Tag Archives: Open source

Securing HTTP Methods in AWS ALB

Leave a reply

Many times people would just open all traffic on ALB and pass it on to the application. This is a security issue. If you want to just allow GET, HEAD and OPTIONS .. and not others like POST or DELETE to your site, it is better to do that in the Application Load Balancer’s Listener Rules.

Here I am using the Cloudformation template ( YAML ) to block everything with a HTTP code 405 on the Default actions and then adding a Custom rule to allow only GET , HEAD and OPTIONS . 

   HTTPSListener:
    Type: 'AWS::ElasticLoadBalancingV2::Listener' 
    Properties:
      Certificates:
        - CertificateArn: !Ref SSLARN
      SslPolicy: ELBSecurityPolicy-TLS-1-2-2017-01
      DefaultActions:
        - Type: fixed-response
          FixedResponseConfig:
            StatusCode: 405
            ContentType: "text/plain"
            MessageBody: "Invalid Request."
      LoadBalancerArn: !Ref LoadBalancer
      Port: 443
      Protocol: HTTPS
  HTTPSFilter1:
    Type: AWS::ElasticLoadBalancingV2::ListenerRule
    Properties:
      Actions:
        - Type: forward
          TargetGroupArn: !Ref TargetGrp
      Conditions:
        - Field: http-request-method
          HttpRequestMethodConfig:
            Values:
              - GET
              - HEAD
              - OPTIONS
      ListenerArn: !Ref HTTPSListener
      Priority: 1

You could do the same in the UI, by going to EC2 -> Loadbalancers. Select your ALB, then go to Listeners tab, click on view/edit rules. Then add rules accordingly. Remember to change the default rule to Deny all.

HTTPS in RHEL and PHP in less than 5 minutes !

Leave a reply

Enabling HTTPS will give your application an added layer of security. The SSL layer will encrypt all communication that happens between the customer’s browser and your application. In this article, I am not describing things in detail about each security option. This is good enough to get started in most of the cases.

Login to Redhat Linux as user root and run the below commands to install apache ( with ssl support ) and PHP version 5. 

#yum install httpd mod_ssl openssl php5
#service httpd restart

You should be able access your server via HTTPS now using the browser like https://yourservername.domain/application/login.php . You are now using a self signed certificate for the server. Your browsers might warn you about this , but it is safe to accept it and continue.

If your server was using HTTP only and you recently upgraded it to HTTPS, Here’s a quick and dirty method in PHP to detect if your users are still using HTTP and redirect them to HTTPS. All you need to do is include this code in the start of your php file.

< ?php
$loginURL="https://yourserver/application/login.php" ;
if($_SERVER['HTTPS']){
echo <<<REDIRECT
Redirecting to ... $loginURL 
<script>
window.location($loginURL);
</script>
REDIRECT;
}
?>

As you see, a little time spent can go great lengths towards securing your website and applications. Feel free to comment. πŸ™‚

MySQL Database : Quick & Easy Backup / Restore

1 Reply

MySQL is a great Open Source Software that is easy to setup and manage. It is available for both Windows and Unix/Linux Operating Systems ( and many others) . If you are using MySQL, here is a quick and easy way to backup and restore your MySQL databases.

This time, we are going to discuss about backup and restore using command line utilities. If you want a GUI to do this, you might as well read about the famous MySQL web administration tool, phpMyAdmin. For me, both are useful and I use them as per my convenience. This article assumes that you have shell access to MySQL server or at least remote access using mysql client from your computer to a MySQL DB Server.

Backing up the DB
We could use the mysqldump command like the one below :

For a full backup of all DBs :

 $ mysqldump  --all-databases > backup.sql

Creating backup of a single DB:

 $ mysqldump  my_db_name > backup.sql

This will create a text file with all data and structure of the DB. Remember, this is a quick and dirty way to do this, there are many options available to this command.

Creating backup of a single DB and using your password to login :

 $ mysqldump  --password=mypassword my_db_name > backup.sql

For more examples and available options, run the command man mysqldump. You may also need to encrypt the backup.sql for security.

Restoring the DB
Restoring also is pretty easy. We could use the mysql command like the one below :

Run this command from where the backup.sql file is stored.

 $ mysql my_db_name < backup .sql

Side Note : If you have shell access, you could add a cron job for running the backup command on every night or so. :)

wget & shell scripting for automated downloads

2 Replies

GNU Logo - OpenSouceMy friend Leo came up with this interesting problem. He found a site where a lot of religious videos are hosted for free and he wanted to download them all. The problem is, that the site has a navigation system and you need to click 3 times to go to download page of each video. Considering that the site has about 400 videos to download, this seemed a huge task.

I knew that wget can be used for downloading files from web sites. Checking the download links of 2-3 videos revealed that the videos are stored in a particular folder (http://webserver/folder/ ) inside the webserver. The video links were all like : 1.avi , 2.avi, 3.avi and so on. Then it was all just a matter of minutes to write a small shell script. Here is the code :

#!/bin/bash
counter=0
while (($counter < 450 ));
do
echo Downloading Video $counter..
wget http://webserver/folder/$counter.avi
let counter++
done

echo "Done !"

I saved it as download.sh in my Ubuntu Linux machine and ran it using the below command.
rajesh@ubuntubox:~$ ./download.sh

The script took it's time downloading files one after one .We could do parallel downloads, but that will cause trouble for the web site admins, we are nice people you know πŸ™‚ . Open Source saves the day !

Side Note: if you are using windows, you could probably use cygwin to do this in windows. This script is not perfect, but this did the job for us. One can easily use this as a base for developing it further for other tasks.

Loving Ubuntu !

1 Reply

Installed latest Ubuntu 10.04 on my laptop. For those who don’t know, Ubuntu is a Linux Operating System just like Windows or more than that.

Check out the features of this new version here : http://www.ubuntu.com/desktop/features

In my experience, installation took approximately 20 minutes, asking only 7 very basic questions to me. It includes a few great enhancements to enrich your computer experience.

  • Wireless configuration was a breeze. It found my home wireless automatically and prompted for password. That’s all. I am online withing a few seconds. πŸ™‚ πŸ™‚
  • Software Center application provides access to 32000+ free/open source applications that are ready to be downloaded and installed with a single click. Yes, a single click is all you need. πŸ™‚
  • It contains an update manager that could update all my software including the Operating System with one click. I do not have to keep on downloading security updates, firefox, openoffice or chrome seperately. this cute little application lists all updates in one place where I can click “Update” and it does the rest.

You do not need to partition or install the software to see how it looks. You can experience the Ubuntu magic just by booting from the CD. Try it, and if you like it, join the revolution. πŸ™‚