0
Posted by alex on Jan 20th, 2011

I found two simple way to disable fastcgi for a particular virtual host.

You can have full fastcgi.server for each vhost where you want to allow fastcgi, but this isn't very efficient because it will fork a lot of useless php/perl process. And that'll make a messy configuration.

The first way is to disable all fcgi for a vhost. It is possible by adding the following snippet inside the vhost (the $HTTP["host"] == "domain.td" {} block):

static-file.exclude-extensions = ()
fastcgi.server = ()
fastcgi.map-extensions = ()

The second way, and most likely the best way since you can have per-fcgi control, is to match on the file name by adding this snippet in the vhost configuration:

$HTTP["url"] =~ ".php$" {
	static-file.exclude-extensions = ()
	fastcgi.server = ()
}

 

The last method I tried was using a UUID to declare the fcgi, and then map it to its extension. The main problem with this, it's that if your client see your configuration file somehow, he will be able to run a script by renaming it to the UUID.

First, use a UUID instead of an extension to declare your fcgi servers:

fastcgi.server = ( "034343-43423423-php-342423" => ((
		"max-procs" => 1,
		"bin-path" => "/usr/bin/php-cgi",
		"bin-environment" => (
		"PHP_FCGI_CHILDREN" => "3",
		"PHP_FCGI_MAX_REQUESTS" => "250"
		),
		"socket" => "/tmp/php.socket"
	)),
	"034343-43423423-ruby-342423" => ((
		"max-procs" =>; 1,
		"bin-path" => "/usr/bin/custom-fcgi",
		"bin-copy-environment" => ("LANG", "TERM"),
		"socket" => "/tmp/ruby.socket"
	))
)
fastcgi.map-extensions = (".php" => "034343-php-342423", ".rb" => "034343-ruby-342423" )

And then redeclare the map-extensions inside the vhost configuration according to what you want to allow:
Eg, to disable php:

fastcgi.map-extensions = (".rb" => "034343-43423423-ruby-342423" )

 

I hope that one of those methods will help you!

0 comment
1
Posted by alex on Jan 20th, 2011

I was not able to find a simple way to use wp-super-cache with lighttpd, some were using 100 lines lua script and the others were unreliable at best. After an hour of fiddling, I came with the following configuration.

What it does:

  • It serves a cache file only if the user is not logged in.
  • If no cache exists, the 404 handler loads index.php which will either find the correct page (and generate missing cache), or return a true 404.
  • It does not mess with /wp-admin or /wp-content or any file that exists outside the cache.

In green are the values that you will have to edit

$HTTP["host"] == "blog.alexou.net" {
	server.document-root = "/var/www/wordpress"
	server.error-handler-404 = "index.php"
	$HTTP["cookie"] !~ "^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$" {
		url.rewrite-once = ( "^/wp-admin(.*)(?:\?(.*))?$" => "wp-admin$1?$2" )
		url.rewrite-if-not-file = ("^/([^\?]*)$" => "wp-content/cache/supercache/blog.alexou.net/$1" )
	}
}

Note: You need lighttpd >= 1.4.24 because earlier versions do not have rewrite-if-not-file.

Read more...
1 comment
2
Posted by alex on Jan 9th, 2011

Edit: For those who have Windows 7 Home or Starter read here to enable the Group Policy Editor.

When you deal with a lot of applications/drivers installations (sys admin?), that retarded warning gets a bit annoying to say the least.

YES I DID CLICK THAT FILE, WHY DO YOU ASK ME, AGAIN? Open it already. I know you care about my security dear microsoft software engineer, but i'll manage it from here, mk?

Sure, one could uncheck the checkbox, but the checkbox applies only to the specific file being executed, not all exes.

Enough blah blah, here's the fix:

Fire up the group policy editor (Run -> gpedit.msc) .

And go to User -> Admin Templates -> Windows Components -> Attachment Manager -> Inclusion list for low risk file types.

Click Enable and add .exe;.msi to the list. (See picture)

Read more...
2 comments
0
Posted by alex on Aug 17th, 2010

{ Government, Google, Banks, Telcos }: Well if you have nothing to hide you wouldn't mind if I check all your data?

Me: Having nothing to hide does not mean having something to share. I'm doing nothing illegal. But I hide it anyway. That's called privacy.

People working for the government (Police, Politician) should have no privacy AT ALL while on duty. Citizens should have a right to privacy.

The idea that if "I do nothing wrong, I won't mind being watched" assumes that the government is full of good people that will not abuse their power, ever. Anything taken out of context can appear wrong. Can you assure me that nobody with power will never watch me for their own profit? No business competitor? No mad ex wife? No policemen trying to cover its own mistakes? You will never be at the wrong place at the wrong time? Can you assure me that something will never be made illegal? If sex outside wedlock is made illegal, would you still be happy to have all that footage of you raping these thai prostitutes?

Every information about a citizen should be his own property. Sadly, in our world, major corporations and government are above the law.

Just because I'm paranoid doesn't mean that they're not out to get you.

0 comment
Go to Top