Spheromak/sysctl-cookbook. Pf Firewall for FreeBSD, OpenBSD. Home RSS Search March 31, 2014 FreeBSD and OpenBSD ( pf.conf ) The default firewall for OpenBSD as of v3.0 is called "packet filter" or more commonly referred to as pf. Pf is a BSD licensed stateful packet filter written by Daniel Hartmeier. History of PF PF was originally designed as replacement for Darren Reed's IPFilter, from which it derives much of its rule syntax. Pf is an extremely powerful firewall. For the purposes of this "how to" we will be working with the latest version of OpenBSD v5.1 stable (GENERIC kernel).
Pf for FreeBSD or OpenBSD ? Below you will find two scroll-able text boxes. FreeBSD 9.1 and 10 CURRENT pf.conf (OpenBSD v4.6 and earlier) Network Tuning and Performance Guide. Home RSS Search November 12, 2013 Many of today's desktop systems and servers come with on board gigabit network controllers. After some simple speeds tests you will soon find out that you are not be able to transfer data over the network much faster than you did with a 100MB link. There are many factors which affect network performance including hardware, operating systems and network stack options. The purpose of this page is to explain how you can achieve up to 930 megabits per second transfer rates over a gigabit link using OpenBSD as a firewall or transparent bridge.
It is important to remember that you can not expect to reach gigabit speeds using slow hardware or an unoptimized firewall rule set. Hardware No matter what operating system you choose, the machine you run on will determine the theoretical speed limit you can expect to achieve. WebPagetest - Website Performance and Optimization Test. Nginx Secure SSL Web Server. Home RSS Search April 07, 2014 with HTTP, HTTPS SSL and Reverse Proxy Examples Nginx is a secure, fast and efficient web server.
It can be configured to serve out files or be a reverse proxy depending on your application. What makes this web server different from Apache, Lighttpd or thttpd is the overall efficiency of the daemon, the number of configuration options and how easy it is to setup. Nginx ("engine x") is a high-performance HTTP server and reverse proxy server. Security methodology behind our configuration In the following example we are going to setup some web servers to serve out web pages to explain the basics. The security mindset of the configuration is very paranoid. Webserver Optimization and Bandwidth Saving Tips. Home RSS Search March 03, 2013 Running a webserver can be a rewarding experience and also a trial in patience.
You want to serve out all your pages and pictures, but you only have a finite amount of bandwidth to do so. if you overload your connection client visiting your server will think it is slow and unresponsive. You need to setup your server in the most efficient way possible to get the most visits you can and give your visitors a positive experience. The following are tips on reducing the load on your webserver, speeding up the serving pages and stopping unwanted and abusive traffic. Data Compression Data compression is the process of encoding information using fewer bits (or other information-bearing units) than an un-encoded representation would use through use of specific encoding schemes. Apache and lighttpd both have the mod_compress module.
Guide to Webserver SSL Certificates. Home RSS Search July 15, 2013 Welcome.
The purpose of this guide is to clearly explain the reasons you may want to use a Secure Socket Layer (SSL) certificate on your webserver. While researching SSL certificates for use on our site we were constantly bombarded by useless marketing nonsense. What we really needed was a single page with clear and concise facts. Why would one buy a SSL certificate ? The primary reason for using a SSL certificate is to encrypt traffic between your webserver and the client with a "trusted" key verified by an independent third party.
HTTP Strict Transport Security. HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e.
HTTP layered over TLS/SSL[1]). HSTS is an IETF standards track protocol and is specified in RFC 6797. The HSTS Policy[2] is communicated by the server to the user agent via a HTTP response header field named "Strict-Transport-Security". HSTS Policy specifies a period of time during which the user agent shall access the server in only secure fashion. Specification history[edit] The HSTS specification was published as RFC 6797 on 19 November 2012 after being approved on 2 October 2012 by the IESG for publication as a Proposed Standard RFC.[3] The authors originally submitted it as an Internet-Draft on 17 June 2010. The last so-called "community version" of the then-named "STS" specification was published on 18 December 2009, with revisions based on community feedback.[5]
Web Server Abuse Detection Script. Home RSS Search November 22, 2013 What is considered web server abuse ?
Commonly, abuse of a web site is anything which the web site designer sees as unwanted requests, scanning or otherwise causing the server to act in a way the server was not designed. The more paranoid server admins see ip addresses that cause errors in general to also be abusive. The reason is a client request of a resource that does not exist is wasted time and possibly a security problem.
A good example of abuse is unwanted penetration scanning. It is important to remember that not all requests are abusive, but they are wasteful. Another topic considered abusive are clients who generate many errors and are misconfigured or just broke.