Someone was probing the blog recently looking for issues, trying to add a log message. Was it you? Reach out to me. No hard feelings. Send an email to the CVE number at silvermouse dot net.

This can be a tricky one to debug. The 'origin not allowed' only comes from one place in Grafana: hostnameMatches := origin == netAddr.Host if netAddr.Host == "" || !trustedOrigin...

I spent too long thinking that ModSecurity was necessary for this, but you can do it with just the ngx_http_geoip2_module Install nginx along with the module: apt-get install nginx...

Recently I had an issue where I migrated ProFTPD from one server to another, but the PassivePorts was being ignored (as was AllowOverwrite). Connections were timing out and tcpdump showed the client...

In a previous post I discussed an issue where 1ms of increased latency to a MySQL server was causing a problem due to thousands of queries. Generally, there are only two ways to handle this...

I want to begin by saying that this specific example is very niche problem, but real. A client moved their LAMP application to a new hosting provider and noticed that simple operations were taking...

This article is going to go through the steps to setup multiple MySQL slaves on one server using Docker Compose. These slaves will be used only for backup purposes, and MySQL slaves work by pulling...

There are probably thousands of guides on this, but I was looking for the basic steps and couldn't find anything I would be happy sending someone, so here's my take on it. Aside from the operating...

The IP ranges used by Azure Public Cloud are updated weekly, and the URL to download the JSON file containing them changes too. I found a couple of scripts online to automate this but they mostly...

A walled garden, in the context of the Internet and freedom of data, is an environment where access to data within the ‘garden’ is controlled and can only be accessed via approved apps or...

Last year I was approached by The Internet Society to help with an IPv6 crawler they'd had running since 2010. They're keen for other people to run their own version of this crawler, so if you're...

In a previous post, I wrote about working with The Internet Society to rewrite an IPv6 crawler. In this post, I wanted to share some of the results I found interesting from the most recent crawl of...

If you're using LetsEncrypt for SSL certificates and have been paying attention, you'll know that one of their root CA certificates (DST Root CA X3) expired on 30/09/2021 and that older devices...

Serverless is one of those technologies that sounds really simple, but can be quite tricky to actually implement. There are so many different parts and sometimes the only error you'll see if you get...

A client came to me with what was initially a Virtualmin backup problem: Copying Apache aliases .. .. failed to find target virtual website! The virtual host existed within...

Quick post about this error you might experience if you're trying to compile a Varnish module from source. root@varnish001:libvmod-curl# ./autogen.sh Package varnishapi was not found in the...

This might be a really simple error to solve, but I couldn't find anything in the documentation about how to use a STEVEDORE instead - in fact some of the documentation examples or ServerFault...

mod_proxy_http2 is considered experimental at the time of writing. Follow this guide at your own risk EDIT (10th July 2022): As of Debian 11 (I'm not sure if this was due to a newer Apache or a newer...

In late 2019 I was approached by FLG Business Technology to submit a proposal to refresh their existing infrastructure. FLG is a CRM product focused on workflow to automate and control processes....

This is mostly a reference post in case I ever have to go through this again. If it helps you too - well I've been there, I feel your pain, hopefully your pain doesn't last as long and you find some...

Today I needed to capture a list of erroring MySQL queries on a server without introducing client-side code changes or a man in the middle proxy. The slow_query_log will only log successful queries....

Warning - this post contains almost everything you shouldn't do. Parsing XML with regular expressions, interfacing with binary files and expecting that they won't change, using code outside of Excel...

I was recently debugging an issue where Postfix users were able to receive emails, but emails in their outbox were timing out and refusing to send. Restarting Postfix or saslauthd would briefly...

I recently had an issue where I was trying to hot-create an index on an InnoDB table running on MySQL 5.6.47, and received the following error: The MySQL documentation says: Tables created before...

This issue isn't specifically related to Fail2Ban but is a common way for it to present itself. The Fail2Ban log output will show something similar to: 2020-06-22 16:18:09,356 fail2ban.actions ...

Sometimes, when migrating an application into Fargate, you might find that it has outbound connections to legacy services which require IP whitelisting. As the IP address with each Fargate task is...

Some pages, such as wp-login.php, are often the target of brute force attempts. Each failed login attempt requires a database search so even if all of your users have a strong password, constant...

In early 2019, a customer approached us about an issue with the file storage aspect of their CMS application. Their Infrastructure Their application ran CMS for several of their clients, part of...

If you get error 13 trying to connect to an IPv6 MySQL server for example: ERROR 2003 (HY000): Can’t connect to MySQL server on ‘node2’ (13) It could be a Permission Denied error trying to open the...

Linux treats physical pages as the basic unit of memory, splitting the available memory into page-sized ‘chunks’, and, no matter how little memory an application actually needs to write, it will be...