Archive for the ‘Networking’ Category

Connection Tracking Problems

Tuesday, December 22nd, 2015

A couple of years back I discovered that when a VoIP server would sporadically lose it’s registration to the upstream VoIP provider, and then in spite of re-sending those registration requests would seem completely unable to register. Sometimes when rebooting the device it would then manage to reregister but not always. (more…)

GlusterFS – migration woes

Sunday, May 17th, 2015

So I’ve got a GlusterFS cluster that is a simple 1×2 distribute-replicate with two bricks (one on each server). So I need to migrate this from one data centre to another with little or no downtime (which means move one server, perform heal, and then go and shut the other and move it too).

Unfortunately I got stuck in the middle with the moved server not wanting to talk with it’s peer again. As it turns out changing the IPs is … hard. Fortunately I used Private (RFC1819) IP addresses in the original setup on a dedicated cable between the two servers.

Denial of Service

Thursday, April 2nd, 2015

Denial of Service attacks is a very vague term for a group of attacks that causes a service to be denied to legitimate users. Obviously when you host your website publicly you want it to be available – so having it taken down by some hacker is highly annoying. And I’m not referring to only websites, there are many other types of applications and services out there that can be “taken down”, or to which “service can be denied”.

Using php-fpm and mod_proxy_fcgi to optimize and secure LAMP servers

Wednesday, January 16th, 2013

So up until now I’ve been using mpm_itk or mpm_peruser – both with advantages and disadvantages in an attempt to secure web content. Both of these is essentially a forking mpm, kills Keepalive to a greater or lesser extent, and almost as important – neither is supported by mainline apache (so you’re on you own). Personally I prefer mpm_worker (or more recently mpm_event) since it’s threaded, and I find that it uses less resources (in terms of memory mostly). A lot of movement has also been happening with respect to FastCGI and the advantages are very good, both in terms of security and reliability (in theory).