1. add nginx 404 block for spammers and bots based on their user agent. 2. add HTTP basic auth (NGINX and Apache) to protect your site or selfhosted apps from those same spammers, bots and freeloaders
This commit is contained in:
parent
48dd0df090
commit
efb361a51e
GPG key ID:
EEB449C295BF5174
20 changed files with 1346 additions and 11 deletions
|
|
@ -0,0 +1,24 @@
|
|||
---
|
||||
title: "Block and Filter Spam Requests With User-Agents in Nginx"
|
||||
date: 2024-09-05T16:58:04+03:00
|
||||
draft: false
|
||||
---
|
||||
|
||||
My server has been getting bussyblasted by spam requests from bots and other subhumans and I figured out a way to block them with NGINX.
|
||||
|
||||
Adapt the following for your use case and simply place it in every nginx.conf that is `ln -s` linked to your `/etc/nginx/sites-enabled` (*it should be under the `listen 443` server block if you use certbot. Don't add it under `location` it should be on the same level as `listen [::]:443 ssl;`*)
|
||||
|
||||
```nginx
|
||||
if ($http_user_agent ~* "Amazonbot|facebookexternalhit|meta-externalagent|ClaudeBot") {
|
||||
return 404;
|
||||
}
|
||||
|
||||
```
|
||||
|
||||
To see what kind of requests are being made you can check out the following NGINX file `/var/log/nginx/access.log`. Scroll all the way down (if you use vim `G`, for nano - `Ctrl + End`)
|
||||
|
||||
I adapted this guide from this fella over here who blocked all Apple devices on his VPS, [read more](https://web.archive.org/web/20240508084213/https://swindlesmccoop.xyz/blog/blockapple.html).
|
||||
|
||||
## A better alternative - Basic HTTP Authentication
|
||||
|
||||
A better way of blocking unwated access to your website is to use apache2 + NGINX's basic HTTP authentication, [read my guide](/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache).
|
||||
|
|
@ -0,0 +1,55 @@
|
|||
---
|
||||
title: "Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache"
|
||||
date: 2024-09-05T17:05:07+03:00
|
||||
draft: false
|
||||
---
|
||||
|
||||
Here's how to only allow authenticated users to view your websites - great way to boot freeloaders and guarantee your system's (*or your vps'*) resources for yourself.
|
||||
|
||||
The guide is meant for debian but can be easily adapted to suit your needs. I assume you have followed Luke Smith's tutorial and have NGINX running with certbot for certificates.
|
||||
|
||||
## Create a username and password for authentication (*or more than 1 user*)
|
||||
|
||||
First:
|
||||
```bash
|
||||
sudo apt install apache2
|
||||
```
|
||||
|
||||
Then:
|
||||
|
||||
```bash
|
||||
sudo apt install apache2-utils
|
||||
```
|
||||
|
||||
Create a username you wish to authenticate with the following comnmand:
|
||||
|
||||
```bash
|
||||
sudo htpasswd -c /etc/apache2/.htpasswd admin1
|
||||
```
|
||||
|
||||
You will be prompted to provide a password, feel free to generate a secure 32+ character one and save it in your password manager of choice.
|
||||
|
||||
If you wish to create multiple other users simply remove `-c` from the command and change the name.
|
||||
|
||||
```bash
|
||||
sudo htpasswd /etc/apache2/.htpasswd admin2
|
||||
```
|
||||
|
||||
Then provide a new password (the same password can also work but it's more secure that way).
|
||||
|
||||
## Add the `htpasswd` file to NGINX
|
||||
|
||||
Navigate to the NGINX configuration file you wish to protect:
|
||||
|
||||
```bash
|
||||
nano /etc/nginx/sites-available/<yourFileHere>
|
||||
```
|
||||
|
||||
Add the following in the same `server` block and on the same level as `listen [::]:443 ssl;`:
|
||||
|
||||
```nginx
|
||||
auth_basic "Administrator’s Area";
|
||||
auth_basic_user_file /etc/apache2/.htpasswd;
|
||||
```
|
||||
|
||||
Further readering [here](https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/).
|
||||
|
|
@ -0,0 +1,69 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="en" class="main-background-image">
|
||||
<head>
|
||||
<title>Block and Filter Spam Requests With User-Agents in Nginx | vodoraslo's blog</title>
|
||||
<link rel="canonical" href="https://vodoraslo.xyz/">
|
||||
<link rel='alternate' type='application/rss+xml' title="vodoraslo's blog RSS" href='/index.xml'>
|
||||
<link rel='stylesheet' type='text/css' href='/style.css?v=1.0.0.12'>
|
||||
<link rel="icon" href="/favicon.ico">
|
||||
<meta name="description" content="My server has been getting bussyblasted by spam requests from bots and other subhumans and I figured out a way to block them with NGINX.
|
||||
Adapt the following for your use case and simply place it in every nginx.conf that is ln -s linked to your /etc/nginx/sites-enabled (it should be under the listen 443 server block if you use certbot. Don’t add it under location it should be on the same level as listen [::]:443 ssl;)"/>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<meta name="robots" content="index, follow">
|
||||
<meta charset="utf-8">
|
||||
</head>
|
||||
<div class="main-background-image">
|
||||
<body>
|
||||
<main>
|
||||
<header><h1 style="margin-top: 0%; padding-top: 0.5em;" id="tag_Block and Filter Spam Requests With User-Agents in Nginx">Block and Filter Spam Requests With User-Agents in Nginx</h1></header>
|
||||
<hr style="color:var(--strong);background-color: var(--strong); border-color: var(--strong);"><article style="padding: 0% 2.5% 0% 2.5%;">
|
||||
<div class="breadcrumbs">
|
||||
|
||||
<nav><a href="/">vodoraslo</a> / <a href="/articles/">Articles</a> / Block and Filter Spam Requests With User-Agents in Nginx</nav>
|
||||
|
||||
</div>
|
||||
|
||||
<small><em><p style="color: var(--muted_text);">作成日: <time datetime="2024-09-05T16:58:04+03:00" style="color: var(--muted_text);">2024年9月5日 (木)</time>, 最終更新日: <time datetime="2024-09-05T16:58:04+03:00" style="color: var(--muted_text);">2024年9月5日 (木)</time> </p></em></small>
|
||||
<div class="post-content"><p>My server has been getting bussyblasted by spam requests from bots and other subhumans and I figured out a way to block them with NGINX.</p>
|
||||
<p>Adapt the following for your use case and simply place it in every nginx.conf that is <code>ln -s</code> linked to your <code>/etc/nginx/sites-enabled</code> (<em>it should be under the <code>listen 443</code> server block if you use certbot. Don’t add it under <code>location</code> it should be on the same level as <code>listen [::]:443 ssl;</code></em>)</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">if</span> <span style="color:#98c379">(</span><span style="color:#dcaeea">$http_user_agent</span> ~<span style="color:#56b6c2">*</span> <span style="color:#98c379">"Amazonbot|facebookexternalhit|meta-externalagent|ClaudeBot")</span> {
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#c678dd">return</span> <span style="color:#d19a66">404</span>;
|
||||
</span></span><span style="display:flex;"><span>}</span></span></code></pre></div>
|
||||
|
||||
<p>To see what kind of requests are being made you can check out the following NGINX file <code>/var/log/nginx/access.log</code>. Scroll all the way down (if you use vim <code>G</code>, for nano - <code>Ctrl + End</code>)</p>
|
||||
<p>I adapted this guide from this fella over here who blocked all Apple devices on his VPS, <a href="https://web.archive.org/web/20240508084213/https://swindlesmccoop.xyz/blog/blockapple.html">read more</a>.</p>
|
||||
<h2 id="a-better-alternative---basic-http-authentication">A better alternative - Basic HTTP Authentication<a hidden class="anchor" aria-hidden="true" href="#a-better-alternative---basic-http-authentication">#</a></h2>
|
||||
<p>A better way of blocking unwated access to your website is to use apache2 + NGINX’s basic HTTP authentication, <a href="/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache">read my guide</a>.</p>
|
||||
|
||||
<div style="text-align: right;">
|
||||
|
||||
</div></div>
|
||||
|
||||
<br>
|
||||
<hr style="color:var(--strong); margin: 0; background-color: var(--strong); border-color: var(--strong);">
|
||||
<div id="nextprev">
|
||||
<a href="/articles/blog/neater-footnotes-in-hugo-using-the-details-html-tag/"><div id="prevart"><i>Previous:</i><br>Neater Footnotes in Hugo Using the <details> HTML Tag</div></a>
|
||||
<a href="/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/"><div id="nextart"><i>Next:</i><br>Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache</div></a>
|
||||
</div>
|
||||
<div >
|
||||
</div>
|
||||
</article>
|
||||
</main>
|
||||
|
||||
<footer style="padding-top: 0.5em;">
|
||||
|
||||
<div style="padding-bottom: 0.2em; display: inline-block;"><a href="https://vodoraslo.xyz/articles" title="List of all my articles and writings.">📜 Articles</a> <strong>•</strong> <a href="https://vodoraslo.xyz/library" title="My personal library.">📚 Library</a> <strong>•</strong> <a href="https://wiki.vodoraslo.xyz" title="My personal Wiki page.">🌐 Wiki</a> <strong>•</strong> <a href="https://vodoraslo.xyz/index.xml" title="Subscribe via RSS for updates.">📰 RSS</a><hr></div>
|
||||
|
||||
|
||||
|
||||
<div style="padding-bottom: 0.7em;" class="index-links"><a href="https://vodoraslo.xyz/" title="Return to the homepage.">🏠 Homepage</a></div>
|
||||
</footer>
|
||||
|
||||
</body>
|
||||
</div>
|
||||
</html>
|
||||
|
|
@ -76,6 +76,7 @@ That is no more! I’m sick of doing it and I don’t know how I just re
|
|||
<hr style="color:var(--strong); margin: 0; background-color: var(--strong); border-color: var(--strong);">
|
||||
<div id="nextprev">
|
||||
<a href="/articles/blog/hugo-drafts-showing-in-production/"><div id="prevart"><i>Previous:</i><br>Hugo: Drafts Showing in Production</div></a>
|
||||
<a href="/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/"><div id="nextart"><i>Next:</i><br>Block and Filter Spam Requests With User-Agents in Nginx</div></a>
|
||||
</div>
|
||||
<div ><div style="clear:both" class=taglist>
|
||||
Tags: [<a id="tag_blog" href="https://vodoraslo.xyz/tags/blog">Blog</a>]
|
||||
|
|
|
|||
|
|
@ -0,0 +1,110 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="en" class="main-background-image">
|
||||
<head>
|
||||
<title>Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache | vodoraslo's blog</title>
|
||||
<link rel="canonical" href="https://vodoraslo.xyz/">
|
||||
<link rel='alternate' type='application/rss+xml' title="vodoraslo's blog RSS" href='/index.xml'>
|
||||
<link rel='stylesheet' type='text/css' href='/style.css?v=1.0.0.12'>
|
||||
<link rel="icon" href="/favicon.ico">
|
||||
<meta name="description" content="Here’s how to only allow authenticated users to view your websites - great way to boot freeloaders and guarantee your system’s (or your vps’) resources for yourself.
|
||||
The guide is meant for debian but can be easily adapted to suit your needs. I assume you have followed Luke Smith’s tutorial and have NGINX running with certbot for certificates.
|
||||
Create a username and password for authentication (or more than 1 user) First:"/>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<meta name="robots" content="index, follow">
|
||||
<meta charset="utf-8">
|
||||
</head>
|
||||
<div class="main-background-image">
|
||||
<body>
|
||||
<main>
|
||||
<header><h1 style="margin-top: 0%; padding-top: 0.5em;" id="tag_Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache">Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache</h1></header>
|
||||
<hr style="color:var(--strong);background-color: var(--strong); border-color: var(--strong);"><article style="padding: 0% 2.5% 0% 2.5%;">
|
||||
<div class="breadcrumbs">
|
||||
|
||||
<nav><a href="/">vodoraslo</a> / <a href="/articles/">Articles</a> / Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache</nav>
|
||||
|
||||
</div>
|
||||
|
||||
<small><em><p style="color: var(--muted_text);">作成日: <time datetime="2024-09-05T17:05:07+03:00" style="color: var(--muted_text);">2024年9月5日 (木)</time>, 最終更新日: <time datetime="2024-09-05T17:05:07+03:00" style="color: var(--muted_text);">2024年9月5日 (木)</time> </p></em></small>
|
||||
<div class="post-content"><p>Here’s how to only allow authenticated users to view your websites - great way to boot freeloaders and guarantee your system’s (<em>or your vps’</em>) resources for yourself.</p>
|
||||
<p>The guide is meant for debian but can be easily adapted to suit your needs. I assume you have followed Luke Smith’s tutorial and have NGINX running with certbot for certificates.</p>
|
||||
<h2 id="create-a-username-and-password-for-authentication-or-more-than-1-user">Create a username and password for authentication (<em>or more than 1 user</em>)<a hidden class="anchor" aria-hidden="true" href="#create-a-username-and-password-for-authentication-or-more-than-1-user">#</a></h2>
|
||||
<p>First:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2</span></span></code></pre></div>
|
||||
|
||||
<p>Then:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2-utils</span></span></code></pre></div>
|
||||
|
||||
<p>Create a username you wish to authenticate with the following comnmand:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd -c /etc/apache2/.htpasswd admin1</span></span></code></pre></div>
|
||||
|
||||
<p>You will be prompted to provide a password, feel free to generate a secure 32+ character one and save it in your password manager of choice.</p>
|
||||
<p>If you wish to create multiple other users simply remove <code>-c</code> from the command and change the name.</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd /etc/apache2/.htpasswd admin2</span></span></code></pre></div>
|
||||
|
||||
<p>Then provide a new password (the same password can also work but it’s more secure that way).</p>
|
||||
<h2 id="add-the-htpasswd-file-to-nginx">Add the <code>htpasswd</code> file to NGINX<a hidden class="anchor" aria-hidden="true" href="#add-the-htpasswd-file-to-nginx">#</a></h2>
|
||||
<p>Navigate to the NGINX configuration file you wish to protect:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nano /etc/nginx/sites-available/<yourFileHere></span></span></code></pre></div>
|
||||
|
||||
<p>Add the following in the same <code>server</code> block and on the same level as <code>listen [::]:443 ssl;</code>:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">auth_basic</span> <span style="color:#98c379">"Administrator’s</span> <span style="color:#98c379">Area"</span>;
|
||||
</span></span><span style="display:flex;"><span><span style="color:#c678dd">auth_basic_user_file</span> <span style="color:#98c379">/etc/apache2/.htpasswd</span>;</span></span></code></pre></div>
|
||||
|
||||
<p>Further readering <a href="https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/">here</a>.</p>
|
||||
|
||||
<div style="text-align: right;">
|
||||
|
||||
</div></div>
|
||||
|
||||
<br>
|
||||
<hr style="color:var(--strong); margin: 0; background-color: var(--strong); border-color: var(--strong);">
|
||||
<div id="nextprev">
|
||||
<a href="/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/"><div id="prevart"><i>Previous:</i><br>Block and Filter Spam Requests With User-Agents in Nginx</div></a>
|
||||
</div>
|
||||
<div >
|
||||
</div>
|
||||
</article>
|
||||
</main>
|
||||
|
||||
<footer style="padding-top: 0.5em;">
|
||||
|
||||
<div style="padding-bottom: 0.2em; display: inline-block;"><a href="https://vodoraslo.xyz/articles" title="List of all my articles and writings.">📜 Articles</a> <strong>•</strong> <a href="https://vodoraslo.xyz/library" title="My personal library.">📚 Library</a> <strong>•</strong> <a href="https://wiki.vodoraslo.xyz" title="My personal Wiki page.">🌐 Wiki</a> <strong>•</strong> <a href="https://vodoraslo.xyz/index.xml" title="Subscribe via RSS for updates.">📰 RSS</a><hr></div>
|
||||
|
||||
|
||||
|
||||
<div style="padding-bottom: 0.7em;" class="index-links"><a href="https://vodoraslo.xyz/" title="Return to the homepage.">🏠 Homepage</a></div>
|
||||
</footer>
|
||||
|
||||
</body>
|
||||
</div>
|
||||
</html>
|
||||
|
|
@ -38,6 +38,8 @@ blog (8)
hackbook (59)
library (74)
ted-kaczynski (15)
updates (3)
"/>
|
|||
</ul>
|
||||
</div>
|
||||
<ul>
|
||||
<li class="index-links"><time datetime="2024-09-05T17:05:07+03:00">2024 Sep 05</time> – <a href="/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/">Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache</a></li>
|
||||
<li class="index-links"><time datetime="2024-09-05T16:58:04+03:00">2024 Sep 05</time> – <a href="/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/">Block and Filter Spam Requests With User-Agents in Nginx</a></li>
|
||||
<li class="index-links"><time datetime="2024-08-31T16:12:49+03:00">2024 Aug 31</time> – <a href="/articles/blog/neater-footnotes-in-hugo-using-the-details-html-tag/">Neater Footnotes in Hugo Using the <details> HTML Tag</a></li>
|
||||
<li class="index-links"><time datetime="2024-03-17T17:53:39+03:00">2024 Mar 17</time> – <a href="/articles/blog/hugo-drafts-showing-in-production/">Hugo: Drafts Showing in Production</a></li>
|
||||
<li class="index-links"><time datetime="2024-02-27T17:04:59+03:00">2024 Feb 27</time> – <a href="/articles/blog/2024-goals/">2024 Goals and Aspirations</a></li>
|
||||
|
|
|
|||
|
|
@ -9,6 +9,95 @@
|
|||
<atom:link href="https://vodoraslo.xyz/articles/index.xml" rel="self" type="application/rss+xml" />
|
||||
|
||||
|
||||
<item>
|
||||
<title>Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache</title>
|
||||
<link>https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/</link>
|
||||
<pubDate>Thu, 05 Sep 2024 17:05:07 +0300</pubDate>
|
||||
|
||||
<guid>https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/</guid>
|
||||
<description><p>Here&rsquo;s how to only allow authenticated users to view your websites - great way to boot freeloaders and guarantee your system&rsquo;s (<em>or your vps&rsquo;</em>) resources for yourself.</p>
|
||||
<p>The guide is meant for debian but can be easily adapted to suit your needs. I assume you have followed Luke Smith&rsquo;s tutorial and have NGINX running with certbot for certificates.</p>
|
||||
<h2 id="create-a-username-and-password-for-authentication-or-more-than-1-user">Create a username and password for authentication (<em>or more than 1 user</em>)</h2>
|
||||
<p>First:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2</span></span></code></pre></div>
|
||||
|
||||
<p>Then:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2-utils</span></span></code></pre></div>
|
||||
|
||||
<p>Create a username you wish to authenticate with the following comnmand:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd -c /etc/apache2/.htpasswd admin1</span></span></code></pre></div>
|
||||
|
||||
<p>You will be prompted to provide a password, feel free to generate a secure 32+ character one and save it in your password manager of choice.</p>
|
||||
<p>If you wish to create multiple other users simply remove <code>-c</code> from the command and change the name.</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd /etc/apache2/.htpasswd admin2</span></span></code></pre></div>
|
||||
|
||||
<p>Then provide a new password (the same password can also work but it&rsquo;s more secure that way).</p>
|
||||
<h2 id="add-the-htpasswd-file-to-nginx">Add the <code>htpasswd</code> file to NGINX</h2>
|
||||
<p>Navigate to the NGINX configuration file you wish to protect:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nano /etc/nginx/sites-available/&lt;yourFileHere&gt;</span></span></code></pre></div>
|
||||
|
||||
<p>Add the following in the same <code>server</code> block and on the same level as <code>listen [::]:443 ssl;</code>:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">auth_basic</span> <span style="color:#98c379">&#34;Administrator’s</span> <span style="color:#98c379">Area&#34;</span>;
|
||||
</span></span><span style="display:flex;"><span><span style="color:#c678dd">auth_basic_user_file</span> <span style="color:#98c379">/etc/apache2/.htpasswd</span>;</span></span></code></pre></div>
|
||||
|
||||
<p>Further readering <a href="https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/">here</a>.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>Block and Filter Spam Requests With User-Agents in Nginx</title>
|
||||
<link>https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/</link>
|
||||
<pubDate>Thu, 05 Sep 2024 16:58:04 +0300</pubDate>
|
||||
|
||||
<guid>https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/</guid>
|
||||
<description><p>My server has been getting bussyblasted by spam requests from bots and other subhumans and I figured out a way to block them with NGINX.</p>
|
||||
<p>Adapt the following for your use case and simply place it in every nginx.conf that is <code>ln -s</code> linked to your <code>/etc/nginx/sites-enabled</code> (<em>it should be under the <code>listen 443</code> server block if you use certbot. Don&rsquo;t add it under <code>location</code> it should be on the same level as <code>listen [::]:443 ssl;</code></em>)</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">if</span> <span style="color:#98c379">(</span><span style="color:#dcaeea">$http_user_agent</span> ~<span style="color:#56b6c2">*</span> <span style="color:#98c379">&#34;Amazonbot|facebookexternalhit|meta-externalagent|ClaudeBot&#34;)</span> {
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#c678dd">return</span> <span style="color:#d19a66">404</span>;
|
||||
</span></span><span style="display:flex;"><span>}</span></span></code></pre></div>
|
||||
|
||||
<p>To see what kind of requests are being made you can check out the following NGINX file <code>/var/log/nginx/access.log</code>. Scroll all the way down (if you use vim <code>G</code>, for nano - <code>Ctrl + End</code>)</p>
|
||||
<p>I adapted this guide from this fella over here who blocked all Apple devices on his VPS, <a href="https://web.archive.org/web/20240508084213/https://swindlesmccoop.xyz/blog/blockapple.html">read more</a>.</p>
|
||||
<h2 id="a-better-alternative---basic-http-authentication">A better alternative - Basic HTTP Authentication</h2>
|
||||
<p>A better way of blocking unwated access to your website is to use apache2 + NGINX&rsquo;s basic HTTP authentication, <a href="https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache">read my guide</a>.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>Neater Footnotes in Hugo Using the <details> HTML Tag</title>
|
||||
<link>https://vodoraslo.xyz/articles/blog/neater-footnotes-in-hugo-using-the-details-html-tag/</link>
|
||||
|
|
|
|||
|
|
@ -33,6 +33,17 @@
|
|||
<p><strong>Recent posts:</strong></p>
|
||||
</div>
|
||||
<ul class="tenRecentPosts">
|
||||
<li><time
|
||||
datetime="2024-09-05T17:05:07+03:00">2024 Sep 05</time> –
|
||||
<a href="/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/" aria-label="Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache Here’s how to only allow authenticated users to view your websites - … ... Click to Read more about Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache"><b class="white_span">Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache</b></a> - <span
|
||||
class="muted_text">Here’s how to only allow authenticated users to view your websites - great way to boot freeloaders and guarantee your system’s (or your …</span> <a href="/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/" aria-label="Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache Here’s how to only allow authenticated users to view your websites - … ... Click to Read more about Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache" class="read_more_recent_posts" style="box-shadow: 0 1px 0;">Read
|
||||
more about Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache</a> <em> (1 minute read).</em> </li>
|
||||
<li><time
|
||||
datetime="2024-09-05T16:58:04+03:00">2024 Sep 05</time> –
|
||||
<a href="/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/" aria-label="Block and Filter Spam Requests With User-Agents in Nginx My server has been getting bussyblasted by spam requests from bots and … ... Click to Read more about Block and Filter Spam Requests With User-Agents in Nginx"><b class="white_span">Block and Filter Spam Requests With User-Agents in Nginx</b></a> - <span
|
||||
class="muted_text">My server has been getting bussyblasted by spam requests from bots and other subhumans and I figured out a way to block them with NGINX.
|
||||
Adapt the …</span> <a href="/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/" aria-label="Block and Filter Spam Requests With User-Agents in Nginx My server has been getting bussyblasted by spam requests from bots and … ... Click to Read more about Block and Filter Spam Requests With User-Agents in Nginx" class="read_more_recent_posts" style="box-shadow: 0 1px 0;">Read
|
||||
more about Block and Filter Spam Requests With User-Agents in Nginx</a> <em> (1 minute read).</em> </li>
|
||||
<li><time
|
||||
datetime="2024-08-31T16:12:49+03:00">2024 Aug 31</time> –
|
||||
<a href="/articles/blog/neater-footnotes-in-hugo-using-the-details-html-tag/" aria-label="Neater Footnotes in Hugo Using the <details> HTML Tag Hugo currently (v133) provides no way for me to choose where to place my … ... Click to Read more about Neater Footnotes in Hugo Using the <details> HTML Tag"><b class="white_span">Neater Footnotes in Hugo Using the <details> HTML Tag</b></a> - <span
|
||||
|
|
@ -75,17 +86,6 @@ summarized: …</span> <a href="/articles/blog/2024-goals/" aria-label="2024 Go
|
|||
<a href="/library/ted-kaczynski/the-littering-ape/" aria-label="The Littering Ape A number of anthropologically inclined individuals have in recent years … ... Click to Read more about The Littering Ape"><b class="white_span">The Littering Ape</b></a> - <span
|
||||
class="muted_text">A number of anthropologically inclined individuals have in recent years gained fame and fortune by authoring books of the “Naked Ape” …</span> <a href="/library/ted-kaczynski/the-littering-ape/" aria-label="The Littering Ape A number of anthropologically inclined individuals have in recent years … ... Click to Read more about The Littering Ape" class="read_more_recent_posts" style="box-shadow: 0 1px 0;">Read
|
||||
more about The Littering Ape</a> <em> (3 minute read).</em> </li>
|
||||
<li><time
|
||||
datetime="2023-04-15T18:54:10+03:00">2023 Apr 15</time> –
|
||||
<a href="/library/ted-kaczynski/morality-and-revolution/" aria-label="Morality and Revolution “Morality, guilt and fear of condemnation act as cops in our heads, … ... Click to Read more about Morality and Revolution"><b class="white_span">Morality and Revolution</b></a> - <span
|
||||
class="muted_text">“Morality, guilt and fear of condemnation act as cops in our heads, destroying our spontaneity, our wildness, our ability to live our lives to the …</span> <a href="/library/ted-kaczynski/morality-and-revolution/" aria-label="Morality and Revolution “Morality, guilt and fear of condemnation act as cops in our heads, … ... Click to Read more about Morality and Revolution" class="read_more_recent_posts" style="box-shadow: 0 1px 0;">Read
|
||||
more about Morality and Revolution</a> <em> (22 minute read).</em> </li>
|
||||
<li><time
|
||||
datetime="2023-04-15T18:50:50+03:00">2023 Apr 15</time> –
|
||||
<a href="/library/ted-kaczynski/the-systems-neatest-trick/" aria-label="The System's Neatest Trick The supreme luxury of the society of technical necessity will be to grant … ... Click to Read more about The System's Neatest Trick"><b class="white_span">The System's Neatest Trick</b></a> - <span
|
||||
class="muted_text">The supreme luxury of the society of technical necessity will be to grant the bonus of useless revolt and of an acquiescent smile. —Jacques Ellul1
|
||||
The …</span> <a href="/library/ted-kaczynski/the-systems-neatest-trick/" aria-label="The System's Neatest Trick The supreme luxury of the society of technical necessity will be to grant … ... Click to Read more about The System's Neatest Trick" class="read_more_recent_posts" style="box-shadow: 0 1px 0;">Read
|
||||
more about The System's Neatest Trick</a> <em> (25 minute read).</em> </li>
|
||||
</ul>
|
||||
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -9,6 +9,95 @@
|
|||
<atom:link href="https://vodoraslo.xyz/index.xml" rel="self" type="application/rss+xml" />
|
||||
|
||||
|
||||
<item>
|
||||
<title>Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache</title>
|
||||
<link>https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/</link>
|
||||
<pubDate>Thu, 05 Sep 2024 17:05:07 +0300</pubDate>
|
||||
|
||||
<guid>https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/</guid>
|
||||
<description><p>Here&rsquo;s how to only allow authenticated users to view your websites - great way to boot freeloaders and guarantee your system&rsquo;s (<em>or your vps&rsquo;</em>) resources for yourself.</p>
|
||||
<p>The guide is meant for debian but can be easily adapted to suit your needs. I assume you have followed Luke Smith&rsquo;s tutorial and have NGINX running with certbot for certificates.</p>
|
||||
<h2 id="create-a-username-and-password-for-authentication-or-more-than-1-user">Create a username and password for authentication (<em>or more than 1 user</em>)</h2>
|
||||
<p>First:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2</span></span></code></pre></div>
|
||||
|
||||
<p>Then:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2-utils</span></span></code></pre></div>
|
||||
|
||||
<p>Create a username you wish to authenticate with the following comnmand:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd -c /etc/apache2/.htpasswd admin1</span></span></code></pre></div>
|
||||
|
||||
<p>You will be prompted to provide a password, feel free to generate a secure 32+ character one and save it in your password manager of choice.</p>
|
||||
<p>If you wish to create multiple other users simply remove <code>-c</code> from the command and change the name.</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd /etc/apache2/.htpasswd admin2</span></span></code></pre></div>
|
||||
|
||||
<p>Then provide a new password (the same password can also work but it&rsquo;s more secure that way).</p>
|
||||
<h2 id="add-the-htpasswd-file-to-nginx">Add the <code>htpasswd</code> file to NGINX</h2>
|
||||
<p>Navigate to the NGINX configuration file you wish to protect:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nano /etc/nginx/sites-available/&lt;yourFileHere&gt;</span></span></code></pre></div>
|
||||
|
||||
<p>Add the following in the same <code>server</code> block and on the same level as <code>listen [::]:443 ssl;</code>:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">auth_basic</span> <span style="color:#98c379">&#34;Administrator’s</span> <span style="color:#98c379">Area&#34;</span>;
|
||||
</span></span><span style="display:flex;"><span><span style="color:#c678dd">auth_basic_user_file</span> <span style="color:#98c379">/etc/apache2/.htpasswd</span>;</span></span></code></pre></div>
|
||||
|
||||
<p>Further readering <a href="https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/">here</a>.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>Block and Filter Spam Requests With User-Agents in Nginx</title>
|
||||
<link>https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/</link>
|
||||
<pubDate>Thu, 05 Sep 2024 16:58:04 +0300</pubDate>
|
||||
|
||||
<guid>https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/</guid>
|
||||
<description><p>My server has been getting bussyblasted by spam requests from bots and other subhumans and I figured out a way to block them with NGINX.</p>
|
||||
<p>Adapt the following for your use case and simply place it in every nginx.conf that is <code>ln -s</code> linked to your <code>/etc/nginx/sites-enabled</code> (<em>it should be under the <code>listen 443</code> server block if you use certbot. Don&rsquo;t add it under <code>location</code> it should be on the same level as <code>listen [::]:443 ssl;</code></em>)</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">if</span> <span style="color:#98c379">(</span><span style="color:#dcaeea">$http_user_agent</span> ~<span style="color:#56b6c2">*</span> <span style="color:#98c379">&#34;Amazonbot|facebookexternalhit|meta-externalagent|ClaudeBot&#34;)</span> {
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#c678dd">return</span> <span style="color:#d19a66">404</span>;
|
||||
</span></span><span style="display:flex;"><span>}</span></span></code></pre></div>
|
||||
|
||||
<p>To see what kind of requests are being made you can check out the following NGINX file <code>/var/log/nginx/access.log</code>. Scroll all the way down (if you use vim <code>G</code>, for nano - <code>Ctrl + End</code>)</p>
|
||||
<p>I adapted this guide from this fella over here who blocked all Apple devices on his VPS, <a href="https://web.archive.org/web/20240508084213/https://swindlesmccoop.xyz/blog/blockapple.html">read more</a>.</p>
|
||||
<h2 id="a-better-alternative---basic-http-authentication">A better alternative - Basic HTTP Authentication</h2>
|
||||
<p>A better way of blocking unwated access to your website is to use apache2 + NGINX&rsquo;s basic HTTP authentication, <a href="https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache">read my guide</a>.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>Neater Footnotes in Hugo Using the <details> HTML Tag</title>
|
||||
<link>https://vodoraslo.xyz/articles/blog/neater-footnotes-in-hugo-using-the-details-html-tag/</link>
|
||||
|
|
|
|||
|
|
@ -10,6 +10,95 @@
|
|||
<atom:link href="https://vodoraslo.xyz/library/hackbook/index.xml" rel="self" type="application/rss+xml" />
|
||||
|
||||
|
||||
<item>
|
||||
<title>Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache</title>
|
||||
<link>https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/</link>
|
||||
<pubDate>Thu, 05 Sep 2024 17:05:07 +0300</pubDate>
|
||||
|
||||
<guid>https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/</guid>
|
||||
<description><p>Here&rsquo;s how to only allow authenticated users to view your websites - great way to boot freeloaders and guarantee your system&rsquo;s (<em>or your vps&rsquo;</em>) resources for yourself.</p>
|
||||
<p>The guide is meant for debian but can be easily adapted to suit your needs. I assume you have followed Luke Smith&rsquo;s tutorial and have NGINX running with certbot for certificates.</p>
|
||||
<h2 id="create-a-username-and-password-for-authentication-or-more-than-1-user">Create a username and password for authentication (<em>or more than 1 user</em>)</h2>
|
||||
<p>First:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2</span></span></code></pre></div>
|
||||
|
||||
<p>Then:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2-utils</span></span></code></pre></div>
|
||||
|
||||
<p>Create a username you wish to authenticate with the following comnmand:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd -c /etc/apache2/.htpasswd admin1</span></span></code></pre></div>
|
||||
|
||||
<p>You will be prompted to provide a password, feel free to generate a secure 32+ character one and save it in your password manager of choice.</p>
|
||||
<p>If you wish to create multiple other users simply remove <code>-c</code> from the command and change the name.</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd /etc/apache2/.htpasswd admin2</span></span></code></pre></div>
|
||||
|
||||
<p>Then provide a new password (the same password can also work but it&rsquo;s more secure that way).</p>
|
||||
<h2 id="add-the-htpasswd-file-to-nginx">Add the <code>htpasswd</code> file to NGINX</h2>
|
||||
<p>Navigate to the NGINX configuration file you wish to protect:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nano /etc/nginx/sites-available/&lt;yourFileHere&gt;</span></span></code></pre></div>
|
||||
|
||||
<p>Add the following in the same <code>server</code> block and on the same level as <code>listen [::]:443 ssl;</code>:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">auth_basic</span> <span style="color:#98c379">&#34;Administrator’s</span> <span style="color:#98c379">Area&#34;</span>;
|
||||
</span></span><span style="display:flex;"><span><span style="color:#c678dd">auth_basic_user_file</span> <span style="color:#98c379">/etc/apache2/.htpasswd</span>;</span></span></code></pre></div>
|
||||
|
||||
<p>Further readering <a href="https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/">here</a>.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>Block and Filter Spam Requests With User-Agents in Nginx</title>
|
||||
<link>https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/</link>
|
||||
<pubDate>Thu, 05 Sep 2024 16:58:04 +0300</pubDate>
|
||||
|
||||
<guid>https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/</guid>
|
||||
<description><p>My server has been getting bussyblasted by spam requests from bots and other subhumans and I figured out a way to block them with NGINX.</p>
|
||||
<p>Adapt the following for your use case and simply place it in every nginx.conf that is <code>ln -s</code> linked to your <code>/etc/nginx/sites-enabled</code> (<em>it should be under the <code>listen 443</code> server block if you use certbot. Don&rsquo;t add it under <code>location</code> it should be on the same level as <code>listen [::]:443 ssl;</code></em>)</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">if</span> <span style="color:#98c379">(</span><span style="color:#dcaeea">$http_user_agent</span> ~<span style="color:#56b6c2">*</span> <span style="color:#98c379">&#34;Amazonbot|facebookexternalhit|meta-externalagent|ClaudeBot&#34;)</span> {
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#c678dd">return</span> <span style="color:#d19a66">404</span>;
|
||||
</span></span><span style="display:flex;"><span>}</span></span></code></pre></div>
|
||||
|
||||
<p>To see what kind of requests are being made you can check out the following NGINX file <code>/var/log/nginx/access.log</code>. Scroll all the way down (if you use vim <code>G</code>, for nano - <code>Ctrl + End</code>)</p>
|
||||
<p>I adapted this guide from this fella over here who blocked all Apple devices on his VPS, <a href="https://web.archive.org/web/20240508084213/https://swindlesmccoop.xyz/blog/blockapple.html">read more</a>.</p>
|
||||
<h2 id="a-better-alternative---basic-http-authentication">A better alternative - Basic HTTP Authentication</h2>
|
||||
<p>A better way of blocking unwated access to your website is to use apache2 + NGINX&rsquo;s basic HTTP authentication, <a href="https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache">read my guide</a>.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>Neater Footnotes in Hugo Using the <details> HTML Tag</title>
|
||||
<link>https://vodoraslo.xyz/articles/blog/neater-footnotes-in-hugo-using-the-details-html-tag/</link>
|
||||
|
|
|
|||
|
|
@ -9,6 +9,95 @@
|
|||
<atom:link href="https://vodoraslo.xyz/library/index.xml" rel="self" type="application/rss+xml" />
|
||||
|
||||
|
||||
<item>
|
||||
<title>Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache</title>
|
||||
<link>https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/</link>
|
||||
<pubDate>Thu, 05 Sep 2024 17:05:07 +0300</pubDate>
|
||||
|
||||
<guid>https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/</guid>
|
||||
<description><p>Here&rsquo;s how to only allow authenticated users to view your websites - great way to boot freeloaders and guarantee your system&rsquo;s (<em>or your vps&rsquo;</em>) resources for yourself.</p>
|
||||
<p>The guide is meant for debian but can be easily adapted to suit your needs. I assume you have followed Luke Smith&rsquo;s tutorial and have NGINX running with certbot for certificates.</p>
|
||||
<h2 id="create-a-username-and-password-for-authentication-or-more-than-1-user">Create a username and password for authentication (<em>or more than 1 user</em>)</h2>
|
||||
<p>First:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2</span></span></code></pre></div>
|
||||
|
||||
<p>Then:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2-utils</span></span></code></pre></div>
|
||||
|
||||
<p>Create a username you wish to authenticate with the following comnmand:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd -c /etc/apache2/.htpasswd admin1</span></span></code></pre></div>
|
||||
|
||||
<p>You will be prompted to provide a password, feel free to generate a secure 32+ character one and save it in your password manager of choice.</p>
|
||||
<p>If you wish to create multiple other users simply remove <code>-c</code> from the command and change the name.</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd /etc/apache2/.htpasswd admin2</span></span></code></pre></div>
|
||||
|
||||
<p>Then provide a new password (the same password can also work but it&rsquo;s more secure that way).</p>
|
||||
<h2 id="add-the-htpasswd-file-to-nginx">Add the <code>htpasswd</code> file to NGINX</h2>
|
||||
<p>Navigate to the NGINX configuration file you wish to protect:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nano /etc/nginx/sites-available/&lt;yourFileHere&gt;</span></span></code></pre></div>
|
||||
|
||||
<p>Add the following in the same <code>server</code> block and on the same level as <code>listen [::]:443 ssl;</code>:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">auth_basic</span> <span style="color:#98c379">&#34;Administrator’s</span> <span style="color:#98c379">Area&#34;</span>;
|
||||
</span></span><span style="display:flex;"><span><span style="color:#c678dd">auth_basic_user_file</span> <span style="color:#98c379">/etc/apache2/.htpasswd</span>;</span></span></code></pre></div>
|
||||
|
||||
<p>Further readering <a href="https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/">here</a>.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>Block and Filter Spam Requests With User-Agents in Nginx</title>
|
||||
<link>https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/</link>
|
||||
<pubDate>Thu, 05 Sep 2024 16:58:04 +0300</pubDate>
|
||||
|
||||
<guid>https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/</guid>
|
||||
<description><p>My server has been getting bussyblasted by spam requests from bots and other subhumans and I figured out a way to block them with NGINX.</p>
|
||||
<p>Adapt the following for your use case and simply place it in every nginx.conf that is <code>ln -s</code> linked to your <code>/etc/nginx/sites-enabled</code> (<em>it should be under the <code>listen 443</code> server block if you use certbot. Don&rsquo;t add it under <code>location</code> it should be on the same level as <code>listen [::]:443 ssl;</code></em>)</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">if</span> <span style="color:#98c379">(</span><span style="color:#dcaeea">$http_user_agent</span> ~<span style="color:#56b6c2">*</span> <span style="color:#98c379">&#34;Amazonbot|facebookexternalhit|meta-externalagent|ClaudeBot&#34;)</span> {
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#c678dd">return</span> <span style="color:#d19a66">404</span>;
|
||||
</span></span><span style="display:flex;"><span>}</span></span></code></pre></div>
|
||||
|
||||
<p>To see what kind of requests are being made you can check out the following NGINX file <code>/var/log/nginx/access.log</code>. Scroll all the way down (if you use vim <code>G</code>, for nano - <code>Ctrl + End</code>)</p>
|
||||
<p>I adapted this guide from this fella over here who blocked all Apple devices on his VPS, <a href="https://web.archive.org/web/20240508084213/https://swindlesmccoop.xyz/blog/blockapple.html">read more</a>.</p>
|
||||
<h2 id="a-better-alternative---basic-http-authentication">A better alternative - Basic HTTP Authentication</h2>
|
||||
<p>A better way of blocking unwated access to your website is to use apache2 + NGINX&rsquo;s basic HTTP authentication, <a href="https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache">read my guide</a>.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>Neater Footnotes in Hugo Using the <details> HTML Tag</title>
|
||||
<link>https://vodoraslo.xyz/articles/blog/neater-footnotes-in-hugo-using-the-details-html-tag/</link>
|
||||
|
|
|
|||
|
|
@ -10,6 +10,95 @@
|
|||
<atom:link href="https://vodoraslo.xyz/library/ted-kaczynski/index.xml" rel="self" type="application/rss+xml" />
|
||||
|
||||
|
||||
<item>
|
||||
<title>Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache</title>
|
||||
<link>https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/</link>
|
||||
<pubDate>Thu, 05 Sep 2024 17:05:07 +0300</pubDate>
|
||||
|
||||
<guid>https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/</guid>
|
||||
<description><p>Here&rsquo;s how to only allow authenticated users to view your websites - great way to boot freeloaders and guarantee your system&rsquo;s (<em>or your vps&rsquo;</em>) resources for yourself.</p>
|
||||
<p>The guide is meant for debian but can be easily adapted to suit your needs. I assume you have followed Luke Smith&rsquo;s tutorial and have NGINX running with certbot for certificates.</p>
|
||||
<h2 id="create-a-username-and-password-for-authentication-or-more-than-1-user">Create a username and password for authentication (<em>or more than 1 user</em>)</h2>
|
||||
<p>First:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2</span></span></code></pre></div>
|
||||
|
||||
<p>Then:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2-utils</span></span></code></pre></div>
|
||||
|
||||
<p>Create a username you wish to authenticate with the following comnmand:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd -c /etc/apache2/.htpasswd admin1</span></span></code></pre></div>
|
||||
|
||||
<p>You will be prompted to provide a password, feel free to generate a secure 32+ character one and save it in your password manager of choice.</p>
|
||||
<p>If you wish to create multiple other users simply remove <code>-c</code> from the command and change the name.</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd /etc/apache2/.htpasswd admin2</span></span></code></pre></div>
|
||||
|
||||
<p>Then provide a new password (the same password can also work but it&rsquo;s more secure that way).</p>
|
||||
<h2 id="add-the-htpasswd-file-to-nginx">Add the <code>htpasswd</code> file to NGINX</h2>
|
||||
<p>Navigate to the NGINX configuration file you wish to protect:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nano /etc/nginx/sites-available/&lt;yourFileHere&gt;</span></span></code></pre></div>
|
||||
|
||||
<p>Add the following in the same <code>server</code> block and on the same level as <code>listen [::]:443 ssl;</code>:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">auth_basic</span> <span style="color:#98c379">&#34;Administrator’s</span> <span style="color:#98c379">Area&#34;</span>;
|
||||
</span></span><span style="display:flex;"><span><span style="color:#c678dd">auth_basic_user_file</span> <span style="color:#98c379">/etc/apache2/.htpasswd</span>;</span></span></code></pre></div>
|
||||
|
||||
<p>Further readering <a href="https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/">here</a>.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>Block and Filter Spam Requests With User-Agents in Nginx</title>
|
||||
<link>https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/</link>
|
||||
<pubDate>Thu, 05 Sep 2024 16:58:04 +0300</pubDate>
|
||||
|
||||
<guid>https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/</guid>
|
||||
<description><p>My server has been getting bussyblasted by spam requests from bots and other subhumans and I figured out a way to block them with NGINX.</p>
|
||||
<p>Adapt the following for your use case and simply place it in every nginx.conf that is <code>ln -s</code> linked to your <code>/etc/nginx/sites-enabled</code> (<em>it should be under the <code>listen 443</code> server block if you use certbot. Don&rsquo;t add it under <code>location</code> it should be on the same level as <code>listen [::]:443 ssl;</code></em>)</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">if</span> <span style="color:#98c379">(</span><span style="color:#dcaeea">$http_user_agent</span> ~<span style="color:#56b6c2">*</span> <span style="color:#98c379">&#34;Amazonbot|facebookexternalhit|meta-externalagent|ClaudeBot&#34;)</span> {
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#c678dd">return</span> <span style="color:#d19a66">404</span>;
|
||||
</span></span><span style="display:flex;"><span>}</span></span></code></pre></div>
|
||||
|
||||
<p>To see what kind of requests are being made you can check out the following NGINX file <code>/var/log/nginx/access.log</code>. Scroll all the way down (if you use vim <code>G</code>, for nano - <code>Ctrl + End</code>)</p>
|
||||
<p>I adapted this guide from this fella over here who blocked all Apple devices on his VPS, <a href="https://web.archive.org/web/20240508084213/https://swindlesmccoop.xyz/blog/blockapple.html">read more</a>.</p>
|
||||
<h2 id="a-better-alternative---basic-http-authentication">A better alternative - Basic HTTP Authentication</h2>
|
||||
<p>A better way of blocking unwated access to your website is to use apache2 + NGINX&rsquo;s basic HTTP authentication, <a href="https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache">read my guide</a>.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>Neater Footnotes in Hugo Using the <details> HTML Tag</title>
|
||||
<link>https://vodoraslo.xyz/articles/blog/neater-footnotes-in-hugo-using-the-details-html-tag/</link>
|
||||
|
|
|
|||
|
|
@ -2,6 +2,12 @@
|
|||
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"
|
||||
xmlns:xhtml="http://www.w3.org/1999/xhtml">
|
||||
<url>
|
||||
<loc>https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/</loc>
|
||||
<lastmod>2024-09-05T17:05:07+03:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/</loc>
|
||||
<lastmod>2024-09-05T16:58:04+03:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://vodoraslo.xyz/articles/blog/neater-footnotes-in-hugo-using-the-details-html-tag/</loc>
|
||||
<lastmod>2024-08-31T17:06:20+03:00</lastmod>
|
||||
</url><url>
|
||||
|
|
|
|||
|
|
@ -10,6 +10,95 @@
|
|||
<atom:link href="https://vodoraslo.xyz/tags/blog/index.xml" rel="self" type="application/rss+xml" />
|
||||
|
||||
|
||||
<item>
|
||||
<title>Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache</title>
|
||||
<link>https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/</link>
|
||||
<pubDate>Thu, 05 Sep 2024 17:05:07 +0300</pubDate>
|
||||
|
||||
<guid>https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/</guid>
|
||||
<description><p>Here&rsquo;s how to only allow authenticated users to view your websites - great way to boot freeloaders and guarantee your system&rsquo;s (<em>or your vps&rsquo;</em>) resources for yourself.</p>
|
||||
<p>The guide is meant for debian but can be easily adapted to suit your needs. I assume you have followed Luke Smith&rsquo;s tutorial and have NGINX running with certbot for certificates.</p>
|
||||
<h2 id="create-a-username-and-password-for-authentication-or-more-than-1-user">Create a username and password for authentication (<em>or more than 1 user</em>)</h2>
|
||||
<p>First:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2</span></span></code></pre></div>
|
||||
|
||||
<p>Then:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2-utils</span></span></code></pre></div>
|
||||
|
||||
<p>Create a username you wish to authenticate with the following comnmand:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd -c /etc/apache2/.htpasswd admin1</span></span></code></pre></div>
|
||||
|
||||
<p>You will be prompted to provide a password, feel free to generate a secure 32+ character one and save it in your password manager of choice.</p>
|
||||
<p>If you wish to create multiple other users simply remove <code>-c</code> from the command and change the name.</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd /etc/apache2/.htpasswd admin2</span></span></code></pre></div>
|
||||
|
||||
<p>Then provide a new password (the same password can also work but it&rsquo;s more secure that way).</p>
|
||||
<h2 id="add-the-htpasswd-file-to-nginx">Add the <code>htpasswd</code> file to NGINX</h2>
|
||||
<p>Navigate to the NGINX configuration file you wish to protect:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nano /etc/nginx/sites-available/&lt;yourFileHere&gt;</span></span></code></pre></div>
|
||||
|
||||
<p>Add the following in the same <code>server</code> block and on the same level as <code>listen [::]:443 ssl;</code>:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">auth_basic</span> <span style="color:#98c379">&#34;Administrator’s</span> <span style="color:#98c379">Area&#34;</span>;
|
||||
</span></span><span style="display:flex;"><span><span style="color:#c678dd">auth_basic_user_file</span> <span style="color:#98c379">/etc/apache2/.htpasswd</span>;</span></span></code></pre></div>
|
||||
|
||||
<p>Further readering <a href="https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/">here</a>.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>Block and Filter Spam Requests With User-Agents in Nginx</title>
|
||||
<link>https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/</link>
|
||||
<pubDate>Thu, 05 Sep 2024 16:58:04 +0300</pubDate>
|
||||
|
||||
<guid>https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/</guid>
|
||||
<description><p>My server has been getting bussyblasted by spam requests from bots and other subhumans and I figured out a way to block them with NGINX.</p>
|
||||
<p>Adapt the following for your use case and simply place it in every nginx.conf that is <code>ln -s</code> linked to your <code>/etc/nginx/sites-enabled</code> (<em>it should be under the <code>listen 443</code> server block if you use certbot. Don&rsquo;t add it under <code>location</code> it should be on the same level as <code>listen [::]:443 ssl;</code></em>)</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">if</span> <span style="color:#98c379">(</span><span style="color:#dcaeea">$http_user_agent</span> ~<span style="color:#56b6c2">*</span> <span style="color:#98c379">&#34;Amazonbot|facebookexternalhit|meta-externalagent|ClaudeBot&#34;)</span> {
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#c678dd">return</span> <span style="color:#d19a66">404</span>;
|
||||
</span></span><span style="display:flex;"><span>}</span></span></code></pre></div>
|
||||
|
||||
<p>To see what kind of requests are being made you can check out the following NGINX file <code>/var/log/nginx/access.log</code>. Scroll all the way down (if you use vim <code>G</code>, for nano - <code>Ctrl + End</code>)</p>
|
||||
<p>I adapted this guide from this fella over here who blocked all Apple devices on his VPS, <a href="https://web.archive.org/web/20240508084213/https://swindlesmccoop.xyz/blog/blockapple.html">read more</a>.</p>
|
||||
<h2 id="a-better-alternative---basic-http-authentication">A better alternative - Basic HTTP Authentication</h2>
|
||||
<p>A better way of blocking unwated access to your website is to use apache2 + NGINX&rsquo;s basic HTTP authentication, <a href="https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache">read my guide</a>.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>Neater Footnotes in Hugo Using the <details> HTML Tag</title>
|
||||
<link>https://vodoraslo.xyz/articles/blog/neater-footnotes-in-hugo-using-the-details-html-tag/</link>
|
||||
|
|
|
|||
|
|
@ -10,6 +10,95 @@
|
|||
<atom:link href="https://vodoraslo.xyz/tags/hackbook/index.xml" rel="self" type="application/rss+xml" />
|
||||
|
||||
|
||||
<item>
|
||||
<title>Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache</title>
|
||||
<link>https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/</link>
|
||||
<pubDate>Thu, 05 Sep 2024 17:05:07 +0300</pubDate>
|
||||
|
||||
<guid>https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/</guid>
|
||||
<description><p>Here&rsquo;s how to only allow authenticated users to view your websites - great way to boot freeloaders and guarantee your system&rsquo;s (<em>or your vps&rsquo;</em>) resources for yourself.</p>
|
||||
<p>The guide is meant for debian but can be easily adapted to suit your needs. I assume you have followed Luke Smith&rsquo;s tutorial and have NGINX running with certbot for certificates.</p>
|
||||
<h2 id="create-a-username-and-password-for-authentication-or-more-than-1-user">Create a username and password for authentication (<em>or more than 1 user</em>)</h2>
|
||||
<p>First:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2</span></span></code></pre></div>
|
||||
|
||||
<p>Then:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2-utils</span></span></code></pre></div>
|
||||
|
||||
<p>Create a username you wish to authenticate with the following comnmand:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd -c /etc/apache2/.htpasswd admin1</span></span></code></pre></div>
|
||||
|
||||
<p>You will be prompted to provide a password, feel free to generate a secure 32+ character one and save it in your password manager of choice.</p>
|
||||
<p>If you wish to create multiple other users simply remove <code>-c</code> from the command and change the name.</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd /etc/apache2/.htpasswd admin2</span></span></code></pre></div>
|
||||
|
||||
<p>Then provide a new password (the same password can also work but it&rsquo;s more secure that way).</p>
|
||||
<h2 id="add-the-htpasswd-file-to-nginx">Add the <code>htpasswd</code> file to NGINX</h2>
|
||||
<p>Navigate to the NGINX configuration file you wish to protect:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nano /etc/nginx/sites-available/&lt;yourFileHere&gt;</span></span></code></pre></div>
|
||||
|
||||
<p>Add the following in the same <code>server</code> block and on the same level as <code>listen [::]:443 ssl;</code>:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">auth_basic</span> <span style="color:#98c379">&#34;Administrator’s</span> <span style="color:#98c379">Area&#34;</span>;
|
||||
</span></span><span style="display:flex;"><span><span style="color:#c678dd">auth_basic_user_file</span> <span style="color:#98c379">/etc/apache2/.htpasswd</span>;</span></span></code></pre></div>
|
||||
|
||||
<p>Further readering <a href="https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/">here</a>.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>Block and Filter Spam Requests With User-Agents in Nginx</title>
|
||||
<link>https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/</link>
|
||||
<pubDate>Thu, 05 Sep 2024 16:58:04 +0300</pubDate>
|
||||
|
||||
<guid>https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/</guid>
|
||||
<description><p>My server has been getting bussyblasted by spam requests from bots and other subhumans and I figured out a way to block them with NGINX.</p>
|
||||
<p>Adapt the following for your use case and simply place it in every nginx.conf that is <code>ln -s</code> linked to your <code>/etc/nginx/sites-enabled</code> (<em>it should be under the <code>listen 443</code> server block if you use certbot. Don&rsquo;t add it under <code>location</code> it should be on the same level as <code>listen [::]:443 ssl;</code></em>)</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">if</span> <span style="color:#98c379">(</span><span style="color:#dcaeea">$http_user_agent</span> ~<span style="color:#56b6c2">*</span> <span style="color:#98c379">&#34;Amazonbot|facebookexternalhit|meta-externalagent|ClaudeBot&#34;)</span> {
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#c678dd">return</span> <span style="color:#d19a66">404</span>;
|
||||
</span></span><span style="display:flex;"><span>}</span></span></code></pre></div>
|
||||
|
||||
<p>To see what kind of requests are being made you can check out the following NGINX file <code>/var/log/nginx/access.log</code>. Scroll all the way down (if you use vim <code>G</code>, for nano - <code>Ctrl + End</code>)</p>
|
||||
<p>I adapted this guide from this fella over here who blocked all Apple devices on his VPS, <a href="https://web.archive.org/web/20240508084213/https://swindlesmccoop.xyz/blog/blockapple.html">read more</a>.</p>
|
||||
<h2 id="a-better-alternative---basic-http-authentication">A better alternative - Basic HTTP Authentication</h2>
|
||||
<p>A better way of blocking unwated access to your website is to use apache2 + NGINX&rsquo;s basic HTTP authentication, <a href="https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache">read my guide</a>.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>Neater Footnotes in Hugo Using the <details> HTML Tag</title>
|
||||
<link>https://vodoraslo.xyz/articles/blog/neater-footnotes-in-hugo-using-the-details-html-tag/</link>
|
||||
|
|
|
|||
|
|
@ -10,6 +10,95 @@
|
|||
<atom:link href="https://vodoraslo.xyz/tags/index.xml" rel="self" type="application/rss+xml" />
|
||||
|
||||
|
||||
<item>
|
||||
<title>Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache</title>
|
||||
<link>https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/</link>
|
||||
<pubDate>Thu, 05 Sep 2024 17:05:07 +0300</pubDate>
|
||||
|
||||
<guid>https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/</guid>
|
||||
<description><p>Here&rsquo;s how to only allow authenticated users to view your websites - great way to boot freeloaders and guarantee your system&rsquo;s (<em>or your vps&rsquo;</em>) resources for yourself.</p>
|
||||
<p>The guide is meant for debian but can be easily adapted to suit your needs. I assume you have followed Luke Smith&rsquo;s tutorial and have NGINX running with certbot for certificates.</p>
|
||||
<h2 id="create-a-username-and-password-for-authentication-or-more-than-1-user">Create a username and password for authentication (<em>or more than 1 user</em>)</h2>
|
||||
<p>First:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2</span></span></code></pre></div>
|
||||
|
||||
<p>Then:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2-utils</span></span></code></pre></div>
|
||||
|
||||
<p>Create a username you wish to authenticate with the following comnmand:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd -c /etc/apache2/.htpasswd admin1</span></span></code></pre></div>
|
||||
|
||||
<p>You will be prompted to provide a password, feel free to generate a secure 32+ character one and save it in your password manager of choice.</p>
|
||||
<p>If you wish to create multiple other users simply remove <code>-c</code> from the command and change the name.</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd /etc/apache2/.htpasswd admin2</span></span></code></pre></div>
|
||||
|
||||
<p>Then provide a new password (the same password can also work but it&rsquo;s more secure that way).</p>
|
||||
<h2 id="add-the-htpasswd-file-to-nginx">Add the <code>htpasswd</code> file to NGINX</h2>
|
||||
<p>Navigate to the NGINX configuration file you wish to protect:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nano /etc/nginx/sites-available/&lt;yourFileHere&gt;</span></span></code></pre></div>
|
||||
|
||||
<p>Add the following in the same <code>server</code> block and on the same level as <code>listen [::]:443 ssl;</code>:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">auth_basic</span> <span style="color:#98c379">&#34;Administrator’s</span> <span style="color:#98c379">Area&#34;</span>;
|
||||
</span></span><span style="display:flex;"><span><span style="color:#c678dd">auth_basic_user_file</span> <span style="color:#98c379">/etc/apache2/.htpasswd</span>;</span></span></code></pre></div>
|
||||
|
||||
<p>Further readering <a href="https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/">here</a>.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>Block and Filter Spam Requests With User-Agents in Nginx</title>
|
||||
<link>https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/</link>
|
||||
<pubDate>Thu, 05 Sep 2024 16:58:04 +0300</pubDate>
|
||||
|
||||
<guid>https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/</guid>
|
||||
<description><p>My server has been getting bussyblasted by spam requests from bots and other subhumans and I figured out a way to block them with NGINX.</p>
|
||||
<p>Adapt the following for your use case and simply place it in every nginx.conf that is <code>ln -s</code> linked to your <code>/etc/nginx/sites-enabled</code> (<em>it should be under the <code>listen 443</code> server block if you use certbot. Don&rsquo;t add it under <code>location</code> it should be on the same level as <code>listen [::]:443 ssl;</code></em>)</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">if</span> <span style="color:#98c379">(</span><span style="color:#dcaeea">$http_user_agent</span> ~<span style="color:#56b6c2">*</span> <span style="color:#98c379">&#34;Amazonbot|facebookexternalhit|meta-externalagent|ClaudeBot&#34;)</span> {
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#c678dd">return</span> <span style="color:#d19a66">404</span>;
|
||||
</span></span><span style="display:flex;"><span>}</span></span></code></pre></div>
|
||||
|
||||
<p>To see what kind of requests are being made you can check out the following NGINX file <code>/var/log/nginx/access.log</code>. Scroll all the way down (if you use vim <code>G</code>, for nano - <code>Ctrl + End</code>)</p>
|
||||
<p>I adapted this guide from this fella over here who blocked all Apple devices on his VPS, <a href="https://web.archive.org/web/20240508084213/https://swindlesmccoop.xyz/blog/blockapple.html">read more</a>.</p>
|
||||
<h2 id="a-better-alternative---basic-http-authentication">A better alternative - Basic HTTP Authentication</h2>
|
||||
<p>A better way of blocking unwated access to your website is to use apache2 + NGINX&rsquo;s basic HTTP authentication, <a href="https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache">read my guide</a>.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>Neater Footnotes in Hugo Using the <details> HTML Tag</title>
|
||||
<link>https://vodoraslo.xyz/articles/blog/neater-footnotes-in-hugo-using-the-details-html-tag/</link>
|
||||
|
|
|
|||
|
|
@ -10,6 +10,95 @@
|
|||
<atom:link href="https://vodoraslo.xyz/tags/library/index.xml" rel="self" type="application/rss+xml" />
|
||||
|
||||
|
||||
<item>
|
||||
<title>Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache</title>
|
||||
<link>https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/</link>
|
||||
<pubDate>Thu, 05 Sep 2024 17:05:07 +0300</pubDate>
|
||||
|
||||
<guid>https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/</guid>
|
||||
<description><p>Here&rsquo;s how to only allow authenticated users to view your websites - great way to boot freeloaders and guarantee your system&rsquo;s (<em>or your vps&rsquo;</em>) resources for yourself.</p>
|
||||
<p>The guide is meant for debian but can be easily adapted to suit your needs. I assume you have followed Luke Smith&rsquo;s tutorial and have NGINX running with certbot for certificates.</p>
|
||||
<h2 id="create-a-username-and-password-for-authentication-or-more-than-1-user">Create a username and password for authentication (<em>or more than 1 user</em>)</h2>
|
||||
<p>First:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2</span></span></code></pre></div>
|
||||
|
||||
<p>Then:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2-utils</span></span></code></pre></div>
|
||||
|
||||
<p>Create a username you wish to authenticate with the following comnmand:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd -c /etc/apache2/.htpasswd admin1</span></span></code></pre></div>
|
||||
|
||||
<p>You will be prompted to provide a password, feel free to generate a secure 32+ character one and save it in your password manager of choice.</p>
|
||||
<p>If you wish to create multiple other users simply remove <code>-c</code> from the command and change the name.</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd /etc/apache2/.htpasswd admin2</span></span></code></pre></div>
|
||||
|
||||
<p>Then provide a new password (the same password can also work but it&rsquo;s more secure that way).</p>
|
||||
<h2 id="add-the-htpasswd-file-to-nginx">Add the <code>htpasswd</code> file to NGINX</h2>
|
||||
<p>Navigate to the NGINX configuration file you wish to protect:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nano /etc/nginx/sites-available/&lt;yourFileHere&gt;</span></span></code></pre></div>
|
||||
|
||||
<p>Add the following in the same <code>server</code> block and on the same level as <code>listen [::]:443 ssl;</code>:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">auth_basic</span> <span style="color:#98c379">&#34;Administrator’s</span> <span style="color:#98c379">Area&#34;</span>;
|
||||
</span></span><span style="display:flex;"><span><span style="color:#c678dd">auth_basic_user_file</span> <span style="color:#98c379">/etc/apache2/.htpasswd</span>;</span></span></code></pre></div>
|
||||
|
||||
<p>Further readering <a href="https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/">here</a>.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>Block and Filter Spam Requests With User-Agents in Nginx</title>
|
||||
<link>https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/</link>
|
||||
<pubDate>Thu, 05 Sep 2024 16:58:04 +0300</pubDate>
|
||||
|
||||
<guid>https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/</guid>
|
||||
<description><p>My server has been getting bussyblasted by spam requests from bots and other subhumans and I figured out a way to block them with NGINX.</p>
|
||||
<p>Adapt the following for your use case and simply place it in every nginx.conf that is <code>ln -s</code> linked to your <code>/etc/nginx/sites-enabled</code> (<em>it should be under the <code>listen 443</code> server block if you use certbot. Don&rsquo;t add it under <code>location</code> it should be on the same level as <code>listen [::]:443 ssl;</code></em>)</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">if</span> <span style="color:#98c379">(</span><span style="color:#dcaeea">$http_user_agent</span> ~<span style="color:#56b6c2">*</span> <span style="color:#98c379">&#34;Amazonbot|facebookexternalhit|meta-externalagent|ClaudeBot&#34;)</span> {
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#c678dd">return</span> <span style="color:#d19a66">404</span>;
|
||||
</span></span><span style="display:flex;"><span>}</span></span></code></pre></div>
|
||||
|
||||
<p>To see what kind of requests are being made you can check out the following NGINX file <code>/var/log/nginx/access.log</code>. Scroll all the way down (if you use vim <code>G</code>, for nano - <code>Ctrl + End</code>)</p>
|
||||
<p>I adapted this guide from this fella over here who blocked all Apple devices on his VPS, <a href="https://web.archive.org/web/20240508084213/https://swindlesmccoop.xyz/blog/blockapple.html">read more</a>.</p>
|
||||
<h2 id="a-better-alternative---basic-http-authentication">A better alternative - Basic HTTP Authentication</h2>
|
||||
<p>A better way of blocking unwated access to your website is to use apache2 + NGINX&rsquo;s basic HTTP authentication, <a href="https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache">read my guide</a>.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>Neater Footnotes in Hugo Using the <details> HTML Tag</title>
|
||||
<link>https://vodoraslo.xyz/articles/blog/neater-footnotes-in-hugo-using-the-details-html-tag/</link>
|
||||
|
|
|
|||
|
|
@ -10,6 +10,95 @@
|
|||
<atom:link href="https://vodoraslo.xyz/tags/personal/index.xml" rel="self" type="application/rss+xml" />
|
||||
|
||||
|
||||
<item>
|
||||
<title>Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache</title>
|
||||
<link>https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/</link>
|
||||
<pubDate>Thu, 05 Sep 2024 17:05:07 +0300</pubDate>
|
||||
|
||||
<guid>https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/</guid>
|
||||
<description><p>Here&rsquo;s how to only allow authenticated users to view your websites - great way to boot freeloaders and guarantee your system&rsquo;s (<em>or your vps&rsquo;</em>) resources for yourself.</p>
|
||||
<p>The guide is meant for debian but can be easily adapted to suit your needs. I assume you have followed Luke Smith&rsquo;s tutorial and have NGINX running with certbot for certificates.</p>
|
||||
<h2 id="create-a-username-and-password-for-authentication-or-more-than-1-user">Create a username and password for authentication (<em>or more than 1 user</em>)</h2>
|
||||
<p>First:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2</span></span></code></pre></div>
|
||||
|
||||
<p>Then:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2-utils</span></span></code></pre></div>
|
||||
|
||||
<p>Create a username you wish to authenticate with the following comnmand:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd -c /etc/apache2/.htpasswd admin1</span></span></code></pre></div>
|
||||
|
||||
<p>You will be prompted to provide a password, feel free to generate a secure 32+ character one and save it in your password manager of choice.</p>
|
||||
<p>If you wish to create multiple other users simply remove <code>-c</code> from the command and change the name.</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd /etc/apache2/.htpasswd admin2</span></span></code></pre></div>
|
||||
|
||||
<p>Then provide a new password (the same password can also work but it&rsquo;s more secure that way).</p>
|
||||
<h2 id="add-the-htpasswd-file-to-nginx">Add the <code>htpasswd</code> file to NGINX</h2>
|
||||
<p>Navigate to the NGINX configuration file you wish to protect:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nano /etc/nginx/sites-available/&lt;yourFileHere&gt;</span></span></code></pre></div>
|
||||
|
||||
<p>Add the following in the same <code>server</code> block and on the same level as <code>listen [::]:443 ssl;</code>:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">auth_basic</span> <span style="color:#98c379">&#34;Administrator’s</span> <span style="color:#98c379">Area&#34;</span>;
|
||||
</span></span><span style="display:flex;"><span><span style="color:#c678dd">auth_basic_user_file</span> <span style="color:#98c379">/etc/apache2/.htpasswd</span>;</span></span></code></pre></div>
|
||||
|
||||
<p>Further readering <a href="https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/">here</a>.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>Block and Filter Spam Requests With User-Agents in Nginx</title>
|
||||
<link>https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/</link>
|
||||
<pubDate>Thu, 05 Sep 2024 16:58:04 +0300</pubDate>
|
||||
|
||||
<guid>https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/</guid>
|
||||
<description><p>My server has been getting bussyblasted by spam requests from bots and other subhumans and I figured out a way to block them with NGINX.</p>
|
||||
<p>Adapt the following for your use case and simply place it in every nginx.conf that is <code>ln -s</code> linked to your <code>/etc/nginx/sites-enabled</code> (<em>it should be under the <code>listen 443</code> server block if you use certbot. Don&rsquo;t add it under <code>location</code> it should be on the same level as <code>listen [::]:443 ssl;</code></em>)</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">if</span> <span style="color:#98c379">(</span><span style="color:#dcaeea">$http_user_agent</span> ~<span style="color:#56b6c2">*</span> <span style="color:#98c379">&#34;Amazonbot|facebookexternalhit|meta-externalagent|ClaudeBot&#34;)</span> {
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#c678dd">return</span> <span style="color:#d19a66">404</span>;
|
||||
</span></span><span style="display:flex;"><span>}</span></span></code></pre></div>
|
||||
|
||||
<p>To see what kind of requests are being made you can check out the following NGINX file <code>/var/log/nginx/access.log</code>. Scroll all the way down (if you use vim <code>G</code>, for nano - <code>Ctrl + End</code>)</p>
|
||||
<p>I adapted this guide from this fella over here who blocked all Apple devices on his VPS, <a href="https://web.archive.org/web/20240508084213/https://swindlesmccoop.xyz/blog/blockapple.html">read more</a>.</p>
|
||||
<h2 id="a-better-alternative---basic-http-authentication">A better alternative - Basic HTTP Authentication</h2>
|
||||
<p>A better way of blocking unwated access to your website is to use apache2 + NGINX&rsquo;s basic HTTP authentication, <a href="https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache">read my guide</a>.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>Neater Footnotes in Hugo Using the <details> HTML Tag</title>
|
||||
<link>https://vodoraslo.xyz/articles/blog/neater-footnotes-in-hugo-using-the-details-html-tag/</link>
|
||||
|
|
|
|||
|
|
@ -10,6 +10,95 @@
|
|||
<atom:link href="https://vodoraslo.xyz/tags/ted-kaczynski/index.xml" rel="self" type="application/rss+xml" />
|
||||
|
||||
|
||||
<item>
|
||||
<title>Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache</title>
|
||||
<link>https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/</link>
|
||||
<pubDate>Thu, 05 Sep 2024 17:05:07 +0300</pubDate>
|
||||
|
||||
<guid>https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/</guid>
|
||||
<description><p>Here&rsquo;s how to only allow authenticated users to view your websites - great way to boot freeloaders and guarantee your system&rsquo;s (<em>or your vps&rsquo;</em>) resources for yourself.</p>
|
||||
<p>The guide is meant for debian but can be easily adapted to suit your needs. I assume you have followed Luke Smith&rsquo;s tutorial and have NGINX running with certbot for certificates.</p>
|
||||
<h2 id="create-a-username-and-password-for-authentication-or-more-than-1-user">Create a username and password for authentication (<em>or more than 1 user</em>)</h2>
|
||||
<p>First:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2</span></span></code></pre></div>
|
||||
|
||||
<p>Then:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2-utils</span></span></code></pre></div>
|
||||
|
||||
<p>Create a username you wish to authenticate with the following comnmand:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd -c /etc/apache2/.htpasswd admin1</span></span></code></pre></div>
|
||||
|
||||
<p>You will be prompted to provide a password, feel free to generate a secure 32+ character one and save it in your password manager of choice.</p>
|
||||
<p>If you wish to create multiple other users simply remove <code>-c</code> from the command and change the name.</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd /etc/apache2/.htpasswd admin2</span></span></code></pre></div>
|
||||
|
||||
<p>Then provide a new password (the same password can also work but it&rsquo;s more secure that way).</p>
|
||||
<h2 id="add-the-htpasswd-file-to-nginx">Add the <code>htpasswd</code> file to NGINX</h2>
|
||||
<p>Navigate to the NGINX configuration file you wish to protect:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nano /etc/nginx/sites-available/&lt;yourFileHere&gt;</span></span></code></pre></div>
|
||||
|
||||
<p>Add the following in the same <code>server</code> block and on the same level as <code>listen [::]:443 ssl;</code>:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">auth_basic</span> <span style="color:#98c379">&#34;Administrator’s</span> <span style="color:#98c379">Area&#34;</span>;
|
||||
</span></span><span style="display:flex;"><span><span style="color:#c678dd">auth_basic_user_file</span> <span style="color:#98c379">/etc/apache2/.htpasswd</span>;</span></span></code></pre></div>
|
||||
|
||||
<p>Further readering <a href="https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/">here</a>.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>Block and Filter Spam Requests With User-Agents in Nginx</title>
|
||||
<link>https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/</link>
|
||||
<pubDate>Thu, 05 Sep 2024 16:58:04 +0300</pubDate>
|
||||
|
||||
<guid>https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/</guid>
|
||||
<description><p>My server has been getting bussyblasted by spam requests from bots and other subhumans and I figured out a way to block them with NGINX.</p>
|
||||
<p>Adapt the following for your use case and simply place it in every nginx.conf that is <code>ln -s</code> linked to your <code>/etc/nginx/sites-enabled</code> (<em>it should be under the <code>listen 443</code> server block if you use certbot. Don&rsquo;t add it under <code>location</code> it should be on the same level as <code>listen [::]:443 ssl;</code></em>)</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">if</span> <span style="color:#98c379">(</span><span style="color:#dcaeea">$http_user_agent</span> ~<span style="color:#56b6c2">*</span> <span style="color:#98c379">&#34;Amazonbot|facebookexternalhit|meta-externalagent|ClaudeBot&#34;)</span> {
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#c678dd">return</span> <span style="color:#d19a66">404</span>;
|
||||
</span></span><span style="display:flex;"><span>}</span></span></code></pre></div>
|
||||
|
||||
<p>To see what kind of requests are being made you can check out the following NGINX file <code>/var/log/nginx/access.log</code>. Scroll all the way down (if you use vim <code>G</code>, for nano - <code>Ctrl + End</code>)</p>
|
||||
<p>I adapted this guide from this fella over here who blocked all Apple devices on his VPS, <a href="https://web.archive.org/web/20240508084213/https://swindlesmccoop.xyz/blog/blockapple.html">read more</a>.</p>
|
||||
<h2 id="a-better-alternative---basic-http-authentication">A better alternative - Basic HTTP Authentication</h2>
|
||||
<p>A better way of blocking unwated access to your website is to use apache2 + NGINX&rsquo;s basic HTTP authentication, <a href="https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache">read my guide</a>.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>Neater Footnotes in Hugo Using the <details> HTML Tag</title>
|
||||
<link>https://vodoraslo.xyz/articles/blog/neater-footnotes-in-hugo-using-the-details-html-tag/</link>
|
||||
|
|
|
|||
|
|
@ -10,6 +10,95 @@
|
|||
<atom:link href="https://vodoraslo.xyz/tags/updates/index.xml" rel="self" type="application/rss+xml" />
|
||||
|
||||
|
||||
<item>
|
||||
<title>Restrict Unwanted Access With HTTP Basic Authentication - NGINX and Apache</title>
|
||||
<link>https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/</link>
|
||||
<pubDate>Thu, 05 Sep 2024 17:05:07 +0300</pubDate>
|
||||
|
||||
<guid>https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache/</guid>
|
||||
<description><p>Here&rsquo;s how to only allow authenticated users to view your websites - great way to boot freeloaders and guarantee your system&rsquo;s (<em>or your vps&rsquo;</em>) resources for yourself.</p>
|
||||
<p>The guide is meant for debian but can be easily adapted to suit your needs. I assume you have followed Luke Smith&rsquo;s tutorial and have NGINX running with certbot for certificates.</p>
|
||||
<h2 id="create-a-username-and-password-for-authentication-or-more-than-1-user">Create a username and password for authentication (<em>or more than 1 user</em>)</h2>
|
||||
<p>First:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2</span></span></code></pre></div>
|
||||
|
||||
<p>Then:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install apache2-utils</span></span></code></pre></div>
|
||||
|
||||
<p>Create a username you wish to authenticate with the following comnmand:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd -c /etc/apache2/.htpasswd admin1</span></span></code></pre></div>
|
||||
|
||||
<p>You will be prompted to provide a password, feel free to generate a secure 32+ character one and save it in your password manager of choice.</p>
|
||||
<p>If you wish to create multiple other users simply remove <code>-c</code> from the command and change the name.</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo htpasswd /etc/apache2/.htpasswd admin2</span></span></code></pre></div>
|
||||
|
||||
<p>Then provide a new password (the same password can also work but it&rsquo;s more secure that way).</p>
|
||||
<h2 id="add-the-htpasswd-file-to-nginx">Add the <code>htpasswd</code> file to NGINX</h2>
|
||||
<p>Navigate to the NGINX configuration file you wish to protect:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>nano /etc/nginx/sites-available/&lt;yourFileHere&gt;</span></span></code></pre></div>
|
||||
|
||||
<p>Add the following in the same <code>server</code> block and on the same level as <code>listen [::]:443 ssl;</code>:</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">auth_basic</span> <span style="color:#98c379">&#34;Administrator’s</span> <span style="color:#98c379">Area&#34;</span>;
|
||||
</span></span><span style="display:flex;"><span><span style="color:#c678dd">auth_basic_user_file</span> <span style="color:#98c379">/etc/apache2/.htpasswd</span>;</span></span></code></pre></div>
|
||||
|
||||
<p>Further readering <a href="https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/">here</a>.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>Block and Filter Spam Requests With User-Agents in Nginx</title>
|
||||
<link>https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/</link>
|
||||
<pubDate>Thu, 05 Sep 2024 16:58:04 +0300</pubDate>
|
||||
|
||||
<guid>https://vodoraslo.xyz/articles/blog/block-and-filter-spam-requests-with-user-agents-in-nginx/</guid>
|
||||
<description><p>My server has been getting bussyblasted by spam requests from bots and other subhumans and I figured out a way to block them with NGINX.</p>
|
||||
<p>Adapt the following for your use case and simply place it in every nginx.conf that is <code>ln -s</code> linked to your <code>/etc/nginx/sites-enabled</code> (<em>it should be under the <code>listen 443</code> server block if you use certbot. Don&rsquo;t add it under <code>location</code> it should be on the same level as <code>listen [::]:443 ssl;</code></em>)</p>
|
||||
|
||||
|
||||
|
||||
<div class="highlight">
|
||||
|
||||
<pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#c678dd">if</span> <span style="color:#98c379">(</span><span style="color:#dcaeea">$http_user_agent</span> ~<span style="color:#56b6c2">*</span> <span style="color:#98c379">&#34;Amazonbot|facebookexternalhit|meta-externalagent|ClaudeBot&#34;)</span> {
|
||||
</span></span><span style="display:flex;"><span> <span style="color:#c678dd">return</span> <span style="color:#d19a66">404</span>;
|
||||
</span></span><span style="display:flex;"><span>}</span></span></code></pre></div>
|
||||
|
||||
<p>To see what kind of requests are being made you can check out the following NGINX file <code>/var/log/nginx/access.log</code>. Scroll all the way down (if you use vim <code>G</code>, for nano - <code>Ctrl + End</code>)</p>
|
||||
<p>I adapted this guide from this fella over here who blocked all Apple devices on his VPS, <a href="https://web.archive.org/web/20240508084213/https://swindlesmccoop.xyz/blog/blockapple.html">read more</a>.</p>
|
||||
<h2 id="a-better-alternative---basic-http-authentication">A better alternative - Basic HTTP Authentication</h2>
|
||||
<p>A better way of blocking unwated access to your website is to use apache2 + NGINX&rsquo;s basic HTTP authentication, <a href="https://vodoraslo.xyz/articles/blog/restrict-unwanted-access-with-http-basic-auth-nginx-and-apache">read my guide</a>.</p>
|
||||
</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>Neater Footnotes in Hugo Using the <details> HTML Tag</title>
|
||||
<link>https://vodoraslo.xyz/articles/blog/neater-footnotes-in-hugo-using-the-details-html-tag/</link>
|
||||
|
|
|
|||
Loading…
Reference in a new issue