I recently got this T-Shirt on Hurricane Electric’s website:
I have to add a correction to my previous article “Enabling HSTS on nginx“: You can and should enable it on http as well, so that visitors of your website offer from this additional security benefit as well – when they come back.
If you get this message, you have to change your “listen” statement from listen 18.104.22.168:80; listen [2a01:348:226:dead:beef:dead:beef:dead]:80; to listen 22.214.171.124:443; listen [2a01:348:226:dead:beef:dead:beef:dead]:443 ipv6only=on; For some add reason the first statement (without “ipv6only”) was working for me for some time… odd.
If you want to enable HSTS on your nginx webserver, this is how you do it: add_header Strict-Transport-Security “max-age=315360000; includeSubdomains”; You need to put this only on the https server, not on the http only server – it wont work on http only.
I wrote – quite some time ago about those strange DNS queries what I have seen when Chromium (with the latest version of 17.0.963.79 (Developer Build 125985 Linux) Ubuntu 11.10 as well) is running, like this one: mmxavuhjug.home.lan. I was still puzzled and wanted to know whats going on, what this is for. First problem […]
I noticed something strange lately, when Google Chrom(ium) 12.0.742.112 (90304) on my up-to-date Ubuntu 11.04 is running, it sends in 10 seconds interval always DNS queries out similar to these: 09:28:54.892711 IP linux.home.lan.52626 > ipv4gw.home.lan.domain: 55443+ AAAA? www.google.com. (32) 09:28:54.899660 IP linux.home.lan.33455 > ipv4gw.home.lan.domain: 13122+ PTR? 126.96.36.199.in-addr.arpa. (42) 09:28:54.900955 IP ipv4gw.home.lan.domain > linux.home.lan.33455: 13122* 1/0/0 […]
Just a quick tip: You have Postfix running and want to enable IPv6 for your email as well? After quite some playing around I finally got it right: inet_interfaces = 127.0.0.1, 188.8.131.52, 2a01:348:6:315::2, ::1 inet_protocols = ipv4, ipv6 This makes Postfix listen only where you actually need it to – I dont like daemons listening […]
I have to admit, I really loved Apache with ModSecurity (with the CoreRuleSet), it gave me “peace at night”. But then I noticed that this actually eats quite a lots of memory… and as a heavy TinyTinyRSS user I noticed that TTRSS is sometimes quite sluggish loading articles. So I had another look on Nginx […]
I just fixed a quite common problem what most of us have at home – the wireless signal is not that great in other places in the house. I wanted to do two things initially: Using Solwise powerline adapters, I dont want to drill in walls to install long ethernet cables. (a friend of mine pointed […]
Alec Muffett mentions in his article “The Security Backlog” that there may be another B-Sides later in the year, and we can expect a big London security conference this autumn. Thanks for linking, Alec.