Category: web

nginx IP rules beyond DDoS guard

I use ngx_http_access_module‘s allow/deny directives to protect sensitive parts of my websites from public access. But if a website is protected by CloudFlare, or same-scheme DDoS protection/CDN provider, your nginx will get only CloudFlare’s IPs, so your blocking (or any another IP-based, e.g. GeoIP) rules will not work. This HOWTO is written for CloudFlare. P.S.

Continue Reading…

squid PAM authentication trick FreeBSD

PAM authentication is best for using on small (up to 10 users) squid installation. It is easy-to-use and does not even need recompilation from source, required helper ships with standard configuration (and in package, of course). You just need to add users to your system. But it hides a little trick: aside of configuring it

Continue Reading…

COMPLETELY disable SSLv3 in nginx (avoiding POODLE attack)

Since SSLv3 is deprecated, it’s a good idea to disable it in webserver config to become invulnerable to POODLE attack (sorry, Windows XP users). The problem is, even if you disable it in config, it may be still available for negotiation! Follow the article to see the remedy for this issue. The main part is

Continue Reading…

php-fpm memory usage quick optimization

The majority of php-fpm installations provide small personal sites (like this) and hosted on DigitalOcean-like VPS machines, which are, mostly, not very powerful. Anyway, it’s a good idea to tune the application server config to optimize server load (RAM, in this case). The main idea is to change the pm = dynamic option in /etc/php-fpm.d/

Continue Reading…

Categories: web