Jan 302013
 

When you run a webserver behind a reverse proxy or HTTP accelerator such as Varnish, the webserver access logs will display the IP of the proxy (generally 127.0.0.1) instead of the end user’s IP.
This is a problem when you have a software like webalizer, awstats or similar log file analysis program, because you lose one of the most important information: “Who is the requestor of a page ?”, also having all the access coming from the same IP (127.0.0.1) you lose information such as “what’s the browsing pattern of visitors ?” “Is someone trying to do something Nasty ?”

In this small how-to I’ll show how to put this information back on your Nginx log files in 2 different ways.

Continue reading »

flattr this!

Mar 222012
 

This is an article of mine, first published on Wazi
You can read the first part here

In this article we’ll see how apply BPF filters to wireshark to show the details of an HTTP session, an e-mail session and how to monitor who is visiting a certain site from our local network.
Finally I will make a summary of the most useful filters to use with Wireshark.

Here’s another classic example – an HTTP session. As before, start Wireshark and start capturing the traffic from the interface that goes out. Today, most HTTP traffic is compressed to speed up the exchange of information, so by default Wireshark decompresses the body part of HTTP packets. You can click on Edit -> Preferences -> Protocols -> HTTP and verify that “Uncompress entity bodies” is checked.
Continue reading »

flattr this!

Feb 152012
 

Today I want to just give you a pill, but I’m sure that even if is short this article will save a lot of time to someone who, like me, has this requirement.
Having a machine with Linux and various IP (which can be IPv4 and / or ipv6) and a Squid Proxy Server configure your browser to use that proxy on one of these IP and go out from that server with the same IP and not with the default ip .

This can be useful if you have services that require 1 specific IP to be allowed, or if you want to give the proxy server to different people and still be able to trace what they do.
To achieve this we’ll use the ACL, Squid has very good ACL’s (Access Control Lists) built into the squid.conf file, allowing you to lock down or control the access by names, IP’s, networks, time of day, actual day. Remember however that like every firewall the more complicated an ACL is, the slower Squid will be to respond to requests. Continue reading »

flattr this!