A few weeks ago I published a how to guide to configure Apache HTTP as a reverse proxy. On that ocasion I was following what the average guide on the internet does on Linux. A front end server with Apache HTTP on calls a backend server where the real site is sitting. Many backend calls through a proxy are still performed via plain HTTP. When considering the security landscape, … [Read more...]
How to detect a WAF – Web Application Firewall
From a penetration testing perspective to identify if a Web Application Firewall (WAF) is in place is essential. The next question is, does an administrator need to know this? My view is, anyone who is in charge of any system that has implemented some sort of WAF needs to verify this tool is working, at least on a very basic basis. Many organizations have placed this kind of … [Read more...]
How to install Matomo 4 on FreeBSD
Why would anyone need to install Matomo 4 on FreeBSD? Because you’re the admin of a website, or a few of them, and you want/need to count the visitors, how long do the stay looking at the content and some other fancy stuff. This is what Matomo does. But it also does this without you needing Google Analytics, one of the most used platforms, meaning there’s no need to share … [Read more...]
How to test SSL/TLS configurations
If you are in charge of any site with SSL/TLS conenctions enabled you are always in the chase to get the best possible and most secure configuration. This isn’t always the case and the lack of time does take its toll on many administrators. Those individuals are always asked to do more with less and sometimes what they are asked to do is simply ridiculous. Automation can help … [Read more...]
How to configure Apache HTTP as a reverse proxy on FreeBSD
Apache HTTP as a reverse proxy consists on setting an Apache HTTP server as a frontal access for one or multiple backend servers. In the recent years many have started using NGINX as a reverse proxy since this piece of software really shines for serving static content an acting as a cache server. This doesn’t mean Apache HTTP can’t act as such. For quite a few years now, the … [Read more...]