuleRemoveById 960008SecRuleRemoveById 960010 SecRuleRemoveById 960011 SecRuleRemoveById 960012 SecRuleRemoveById 960035 SecRuleRemoveById 960335 SecRuleRemoveById 960904 SecRuleRemoveById 960915 SecRuleRemoveById 970003 SecRuleRemoveById 970015 SecRuleRemoveById 970903 SecRuleRemoveById 973301 SecRuleRemoveById 973302 SecRuleRemoveById 973306 SecRuleRemoveById 973316 SecRuleRemoveById 973330 SecRuleRemoveById 973331 SecRuleRemoveById 973332 SecRuleRemoveById 973334 SecRuleRemoveById 973335 SecRuleRemoveById 973336 SecRuleRemoveById 973344 SecRuleRemoveById 973347 SecRuleRemoveById 981172 SecRuleRemoveById 981240 SecRuleRemoveById 981241 SecRuleRemoveById 981244 SecRuleRemoveById 981248 SecRuleRemoveById 981249 SecRuleRemoveById 981255 SecRuleRemoveById 981256 SecRuleRemoveById 981260 SecRuleRemoveById

Read More

Linux: run commandline internet speed test

Bschelst/ March 1, 2017/ Linux

There are different possibilities to run internet speed tests from Linux (and unix) commandline. But personally I don’t always want to install extra applications on the servers.Because of that, I use the following command line. The only thing what is needed, is wget & python. Those 2 product are most of the time already installed.   wget -O –

Read More

Linux: Clear systemd log

Bschelst/ January 19, 2017/ Linux

You can use the following command, as superuser, to clear the systemd logs: Keep the last 7 days: journalctl –vacuum-time=7d Keep the last 100Mb: journalctl –vacuum-size=100M