Skip to main content

Posts

How to Strengthening Nginx Security and Website Security Headers with SSL?

Using a SSL certificate that doesn't mean you are secure, but there is a lot more to Strengthening Web Site Security. Whilst most people are happy with just having their site running under SSL after successfully figuring out how certbot and Let’s Encrypt works. Strengthening Web Site Security is very easy as it only requires you to set up what is called a Content Security Policy (CSP). What a Content Security Policy does is tell a browser what external resources can be loaded within your site without being regarded and Non-Secure Origins. It’s an essential part of good security especially when it comes to SSL. But Strengthening Web Site Security does not stop there as there are additional server headers that need to be implemented to prevent cross browser sniffing, people loading parts of your site with a frame in their site and what is called an XSS header which prevents cross scripting attacks from browsers and then also a strict transport security header call
Recent posts

How to Produce Postfix MTA logfile summary using Pflogsumm on CWP?

Pflogsumm is a log analyzer/summarizer for the Postfix MTA. It is designed to provide an over-view of Postfix activity, with just enough detail to give the administrator a "heads up" for potential trouble spots. Pflogsumm generates summaries and, in some cases, detailed reports of mail server traffic volumes, rejected and bounced email, and server warnings, errors and panics. CentOS 7: # yum -y install postfix-perl-scripts Generate Log Summary # perl /usr/sbin/pflogsumm -d yesterday /var/log/maillog # perl /usr/sbin/pflogsumm -d today /var/log/maillog Generate Log Once a Day and Received via Mail # crontab -e 0 0 * * * perl /usr/sbin/pflogsumm -e -d yesterday /var/log/mail.log | mail -s 'Logwatch for Postfix' admin@awsmonster.com

How to Configure Postfix SMTP Relay on CWP CentOS 7 with Relay Provider ?

You can configure your Postfix  to send email via relay using SASL authentication. Simple Authentication and Security Layer (SASL) is a standard authentication framework supported by many services including Postfix. Make sure the SASL authentication framework, and mailx are all installed. # yum -y install cyrus-sasl-plain mailx In /etc/postfix/main.cf , Add the following lines #Relay smtp_sasl_security_options = noanonymous smtp_sender_dependent_authentication = yes sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd header_size_limit = 4096000 In /etc/postfix/sender_relay , add domain that must go through a relay. @glorency.com smtp-relay.rubel.com:587 In /etc/postfix/sasl_passwd , provide credentials that listed in /etc/postfix/sender_relay. smtp-relay.rubel.com:587 admin@glorency.com:3Ba4password0nrTg Don't forget the following commands. # postmap sas

How to Remove Sensitive Data from Postfix Headers ?

E-mail header contain some sensitive information. I’ll show you how to remove that information from the Postfix headers. note: some email clients will mark your email as spam if your header doesn’t contain an IP address. It is also very important to keep header details for your analysis. If any user started to spamming or compromised , then we must need header for analysis. So we will remove only our client private network details. We are assuming that postfix is already up and running and will make below changes. Step:1 Edit ‘/etc/postfix/main.cf’ file header_checks = regexp:/etc/postfix/header_checks Step:2 Append the below line in ‘/etc/postfix/header_checks’ [at the bottom] /^Received:/ IGNORE Step:3 Run postmap to apply the new configuration in /etc/postfix/header_checks [root@server1 ~]# postmap /etc/postfix/header_checks Step:4 Restart or Reload the postfix server [root@server1 ~]# systemctl restart postfix [root@server1 ~]# postfix reload Details: htt

How to Block (Virus) Extensions on Postfix Mail Server ?

It's very important to block virus extension on Postfix mail server. Using  mime_header_checks directive on Postfix , we can block some specific extension to protection our mail server from spamming. So we are going to block some dangerous extension for Postfix users . Login as the root, enter: # vi /etc/postfix/main.cf Use mime_header_checks postfix config directive, enter: mime_header_checks = regexp:/etc/postfix/block_attachments Save and close the file. Open /etc/postfix/block_attachments file and append code as follows: /name=[^>]*\.(bat|com|dll|vbs|exe|pdf|zip)/ REJECT Save and close the file. You must restart or reload postfix: # /etc/init.d/postfix reload Watch log file:  You should see rejected mail log in /var/log/maillog file: # tail -f /var/log/maillog

MaxIOPS Block Storage VPS : Start Your Free Trial for 5 Months, Promo Code: AQX767

Today I’ll introduce with you a VPS server provider which is the best at its price and performance wise also. They are providing World's fastest cloud server as well as Private Cloud with MaxIOPS block storage services. Start Your Free Trial for 5 Months, Use Promo Code: AQX767 Sign Up Link All cloud servers are deployed on enterprise-grade hardware. Together with Upcloud in-house developed software and proprietary MaxIOPS storage technology, you will get industry-leading performance at all times. Cloud servers are deployed in less than 45 seconds . With incredibly fast boot times, you will get up and running within minutes. Yes  Upcloud  , as the VPS provider it includes DDOS protection, Pure SSD and obviously Fair Usage i.e. no issue in the peak time (safe from noisy neighbors). I am using two VMs on Upcloud and Migrated from AWS & Azure . Azure Linux instance is very slow to rebbot . Also Linode took more time to reboot the VMs . I was very frustrated th

How to Configure Browser Caching for Nginx?

The first time you visit a domain, these files are downloaded and stored in the browser’s cache. On subsequent visits, the browser can serve the local versions instead of downloading the files again. This enables the web page to load much faster as it only needs to retrieve the data that has changed since the last visit. It offers a much better experience for users and is the reason Google’s PageSpeed Insights recommends that it be implemented. You will add a small piece of code that will tell browsers to store CSS, JavaScript, images, and PDF files in their cache for a period of seven days or max. Insert the following snippet inside the server block directly after the previous code for Gzip compression: # vi /home/admin/conf/web/mail.datahead.biz.nginx.ssl.conf location ~* ^.+\.(3gp|gif|bmp|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|woff|ttf|svg|eot|sh)$ { expires max; ad

How to enable GZIP compression to increase PageSpeed Score for Nginx?

Gzip is a popular compression algorithm and format on the web. Gzip requires browser support, but you don’t have to worry because most popular browsers have support for it. Although Instructions to enable Gzip varies with different web servers, they are still very similar.  Here’s how Gzip works with Nginx: Now add the following Code to your Nginx Configuration file or you can add it to your vhost domain # Compression gzip gzip on; gzip_vary on; gzip_comp_level 6; gzip_min_length 512; gzip_buffers 8 64k; gzip_types application/atom+xml application/javascript application/x-javascript application/json application/ld+json application/manifest+json application/xml+rss application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/png image/svg+xml image/x-icon image/gif image/jpeg text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc