Let me start about Why...
Why
Since most people agree that the most effective way of blocking Ip's is by using a solution like iptables. So with that in mind why would i wanna block such a huge list directly in Apache. As a maintainer of servers and after investigating "unwanted traffic" trying to do all kinds of things that the online service isnt made for i started looking for a solution to stop that once and for all....
So in the past 2 years i identified all/most possible networks that produce "unwanted traffic".
These networks have no use on the online service at all and are bassicly bad for the environment when u look at all the energy and resources that they consume!
So in my attempt to remove all the power from these services i made a list of all worldwide hosting addresses and bussines connections that are outside of the targetted area from the online service (which means all business connections unless they are inside 2 targetted countries and all hosting addresses).
This resulted in almost 300k subnets which after combining the subnets resulted in almost 290k subnets left that i wanna block.
When using this list in a solution like iptables it would also block updating services so to prevent this it's better to use apache since it will then only affect apache and nothing else on this server, protecting an entire server is not inside the scope of this question.
Possible solutions
Adding the subnets to .htaccess (Don't rlly wanna go there since this will make apache reload the list on every request)
Using
RewriteEngine on
RewriteMap hosts-deny "txt:/path/to/hosts.deny"
RewriteCond "${hosts-deny:%{REMOTE_ADDR}|NOT-FOUND}" "!=NOT-FOUND" [OR]
RewriteCond "${hosts-deny:%{REMOTE_HOST}|NOT-FOUND}" "!=NOT-FOUND"
RewriteRule "^" "-" [F]
Works very well when using single addresses but converting 300k subnets to individual addresses doens't look very appealing to me, so unless this can be transformed to work with subnets this isn't going to work either.
Using expressions
RewriteCond expr "-R '12.345.678.90/28'"
This works untill i try to add more then 1 subnet, i think it goes wrong with RequireAll, RequireAny, RequireNone or the location it is placed.
Hopefully someone can shed a light on this and guide me towards the right way of implementing my solution.
I started learning Openldap 2.4, but I faced some concepts that I couldn’t understand well based on official administration guide. So I’m addressing those questions to the community in hope to find some good explanations.
The first question is what the difference between backbends and databases in Openldap? Also in documentation I found something very confusing, for example in the backbends section, I tried to create an ldap backend with those instructions.
database ldap
suffix "dc=suretecsystems,dc=com"
rootdn "cn=slapd-ldap"
uri ldap://localhost/ ldap://remotehost ldap://remotehost2
After altering my configuration directory, I found olcDatabase={1}ldap.ldif file created in cn=config folder, and no back-ldap module has been created.
Another question, is about multiple databases definition in Openldap server, if I created two databases (for example an hdb and mdb database). How a query from Ldap client is handled by the server? The data are fetched from the both databases defined with an specific order, or there is a way to chooses which database we want to interact with?
And finally, why in official administration guide we still find slapd.conf configuration style while it is deprecated? Is there any updated guide?
Thanks!!
I am currently migrating my website from Apache to nginx, but my .htaccess file is not working. My website is inside the /usr/share/nginx/html/mywebsite folder. How can I use .htaccess in my nginx server?
This is my .htaccess file:
RewriteEngine on
RewriteRule video/watch/([a-zA-Z0-9_#$*-]+)/?$ "videos-single.php?id=$1" [NC]
Nginx doesn't support .htaccess (see here: "You can’t do this. You shouldn’t. If you need .htaccess, you’re probably doing it wrong.").
You've two choices (as I know):
import your .htaccess to nginx.conf (maybe the htaccess to nginx converter helps you)
use authd-htpasswd (I didn't try it)
Disclosure: I am the author of htaccess for nginx, which is now open source software.
Over the past years, I created a plugin which implements htaccess behaviour into nginx, especially things like RewriteRule, Allow and Deny, which can be crucial for web security. The plugin is used in my own productive environments without a problem.
I totally share the point of efficiency and speed in nginx, and why they didn't implement htaccess.
However, think about it. You cannot make it worse if you're using nginx plus htaccess. You still keep the great performance of nginx, plus you can drive your legacy appliances effortlessly on one webserver.
This is not supported officially in nginx. If you need this kind of functionality you will need to use Apache or some other http server which supports it.
That said, the official nginx reasoning is flawed because it conflates what users want to do with the way it is done. For example, nginx could easily check the directories only every 10 seconds / minute or so, or it could use inotify and similar mechanisms. This would avoid the need to check it on every request... But knowing that doesn't help you. :)
You could get around this limitation by writing a script that would wait for nginx config files to appear and then copy them to /etc/nginx/conf.d/. However there might be some security implications - as there is no native support for .htaccess in nginx, there is also no support for limiting allowed configuration directives in config files. YMMV.
Using the config file is one option, but the cool thing about the .htaccess file is that it provided a way for a web developer to have some control over server settings without having root access to the server. There doesn't seem to be anything like this on nginx which is a real bummer.
I understand how the way it's setup on apache slows down response times, but hoped there could be an nginx way to do the same thing without the performance hit... At least a way to do rewrites with regex on urls if nothing else.
"Is there no nginx way to do bulk redirects using regular expressions that doesn't slow down response times."
Just edit your database with myphpmyadmin.
Open myphpmyadmin select your database then find your "yourprefix_Posts" table.
Open it then click the "Search" tab, then "Find and Replace".
Select "post_content" in the dropdown
In the "Find" field, type URL you want to change: "website.com/oldURL".
In the "Replace" field, type the new URL: "website.com/newURL".
(To use regular expression, tick the "Regular Expression" box.)
NOTE: You can test this out by simply leaving the "Replace" field blank.
ALWAYS BACKUP database before making changes. This might sound scary but its really not. Its super simple and can be used to quickly replace just about anbything.
We are using apache directory studio to connect to LDAP
Actually We are in development phase of our application, so as part of preparing LDAP schema, we need one attribute value syntax to be json, so for that do I get directly "Json" under syntaxes or how?
Please let me know, thanks in advance
Like Dave said.
And although you did not mention which LDAP server, but regardless any attribute with a Syntax of binary should work too.
-jim
I tried the example provided by the Apache Solr package.
I was trying to create a new data collection for my own schema and configurations.
There how should I start running Solr? When I was running the example, there was a start.jar in example directory to start it. Will the same jar work for my case?
If not, how to create a executable for it?
The first line on the solr install page says : "Solr already includes a working demo server in the example directory that you may use as a template" . http://wiki.apache.org/solr/SolrInstall#Setup .
Even if the recomended server is tomcat i have a feeling jetty will work just as well for you. Having the index production ready is more about knowing your fields and query patterns really well, as well as optimising the index through the schema and config for speed according to those patterns