A few weeks ago, a guide explaining how to install AWStats on FreeBSD was released here in adminbyaccident.com. On that piece a basic install of AWStats is shown, however, a nice and important functionality of AWStats is missing. Knowing the location of visitors is a matter of interest, for the sake of it or because you need to know who prefers whatever you’re selling on your … [Read more...]
How to install AWStats on FreeBSD 13.0
AWStats is a very powerful and useful software allowing webmasters count the visits to their managed websites. The tool is basically coded in Perl and it was a very popular choice before Google made it way easy when they launched their Google Analytics tool. However, nowadays not everyone is using Google Analytics services and even it may be difficult to make use of it for … [Read more...]
How to configure Modsecurity 3 for WordPress on FreeBSD
A few weeks ago I wrote a guide on how to install Modsecurity 3 on Apache HTTP for the FreeBSD operating system. However there’s a catch with that setting and with Modsecurity in general. As good as it is as a WAF you need to at least adjust its configuration to the tool one pretends to protect. Leaving it on without adjustments is, one a Royal pain in the ass, and second poor … [Read more...]
How to configure Apache HTTP with a TLS reverse proxy backend on FreeBSD
A few weeks ago I published a how to guide to configure Apache HTTP as a reverse proxy. On that ocasion I was following what the average guide on the internet does on Linux. A front end server with Apache HTTP on calls a backend server where the real site is sitting. Many backend calls through a proxy are still performed via plain HTTP. When considering the security landscape, … [Read more...]
How to detect a WAF – Web Application Firewall
From a penetration testing perspective to identify if a Web Application Firewall (WAF) is in place is essential. The next question is, does an administrator need to know this? My view is, anyone who is in charge of any system that has implemented some sort of WAF needs to verify this tool is working, at least on a very basic basis. Many organizations have placed this kind of … [Read more...]