Within HAProxy it is possible to redirect all http traffic to https.It is sufficient to add the following rule within the frontend section: frontend incoming80 bind 10.1.1.13:80 redirect scheme https if !{ ssl_fc }
If you configure HAProxy by default, the backends will receive the IP address of the HAProxy as incoming IP address. Some applications (or people) don’t want that. It is possible to configure haproxy as transparent proxy, so that the IP of the client is being used. First of all you need to ensure that you have a Linux kernel with
With the code below, you can set selinux to allow remote backends.
If you have a file system with a lot of small files, it it possible that you are running out of inodes.Unfortunately it is not possible to increase the number of inodes on the fly.In order achieve this, you will need to create a new file system, using the N option, and then copy the data to that new fs:
You can use the following mod_security rules for wordpress/joomla/drupal ## Rules for the CWP ## SecRuleRemoveById 910006SecRuleRemoveById 950000SecRuleRemoveById 950001SecRuleRemoveById 950005SecRuleRemoveById 950006SecRuleRemoveById 950117SecRuleRemoveById 950907SecRuleRemoveById 958039SecRuleRemoveById 958051SecRuleRemoveById 958291SecRuleRemoveById 959006SecRuleRemoveById 959151SecRuleRemoveById 960008SecRuleRemoveById 960010 SecRuleRemoveById 960011 SecRuleRemoveById 960012 SecRuleRemoveById 960035 SecRuleRemoveById 960335 SecRuleRemoveById 960904 SecRuleRemoveById 960915 SecRuleRemoveById 970003 SecRuleRemoveById 970015 SecRuleRemoveById 970903 SecRuleRemoveById 973301 SecRuleRemoveById 973302 SecRuleRemoveById 973306 SecRuleRemoveById 973316 SecRuleRemoveById 973330 SecRuleRemoveById 973331 SecRuleRemoveById 973332 SecRuleRemoveById 973334 SecRuleRemoveById 973335 SecRuleRemoveById 973336 SecRuleRemoveById 973344 SecRuleRemoveById 973347 SecRuleRemoveById 981172 SecRuleRemoveById 981240 SecRuleRemoveById 981241 SecRuleRemoveById 981244 SecRuleRemoveById 981248 SecRuleRemoveById 981249 SecRuleRemoveById 981255 SecRuleRemoveById 981256 SecRuleRemoveById 981260 SecRuleRemoveById
There are different possibilities to run internet speed tests from Linux (and unix) commandline. But personally I don’t always want to install extra applications on the servers.Because of that, I use the following command line. The only thing what is needed, is wget & python. Those 2 product are most of the time already installed. wget -O – https://raw.github.com/sivel/speedtest-cli/master/speedtest.py
You can use the following command, as superuser, to clear the systemd logs: Keep the last 7 days: journalctl –vacuum-time=7d Keep the last 100Mb: journalctl –vacuum-size=100M
Is your postfix mail queue full of spam? You are not the only one 🙂 In that case it could be interesting to clear your queue, before the spam gets send out. In order to remove all mail from the postfix queue, execute the following command as superuser: #> postsuper -d ALL Do you only want to delete mails to
Fail2ban is a daemon that can be used to monitor the logs of services and ban clients that based on incorrect behaviour.A must have on your Linux system.But sometimes you can forget enabling the correct jails, therefore always check the active jails on your system.This can be done with the “fail2ban-client” command: #> fail2ban-client status Executing that will show you the
If you are using WordPress & Woocommerce in combination with mod_security2, you may have some false positives.In case you are having issues, you can use the Apache (.htaccess for example) “whitelist” below. This of course as an example. <LocationMatch “/”> SecRuleRemoveById 910006 # Google robot activity – Useful in someways but noisy for sites where you want them crawled