Thursday, October 17, 2019

Connect to RDS through EC2 on local mysql workbench

If you are connecting AWS RDS through EC2 instance from mysql workbench on your local using method 'Standard TCP/IP over SSH' as you do not want to open mysql port 3306 globally. You have opened 3306 port of RDS for EC2 instance only as it should be connected from EC2 only.

 You first connect to EC2 using ssh (key file) and then EC2 makes connection to RDS. This is quite common approach to access RDS database on local.

But in this approach you may get error
Failed to Connect to MySQL at 3306 through SSH tunnel at with user
"Lost connection to MySQL server at 'reading initial communication packet, system error: 0"



The reason behind this error, ssh config is not allowing tcp forwarding. You need to make it allowed.
Open file /etc/ssh/sshd_config and check attribute 'AllowTcpForwarding'. The value is set to no that;s why you are getting the error.
The value should be Yes for the parameter.
AllowTcpForwarding Yes
Now after changing value, restart ssh and try to connect again from mysql workbench. The connection should be made successfully.

apache2 - Block multiple ips for one of the hosted website on CentOS / Ubuntu

If you have hosted multiple websites on apache of your linux server by adding multiple virtual hosts, there may be certain requirement that you do not want a particular website should be opned by any specific IP. Here is the way to block a website for a IP.

Solution : 1
Create an .htaccess file in document root of your website or if the file exists already, add following lines in the file.
deny from 181.39.xx.xxx
deny from 134.249.xx.x
deny from 112.193.xxx.xxx
Deny from 45.40.xxx.xx
deny from 103.21.xxx.xx
or block a complete IP range by
deny from 181.39.0.0/16
It will block IP range from 181.39.0.0 to 181.39.255.255

Solution : 2
If you want to block IPs by apache configuration.
Create a file /etc/apache2/conf-available/ipblack.conf
Add following content in it.
<Location />
deny from 181.39.xx.xxx
deny from 134.249.xx.x
deny from 112.193.xxx.xxx
Deny from 45.40.xxx.xx
</Location>
Now add the line in virtualhost of your website
Include conf-available/ipblack.conf
Reload apache.
These IPs will not be able to open your site anymore. They will get 403 forbidden error.