Computing

When fail2ban just won’t match… check the time and time zone.

I was trying to set up a fail2ban jail for wordpress inside a FreeBSD jail, but I just couldn’t get the rules to match.  The fail2ban instance was running on the host machine, checking a log inside the jail.  Turns out the time zone in the jail was incorrect, and fail2ban was not matching log

When fail2ban just won’t match… check the time and time zone. Read More »

Apple Internet Recovery and Transparent Proxies

If you are running a transparent HTTP proxy on your network, you may have trouble with running Internet Recovery and Apple Hardware Test on Macs that support it.  You’ll see a “-4403D” or “-4403F” error.  For some reason, Apple’s servers return a 403 when they see the “via” header that many proxy servers send.  Here’s

Apple Internet Recovery and Transparent Proxies Read More »

Squid: Bypass redirector for specific URL

Often times, in your Squid proxy, you may have a redirector configured – such as SquidGuard: redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squid/squidGuard.conf I ran into a problem tonight with my Roku box where SquidGuard was seeing Roku’s NetFlix access as a security threat.  So, to make Squid bypass the redirector, add an ACL and a redirector-access rule:

Squid: Bypass redirector for specific URL Read More »

Squid Proxy: Make Outgoing Headers Anonymous

By default, Squid sends HTTP headers on every request that can give away information about your internal network. Here’s an example of these headers: HTTP_VIA:1.1 proxyserver.local (squid/3.1.16) HTTP_X_FORWARDED_FOR:192.168.0.123 That’s three pieces of information you may not want to give away: The host name of your proxy server, the version of Squid it’s running, and the

Squid Proxy: Make Outgoing Headers Anonymous Read More »