Security testing with Google's ratproxy

Ratproxy is a passive web application security assessment tool released by Google. Basically you set it up as a proxy server between yourself and the target site, and then click around in the target site doing whatever it is you normally do, while ratproxy analyzes your activity in the background and looks for security holes. ...

September 24, 2010 · 6 min · Dave Perrett

Passing IPs to apache with nginx proxy

When you use nginx to proxy to apache , apache picks up the IP address of your nginx proxy as the client. A consequence of this is that apache log files, and any application running on the apache backend, will all receive the same IP address (for example 127.0.0.1 if apache and nginx are running the same server). Luckily, nginx provides a HTTP X-Forwarded-For header containing the clients real IP address, although apache doesn’t pick it up by default. To allow apache to recognize the original client IP, we need to install the mod_rpaf module. On ubuntu, this is as simple as installing a package : ...

August 10, 2009 · 2 min · Dave Perrett

Styling Apache directory listings with mod_autoindex

Index-Style is a set of html, css and image files designed to work together with the mod_autoindex module to make the default Apache file listings look a little nicer. The UI design is based almost entirely on the great work done by the guys at Repos-Style, although the code itself is largely done from scratch (as mod_autoindex doesn’t support XSLT). ...

December 29, 2008 · 2 min · Dave Perrett

Phusion Passenger PassengerMaxPoolSize is ignored

I’ve been wondering for a while why Phusion Passenger seems to completely ignore the PassengerMaxPoolSize, PassengerMaxInstancesPerApp and PassengerPoolIdleTime directives. I recently discovered that they don’t work inside VirtualHost blocks in apache config. The old (non-working) config was something like : ...

December 22, 2008 · 1 min · Dave Perrett