30

Sep/18

Manually Setting Up Webserver Time Trial

Overview In this day and age, setting up a server is a non event with cloud computing. I am currently behind in setting things up manually and scripts rather than using a tool. I have dabbled in Vagrant and Chef. … Continue reading

4

Jun/18

Securing HAProxy Headers

Overview https://securityheaders.io will give a score of how well placed the HTTP headers are on a site ranging from A+ to F (not sure what the R rating is for). Headers are a powerful meta (invisible to the naked eye) … Continue reading

15

Apr/13

Apache Error: Invalid method in request /x16/x03/x01

The error relates to the SSL certificates defined in one of the site configuration. In my case the certificates were missing from the server so the error appear on the webpage when any users tried to access the page.

24

Oct/12

Apache 2 Error “(98)Address already in use”

Overview I performed a reboot of my server running Apache 2 with SSL and found the sites were not loading when it came back up. Once the server was backup I assumed Apache had already started but none of the … Continue reading

26

Jun/11

Apache 2 Hardening Tips

Below are some of the tricks I use or found useful to try to mitigate unwanted attention. Whilst this is not a definitive guide these are simple quick things that can be done. This was written for Ubuntu but it … Continue reading

21

Jun/11

Invalid Command ‘Header’

Another error and same problem as last time: the module was not loaded! Invalid command ‘Header’, perhaps misspelled or defined by a module not included in the server configuration $sudo a2enmod headers to enable the headers module $sudo service apache2 … Continue reading

21

Jun/11

Invalid Command ‘ExpiresActive’

I recently got the error message below when I was trying to reload Apache: Invalid command ‘ExpiresActive’, perhaps misspelled or defined by a module not included in the server configuration …fail! To fix it ensure the “expires” module is loaded: … Continue reading

15

May/11

Web Server Basic Authentication = Weak

I’d like to point out that I knew Basic Authentication in web servers were not bullet proof but in fact the total opposite (pointed out in the energy@home documents). This was hammered home when I was inspired to do some … Continue reading