Discussion
Loading...

#Tag

  • About
  • Code of conduct
  • Privacy
  • Users
  • Instances
  • About Bonfire
jbz
@jbz@indieweb.social  ·  activity timestamp last week

The Apache Software Foundation Unveils New Oak Leaf Logo
https://linuxiac.com/the-apache-software-foundation-unveils-new-oak-leaf-logo/

#apache #opensource #asf

  • Copy link
  • Flag this post
  • Block
Emelia 👸🏻
Emelia 👸🏻 boosted
JesseBot
@jessebot@social.smallhack.org  ·  activity timestamp 3 weeks ago

Does anyone know of a public set of ModSecurity exceptions for the fediverse/ActivityPub I can take a look at? I'm setting it up for GoToSocial and Mastodon now and manually doing this is pain.

Update, @cloudymax and I started a plugin here:
https://github.com/small-hack/argocd-apps/blob/2b7995c6fae5ecbb3944c6c6f4b139d98b76e67f/ingress-nginx/modsecurity_plugins_configmap.yaml#L177

Still happy to collaborate on it, but also wanted to note there was a mention a year ago about making an ActivityPub plugin over at the OWASP CRS repo, so maybe we could donate to that if its ever created:
https://github.com/coreruleset/coreruleset/issues/3497#issuecomment-1902181156

#WAF #modsecurity #nginx #apache #firewall #webApplicationFirewall #mastodon #gotosocial #activitypub

  • Copy link
  • Flag this post
  • Block
JesseBot
@jessebot@social.smallhack.org  ·  activity timestamp 3 weeks ago

Does anyone know of a public set of ModSecurity exceptions for the fediverse/ActivityPub I can take a look at? I'm setting it up for GoToSocial and Mastodon now and manually doing this is pain.

Update, @cloudymax and I started a plugin here:
https://github.com/small-hack/argocd-apps/blob/2b7995c6fae5ecbb3944c6c6f4b139d98b76e67f/ingress-nginx/modsecurity_plugins_configmap.yaml#L177

Still happy to collaborate on it, but also wanted to note there was a mention a year ago about making an ActivityPub plugin over at the OWASP CRS repo, so maybe we could donate to that if its ever created:
https://github.com/coreruleset/coreruleset/issues/3497#issuecomment-1902181156

#WAF #modsecurity #nginx #apache #firewall #webApplicationFirewall #mastodon #gotosocial #activitypub

  • Copy link
  • Flag this post
  • Block
scribe
@scribe@mastodon.sdf.org  ·  activity timestamp 2 months ago

A recent apache update broke a bunch of nginx-based sites this morning. If you're getting a 421 error, you'll need to add some proxy_ssl config to nginx's setup quickly.

https://support.plesk.com/hc/en-us/articles/33500191748887-Websites-hosted-in-Plesk-are-not-accessible-after-a-recent-Apache-update-421-Misdirected-Request

#nginx #apache #linux #421

  • Copy link
  • Flag this post
  • Block
Stefano Marinelli
Stefano Marinelli boosted
Stefan Eissing
@icing@chaos.social  ·  activity timestamp 2 months ago

A detailed description of CVE-2025-53020, a DoS vulnerability in the HTTP/2 implementation of Apache httpd. Fixed in 2.4.64.
#apache #httpd #http2

https://github.com/icing/blog/blob/main/hpack-bombing-apache.md

  • Copy link
  • Flag this post
  • Block
Stefan Eissing
@icing@chaos.social  ·  activity timestamp 2 months ago

A detailed description of CVE-2025-53020, a DoS vulnerability in the HTTP/2 implementation of Apache httpd. Fixed in 2.4.64.
#apache #httpd #http2

https://github.com/icing/blog/blob/main/hpack-bombing-apache.md

  • Copy link
  • Flag this post
  • Block
Felix Palmen :freebsd: :c64:
@zirias@mastodon.bsd.cafe  ·  activity timestamp 5 months ago

So, there we are: #swad has its second credentials checker module, using #password #files, partially #apache #htpasswd compatible (only #bcrypt, using #OpenBSD's code). 🥳

https://github.com/Zirias/swad/commit/385bc5286c607c7220067844c37bc5eb6cb6c18c

#C #coding

  • Copy link
  • Flag this post
  • Block
Felix Palmen :freebsd: :c64:
@zirias@mastodon.bsd.cafe  ·  activity timestamp 5 months ago

I need some advise: Is there a good portable and free (really free, not GPL!) #implementation of #bcrypt in #C around?

There's #OpenBSD source I could use, but integrating that would probably be quite a hassle...

Background: I want to start creating a second credential checker for #swad using files. And it probably makes sense to support a sane subset of #Apache's #htpasswd format here. Looking at the docs:
https://httpd.apache.org/docs/current/misc/password_encryptions.html
... the "sane subset" seems to be just bcrypt. MAYBE also this apache-specific flavor of "iterated" MD5, although that sounds a bit fishy ...

  • Copy link
  • Flag this post
  • Block
Elena Rossini on GoToSocial ⁂
@elena@aseachange.com  ·  activity timestamp 5 months ago

This #GoToSocial account has become a step-by-step tutorial in how to self-host the publishing platform #Ghost (and troubleshoot issues) 😆

If you're not interested in my messages on the subject, I will be using a new hashtag #EleSelfHostsGhost so you can just mute it.

I'm a little late to the party because everything is now set-up and running smoothly:
✅ I manually installed Ghost on my Ubuntu VPS
✅ I imported all the old posts and media: https://news.elenarossini.com
✅ I installed #Apache to use #Varnish cache and changed the cache's maxAge so that a bit of traffic wouldn't overwhelm my VPS
✅ I published and shared on Mastodon a new blog post: https://news.elenarossini.com/what-im-up-to-march-april-2025-edition/ Thanks to Varnish and the maxAge cache tweak, the VPS withstood the "Mastodon stampede" (the post had made it to Explore!)

So far so good.

👹 but when I tried to send that blog post as a newsletter to just 210 people, #Mailgun immediately flagged me as a spammer and froze my account 😱

It took about 48 hours of back-and-forth emails with the Mailgun team to convince them I'm not a spammer and to get my account reinstated.

Now, why am I sharing all this?

In case you are also tempted to self-host Ghost, I found that the official Ghost - Mailgun documentation has little information available. But I discovered this super helpful post in the Ghost Forums and I will be trying this tweak to see if it makes a difference:

https://forum.ghost.org/t/unable-to-send-newsletter-with-correct-mailgun-api-keys/34186/6

And yes, I'm aware that if you sign up for my newsletter you will get an email with a warning "this message failed the domain authentication" (or something along these lines). Problem is, when I implemented a tweak, changing config settings, the alert went away but I saw a spike in activity in my Dashboard, as if I had sent 600 emails (I did not). For now I can live with the warning.

I appreciate Ghost's new implementation of a spam filter because around the same time I got really suspicious signups originating from the same domain.

Anyway after I change all this I will try to send once again my blog post as a newsletter.

Special thanks to my parents for looking after my little one so I can do all this while she's on a school vacation ❤️

  • Copy link
  • Flag this post
  • Block
Log in

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances
Bonfire social · 1.0.0-rc.2.21 no JS en
Automatic federation enabled
  • Explore
  • About
  • Members
  • Code of Conduct
Home
Login