|
Monday, 24 October 2011 08:32 |
// install and start mysql proxy that will log failed queries
#!/bin/sh
# kill the current proxy if any
ps aux | grep "mysql-proxy" | awk '{print "kill -9 ", $2}' | sh
# download and install
cd /usr/share/mysql/ && wget http://mysql.oss.eznetsols.org/Downloads/MySQL-Proxy/mysql-proxy-0.8.1-linux-rhel5-x86-64bit.tar.gz
tar -xvf mysql-proxy-0.8.1-linux-rhel5-x86-64bit.tar.gz
# create an alias
alias myproxy='sh /usr/share/mysql/mysql-proxy-0.8.1-linux-rhel5-x86-64bit/bin/mysql-proxy --plugins=proxy --proxy-lua-script=/usr/share/mysql/mysql-proxy-0.8.1-linux-rhel5-x86-64bit/share/doc/mysql-proxy/failed-query.lua >> /home/failed_query.log &'
# failed query script
cat > /usr/share/mysql/mysql-proxy-0.8.1-linux-rhel5-x86-64bit/share/doc/mysql-proxy/failed-query.lua << "my_here_doc"
local log_file = '/home/mysql.log'
local fh = io.open(log_file, "a+")
function read_query(packet)
if string.byte(packet) == proxy.COM_QUERY then
query = string.sub(packet, 2)
proxy.queries:append(1, packet, {resultset_is_needed = true} )
return proxy.PROXY_SEND_QUERY
end
end
function read_query_result (inj)
local res = assert(inj.resultset)
-- if res.query_status == proxy.MYSQLD_PACKET_ERR then
if (res.query_status == proxy.MYSQLD_PACKET_ERR) or (res.warning_count > 0) then
local query = string.sub(inj.query, 2)
local err_code = res.raw:byte(2) + (res.raw:byte(3) * 256)
local err_sqlstate = res.raw:sub(5, 9)
local err_msg = res.raw:sub(10)
fh:write(string.sub(inj.query, 2), "\n")
fh:write(res.raw:sub(10), "\n")
fh:flush()
print("Query Received -", query)
print("Query Error code -", err_code)
print("Query Error Sqlstate -", err_sqlstate)
print("Query Error message -", err_msg)
print("Query warnings -", res.warning_count)
end
end
my_here_doc
 Read more: |
|
Monday, 18 July 2011 14:43 |
|
If you want to block tough proxies like hidemyass.com, my previously posted .htaccess methods won’t work. Those methods will block quite a bit of proxy visits to your site, but won’t work on the stealthier proxies. Fortunately, we can use a bit of PHP to keep them out.
Block Tough Proxies with PHP
To stop tough proxy visits from sites like hidemyass.com, add the following slice of finely crafted PHP to the top of your header.php file:
<?php if(@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1))
die("Proxy access not allowed"); ?>
If you’re not using WordPress, just place the code at the top of your web page(s). No editing is necessary, so just add the code, upload the file, and done. You can check that it works by visiting your site via your favorite proxy service. If it works, access will be denied.
This method works for me on a Linux server running Apache 2.2.3, MySQL 5.0, and PHP 5.2.6. It should work on similar setups as well, but your results may vary depending on your server configuration.
Block Other Proxies with .htaccess
If for whatever reason you aren’t using the above PHP method, you can still block a majority of the “lesser” proxies by adding the following block of HTAccess code to your site’s root .htaccess file:
# BLOCK PROXY VISITS
# PerishablePress.com: http://bit.ly/12k6Uo
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP:VIA} !^$ [OR]
RewriteCond %{HTTP:FORWARDED} !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$
RewriteRule .* - [F]
</IfModule>
This proxy-blocking technique is less-effective than the PHP method, but should help reduce overall proxy traffic to your site. Using HTAccess to filter proxies requires fewer system resources than the PHP method. So if you get tons of traffic or have lots of pages, you’re better off sticking with the HTAccess technique. It’s sort of a trade-off between effective proxy-blocking and optimum performance, which will vary depending on your needs and server configuration.
My Strategy
On most of my personal sites, I allow proxy access. I understand the need for privacy, but there are situations where denying proxy visits makes sense. Most often, the .htaccess code is a suitable solution. But for sites where anonymity isn’t an option, the PHP method is the way to go.
© 2011 Perishable Press Read more: |
|
|
Monday, 18 October 2010 16:04 |
|
Nginx Catch-All Host As Front End To Apache For ISPConfig 2 On
CentOS 5
Nginx (pronounced “engine X”) is a lightweight,
high-performance Web server/reverse proxy and e-mail (IMAP/POP3) proxy,
licensed
under a BSD-like license. It runs on UNIX, GNU/Linux, BSD variants, Mac
OS X,
Solaris, and Microsoft Windows.
Apache's performance is generally very good as well. However, in a
resource-constrained environment , Apache does not necessarily provide
optimal
performance or resource utilization. One of the “best practice”
approaches to
reducing the strain on Apache is to let a leaner lighter web server take
over
the serving of the site's static files (images, javascript, css, etc.),
leaving
the heavy lifting of serving the dynamic content to Apache.
This tutorial shows how you can setup Nginx as front end to apache for
ISPConfig
2 On CentOS 5.x. Read more: |
|
Wednesday, 09 June 2010 13:41 |
|
Using eBox As A Gateway: Firewall, Traffic Shaping, HTTP Proxy And
More
eBox Platform is the Linux small business server that allows you to
manage
all your network services like firewall, DHCP, DNS, VPN, proxy, IDS,
mail, file and
printer sharing, VoIP, IM and much more. These functionalities are
tightly
integrated, automating most tasks, avoiding mistakes and saving time for
system
administrators. This article will show you step by step how to use eBox as a Gateway,
featuring
network configuration, load balancing between two Internet connections
with
WAN failover and multigateway rules for policy routing, traffic shaping,
DHCP and DNS cache for the LAN network and HTTP proxy with different
content
filtering policies and antivirus. Read more: |
|
