From efb361a51e50920b9904d4ee6929bdd2713764d2 Mon Sep 17 00:00:00 2001 From: kurets Date: Thu, 5 Sep 2024 17:22:43 +0300 Subject: [PATCH] 1. add nginx 404 block for spammers and bots based on their user agent. 2. add HTTP basic auth (NGINX and Apache) to protect your site or selfhosted apps from those same spammers, bots and freeloaders --- ...spam-requests-with-user-agents-in-nginx.md | 24 ++++ ...s-with-http-basic-auth-nginx-and-apache.md | 55 +++++++++ .../index.html | 69 +++++++++++ .../index.html | 1 + .../index.html | 110 ++++++++++++++++++ public/articles/index.html | 2 + public/articles/index.xml | 89 ++++++++++++++ public/index.html | 22 ++-- public/index.xml | 89 ++++++++++++++ public/library/hackbook/index.xml | 89 ++++++++++++++ public/library/index.xml | 89 ++++++++++++++ public/library/ted-kaczynski/index.xml | 89 ++++++++++++++ public/sitemap.xml | 6 + public/tags/blog/index.xml | 89 ++++++++++++++ public/tags/hackbook/index.xml | 89 ++++++++++++++ public/tags/index.xml | 89 ++++++++++++++ public/tags/library/index.xml | 89 ++++++++++++++ public/tags/personal/index.xml | 89 ++++++++++++++ public/tags/ted-kaczynski/index.xml | 89 ++++++++++++++ public/tags/updates/index.xml | 89 ++++++++++++++ 20 files changed, 1346 insertions(+), 11 deletions(-) create mode 100644 content/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx.md create mode 100644 content/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache.md create mode 100644 public/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/index.html create mode 100644 public/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/index.html diff --git a/content/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx.md b/content/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx.md new file mode 100644 index 00000000..9e0d4e49 --- /dev/null +++ b/content/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx.md @@ -0,0 +1,24 @@ +--- +title: "Block and Filter Spam Requests With User-Agents in Nginx" +date: 2024-09-05T16:58:04+03:00 +draft: false +--- + +My server has been getting bussyblasted by spam requests from bots and other subhumans and I figured out a way to block them with NGINX. + +Adapt the following for your use case and simply place it in every nginx.conf that is `ln -s` linked to your `/etc/nginx/sites-enabled` (*it should be under the `listen 443` server block if you use certbot. Don't add it under `location` it should be on the same level as `listen [::]:443 ssl;`*) + +```nginx +if ($http_user_agent ~* "Amazonbot|facebookexternalhit|meta-externalagent|ClaudeBot") { + return 404; +} + +``` + +To see what kind of requests are being made you can check out the following NGINX file `/var/log/nginx/access.log`. Scroll all the way down (if you use vim `G`, for nano - `Ctrl + End`) + +I adapted this guide from this fella over here who blocked all Apple devices on his VPS, [read more](https://web.archive.org/web/20240508084213/https://swindlesmccoop.xyz/blog/blockapple.html). + +## A better alternative - Basic HTTP Authentication + +A better way of blocking unwated access to your website is to use apache2 + NGINX's basic HTTP authentication, [read my guide](/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache). diff --git a/content/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache.md b/content/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache.md new file mode 100644 index 00000000..47a39bbf --- /dev/null +++ b/content/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache.md @@ -0,0 +1,55 @@ +--- +title: "Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache" +date: 2024-09-05T17:05:07+03:00 +draft: false +--- + +Here's how to only allow authenticated users to view your websites - great way to boot freeloaders and guarantee your system's (*or your vps'*) resources for yourself. + +The guide is meant for debian but can be easily adapted to suit your needs. I assume you have followed Luke Smith's tutorial and have NGINX running with certbot for certificates. + +## Create a username and password for authentication (*or more than 1 user*) + +First: +```bash +sudo apt install apache2 +``` + +Then: + +```bash +sudo apt install apache2-utils +``` + +Create a username you wish to authenticate with the following comnmand: + +```bash +sudo htpasswd -c /etc/apache2/.htpasswd admin1 +``` + +You will be prompted to provide a password, feel free to generate a secure 32+ character one and save it in your password manager of choice. + +If you wish to create multiple other users simply remove `-c` from the command and change the name. + +```bash +sudo htpasswd /etc/apache2/.htpasswd admin2 +``` + +Then provide a new password (the same password can also work but it's more secure that way). + +## Add the `htpasswd` file to NGINX + +Navigate to the NGINX configuration file you wish to protect: + +```bash +nano /etc/nginx/sites-available/ +``` + +Add the following in the same `server` block and on the same level as `listen [::]:443 ssl;`: + +```nginx +auth_basic "Administrator’s Area"; +auth_basic_user_file /etc/apache2/.htpasswd; +``` + +Further readering [here](https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/). diff --git a/public/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/index.html b/public/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/index.html new file mode 100644 index 00000000..384bc58f --- /dev/null +++ b/public/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/index.html @@ -0,0 +1,69 @@ + + + + Block and Filter Spam Requests With User-Agents in Nginx | vodoraslo's blog + + + + + + + + + +
+ +
+

Block and Filter Spam Requests With User-Agents in Nginx

+
+
+ + + +
+ +

作成日: , 最終更新日:

+

My server has been getting bussyblasted by spam requests from bots and other subhumans and I figured out a way to block them with NGINX.

+

Adapt the following for your use case and simply place it in every nginx.conf that is ln -s linked to your /etc/nginx/sites-enabled (it should be under the listen 443 server block if you use certbot. Don’t add it under location it should be on the same level as listen [::]:443 ssl;)

+ + + +
+ + 
if ($http_user_agent ~* "Amazonbot|facebookexternalhit|meta-externalagent|ClaudeBot") {
+    return 404;
+}
+ +

To see what kind of requests are being made you can check out the following NGINX file /var/log/nginx/access.log. Scroll all the way down (if you use vim G, for nano - Ctrl + End)

+

I adapted this guide from this fella over here who blocked all Apple devices on his VPS, read more.

+

A better alternative - Basic HTTP Authentication

+

A better way of blocking unwated access to your website is to use apache2 + NGINX’s basic HTTP authentication, read my guide.

+ +
+ +
+ +
+
+ +
+
+
+
+ + + + +
+ diff --git a/public/articles/blog/neater-footnotes-in-hugo-using-the-details-html-tag/index.html b/public/articles/blog/neater-footnotes-in-hugo-using-the-details-html-tag/index.html index 0fa4ba8e..bc27581e 100644 --- a/public/articles/blog/neater-footnotes-in-hugo-using-the-details-html-tag/index.html +++ b/public/articles/blog/neater-footnotes-in-hugo-using-the-details-html-tag/index.html @@ -76,6 +76,7 @@ That is no more! I’m sick of doing it and I don’t know how I just re
Tags: [Blog] diff --git a/public/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/index.html b/public/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/index.html new file mode 100644 index 00000000..eb457fbe --- /dev/null +++ b/public/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/index.html @@ -0,0 +1,110 @@ + + + + Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache | vodoraslo's blog + + + + + + + + + +
+ +
+

Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache

+
+
+ + + +
+ +

作成日: , 最終更新日:

+

Here’s how to only allow authenticated users to view your websites - great way to boot freeloaders and guarantee your system’s (or your vps’) resources for yourself.

+

The guide is meant for debian but can be easily adapted to suit your needs. I assume you have followed Luke Smith’s tutorial and have NGINX running with certbot for certificates.

+

Create a username and password for authentication (or more than 1 user)

+

First:

+ + + +
+ + 
sudo apt install apache2
+ +

Then:

+ + + +
+ + 
sudo apt install apache2-utils
+ +

Create a username you wish to authenticate with the following comnmand:

+ + + +
+ + 
sudo htpasswd -c /etc/apache2/.htpasswd admin1
+ +

You will be prompted to provide a password, feel free to generate a secure 32+ character one and save it in your password manager of choice.

+

If you wish to create multiple other users simply remove -c from the command and change the name.

+ + + +
+ + 
sudo htpasswd /etc/apache2/.htpasswd admin2
+ +

Then provide a new password (the same password can also work but it’s more secure that way).

+

Add the htpasswd file to NGINX

+

Navigate to the NGINX configuration file you wish to protect:

+ + + +
+ + 
nano /etc/nginx/sites-available/<yourFileHere>
+ +

Add the following in the same server block and on the same level as listen [::]:443 ssl;:

+ + + +
+ + 
auth_basic           "Administrator’s Area";
+auth_basic_user_file /etc/apache2/.htpasswd;
+ +

Further readering here.

+ +
+ +
+ +
+
+ +
+
+
+
+ + + + +
+ diff --git a/public/articles/index.html b/public/articles/index.html index f6d5d7a9..938ebb5f 100644 --- a/public/articles/index.html +++ b/public/articles/index.html @@ -38,6 +38,8 @@ blog (8) hackbook (59) library (74) ted-kaczynski (15) updates (3) "/>
    +
  • Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache
    • +
  • Block and Filter Spam Requests With User-Agents in Nginx
  • Neater Footnotes in Hugo Using the <details> HTML Tag
  • Hugo: Drafts Showing in Production
  • 2024 Goals and Aspirations
    • diff --git a/public/articles/index.xml b/public/articles/index.xml index 39f211c2..a165bdbc 100644 --- a/public/articles/index.xml +++ b/public/articles/index.xml @@ -9,6 +9,95 @@ + + Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache + https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/ + Thu, 05 Sep 2024 17:05:07 +0300 + + https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/ + <p>Here&rsquo;s how to only allow authenticated users to view your websites - great way to boot freeloaders and guarantee your system&rsquo;s (<em>or your vps&rsquo;</em>) resources for yourself.</p> +<p>The guide is meant for debian but can be easily adapted to suit your needs. I assume you have followed Luke Smith&rsquo;s tutorial and have NGINX running with certbot for certificates.</p> +<h2 id="create-a-username-and-password-for-authentication-or-more-than-1-user">Create a username and password for authentication (<em>or more than 1 user</em>)</h2> +<p>First:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2</span></span></code></pre></div> + +<p>Then:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2-utils</span></span></code></pre></div> + +<p>Create a username you wish to authenticate with the following comnmand:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd -c /etc/apache2/.htpasswd admin1</span></span></code></pre></div> + +<p>You will be prompted to provide a password, feel free to generate a secure 32+ character one and save it in your password manager of choice.</p> +<p>If you wish to create multiple other users simply remove <code>-c</code> from the command and change the name.</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd /etc/apache2/.htpasswd admin2</span></span></code></pre></div> + +<p>Then provide a new password (the same password can also work but it&rsquo;s more secure that way).</p> +<h2 id="add-the-htpasswd-file-to-nginx">Add the <code>htpasswd</code> file to NGINX</h2> +<p>Navigate to the NGINX configuration file you wish to protect:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nano /etc/nginx/sites-available/&lt;yourFileHere&gt;</span></span></code></pre></div> + +<p>Add the following in the same <code>server</code> block and on the same level as <code>listen [::]:443 ssl;</code>:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">auth_basic</span> <span style="color:#98c379">&#34;Administrator’s</span> <span style="color:#98c379">Area&#34;</span>; +</span></span><span style="display:flex;"><span><span style="color:#c678dd">auth_basic_user_file</span> <span style="color:#98c379">/etc/apache2/.htpasswd</span>;</span></span></code></pre></div> + +<p>Further readering <a href="https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/">here</a>.</p> + + + + + Block and Filter Spam Requests With User-Agents in Nginx + https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/ + Thu, 05 Sep 2024 16:58:04 +0300 + + https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/ + <p>My server has been getting bussyblasted by spam requests from bots and other subhumans and I figured out a way to block them with NGINX.</p> +<p>Adapt the following for your use case and simply place it in every nginx.conf that is <code>ln -s</code> linked to your <code>/etc/nginx/sites-enabled</code> (<em>it should be under the <code>listen 443</code> server block if you use certbot. Don&rsquo;t add it under <code>location</code> it should be on the same level as <code>listen [::]:443 ssl;</code></em>)</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">if</span> <span style="color:#98c379">(</span><span style="color:#dcaeea">$http_user_agent</span> ~<span style="color:#56b6c2">*</span> <span style="color:#98c379">&#34;Amazonbot|facebookexternalhit|meta-externalagent|ClaudeBot&#34;)</span> { +</span></span><span style="display:flex;"><span> <span style="color:#c678dd">return</span> <span style="color:#d19a66">404</span>; +</span></span><span style="display:flex;"><span>}</span></span></code></pre></div> + +<p>To see what kind of requests are being made you can check out the following NGINX file <code>/var/log/nginx/access.log</code>. Scroll all the way down (if you use vim <code>G</code>, for nano - <code>Ctrl + End</code>)</p> +<p>I adapted this guide from this fella over here who blocked all Apple devices on his VPS, <a href="https://web.archive.org/web/20240508084213/https://swindlesmccoop.xyz/blog/blockapple.html">read more</a>.</p> +<h2 id="a-better-alternative---basic-http-authentication">A better alternative - Basic HTTP Authentication</h2> +<p>A better way of blocking unwated access to your website is to use apache2 + NGINX&rsquo;s basic HTTP authentication, <a href="https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache">read my guide</a>.</p> + + + Neater Footnotes in Hugo Using the <details> HTML Tag https://vodoraslo.xyz/articles/blog/neater-footnotes-in-hugo-using-the-details-html-tag/ diff --git a/public/index.html b/public/index.html index e0022ea2..f1af1c57 100644 --- a/public/index.html +++ b/public/index.html @@ -33,6 +33,17 @@

    Recent posts:

diff --git a/public/index.xml b/public/index.xml index 98d71152..be03dd79 100644 --- a/public/index.xml +++ b/public/index.xml @@ -9,6 +9,95 @@ + + Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache + https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/ + Thu, 05 Sep 2024 17:05:07 +0300 + + https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/ + <p>Here&rsquo;s how to only allow authenticated users to view your websites - great way to boot freeloaders and guarantee your system&rsquo;s (<em>or your vps&rsquo;</em>) resources for yourself.</p> +<p>The guide is meant for debian but can be easily adapted to suit your needs. I assume you have followed Luke Smith&rsquo;s tutorial and have NGINX running with certbot for certificates.</p> +<h2 id="create-a-username-and-password-for-authentication-or-more-than-1-user">Create a username and password for authentication (<em>or more than 1 user</em>)</h2> +<p>First:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2</span></span></code></pre></div> + +<p>Then:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2-utils</span></span></code></pre></div> + +<p>Create a username you wish to authenticate with the following comnmand:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd -c /etc/apache2/.htpasswd admin1</span></span></code></pre></div> + +<p>You will be prompted to provide a password, feel free to generate a secure 32+ character one and save it in your password manager of choice.</p> +<p>If you wish to create multiple other users simply remove <code>-c</code> from the command and change the name.</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd /etc/apache2/.htpasswd admin2</span></span></code></pre></div> + +<p>Then provide a new password (the same password can also work but it&rsquo;s more secure that way).</p> +<h2 id="add-the-htpasswd-file-to-nginx">Add the <code>htpasswd</code> file to NGINX</h2> +<p>Navigate to the NGINX configuration file you wish to protect:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nano /etc/nginx/sites-available/&lt;yourFileHere&gt;</span></span></code></pre></div> + +<p>Add the following in the same <code>server</code> block and on the same level as <code>listen [::]:443 ssl;</code>:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">auth_basic</span> <span style="color:#98c379">&#34;Administrator’s</span> <span style="color:#98c379">Area&#34;</span>; +</span></span><span style="display:flex;"><span><span style="color:#c678dd">auth_basic_user_file</span> <span style="color:#98c379">/etc/apache2/.htpasswd</span>;</span></span></code></pre></div> + +<p>Further readering <a href="https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/">here</a>.</p> + + + + + Block and Filter Spam Requests With User-Agents in Nginx + https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/ + Thu, 05 Sep 2024 16:58:04 +0300 + + https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/ + <p>My server has been getting bussyblasted by spam requests from bots and other subhumans and I figured out a way to block them with NGINX.</p> +<p>Adapt the following for your use case and simply place it in every nginx.conf that is <code>ln -s</code> linked to your <code>/etc/nginx/sites-enabled</code> (<em>it should be under the <code>listen 443</code> server block if you use certbot. Don&rsquo;t add it under <code>location</code> it should be on the same level as <code>listen [::]:443 ssl;</code></em>)</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">if</span> <span style="color:#98c379">(</span><span style="color:#dcaeea">$http_user_agent</span> ~<span style="color:#56b6c2">*</span> <span style="color:#98c379">&#34;Amazonbot|facebookexternalhit|meta-externalagent|ClaudeBot&#34;)</span> { +</span></span><span style="display:flex;"><span> <span style="color:#c678dd">return</span> <span style="color:#d19a66">404</span>; +</span></span><span style="display:flex;"><span>}</span></span></code></pre></div> + +<p>To see what kind of requests are being made you can check out the following NGINX file <code>/var/log/nginx/access.log</code>. Scroll all the way down (if you use vim <code>G</code>, for nano - <code>Ctrl + End</code>)</p> +<p>I adapted this guide from this fella over here who blocked all Apple devices on his VPS, <a href="https://web.archive.org/web/20240508084213/https://swindlesmccoop.xyz/blog/blockapple.html">read more</a>.</p> +<h2 id="a-better-alternative---basic-http-authentication">A better alternative - Basic HTTP Authentication</h2> +<p>A better way of blocking unwated access to your website is to use apache2 + NGINX&rsquo;s basic HTTP authentication, <a href="https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache">read my guide</a>.</p> + + + Neater Footnotes in Hugo Using the <details> HTML Tag https://vodoraslo.xyz/articles/blog/neater-footnotes-in-hugo-using-the-details-html-tag/ diff --git a/public/library/hackbook/index.xml b/public/library/hackbook/index.xml index 4ddab50a..f7fc8490 100644 --- a/public/library/hackbook/index.xml +++ b/public/library/hackbook/index.xml @@ -10,6 +10,95 @@ + + Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache + https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/ + Thu, 05 Sep 2024 17:05:07 +0300 + + https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/ + <p>Here&rsquo;s how to only allow authenticated users to view your websites - great way to boot freeloaders and guarantee your system&rsquo;s (<em>or your vps&rsquo;</em>) resources for yourself.</p> +<p>The guide is meant for debian but can be easily adapted to suit your needs. I assume you have followed Luke Smith&rsquo;s tutorial and have NGINX running with certbot for certificates.</p> +<h2 id="create-a-username-and-password-for-authentication-or-more-than-1-user">Create a username and password for authentication (<em>or more than 1 user</em>)</h2> +<p>First:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2</span></span></code></pre></div> + +<p>Then:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2-utils</span></span></code></pre></div> + +<p>Create a username you wish to authenticate with the following comnmand:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd -c /etc/apache2/.htpasswd admin1</span></span></code></pre></div> + +<p>You will be prompted to provide a password, feel free to generate a secure 32+ character one and save it in your password manager of choice.</p> +<p>If you wish to create multiple other users simply remove <code>-c</code> from the command and change the name.</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd /etc/apache2/.htpasswd admin2</span></span></code></pre></div> + +<p>Then provide a new password (the same password can also work but it&rsquo;s more secure that way).</p> +<h2 id="add-the-htpasswd-file-to-nginx">Add the <code>htpasswd</code> file to NGINX</h2> +<p>Navigate to the NGINX configuration file you wish to protect:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nano /etc/nginx/sites-available/&lt;yourFileHere&gt;</span></span></code></pre></div> + +<p>Add the following in the same <code>server</code> block and on the same level as <code>listen [::]:443 ssl;</code>:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">auth_basic</span> <span style="color:#98c379">&#34;Administrator’s</span> <span style="color:#98c379">Area&#34;</span>; +</span></span><span style="display:flex;"><span><span style="color:#c678dd">auth_basic_user_file</span> <span style="color:#98c379">/etc/apache2/.htpasswd</span>;</span></span></code></pre></div> + +<p>Further readering <a href="https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/">here</a>.</p> + + + + + Block and Filter Spam Requests With User-Agents in Nginx + https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/ + Thu, 05 Sep 2024 16:58:04 +0300 + + https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/ + <p>My server has been getting bussyblasted by spam requests from bots and other subhumans and I figured out a way to block them with NGINX.</p> +<p>Adapt the following for your use case and simply place it in every nginx.conf that is <code>ln -s</code> linked to your <code>/etc/nginx/sites-enabled</code> (<em>it should be under the <code>listen 443</code> server block if you use certbot. Don&rsquo;t add it under <code>location</code> it should be on the same level as <code>listen [::]:443 ssl;</code></em>)</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">if</span> <span style="color:#98c379">(</span><span style="color:#dcaeea">$http_user_agent</span> ~<span style="color:#56b6c2">*</span> <span style="color:#98c379">&#34;Amazonbot|facebookexternalhit|meta-externalagent|ClaudeBot&#34;)</span> { +</span></span><span style="display:flex;"><span> <span style="color:#c678dd">return</span> <span style="color:#d19a66">404</span>; +</span></span><span style="display:flex;"><span>}</span></span></code></pre></div> + +<p>To see what kind of requests are being made you can check out the following NGINX file <code>/var/log/nginx/access.log</code>. Scroll all the way down (if you use vim <code>G</code>, for nano - <code>Ctrl + End</code>)</p> +<p>I adapted this guide from this fella over here who blocked all Apple devices on his VPS, <a href="https://web.archive.org/web/20240508084213/https://swindlesmccoop.xyz/blog/blockapple.html">read more</a>.</p> +<h2 id="a-better-alternative---basic-http-authentication">A better alternative - Basic HTTP Authentication</h2> +<p>A better way of blocking unwated access to your website is to use apache2 + NGINX&rsquo;s basic HTTP authentication, <a href="https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache">read my guide</a>.</p> + + + Neater Footnotes in Hugo Using the <details> HTML Tag https://vodoraslo.xyz/articles/blog/neater-footnotes-in-hugo-using-the-details-html-tag/ diff --git a/public/library/index.xml b/public/library/index.xml index 077811af..96a838cf 100644 --- a/public/library/index.xml +++ b/public/library/index.xml @@ -9,6 +9,95 @@ + + Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache + https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/ + Thu, 05 Sep 2024 17:05:07 +0300 + + https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/ + <p>Here&rsquo;s how to only allow authenticated users to view your websites - great way to boot freeloaders and guarantee your system&rsquo;s (<em>or your vps&rsquo;</em>) resources for yourself.</p> +<p>The guide is meant for debian but can be easily adapted to suit your needs. I assume you have followed Luke Smith&rsquo;s tutorial and have NGINX running with certbot for certificates.</p> +<h2 id="create-a-username-and-password-for-authentication-or-more-than-1-user">Create a username and password for authentication (<em>or more than 1 user</em>)</h2> +<p>First:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2</span></span></code></pre></div> + +<p>Then:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2-utils</span></span></code></pre></div> + +<p>Create a username you wish to authenticate with the following comnmand:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd -c /etc/apache2/.htpasswd admin1</span></span></code></pre></div> + +<p>You will be prompted to provide a password, feel free to generate a secure 32+ character one and save it in your password manager of choice.</p> +<p>If you wish to create multiple other users simply remove <code>-c</code> from the command and change the name.</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd /etc/apache2/.htpasswd admin2</span></span></code></pre></div> + +<p>Then provide a new password (the same password can also work but it&rsquo;s more secure that way).</p> +<h2 id="add-the-htpasswd-file-to-nginx">Add the <code>htpasswd</code> file to NGINX</h2> +<p>Navigate to the NGINX configuration file you wish to protect:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nano /etc/nginx/sites-available/&lt;yourFileHere&gt;</span></span></code></pre></div> + +<p>Add the following in the same <code>server</code> block and on the same level as <code>listen [::]:443 ssl;</code>:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">auth_basic</span> <span style="color:#98c379">&#34;Administrator’s</span> <span style="color:#98c379">Area&#34;</span>; +</span></span><span style="display:flex;"><span><span style="color:#c678dd">auth_basic_user_file</span> <span style="color:#98c379">/etc/apache2/.htpasswd</span>;</span></span></code></pre></div> + +<p>Further readering <a href="https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/">here</a>.</p> + + + + + Block and Filter Spam Requests With User-Agents in Nginx + https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/ + Thu, 05 Sep 2024 16:58:04 +0300 + + https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/ + <p>My server has been getting bussyblasted by spam requests from bots and other subhumans and I figured out a way to block them with NGINX.</p> +<p>Adapt the following for your use case and simply place it in every nginx.conf that is <code>ln -s</code> linked to your <code>/etc/nginx/sites-enabled</code> (<em>it should be under the <code>listen 443</code> server block if you use certbot. Don&rsquo;t add it under <code>location</code> it should be on the same level as <code>listen [::]:443 ssl;</code></em>)</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">if</span> <span style="color:#98c379">(</span><span style="color:#dcaeea">$http_user_agent</span> ~<span style="color:#56b6c2">*</span> <span style="color:#98c379">&#34;Amazonbot|facebookexternalhit|meta-externalagent|ClaudeBot&#34;)</span> { +</span></span><span style="display:flex;"><span> <span style="color:#c678dd">return</span> <span style="color:#d19a66">404</span>; +</span></span><span style="display:flex;"><span>}</span></span></code></pre></div> + +<p>To see what kind of requests are being made you can check out the following NGINX file <code>/var/log/nginx/access.log</code>. Scroll all the way down (if you use vim <code>G</code>, for nano - <code>Ctrl + End</code>)</p> +<p>I adapted this guide from this fella over here who blocked all Apple devices on his VPS, <a href="https://web.archive.org/web/20240508084213/https://swindlesmccoop.xyz/blog/blockapple.html">read more</a>.</p> +<h2 id="a-better-alternative---basic-http-authentication">A better alternative - Basic HTTP Authentication</h2> +<p>A better way of blocking unwated access to your website is to use apache2 + NGINX&rsquo;s basic HTTP authentication, <a href="https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache">read my guide</a>.</p> + + + Neater Footnotes in Hugo Using the <details> HTML Tag https://vodoraslo.xyz/articles/blog/neater-footnotes-in-hugo-using-the-details-html-tag/ diff --git a/public/library/ted-kaczynski/index.xml b/public/library/ted-kaczynski/index.xml index 3a5b0674..844ac1a9 100644 --- a/public/library/ted-kaczynski/index.xml +++ b/public/library/ted-kaczynski/index.xml @@ -10,6 +10,95 @@ + + Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache + https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/ + Thu, 05 Sep 2024 17:05:07 +0300 + + https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/ + <p>Here&rsquo;s how to only allow authenticated users to view your websites - great way to boot freeloaders and guarantee your system&rsquo;s (<em>or your vps&rsquo;</em>) resources for yourself.</p> +<p>The guide is meant for debian but can be easily adapted to suit your needs. I assume you have followed Luke Smith&rsquo;s tutorial and have NGINX running with certbot for certificates.</p> +<h2 id="create-a-username-and-password-for-authentication-or-more-than-1-user">Create a username and password for authentication (<em>or more than 1 user</em>)</h2> +<p>First:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2</span></span></code></pre></div> + +<p>Then:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2-utils</span></span></code></pre></div> + +<p>Create a username you wish to authenticate with the following comnmand:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd -c /etc/apache2/.htpasswd admin1</span></span></code></pre></div> + +<p>You will be prompted to provide a password, feel free to generate a secure 32+ character one and save it in your password manager of choice.</p> +<p>If you wish to create multiple other users simply remove <code>-c</code> from the command and change the name.</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd /etc/apache2/.htpasswd admin2</span></span></code></pre></div> + +<p>Then provide a new password (the same password can also work but it&rsquo;s more secure that way).</p> +<h2 id="add-the-htpasswd-file-to-nginx">Add the <code>htpasswd</code> file to NGINX</h2> +<p>Navigate to the NGINX configuration file you wish to protect:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nano /etc/nginx/sites-available/&lt;yourFileHere&gt;</span></span></code></pre></div> + +<p>Add the following in the same <code>server</code> block and on the same level as <code>listen [::]:443 ssl;</code>:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">auth_basic</span> <span style="color:#98c379">&#34;Administrator’s</span> <span style="color:#98c379">Area&#34;</span>; +</span></span><span style="display:flex;"><span><span style="color:#c678dd">auth_basic_user_file</span> <span style="color:#98c379">/etc/apache2/.htpasswd</span>;</span></span></code></pre></div> + +<p>Further readering <a href="https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/">here</a>.</p> + + + + + Block and Filter Spam Requests With User-Agents in Nginx + https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/ + Thu, 05 Sep 2024 16:58:04 +0300 + + https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/ + <p>My server has been getting bussyblasted by spam requests from bots and other subhumans and I figured out a way to block them with NGINX.</p> +<p>Adapt the following for your use case and simply place it in every nginx.conf that is <code>ln -s</code> linked to your <code>/etc/nginx/sites-enabled</code> (<em>it should be under the <code>listen 443</code> server block if you use certbot. Don&rsquo;t add it under <code>location</code> it should be on the same level as <code>listen [::]:443 ssl;</code></em>)</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">if</span> <span style="color:#98c379">(</span><span style="color:#dcaeea">$http_user_agent</span> ~<span style="color:#56b6c2">*</span> <span style="color:#98c379">&#34;Amazonbot|facebookexternalhit|meta-externalagent|ClaudeBot&#34;)</span> { +</span></span><span style="display:flex;"><span> <span style="color:#c678dd">return</span> <span style="color:#d19a66">404</span>; +</span></span><span style="display:flex;"><span>}</span></span></code></pre></div> + +<p>To see what kind of requests are being made you can check out the following NGINX file <code>/var/log/nginx/access.log</code>. Scroll all the way down (if you use vim <code>G</code>, for nano - <code>Ctrl + End</code>)</p> +<p>I adapted this guide from this fella over here who blocked all Apple devices on his VPS, <a href="https://web.archive.org/web/20240508084213/https://swindlesmccoop.xyz/blog/blockapple.html">read more</a>.</p> +<h2 id="a-better-alternative---basic-http-authentication">A better alternative - Basic HTTP Authentication</h2> +<p>A better way of blocking unwated access to your website is to use apache2 + NGINX&rsquo;s basic HTTP authentication, <a href="https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache">read my guide</a>.</p> + + + Neater Footnotes in Hugo Using the <details> HTML Tag https://vodoraslo.xyz/articles/blog/neater-footnotes-in-hugo-using-the-details-html-tag/ diff --git a/public/sitemap.xml b/public/sitemap.xml index 002b9087..b508c72d 100644 --- a/public/sitemap.xml +++ b/public/sitemap.xml @@ -2,6 +2,12 @@ + https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/ + 2024-09-05T17:05:07+03:00 + + https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/ + 2024-09-05T16:58:04+03:00 + https://vodoraslo.xyz/articles/blog/neater-footnotes-in-hugo-using-the-details-html-tag/ 2024-08-31T17:06:20+03:00 diff --git a/public/tags/blog/index.xml b/public/tags/blog/index.xml index 8d05ea14..5d9903a5 100644 --- a/public/tags/blog/index.xml +++ b/public/tags/blog/index.xml @@ -10,6 +10,95 @@ + + Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache + https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/ + Thu, 05 Sep 2024 17:05:07 +0300 + + https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/ + <p>Here&rsquo;s how to only allow authenticated users to view your websites - great way to boot freeloaders and guarantee your system&rsquo;s (<em>or your vps&rsquo;</em>) resources for yourself.</p> +<p>The guide is meant for debian but can be easily adapted to suit your needs. I assume you have followed Luke Smith&rsquo;s tutorial and have NGINX running with certbot for certificates.</p> +<h2 id="create-a-username-and-password-for-authentication-or-more-than-1-user">Create a username and password for authentication (<em>or more than 1 user</em>)</h2> +<p>First:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2</span></span></code></pre></div> + +<p>Then:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2-utils</span></span></code></pre></div> + +<p>Create a username you wish to authenticate with the following comnmand:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd -c /etc/apache2/.htpasswd admin1</span></span></code></pre></div> + +<p>You will be prompted to provide a password, feel free to generate a secure 32+ character one and save it in your password manager of choice.</p> +<p>If you wish to create multiple other users simply remove <code>-c</code> from the command and change the name.</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd /etc/apache2/.htpasswd admin2</span></span></code></pre></div> + +<p>Then provide a new password (the same password can also work but it&rsquo;s more secure that way).</p> +<h2 id="add-the-htpasswd-file-to-nginx">Add the <code>htpasswd</code> file to NGINX</h2> +<p>Navigate to the NGINX configuration file you wish to protect:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nano /etc/nginx/sites-available/&lt;yourFileHere&gt;</span></span></code></pre></div> + +<p>Add the following in the same <code>server</code> block and on the same level as <code>listen [::]:443 ssl;</code>:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">auth_basic</span> <span style="color:#98c379">&#34;Administrator’s</span> <span style="color:#98c379">Area&#34;</span>; +</span></span><span style="display:flex;"><span><span style="color:#c678dd">auth_basic_user_file</span> <span style="color:#98c379">/etc/apache2/.htpasswd</span>;</span></span></code></pre></div> + +<p>Further readering <a href="https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/">here</a>.</p> + + + + + Block and Filter Spam Requests With User-Agents in Nginx + https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/ + Thu, 05 Sep 2024 16:58:04 +0300 + + https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/ + <p>My server has been getting bussyblasted by spam requests from bots and other subhumans and I figured out a way to block them with NGINX.</p> +<p>Adapt the following for your use case and simply place it in every nginx.conf that is <code>ln -s</code> linked to your <code>/etc/nginx/sites-enabled</code> (<em>it should be under the <code>listen 443</code> server block if you use certbot. Don&rsquo;t add it under <code>location</code> it should be on the same level as <code>listen [::]:443 ssl;</code></em>)</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">if</span> <span style="color:#98c379">(</span><span style="color:#dcaeea">$http_user_agent</span> ~<span style="color:#56b6c2">*</span> <span style="color:#98c379">&#34;Amazonbot|facebookexternalhit|meta-externalagent|ClaudeBot&#34;)</span> { +</span></span><span style="display:flex;"><span> <span style="color:#c678dd">return</span> <span style="color:#d19a66">404</span>; +</span></span><span style="display:flex;"><span>}</span></span></code></pre></div> + +<p>To see what kind of requests are being made you can check out the following NGINX file <code>/var/log/nginx/access.log</code>. Scroll all the way down (if you use vim <code>G</code>, for nano - <code>Ctrl + End</code>)</p> +<p>I adapted this guide from this fella over here who blocked all Apple devices on his VPS, <a href="https://web.archive.org/web/20240508084213/https://swindlesmccoop.xyz/blog/blockapple.html">read more</a>.</p> +<h2 id="a-better-alternative---basic-http-authentication">A better alternative - Basic HTTP Authentication</h2> +<p>A better way of blocking unwated access to your website is to use apache2 + NGINX&rsquo;s basic HTTP authentication, <a href="https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache">read my guide</a>.</p> + + + Neater Footnotes in Hugo Using the <details> HTML Tag https://vodoraslo.xyz/articles/blog/neater-footnotes-in-hugo-using-the-details-html-tag/ diff --git a/public/tags/hackbook/index.xml b/public/tags/hackbook/index.xml index 58724033..9c4099e8 100644 --- a/public/tags/hackbook/index.xml +++ b/public/tags/hackbook/index.xml @@ -10,6 +10,95 @@ + + Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache + https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/ + Thu, 05 Sep 2024 17:05:07 +0300 + + https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/ + <p>Here&rsquo;s how to only allow authenticated users to view your websites - great way to boot freeloaders and guarantee your system&rsquo;s (<em>or your vps&rsquo;</em>) resources for yourself.</p> +<p>The guide is meant for debian but can be easily adapted to suit your needs. I assume you have followed Luke Smith&rsquo;s tutorial and have NGINX running with certbot for certificates.</p> +<h2 id="create-a-username-and-password-for-authentication-or-more-than-1-user">Create a username and password for authentication (<em>or more than 1 user</em>)</h2> +<p>First:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2</span></span></code></pre></div> + +<p>Then:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2-utils</span></span></code></pre></div> + +<p>Create a username you wish to authenticate with the following comnmand:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd -c /etc/apache2/.htpasswd admin1</span></span></code></pre></div> + +<p>You will be prompted to provide a password, feel free to generate a secure 32+ character one and save it in your password manager of choice.</p> +<p>If you wish to create multiple other users simply remove <code>-c</code> from the command and change the name.</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd /etc/apache2/.htpasswd admin2</span></span></code></pre></div> + +<p>Then provide a new password (the same password can also work but it&rsquo;s more secure that way).</p> +<h2 id="add-the-htpasswd-file-to-nginx">Add the <code>htpasswd</code> file to NGINX</h2> +<p>Navigate to the NGINX configuration file you wish to protect:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nano /etc/nginx/sites-available/&lt;yourFileHere&gt;</span></span></code></pre></div> + +<p>Add the following in the same <code>server</code> block and on the same level as <code>listen [::]:443 ssl;</code>:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">auth_basic</span> <span style="color:#98c379">&#34;Administrator’s</span> <span style="color:#98c379">Area&#34;</span>; +</span></span><span style="display:flex;"><span><span style="color:#c678dd">auth_basic_user_file</span> <span style="color:#98c379">/etc/apache2/.htpasswd</span>;</span></span></code></pre></div> + +<p>Further readering <a href="https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/">here</a>.</p> + + + + + Block and Filter Spam Requests With User-Agents in Nginx + https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/ + Thu, 05 Sep 2024 16:58:04 +0300 + + https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/ + <p>My server has been getting bussyblasted by spam requests from bots and other subhumans and I figured out a way to block them with NGINX.</p> +<p>Adapt the following for your use case and simply place it in every nginx.conf that is <code>ln -s</code> linked to your <code>/etc/nginx/sites-enabled</code> (<em>it should be under the <code>listen 443</code> server block if you use certbot. Don&rsquo;t add it under <code>location</code> it should be on the same level as <code>listen [::]:443 ssl;</code></em>)</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">if</span> <span style="color:#98c379">(</span><span style="color:#dcaeea">$http_user_agent</span> ~<span style="color:#56b6c2">*</span> <span style="color:#98c379">&#34;Amazonbot|facebookexternalhit|meta-externalagent|ClaudeBot&#34;)</span> { +</span></span><span style="display:flex;"><span> <span style="color:#c678dd">return</span> <span style="color:#d19a66">404</span>; +</span></span><span style="display:flex;"><span>}</span></span></code></pre></div> + +<p>To see what kind of requests are being made you can check out the following NGINX file <code>/var/log/nginx/access.log</code>. Scroll all the way down (if you use vim <code>G</code>, for nano - <code>Ctrl + End</code>)</p> +<p>I adapted this guide from this fella over here who blocked all Apple devices on his VPS, <a href="https://web.archive.org/web/20240508084213/https://swindlesmccoop.xyz/blog/blockapple.html">read more</a>.</p> +<h2 id="a-better-alternative---basic-http-authentication">A better alternative - Basic HTTP Authentication</h2> +<p>A better way of blocking unwated access to your website is to use apache2 + NGINX&rsquo;s basic HTTP authentication, <a href="https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache">read my guide</a>.</p> + + + Neater Footnotes in Hugo Using the <details> HTML Tag https://vodoraslo.xyz/articles/blog/neater-footnotes-in-hugo-using-the-details-html-tag/ diff --git a/public/tags/index.xml b/public/tags/index.xml index cc6bec47..f4c59704 100644 --- a/public/tags/index.xml +++ b/public/tags/index.xml @@ -10,6 +10,95 @@ + + Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache + https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/ + Thu, 05 Sep 2024 17:05:07 +0300 + + https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/ + <p>Here&rsquo;s how to only allow authenticated users to view your websites - great way to boot freeloaders and guarantee your system&rsquo;s (<em>or your vps&rsquo;</em>) resources for yourself.</p> +<p>The guide is meant for debian but can be easily adapted to suit your needs. I assume you have followed Luke Smith&rsquo;s tutorial and have NGINX running with certbot for certificates.</p> +<h2 id="create-a-username-and-password-for-authentication-or-more-than-1-user">Create a username and password for authentication (<em>or more than 1 user</em>)</h2> +<p>First:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2</span></span></code></pre></div> + +<p>Then:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2-utils</span></span></code></pre></div> + +<p>Create a username you wish to authenticate with the following comnmand:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd -c /etc/apache2/.htpasswd admin1</span></span></code></pre></div> + +<p>You will be prompted to provide a password, feel free to generate a secure 32+ character one and save it in your password manager of choice.</p> +<p>If you wish to create multiple other users simply remove <code>-c</code> from the command and change the name.</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd /etc/apache2/.htpasswd admin2</span></span></code></pre></div> + +<p>Then provide a new password (the same password can also work but it&rsquo;s more secure that way).</p> +<h2 id="add-the-htpasswd-file-to-nginx">Add the <code>htpasswd</code> file to NGINX</h2> +<p>Navigate to the NGINX configuration file you wish to protect:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nano /etc/nginx/sites-available/&lt;yourFileHere&gt;</span></span></code></pre></div> + +<p>Add the following in the same <code>server</code> block and on the same level as <code>listen [::]:443 ssl;</code>:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">auth_basic</span> <span style="color:#98c379">&#34;Administrator’s</span> <span style="color:#98c379">Area&#34;</span>; +</span></span><span style="display:flex;"><span><span style="color:#c678dd">auth_basic_user_file</span> <span style="color:#98c379">/etc/apache2/.htpasswd</span>;</span></span></code></pre></div> + +<p>Further readering <a href="https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/">here</a>.</p> + + + + + Block and Filter Spam Requests With User-Agents in Nginx + https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/ + Thu, 05 Sep 2024 16:58:04 +0300 + + https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/ + <p>My server has been getting bussyblasted by spam requests from bots and other subhumans and I figured out a way to block them with NGINX.</p> +<p>Adapt the following for your use case and simply place it in every nginx.conf that is <code>ln -s</code> linked to your <code>/etc/nginx/sites-enabled</code> (<em>it should be under the <code>listen 443</code> server block if you use certbot. Don&rsquo;t add it under <code>location</code> it should be on the same level as <code>listen [::]:443 ssl;</code></em>)</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">if</span> <span style="color:#98c379">(</span><span style="color:#dcaeea">$http_user_agent</span> ~<span style="color:#56b6c2">*</span> <span style="color:#98c379">&#34;Amazonbot|facebookexternalhit|meta-externalagent|ClaudeBot&#34;)</span> { +</span></span><span style="display:flex;"><span> <span style="color:#c678dd">return</span> <span style="color:#d19a66">404</span>; +</span></span><span style="display:flex;"><span>}</span></span></code></pre></div> + +<p>To see what kind of requests are being made you can check out the following NGINX file <code>/var/log/nginx/access.log</code>. Scroll all the way down (if you use vim <code>G</code>, for nano - <code>Ctrl + End</code>)</p> +<p>I adapted this guide from this fella over here who blocked all Apple devices on his VPS, <a href="https://web.archive.org/web/20240508084213/https://swindlesmccoop.xyz/blog/blockapple.html">read more</a>.</p> +<h2 id="a-better-alternative---basic-http-authentication">A better alternative - Basic HTTP Authentication</h2> +<p>A better way of blocking unwated access to your website is to use apache2 + NGINX&rsquo;s basic HTTP authentication, <a href="https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache">read my guide</a>.</p> + + + Neater Footnotes in Hugo Using the <details> HTML Tag https://vodoraslo.xyz/articles/blog/neater-footnotes-in-hugo-using-the-details-html-tag/ diff --git a/public/tags/library/index.xml b/public/tags/library/index.xml index 08ecaecd..43ff8e56 100644 --- a/public/tags/library/index.xml +++ b/public/tags/library/index.xml @@ -10,6 +10,95 @@ + + Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache + https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/ + Thu, 05 Sep 2024 17:05:07 +0300 + + https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/ + <p>Here&rsquo;s how to only allow authenticated users to view your websites - great way to boot freeloaders and guarantee your system&rsquo;s (<em>or your vps&rsquo;</em>) resources for yourself.</p> +<p>The guide is meant for debian but can be easily adapted to suit your needs. I assume you have followed Luke Smith&rsquo;s tutorial and have NGINX running with certbot for certificates.</p> +<h2 id="create-a-username-and-password-for-authentication-or-more-than-1-user">Create a username and password for authentication (<em>or more than 1 user</em>)</h2> +<p>First:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2</span></span></code></pre></div> + +<p>Then:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2-utils</span></span></code></pre></div> + +<p>Create a username you wish to authenticate with the following comnmand:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd -c /etc/apache2/.htpasswd admin1</span></span></code></pre></div> + +<p>You will be prompted to provide a password, feel free to generate a secure 32+ character one and save it in your password manager of choice.</p> +<p>If you wish to create multiple other users simply remove <code>-c</code> from the command and change the name.</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd /etc/apache2/.htpasswd admin2</span></span></code></pre></div> + +<p>Then provide a new password (the same password can also work but it&rsquo;s more secure that way).</p> +<h2 id="add-the-htpasswd-file-to-nginx">Add the <code>htpasswd</code> file to NGINX</h2> +<p>Navigate to the NGINX configuration file you wish to protect:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nano /etc/nginx/sites-available/&lt;yourFileHere&gt;</span></span></code></pre></div> + +<p>Add the following in the same <code>server</code> block and on the same level as <code>listen [::]:443 ssl;</code>:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">auth_basic</span> <span style="color:#98c379">&#34;Administrator’s</span> <span style="color:#98c379">Area&#34;</span>; +</span></span><span style="display:flex;"><span><span style="color:#c678dd">auth_basic_user_file</span> <span style="color:#98c379">/etc/apache2/.htpasswd</span>;</span></span></code></pre></div> + +<p>Further readering <a href="https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/">here</a>.</p> + + + + + Block and Filter Spam Requests With User-Agents in Nginx + https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/ + Thu, 05 Sep 2024 16:58:04 +0300 + + https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/ + <p>My server has been getting bussyblasted by spam requests from bots and other subhumans and I figured out a way to block them with NGINX.</p> +<p>Adapt the following for your use case and simply place it in every nginx.conf that is <code>ln -s</code> linked to your <code>/etc/nginx/sites-enabled</code> (<em>it should be under the <code>listen 443</code> server block if you use certbot. Don&rsquo;t add it under <code>location</code> it should be on the same level as <code>listen [::]:443 ssl;</code></em>)</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">if</span> <span style="color:#98c379">(</span><span style="color:#dcaeea">$http_user_agent</span> ~<span style="color:#56b6c2">*</span> <span style="color:#98c379">&#34;Amazonbot|facebookexternalhit|meta-externalagent|ClaudeBot&#34;)</span> { +</span></span><span style="display:flex;"><span> <span style="color:#c678dd">return</span> <span style="color:#d19a66">404</span>; +</span></span><span style="display:flex;"><span>}</span></span></code></pre></div> + +<p>To see what kind of requests are being made you can check out the following NGINX file <code>/var/log/nginx/access.log</code>. Scroll all the way down (if you use vim <code>G</code>, for nano - <code>Ctrl + End</code>)</p> +<p>I adapted this guide from this fella over here who blocked all Apple devices on his VPS, <a href="https://web.archive.org/web/20240508084213/https://swindlesmccoop.xyz/blog/blockapple.html">read more</a>.</p> +<h2 id="a-better-alternative---basic-http-authentication">A better alternative - Basic HTTP Authentication</h2> +<p>A better way of blocking unwated access to your website is to use apache2 + NGINX&rsquo;s basic HTTP authentication, <a href="https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache">read my guide</a>.</p> + + + Neater Footnotes in Hugo Using the <details> HTML Tag https://vodoraslo.xyz/articles/blog/neater-footnotes-in-hugo-using-the-details-html-tag/ diff --git a/public/tags/personal/index.xml b/public/tags/personal/index.xml index c2f6d8f7..5bcfddf7 100644 --- a/public/tags/personal/index.xml +++ b/public/tags/personal/index.xml @@ -10,6 +10,95 @@ + + Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache + https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/ + Thu, 05 Sep 2024 17:05:07 +0300 + + https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/ + <p>Here&rsquo;s how to only allow authenticated users to view your websites - great way to boot freeloaders and guarantee your system&rsquo;s (<em>or your vps&rsquo;</em>) resources for yourself.</p> +<p>The guide is meant for debian but can be easily adapted to suit your needs. I assume you have followed Luke Smith&rsquo;s tutorial and have NGINX running with certbot for certificates.</p> +<h2 id="create-a-username-and-password-for-authentication-or-more-than-1-user">Create a username and password for authentication (<em>or more than 1 user</em>)</h2> +<p>First:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2</span></span></code></pre></div> + +<p>Then:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2-utils</span></span></code></pre></div> + +<p>Create a username you wish to authenticate with the following comnmand:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd -c /etc/apache2/.htpasswd admin1</span></span></code></pre></div> + +<p>You will be prompted to provide a password, feel free to generate a secure 32+ character one and save it in your password manager of choice.</p> +<p>If you wish to create multiple other users simply remove <code>-c</code> from the command and change the name.</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd /etc/apache2/.htpasswd admin2</span></span></code></pre></div> + +<p>Then provide a new password (the same password can also work but it&rsquo;s more secure that way).</p> +<h2 id="add-the-htpasswd-file-to-nginx">Add the <code>htpasswd</code> file to NGINX</h2> +<p>Navigate to the NGINX configuration file you wish to protect:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nano /etc/nginx/sites-available/&lt;yourFileHere&gt;</span></span></code></pre></div> + +<p>Add the following in the same <code>server</code> block and on the same level as <code>listen [::]:443 ssl;</code>:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">auth_basic</span> <span style="color:#98c379">&#34;Administrator’s</span> <span style="color:#98c379">Area&#34;</span>; +</span></span><span style="display:flex;"><span><span style="color:#c678dd">auth_basic_user_file</span> <span style="color:#98c379">/etc/apache2/.htpasswd</span>;</span></span></code></pre></div> + +<p>Further readering <a href="https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/">here</a>.</p> + + + + + Block and Filter Spam Requests With User-Agents in Nginx + https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/ + Thu, 05 Sep 2024 16:58:04 +0300 + + https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/ + <p>My server has been getting bussyblasted by spam requests from bots and other subhumans and I figured out a way to block them with NGINX.</p> +<p>Adapt the following for your use case and simply place it in every nginx.conf that is <code>ln -s</code> linked to your <code>/etc/nginx/sites-enabled</code> (<em>it should be under the <code>listen 443</code> server block if you use certbot. Don&rsquo;t add it under <code>location</code> it should be on the same level as <code>listen [::]:443 ssl;</code></em>)</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">if</span> <span style="color:#98c379">(</span><span style="color:#dcaeea">$http_user_agent</span> ~<span style="color:#56b6c2">*</span> <span style="color:#98c379">&#34;Amazonbot|facebookexternalhit|meta-externalagent|ClaudeBot&#34;)</span> { +</span></span><span style="display:flex;"><span> <span style="color:#c678dd">return</span> <span style="color:#d19a66">404</span>; +</span></span><span style="display:flex;"><span>}</span></span></code></pre></div> + +<p>To see what kind of requests are being made you can check out the following NGINX file <code>/var/log/nginx/access.log</code>. Scroll all the way down (if you use vim <code>G</code>, for nano - <code>Ctrl + End</code>)</p> +<p>I adapted this guide from this fella over here who blocked all Apple devices on his VPS, <a href="https://web.archive.org/web/20240508084213/https://swindlesmccoop.xyz/blog/blockapple.html">read more</a>.</p> +<h2 id="a-better-alternative---basic-http-authentication">A better alternative - Basic HTTP Authentication</h2> +<p>A better way of blocking unwated access to your website is to use apache2 + NGINX&rsquo;s basic HTTP authentication, <a href="https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache">read my guide</a>.</p> + + + Neater Footnotes in Hugo Using the <details> HTML Tag https://vodoraslo.xyz/articles/blog/neater-footnotes-in-hugo-using-the-details-html-tag/ diff --git a/public/tags/ted-kaczynski/index.xml b/public/tags/ted-kaczynski/index.xml index 5f288a16..301ef6df 100644 --- a/public/tags/ted-kaczynski/index.xml +++ b/public/tags/ted-kaczynski/index.xml @@ -10,6 +10,95 @@ + + Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache + https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/ + Thu, 05 Sep 2024 17:05:07 +0300 + + https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/ + <p>Here&rsquo;s how to only allow authenticated users to view your websites - great way to boot freeloaders and guarantee your system&rsquo;s (<em>or your vps&rsquo;</em>) resources for yourself.</p> +<p>The guide is meant for debian but can be easily adapted to suit your needs. I assume you have followed Luke Smith&rsquo;s tutorial and have NGINX running with certbot for certificates.</p> +<h2 id="create-a-username-and-password-for-authentication-or-more-than-1-user">Create a username and password for authentication (<em>or more than 1 user</em>)</h2> +<p>First:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2</span></span></code></pre></div> + +<p>Then:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2-utils</span></span></code></pre></div> + +<p>Create a username you wish to authenticate with the following comnmand:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd -c /etc/apache2/.htpasswd admin1</span></span></code></pre></div> + +<p>You will be prompted to provide a password, feel free to generate a secure 32+ character one and save it in your password manager of choice.</p> +<p>If you wish to create multiple other users simply remove <code>-c</code> from the command and change the name.</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd /etc/apache2/.htpasswd admin2</span></span></code></pre></div> + +<p>Then provide a new password (the same password can also work but it&rsquo;s more secure that way).</p> +<h2 id="add-the-htpasswd-file-to-nginx">Add the <code>htpasswd</code> file to NGINX</h2> +<p>Navigate to the NGINX configuration file you wish to protect:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nano /etc/nginx/sites-available/&lt;yourFileHere&gt;</span></span></code></pre></div> + +<p>Add the following in the same <code>server</code> block and on the same level as <code>listen [::]:443 ssl;</code>:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">auth_basic</span> <span style="color:#98c379">&#34;Administrator’s</span> <span style="color:#98c379">Area&#34;</span>; +</span></span><span style="display:flex;"><span><span style="color:#c678dd">auth_basic_user_file</span> <span style="color:#98c379">/etc/apache2/.htpasswd</span>;</span></span></code></pre></div> + +<p>Further readering <a href="https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/">here</a>.</p> + + + + + Block and Filter Spam Requests With User-Agents in Nginx + https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/ + Thu, 05 Sep 2024 16:58:04 +0300 + + https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/ + <p>My server has been getting bussyblasted by spam requests from bots and other subhumans and I figured out a way to block them with NGINX.</p> +<p>Adapt the following for your use case and simply place it in every nginx.conf that is <code>ln -s</code> linked to your <code>/etc/nginx/sites-enabled</code> (<em>it should be under the <code>listen 443</code> server block if you use certbot. Don&rsquo;t add it under <code>location</code> it should be on the same level as <code>listen [::]:443 ssl;</code></em>)</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">if</span> <span style="color:#98c379">(</span><span style="color:#dcaeea">$http_user_agent</span> ~<span style="color:#56b6c2">*</span> <span style="color:#98c379">&#34;Amazonbot|facebookexternalhit|meta-externalagent|ClaudeBot&#34;)</span> { +</span></span><span style="display:flex;"><span> <span style="color:#c678dd">return</span> <span style="color:#d19a66">404</span>; +</span></span><span style="display:flex;"><span>}</span></span></code></pre></div> + +<p>To see what kind of requests are being made you can check out the following NGINX file <code>/var/log/nginx/access.log</code>. Scroll all the way down (if you use vim <code>G</code>, for nano - <code>Ctrl + End</code>)</p> +<p>I adapted this guide from this fella over here who blocked all Apple devices on his VPS, <a href="https://web.archive.org/web/20240508084213/https://swindlesmccoop.xyz/blog/blockapple.html">read more</a>.</p> +<h2 id="a-better-alternative---basic-http-authentication">A better alternative - Basic HTTP Authentication</h2> +<p>A better way of blocking unwated access to your website is to use apache2 + NGINX&rsquo;s basic HTTP authentication, <a href="https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache">read my guide</a>.</p> + + + Neater Footnotes in Hugo Using the <details> HTML Tag https://vodoraslo.xyz/articles/blog/neater-footnotes-in-hugo-using-the-details-html-tag/ diff --git a/public/tags/updates/index.xml b/public/tags/updates/index.xml index ea104903..b163a317 100644 --- a/public/tags/updates/index.xml +++ b/public/tags/updates/index.xml @@ -10,6 +10,95 @@ + + Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache + https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/ + Thu, 05 Sep 2024 17:05:07 +0300 + + https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/ + <p>Here&rsquo;s how to only allow authenticated users to view your websites - great way to boot freeloaders and guarantee your system&rsquo;s (<em>or your vps&rsquo;</em>) resources for yourself.</p> +<p>The guide is meant for debian but can be easily adapted to suit your needs. I assume you have followed Luke Smith&rsquo;s tutorial and have NGINX running with certbot for certificates.</p> +<h2 id="create-a-username-and-password-for-authentication-or-more-than-1-user">Create a username and password for authentication (<em>or more than 1 user</em>)</h2> +<p>First:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2</span></span></code></pre></div> + +<p>Then:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2-utils</span></span></code></pre></div> + +<p>Create a username you wish to authenticate with the following comnmand:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd -c /etc/apache2/.htpasswd admin1</span></span></code></pre></div> + +<p>You will be prompted to provide a password, feel free to generate a secure 32+ character one and save it in your password manager of choice.</p> +<p>If you wish to create multiple other users simply remove <code>-c</code> from the command and change the name.</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd /etc/apache2/.htpasswd admin2</span></span></code></pre></div> + +<p>Then provide a new password (the same password can also work but it&rsquo;s more secure that way).</p> +<h2 id="add-the-htpasswd-file-to-nginx">Add the <code>htpasswd</code> file to NGINX</h2> +<p>Navigate to the NGINX configuration file you wish to protect:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nano /etc/nginx/sites-available/&lt;yourFileHere&gt;</span></span></code></pre></div> + +<p>Add the following in the same <code>server</code> block and on the same level as <code>listen [::]:443 ssl;</code>:</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">auth_basic</span> <span style="color:#98c379">&#34;Administrator’s</span> <span style="color:#98c379">Area&#34;</span>; +</span></span><span style="display:flex;"><span><span style="color:#c678dd">auth_basic_user_file</span> <span style="color:#98c379">/etc/apache2/.htpasswd</span>;</span></span></code></pre></div> + +<p>Further readering <a href="https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/">here</a>.</p> + + + + + Block and Filter Spam Requests With User-Agents in Nginx + https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/ + Thu, 05 Sep 2024 16:58:04 +0300 + + https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/ + <p>My server has been getting bussyblasted by spam requests from bots and other subhumans and I figured out a way to block them with NGINX.</p> +<p>Adapt the following for your use case and simply place it in every nginx.conf that is <code>ln -s</code> linked to your <code>/etc/nginx/sites-enabled</code> (<em>it should be under the <code>listen 443</code> server block if you use certbot. Don&rsquo;t add it under <code>location</code> it should be on the same level as <code>listen [::]:443 ssl;</code></em>)</p> + + + + <div class="highlight"> + + <pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">if</span> <span style="color:#98c379">(</span><span style="color:#dcaeea">$http_user_agent</span> ~<span style="color:#56b6c2">*</span> <span style="color:#98c379">&#34;Amazonbot|facebookexternalhit|meta-externalagent|ClaudeBot&#34;)</span> { +</span></span><span style="display:flex;"><span> <span style="color:#c678dd">return</span> <span style="color:#d19a66">404</span>; +</span></span><span style="display:flex;"><span>}</span></span></code></pre></div> + +<p>To see what kind of requests are being made you can check out the following NGINX file <code>/var/log/nginx/access.log</code>. Scroll all the way down (if you use vim <code>G</code>, for nano - <code>Ctrl + End</code>)</p> +<p>I adapted this guide from this fella over here who blocked all Apple devices on his VPS, <a href="https://web.archive.org/web/20240508084213/https://swindlesmccoop.xyz/blog/blockapple.html">read more</a>.</p> +<h2 id="a-better-alternative---basic-http-authentication">A better alternative - Basic HTTP Authentication</h2> +<p>A better way of blocking unwated access to your website is to use apache2 + NGINX&rsquo;s basic HTTP authentication, <a href="https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache">read my guide</a>.</p> + + + Neater Footnotes in Hugo Using the <details> HTML Tag https://vodoraslo.xyz/articles/blog/neater-footnotes-in-hugo-using-the-details-html-tag/