Simple configuration line to redirect HTTPS requests to HTTP:
1 2 3 |
if ($https = "on") { return 301 http://acme.com$request_uri; } |
Simple configuration line to redirect HTTPS requests to HTTP:
1 2 3 |
if ($https = "on") { return 301 http://acme.com$request_uri; } |
To enable compression on a Plesk server with Nginx handling static content, had to add the following to .htaccess:
1 2 3 4 5 |
<IfModule mod_deflate.c> <filesMatch "\.(js|css|html|php)$"> SetOutputFilter DEFLATE </filesMatch> </IfModule> |
This configuration is explained here: https://www.a2hosting.com/kb/developer-corner/apache-web-server/data-compression-using-the-mod-deflate-module
And then in Plesk under:
Subscriptions -> acme.com -> Websites & Domains -> Web Server Settings -> Additional nginx directives
added the following:
1 2 3 4 5 6 7 |
# enable gzip compression gzip on; gzip_min_length 1100; gzip_buffers 4 32k; gzip_types text/plain application/javascript application/x-javascript text/xml text/css; gzip_vary on; # end gzip configuration |
The Nginx configuration is explained here: http://www.nginxtips.com/how-to-configure-nginx-gzip-compression/
Let’s say you have URL like this:
http://acme.com/my-old-url
that you want to redirect to a new url:
http://acme.com/new-url
This is easily accomplished with a rewrite rule:
1 |
RewriteRule ^my-old-url /new-url [R=201,L] |
But what if the source URL has a url parameter like:
http://acme.com/my-old-url?id=27
In this case we need to use RewriteCond to match the url parameter:
1 2 |
RewriteCond %{QUERY_STRING} ^id=27$ RewriteRule ^my-old-url /new-url? [R=301,L] |
Notice the question mark (?) at the end of “/new-url?”. This causes the query string to be discarded. If the question mark is not included then the redirect will go to:
http://acme.com/new-url?id=27
If you want to keep the query string then you can explicitly add it with the QSA option like:
1 2 |
RewriteCond %{QUERY_STRING} ^id=27$ RewriteRule ^my-old-url /new-url [R=301,L,QSA] |
Also in Apache 2.4 and latter the QSD option can be used to exclude the query string with the same effect at the trailing question mark:
1 2 |
RewriteCond %{QUERY_STRING} ^id=27$ RewriteRule ^my-old-url /new-url [R=301,L,QSD] |
You’ll know that you’re getting hit with a Bittorrent attack when the server slows down and you see log entries referencing:
1 |
GET /announce.php |
Here’s a good article about one sysadmin’s struggle with this type of attack:
http://blog.carlesmateo.com/2015/01/23/stopping-a-bittorrent-ddos-attack/
There are a number of possible strategies to mitigate this attack:
1. CloudFlare will block but it can take time to move DNS to CloudFlare and activate.
2. Create an announce.php file that returns an error like this:
1 2 |
http_response_code(406); exit(); |
This will use fewer resources then letting WordPress or other CMS return a 404.
3. Block in iptables with a rule like this:
1 |
iptables -A INPUT -p tcp --dport 80 -m string --string "GET /announce" --algo bm -j DROP |
Not sure how efficient this is on a high traffic web server.
4. Block in Apache config:
1 2 3 4 |
<LocationMatch "^/announce(\.php)?.*"> Order allow,deny deny from all </LocationMatch> |
5. Block with fail2ban as described here:
http://shazbert.com/blog/2015/01/24/fail2ban-china-ddos-announce-bittorent/
Note that Plesk 12 has fail2ban built-in so this fix is easy to implement.
6. If traffic is limited to a range of IP addresses then block that range in any available firewall. For example we’ve defeated this attack in one case by blocking a class B range from China.
Other suggestions on blocking this type of attack are welcomed. Comment below and let us know if you’ve seen this attack and how you handled it.
Here are some handy Apache rewrite rules for blocking cross site scripting (XSS) attacks:
1 2 3 4 5 6 |
RewriteCond %{REQUEST_URI} base64_encode.*\(.*\) [OR] RewriteCond %{REQUEST_URI} (\<|<).*script.*(\>|>) [NC,OR] RewriteCond %{REQUEST_URI} (\<|<).*iframe.*(\>|>) [NC,OR] RewriteCond %{REQUEST_URI} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{REQUEST_URI} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) RewriteRule ^(.*)$ 404.php [F,L] |
And here are similar rules for Nginx:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
set $block_xss 0; if ($query_string ~ "base64_(en|de)code\(.*\)") { set $block_xss 1; } if ($request_uri ~ "base64_(en|de)code\(.*\)") { set $block_xss 1; } if ($query_string ~ "(<|%3C).*script.*(>|%3E)") { set $block_xss 1; } if ($request_uri ~ "(<|%3C).*script.*(>|%3E)") { set $block_xss 1; } if ($query_string ~ "(<|%3C).*iframe.*(>|%3E)") { set $block_xss 1; } if ($request_uri ~ "(<|%3C).*iframe.*(>|%3E)") { set $block_xss 1; } if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})") { set $block_xss 1; } if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})") { set $block_xss 1; } if ($block_xss = 1) { return 403; } |
We gathered these rules from several sources around the net so they are not original but it’s handy to have them all in one place with both the Apache and Nginx versions.