Re: Looking for a way to deal with unwanted HTTP requests using mod_perl

On Fri, Sep 30, 2016 at 01:26:30AM +, Alceu R. de Freitas Jr. wrote: > I may be a little bit late... but isn't this something already handled by > mod_security? > > mod_security is no longer in the ports tree Chris

Re: 6.0-stable panic

On 2016-09-29, mxb wrote: > Unfortunately, this is a remote, IPMI machine - no kbd while it is in ddb Many machines with IPMI do give you keyboard in ddb. It may be worth disabling usb3 in bios. Not certain if it will help but maybe. Or switch to serial-over-lan instead

Re: Looking for a way to deal with unwanted HTTP requests using mod_perl

I may be a little bit late... but isn't this something already handled by mod_security? De: Murk Fletcher Para: Daniel Ouellet Cc: misc@openbsd.org Enviadas: Quinta-feira, 29 de Setembro de 2016 20:57 Assunto: Re: Looking for a way to

Re: Looking for a way to deal with unwanted HTTP requests using mod_perl

rack-attack itself is very small, and its configuration is minimal. Use it if you have a Ruby-based web app and want to add that extra layer of protection to it that pf can't provide. On Fri, Sep 30, 2016 at 1:30 AM, Daniel Ouellet wrote: > On 9/29/16 7:20 PM, Murk Fletcher

Re: Looking for a way to deal with unwanted HTTP requests using mod_perl

On 9/29/16 7:20 PM, Murk Fletcher wrote: > There's Kickstarter's Rack::Attack if you're willing to "upgrade" to ie. > Ruby on Rails: > > https://github.com/kickstarter/rack-attack > > I find this quite nice along with those pf bruteforce tables mentioned > earlier. Sure I guess you can, but

Re: Looking for a way to deal with unwanted HTTP requests using mod_perl

There's Kickstarter's Rack::Attack if you're willing to "upgrade" to ie. Ruby on Rails: https://github.com/kickstarter/rack-attack I find this quite nice along with those pf bruteforce tables mentioned earlier. Murk On Fri, Sep 30, 2016 at 12:54 AM, Daniel Ouellet wrote:

Re: Looking for a way to deal with unwanted HTTP requests using mod_perl

> I don't think bruteforce will be helpful in my case. I do occasionally > get bruteforce attacks, but not very often. > What I usually get are identical attacks of a certain set of variations > of URLs from one IP address. A little later the same thing from another > IP, then another, etc. > >

rc.d script with functions won't run

Hi, I got this startup script for my app: https://gist.github.com/anonymous/c0339b1dae3eeff3a461b8787824838b where I'm trying to contain stuff in functions so I can go about stuff more easily, but in debugging I see these functions can't be found. Anybody know? Thanks! Murk F.

Re: Forget mod_perl. I'm going to try to move to FastCGI and base http

I gave a talk about moving from mod_perl to Plack and FastCGI at the local perlmonger group. It was fairly straight forward and there are a fair number of options on the CPAN, although I'm unsure which have ports. http://cvs.afresh1.com/~andrew/talks/cgi_to_psgi_pdx_pm/ There is also some

Forget mod_perl. I'm going to try to move to FastCGI and base http

Thanks to stu@, he's informed me that mod_perl is a big problem for OpenBSD modernising its Perl forward. So I'm going to try and move to FastCGI. I can't find any info online about transition from mod_perl to FastCGI, so I'll have to work that out myself. Any useful links would be appreciated.

reply-to/dup-to/route-to hostdecl detailed explannation

Dear PF users and coders, If someone strictly follow the BNF of pf.conf man pages (thansk for the great doc guys) the declaration after route-to would be able to be (ifX:someting)@ifY. It does not make much sense as the first part would be a gateway if i understood well enough. Maybe the :peer

Re: unbound and truly multihomed setup

Tried to play around with ports nsd/unbound listens on? //Мэксб > On 29 sep. 2016, at 09:48, Gregory Edigarov wrote: > > Hi, > > Need an advice. > > I have a bgp router with 3 interfaces: > > em0 (xxx.yyy,zzz.1/24), > em1, em2 - looking at uplinks > > bgp is up and running,

Re: 6.0-stable panic

Yet another one with “rcctl stop relayd”. Same or similar trace. Unfortunately, this is a remote, IPMI machine - no kbd while it is in ddb (supermicro branded java crap). And also in production. It gets stuck in “sync disk” and no reboot after (don’t drop to ddb is ON on this machine). Nor have I

Re: Looking for a way to deal with unwanted HTTP requests using mod_perl

On Sep 28, 2016, at 10:04 PM, Chris Bennett wrote: > > I don't think bruteforce will be helpful in my case. I do occasionally > get bruteforce attacks, but not very often. > What I usually get are identical attacks of a certain set of variations > of URLs from

OpenVPN + OpenBSD6.0 (i386 and Mip64) latency and jitter in Openvpn TCP Bridged mode

Hi Lads, I was testing out the openvpn port package and openbsd 6.0 and I found that while the tunnels are very stable, there is considerable jitter when sending small packets / small pings across the tunnel, while if I used large packets the latency was much more in line with network

Re: Looking for a way to deal with unwanted HTTP requests using mod_perl

On 2016-09-28, Chris Bennett wrote: > I am not sure what is appropriate, given netiqette and practicality for > my server. I am sick of thousands of identical requests in my error log, > plus I want to be able to look over my logs easily to find any real >

Re: tfdpd doesn't deliver pxeboot file

On 2016-09-28, Peer Janssen wrote: > # tftpd -d /tftpboot > > tftpd: 192.168.0.81: read request for 'pxeboot' > tftpd: 192.168.0.81: read request for 'pxeboot' > tftpd: 192.168.0.81: read request for 'pxeboot' > tftpd: 192.168.0.81: read request for 'pxeboot' > tftpd: 192.168.0.81:

Re: unbound and truly multihomed setup

Hi Craig, On 29.09.16 13:28, Craig Skinner wrote: Hi Gregory, On Thu, 29 Sep 2016 10:48:37 +0300 Gregory Edigarov wrote: em0 (xxx.yyy,zzz.1/24), em1, em2 - looking at uplinks ... outgoing-interface: 0.0.0.0 Removing the outgoing-interface line would probably resolve it. Adding

Re: unbound and truly multihomed setup

Hi Gregory, On Thu, 29 Sep 2016 10:48:37 +0300 Gregory Edigarov wrote: > em0 (xxx.yyy,zzz.1/24), > em1, em2 - looking at uplinks > ... > > outgoing-interface: 0.0.0.0 Removing the outgoing-interface line would probably resolve it. Adding this private-addres line might help too:

Re: Opinion about pflog

On Wed, Sep 28, 2016 at 02:36:10PM -0600, Theo de Raadt wrote: > > So, *binary* logs. Sounds familiar to me. And then: > > Your type of person seems familiar to be me. Undeducated *check* > opinioned *check* Contrasting authoritatively without any education > to back it up *check* > > pflog

Re: PPPoE and VDSL2 with a real /29

On 29/09/2016 02:28, Joe Holden wrote: You can achieve full sized frames via pppoe in that case, mtu 1508 on the re interface facing the modem, mtu 1500 in the pppoe config. Will negate the need for nasty scrubbing which doesn't always prevent problems anyway. awesome, now set as per the man

Re: unbound and truly multihomed setup

corrected unbound.conf snippet, just to be sure I am properly understood On 29.09.16 10:48, Gregory Edigarov wrote: Hi, Need an advice. I have a bgp router with 3 interfaces: em0 (xxx.yyy,zzz.1/24), em1, em2 - looking at uplinks bgp is up and running, packets are forwarded just fine. also

unbound and truly multihomed setup

Hi, Need an advice. I have a bgp router with 3 interfaces: em0 (xxx.yyy,zzz.1/24), em1, em2 - looking at uplinks bgp is up and running, packets are forwarded just fine. also there is nsd, listening on both em1,em2 serving my reverse zone. so far everything works. now I want this host also