Thursday, October 17, 2019

apache2 - Block multiple ips for one of the hosted website on CentOS / Ubuntu

If you have hosted multiple websites on apache of your linux server by adding multiple virtual hosts, there may be certain requirement that you do not want a particular website should be opned by any specific IP. Here is the way to block a website for a IP.

Solution : 1
Create an .htaccess file in document root of your website or if the file exists already, add following lines in the file.
deny from 181.39.xx.xxx
deny from 134.249.xx.x
deny from 112.193.xxx.xxx
Deny from 45.40.xxx.xx
deny from 103.21.xxx.xx
or block a complete IP range by
deny from 181.39.0.0/16
It will block IP range from 181.39.0.0 to 181.39.255.255

Solution : 2
If you want to block IPs by apache configuration.
Create a file /etc/apache2/conf-available/ipblack.conf
Add following content in it.
<Location />
deny from 181.39.xx.xxx
deny from 134.249.xx.x
deny from 112.193.xxx.xxx
Deny from 45.40.xxx.xx
</Location>
Now add the line in virtualhost of your website
Include conf-available/ipblack.conf
Reload apache.
These IPs will not be able to open your site anymore. They will get 403 forbidden error.

Monday, September 2, 2019

Apache Django - Site is https but api, media, static and internal urls in http

You have configured your django application in Apache as https but when you open the web page in browser, still it shows internal urls like media static and API urls in http. You are using internal urls as absolute urls and you have configured https in all required places in settings.py but still no luck. Here is solution for you.

Solution :
You need to make sure apache forwards the client's request scheme as https for Django. You need to add the following line in your virtualhost.
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS}

Restart Apache.

If you are using nginx and you are facing same issue, you need to add similar line in your virtualhost in nginx configuration file.

proxy_set_header X-Forwarded-Proto $scheme;
Restart Nginx.
Now load the web page. All internal urls should be opened as https.

gitlab Error - execute[semodule -i /opt/gitlab/embedded/selinux/rhel/7/gitlab-7.2.0-ssh-keygen.pp] (gitlab::selinux line 20) had an error: Errno::ENOENT: No such file or directory - semodule


While configuring gitlab if you get the above error, it means either the module semodule ( /usr/sbin/semodule) does not exist or the way you are configuring gitlab  does have access to execute the file /usr/sbin/semodule.
Are you using any cron or shell script to configure gitlab?
Because if you are configuring gitlab on terminal by user root, it is not possible you get this error if no respective module is corrupted.

Error executing action `run` on resource 'execute[semodule -i /opt/gitlab/embedded/selinux/rhel/7/gitlab-7.2.0-ssh-keygen.pp]'
Solution :
gitlab has its own bin directory where it has all the necessary executable files.
Default Path of the directory is /opt/gitlab/bin. (You can find this path in gitlab configuration file i.e. /etc/gitlab/gitlab.rb)
Make a soft link for the file.
sudo ln -s /usr/sbin/semodule /opt/gitlab/bin

Now configure gitlab using same methid, you should not get the error.