IIS7 SNI Rewrite – Howto

Problem

Windows XP Users with IE8 are unable to connect to your Server Name Indication (SNI) enabled Amazon CloudFront distribution.

Solution

Do not rewrite URLs to CloudFront if the user agent indicates a system that does not support SNI.

Example (IIS 7)

Be sure to have the URL Rewrite module installed

URL Rewrite rule precondition . . . → Read More: IIS7 SNI Rewrite – Howto

iis7 insert rewrite rule web.config

To insert a rewrite rule in to a web.config for deployment purposes you need to modify Web.Release.Config

Example <system.webServer> <rewrite xdt:Transform=”Insert”> <outboundRules> <rule name=”Add Cross Origin Access”> <match serverVariable=”RESPONSE_Access_Control_Allow_Origin” pattern=”.*” /> <conditions> <add input=”{REQUEST_URI}” pattern=”.*\.(ttf|otf|eot|woff|svg)\?*.*$” /> </conditions> <action type=”Rewrite” value=”*”/> </rule> </outboundRules> </rewrite> </system.webServer>

Cloudfront IIS7 CORS Fix

Problem

You keep getting Control Allow Origin errors on fonts that are pulling from your CloudFront CDN

Solution

You need to make changes at CloudFront and your IIS 7 Server

CloudFront Changes

Modify the origin behaviors:

Navigate to the CloudFront Distributions Panel Select your Distribution Click Behaviors Tab Select Behavior from list items Click Edit . . . → Read More: Cloudfront IIS7 CORS Fix

EC2 ELB Godaddy Cert

Adding Godaddy Cert to EC2 ELB Setup AWS Command Line Interface

Setup instructions are found here: http://aws.amazon.com/cli/

Define your files and run these commands: # define these crtdomain=”example.com” crtchain=”gd_bundle.crt” echo “converting to pem format” openssl rsa -in ${crtdomain}.key -out aws-${crtdomain}.key openssl x509 -in ${crtdomain}.crt -out aws-${crtdomain}.crt -outform PEM echo “uploading certificate ${crtdomain} to Amazon” aws . . . → Read More: EC2 ELB Godaddy Cert

logstash filters for ssh attempts

Description

Logstash filters for ssh brute for, sudo auth failures, or failed login attempts

Filters grok { type => “syslog” patterns_dir => ["/opt/logstash/patterns"] pattern => [ "%{SYSLOGLINE}" ] } grep { type => “syslog” drop => false match => [ "@message", "([fF]ailed|[fF]ailure).*password|authentication.*failure|incorrect.password” ] add_tag => [ "auth_failure" ] } grep { type => “syslog” drop . . . → Read More: logstash filters for ssh attempts

Logstash Logrotate Howto

Problems

I was facing two problems with my Logstash setup

Logstash service constantly required manual restarts (no longer indexing, hanging process) Local log files were filling up my root partition Symptom

Logstash failed to:

Index events in the queue Trim its own logs =) Cause Indexing

I’m not sure why it was failing to index. . . . → Read More: Logstash Logrotate Howto

git copy remote branch

git copy remote branch

Copy remote master branch to remote QA branch in git git push origin –delete QA git push origin master:QA Copy remote master branch to remote production branch in git git push origin –delete production git push origin master:production

Creating Hard Links in Windows

Background

The NTFS file system implemented in NT4, Windows 2000, Windows XP, Windows XP64, and Windows7 supports a facility known as hard links (referred to herein as Hardlinks). Hardlinks provide the ability to keep a single copy of a file yet have it appear in multiple folders (directories). They can be created with the POSIX . . . → Read More: Creating Hard Links in Windows

comcast throttling workaround

Recently I noticed Comcast was throttling my usenet connection. The solution? Use a nonstandard encrypted usenet port (ex: 443) if your service provider permits it.