Security

When fail2ban just won’t match… check the time and time zone.

I was trying to set up a fail2ban jail for wordpress inside a FreeBSD jail, but I just couldn’t get the rules to match.  The fail2ban instance was running on the host machine, checking a log inside the jail.  Turns out the time zone in the jail was incorrect, and fail2ban was not matching log …

When fail2ban just won’t match… check the time and time zone. Read More »

Apple Internet Recovery and Transparent Proxies

If you are running a transparent HTTP proxy on your network, you may have trouble with running Internet Recovery and Apple Hardware Test on Macs that support it.  You’ll see a “-4403D” or “-4403F” error.  For some reason, Apple’s servers return a 403 when they see the “via” header that many proxy servers send.  Here’s …

Apple Internet Recovery and Transparent Proxies Read More »

Squid Proxy: Make Outgoing Headers Anonymous

By default, Squid sends HTTP headers on every request that can give away information about your internal network. Here’s an example of these headers: HTTP_VIA:1.1 proxyserver.local (squid/3.1.16) HTTP_X_FORWARDED_FOR:192.168.0.123 That’s three pieces of information you may not want to give away: The host name of your proxy server, the version of Squid it’s running, and the …

Squid Proxy: Make Outgoing Headers Anonymous Read More »