Category Archives: Linux

HAProxy: redirect http traffic to https

bschelst/ August 4, 2017/ Linux/ 0 comments

Within HAProxy it is possible to redirect all http traffic to https.It is sufficient to add the following rule within the frontend section: frontend incoming80 bind 10.1.1.13:80 redirect scheme https if !{ ssl_fc }

HAProxy: configure transparent proxy

bschelst/ August 4, 2017/ Linux/ 0 comments

If you configure HAProxy by default, the backends will receive the IP address of the HAProxy as incoming IP address. Some applications (or people) don’t want that. It is possible to configure haproxy as transparent proxy, so that the IP of the client is being used. First of all you need to ensure that you have a Linux kernel with

Read More

Linux: increase inodes on EXT4 file system

bschelst/ April 6, 2017/ Linux/ 0 comments

If you have a file system with a lot of small files, it it possible that you are running out of inodes.Unfortunately it is not possible to increase the number of inodes on the fly.In order achieve this, you will need to create a new file system, using the N option, and then copy the data to that new fs:

Read More

ModSecurity: Mod Security rules for wordpress/joomla/drupal

bschelst/ March 29, 2017/ Linux/ 0 comments

You can use the following mod_security rules for wordpress/joomla/drupal ## Rules for the CWP ## SecRuleRemoveById 910006SecRuleRemoveById 950000SecRuleRemoveById 950001SecRuleRemoveById 950005SecRuleRemoveById 950006SecRuleRemoveById 950117SecRuleRemoveById 950907SecRuleRemoveById 958039SecRuleRemoveById 958051SecRuleRemoveById 958291SecRuleRemoveById 959006SecRuleRemoveById 959151SecRuleRemoveById 960008SecRuleRemoveById 960010 SecRuleRemoveById 960011 SecRuleRemoveById 960012 SecRuleRemoveById 960035 SecRuleRemoveById 960335 SecRuleRemoveById 960904 SecRuleRemoveById 960915 SecRuleRemoveById 970003 SecRuleRemoveById 970015 SecRuleRemoveById 970903 SecRuleRemoveById 973301 SecRuleRemoveById 973302 SecRuleRemoveById 973306 SecRuleRemoveById 973316 SecRuleRemoveById 973330 SecRuleRemoveById 973331 SecRuleRemoveById 973332 SecRuleRemoveById 973334 SecRuleRemoveById 973335 SecRuleRemoveById 973336 SecRuleRemoveById 973344 SecRuleRemoveById 973347 SecRuleRemoveById 981172 SecRuleRemoveById 981240 SecRuleRemoveById 981241 SecRuleRemoveById 981244 SecRuleRemoveById 981248 SecRuleRemoveById 981249 SecRuleRemoveById 981255 SecRuleRemoveById 981256 SecRuleRemoveById 981260 SecRuleRemoveById

Read More

Linux: run commandline internet speed test

bschelst/ March 1, 2017/ Linux/ 0 comments

There are different possibilities to run internet speed tests from Linux (and unix) commandline. But personally I don’t always want to install extra applications on the servers.Because of that, I use the following command line. The only thing what is needed, is wget & python. Those 2 product are most of the time already installed.   wget -O – https://raw.github.com/sivel/speedtest-cli/master/speedtest.py

Read More

Linux: Clear systemd log

bschelst/ January 19, 2017/ Linux/ 0 comments

You can use the following command, as superuser, to clear the systemd logs: Keep the last 7 days: journalctl –vacuum-time=7d Keep the last 100Mb: journalctl –vacuum-size=100M      

Postfix: Clear postfix mail queue

bschelst/ January 2, 2017/ Linux/ 0 comments

Is your postfix mail queue full of spam? You are not the only one 🙂 In that case it could be interesting to clear your queue, before the spam gets send out. In order to remove all mail from the postfix queue, execute the following command as superuser: #> postsuper -d ALL Do you only want to delete mails to

Read More

Fail2ban: show active jails

bschelst/ December 31, 2016/ Linux/ 0 comments

Fail2ban is a daemon that can be used to monitor the logs of services and ban clients that based on incorrect behaviour.A must have on your Linux system.But sometimes you can forget enabling the correct jails, therefore always check the active jails on your system.This can be done with the “fail2ban-client” command:  #> fail2ban-client status Executing that will show you the

Read More

ModSecurity: Access denied with code 403 (phase 2). Woocommerce

bschelst/ December 31, 2016/ Linux/ 0 comments

If you are using WordPress & Woocommerce in combination with mod_security2, you may have some false positives.In case you are having issues, you can use the Apache (.htaccess for example) “whitelist” below. This of course as an example.   <LocationMatch “/”>   SecRuleRemoveById 910006 # Google robot activity – Useful in someways but noisy for sites where you want them crawled

Read More