Tag Archives: apache2

Securing TLS

Leave a reply

A StackExchange question on using HAProxy’s capture feature to pass data from TCP mode to HTTP mode prompted me to update my SSL configuration. This was intended to get an A+ rating from SSL Labs by sending non-SNI capable clients to a server with weaker ciphers. This was to enable clients on WinXP/IE8, Java 6, and an old Android version to connect. I found a solution without having to have two sets of ciphers and handling traffic in both the TCP mode and HTTP mode. I then optimized my settings to a minimal list of cipher specifications.
Continue reading

Disabling SSLv3 to block Poodle

Leave a reply

The new Poodle vulnerability lead me to disable SSLv3 on my Ubuntu server. I have TLS/SSL enabled on three services: apache2, exim4, and dovecot2. Each service required a different method to disable SSLv3.

Ubuntu uses configuration files split into small pieces. The method should apply to other distributions, although the configuration files may be arranged differently. Continue reading

Analog with Report Magic and Logwrangler

Leave a reply

I am now using Report Magic for Analog with my Analog installation.  My last attempt had failed miserably, but this time it went extremely well.  I found Logwrangler which does a lot of the work.  I encountered an incompatibility between Report Magic and an updated graphics library.  Once the patch was applied the program ran well.  All that was left was tuning the report layout and the interaction with Logwrangler. Continue reading

Analog for Multiple Sites

Leave a reply

Analog is a fast and flexible web log analysis tool.  Its configuration can consist of several files nested using include statements.  This allows common configuration items to be grouped in separate files.  The minimal site specific configuration items can be contained in small include files.  Similarly, time period specific include files allow for reports by time period to be easily configured.  Each report then requires a configuration file, which includes a few other files.

I have reviewed and updated my previous documentation for analog.  This site is hosted on a new server, and I needed to setup analog for the new server.  I also made changes to the list of virtual sites being hosted.  I generate report sets for each site as well as an overview report for all sites.  Each report set includes reports for covering the latest week, month, and year of data.  Continue reading