A recent apache update broke a bunch of nginx-based sites this morning. If you're getting a 421 error, you'll need to add some proxy_ssl config to nginx's setup quickly.
Stefano Marinelli
boosted
A detailed description of CVE-2025-53020, a DoS vulnerability in the HTTP/2 implementation of Apache httpd. Fixed in 2.4.64.
#apache #httpd #http2
https://github.com/icing/blog/blob/main/hpack-bombing-apache.md
A detailed description of CVE-2025-53020, a DoS vulnerability in the HTTP/2 implementation of Apache httpd. Fixed in 2.4.64.
#apache #httpd #http2
https://github.com/icing/blog/blob/main/hpack-bombing-apache.md
I need some advise: Is there a good portable and free (really free, not GPL!) #implementation of #bcrypt in #C around?
There's #OpenBSD source I could use, but integrating that would probably be quite a hassle...
Background: I want to start creating a second credential checker for #swad using files. And it probably makes sense to support a sane subset of #Apache's #htpasswd format here. Looking at the docs:
https://httpd.apache.org/docs/current/misc/password_encryptions.html
... the "sane subset" seems to be just bcrypt. MAYBE also this apache-specific flavor of "iterated" MD5, although that sounds a bit fishy ...
This #GoToSocial account has become a step-by-step tutorial in how to self-host the publishing platform #Ghost (and troubleshoot issues) 😆
If you're not interested in my messages on the subject, I will be using a new hashtag #EleSelfHostsGhost so you can just mute it.
I'm a little late to the party because everything is now set-up and running smoothly:
✅ I manually installed Ghost on my Ubuntu VPS
✅ I imported all the old posts and media: https://news.elenarossini.com
✅ I installed #Apache to use #Varnish cache and changed the cache's maxAge so that a bit of traffic wouldn't overwhelm my VPS
✅ I published and shared on Mastodon a new blog post: https://news.elenarossini.com/what-im-up-to-march-april-2025-edition/ Thanks to Varnish and the maxAge cache tweak, the VPS withstood the "Mastodon stampede" (the post had made it to Explore!)
So far so good.
👹 but when I tried to send that blog post as a newsletter to just 210 people, #Mailgun immediately flagged me as a spammer and froze my account 😱
It took about 48 hours of back-and-forth emails with the Mailgun team to convince them I'm not a spammer and to get my account reinstated.
Now, why am I sharing all this?
In case you are also tempted to self-host Ghost, I found that the official Ghost - Mailgun documentation has little information available. But I discovered this super helpful post in the Ghost Forums and I will be trying this tweak to see if it makes a difference:
https://forum.ghost.org/t/unable-to-send-newsletter-with-correct-mailgun-api-keys/34186/6
And yes, I'm aware that if you sign up for my newsletter you will get an email with a warning "this message failed the domain authentication" (or something along these lines). Problem is, when I implemented a tweak, changing config settings, the alert went away but I saw a spike in activity in my Dashboard, as if I had sent 600 emails (I did not). For now I can live with the warning.
I appreciate Ghost's new implementation of a spam filter because around the same time I got really suspicious signups originating from the same domain.
Anyway after I change all this I will try to send once again my blog post as a newsletter.
Special thanks to my parents for looking after my little one so I can do all this while she's on a school vacation ❤️