Shabat Closer

Sunday, May 29, 2016

TECH : Enable haproxy log

TECH : Enable haproxy log


  1. at the top of /etc/haproxy/haproxy.cfg
  2. global
        log         127.0.0.1 local2
    

  3. in file /etc/rsyslog.conf
  4. # Provides UDP syslog reception
    $ModLoad imudp
    $UDPServerRun 514
    $UDPServerAddress 127.0.0.1
    
  5. in file  /etc/rsyslog.d/haproxy.conf
  6. local2.*     /var/log/haproxy.log
    

  7. restart services
    service rsyslog restart
    service haproxy restart
    

Enjoy!

TECH : Block DDOS attack with Cloudflare and haproxy and fail2ban.

Survive DDOS attack with Cloudflare and haproxy and fail2ban.


This configuration tested in live attack of 72 servers with 10,000 requests per  minute


  1. Configure Cloudflare for maximum security
    1. https://support.cloudflare.com/hc/en-us/articles/200170196-I-am-under-DDoS-attack-what-do-I-do-
  2. Enable  haproxy log
    1. http://moshez.blogspot.co.il/2016/05/tech-enable-haproxy-log.html
  3. Enable custom log for haproxy by changes to /etc/haproxy/haproxy.cfg
  4. frontend  main
     bind *:80
     
     log   global
     capture request header X-Forwarded-For len 25
     log-format %hr[%r]
  5. Remove from default section the log global because we move it to frontend  main for more performance
  6. configure fail2ban 
    1. jail config - /etc/fail2ban/jail.conf

    2. [haproxy]
      enabled = true
      port    = http,https
      filter  = haproxy
      banaction = cloudflare
      maxretry = 2
      findtime  = 5
      logpath  = /var/log/haproxy.log
      bantime = 7200
      

    3. filter config /etc/fail2ban/filter.d/haproxy.conf
    4. this will catch all / requests.
      # Fail2Ban filter for haproxy
      # by MosheZ http://moshez.blogspot.com
      
      
      [INCLUDES]
      
      # Read common prefixes. If any customizations available -- read them from
      # common.local
      before = common.conf
      
      [Definition]
      
      _daemon = haproxy
      
      failregex = ^\s.*: {<HOST>}(.*GET / HTTP/1.1.*)\s*$
      
      ignoreregex = 
      
      [Init]
      
      # "maxlines" is number of log lines to buffer for multi-line regex searches
      maxlines = 10
      
    5. action config /etc/fail2ban/action.d/cloudflare.conf
    6. [Definition]
      
      
      actionban = curl -s -o /dev/null https://www.cloudflare.com/api_json.html -d 'a=ban' -d 'tkn=<cftoken>' -d 'email=<cfuser>' -d 'key=<ip>'
      
      
      #actionunban = curl -s -o /dev/null https://www.cloudflare.com/api_json.html -d 'a=nul' -d 'tkn=<cftoken>' -d 'email=<cfuser>' -d 'key=<ip>'
      
      [Init]
      
      # If you like to use this action with mailing whois lines, you could use the composite action
      # action_cf_mwl predefined in jail.conf, just define in your jail:
      #
      # action = %(action_cf_mwl)s
      # # Your CF account e-mail
      # cfemail  = 
      # # Your CF API Key
      # cfapikey = 
      
      cftoken = dfgb0390bfe31ed1e931c1b6ae (REPLACE THIS)
      
      cfuser = example@example.com (REPLACE THIS)
    7. Restart services
      service haproxy restart
      service fail2ban restart

  7. Enjoy!

Sunday, March 20, 2016

PHP : save session Handler to redis by class

PHP : save session Handler to redis by class

use this class to save session to redis by class




1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
<?php
/**
 * Redis & PHP Session Handler
 */

 define("SESSION_REDIS_HOST","127.0.0.1") // Redis server address
 
if(! interface_exists('SessionHandlerInterface'))
{
  interface SessionHandlerInterface {
    public function close();
    public function destroy($session_id);
    public function gc($maxlifetime);
    public function open($save_path, $name);
    public function read($session_id);
    public function write($session_id, $session_data);
  }
}

class Redis_SessionHandler implements SessionHandlerInterface{

  /**
   * @var seleced Redis db
   */
  public $redis_db = 1;
   
  /**
   * @var int
   */
  public $lifeTime;

  /**
   * @var Redis
   */
  public $redis=null;

  /**
   * @var string
   */
  public $initSessionData;

  /**
   * interval for session expiration update in the DB
   * @var int
   */
  protected $_refreshTime = 1800; //30 minutes

  private $sessionPrefix="";
  
  

  /**
   * constructor of the handler - initialises Redis object
   *
   * @return bool
   */
  public function __construct()
  { 
 $this->sessionPrefix="session.";
 
    // this ensures to write down and close the session when destroying the
    // handler object
    ini_set('session.save_handler', 'user');
    register_shutdown_function("session_write_close");

    $this->lifeTime = intval(ini_get("session.gc_maxlifetime"));
    $this->initSessionData = null;

    session_set_save_handler(
        array($this, "open"),
        array($this, "close"),
        array($this, "read"),
        array($this, "write"),
        array($this, "destroy"),
        array($this, "gc"));

    return true;
  } // __construct()






  /**
   * Init Redis connection.
   */
  protected function initRedis()
  {
 $this->redis = new Redis();
 $this->redis->connect(SESSION_REDIS_HOST, 6379);
 $this->redis->select($this->redis_db);
    return true;
  } // initRedis()



  /**
   * opening of the session - mandatory arguments won't be needed
   * we'll get the session id and load session data, it the session exists
   *
   * @param string $savePath
   * @param string $sessionName
   * @return bool
   */
  public function open($savePath, $sessionName)
  {
    $this->initRedis();

    $session_id = session_id();
    if ($session_id !== "") {
      $this->initSessionData = $this->read($session_id);
    }

    return true;
  } // open()



  /**
   * closing the session
   *
   * @return bool
   */
  public function close()
  {
    $this->lifeTime = null;
    $this->initSessionData = null;

    unset($this->redis);
    return true;
  } // close()



  /**
   * reading of the session data
   *
   * @param string $session_id
   * @return string
   */
  public function read($session_id)
  {
    $now = time();
    $data = $this->redis->get($this->sessionPrefix.$session_id);
    $this->redis->expire($this->sessionPrefix.$session_id, $this->lifeTime);
    return $data ? $data : '';
  } // read()



  /**
   * cache write - this is called when the script is about to finish,
   * or when session_write_close() is called
   * data are written only when something has changed
   *
   * @param string $session_id
   * @param string $data
   * @return bool
   */
  public function write($session_id, $data){
    // we store time of the db record expiration in the Redis
    $result = $this->redis->set($this->sessionPrefix.$session_id, $data, $this->lifeTime);
 return $result;
  } // write()



  /**
   * destroy of the session
   *
   * @param string $session_id
   * @return bool
   */
  public function destroy($session_id){
    $this->redis->delete($this->sessionPrefix.$session_id);
    return true;
  } // destroy()



  /**
   * called by the garbage collector
   *
   * @param int $maxlifetime
   * @return bool
   */
  public function gc($maxlifetime){
    return true;
  } // gc()
}

// Initialize custom session management.
new Redis_SessionHandler();

Useage :



1
2
3
<?php
// Initialize custom session management.
new Redis_SessionHandler();


Enjoy!

PHP : save session Handler to memcached by class

PHP : save session Handler to memcached by class


use this class to save session to memcache by class


<?php
/**
 * Memcache PHP Session Handler
*/
define("SESSION_MEMCACHED_HOST","127.0.0.1"); //Memcache server address

if(! interface_exists('SessionHandlerInterface'))
{
  interface SessionHandlerInterface {
    public function close();
    public function destroy($session_id);
    public function gc($maxlifetime);
    public function open($save_path, $name);
    public function read($session_id);
    public function write($session_id, $session_data);
  }
}

class Memcached_SessionHandler implements SessionHandlerInterface{
   
  /**
   * @var int
   */
  public $lifeTime;

  /**
   * @var Memcached
   */
  public $memcached;

  /**
   * @var MySQLi
   */
  public $mysqli;

  /**
   * @var string
   */
  public $initSessionData;

  /**
   * interval for session expiration update in the DB
   * @var int
   */
  protected $_refreshTime = 1800; //30 minutes

  private $sessionPrefix="";
  
  

  /**
   * constructor of the handler - initialises Memcached object
   *
   * @return bool
   */
  public function __construct()
  {
 $this->sessionPrefix=".session.";
 
    // this ensures to write down and close the session when destroying the
    // handler object
    ini_set('session.save_handler', 'user');
    register_shutdown_function("session_write_close");

    $this->lifeTime = intval(ini_get("session.gc_maxlifetime"));
    $this->initSessionData = null;

    session_set_save_handler(
        array($this, "open"),
        array($this, "close"),
        array($this, "read"),
        array($this, "write"),
        array($this, "destroy"),
        array($this, "gc"));

    return true;
  } // __construct()






  /**
   * Init memcached connection.
   */
  protected function initMemcached()
  {
  /*
    if($this->memcached instanceOf Memcached)
    {
      return false;
    }
 */
    $this->memcached = new Memcache;
 $this->memcached->addServer(SESSION_MEMCACHED_HOST, 11211);
    return true;
  } // initMemcached()



  /**
   * opening of the session - mandatory arguments won't be needed
   * we'll get the session id and load session data, it the session exists
   *
   * @param string $savePath
   * @param string $sessionName
   * @return bool
   */
  public function open($savePath, $sessionName)
  {
    $this->initMemcached();

    $session_id = session_id();
    if ($session_id !== "") {
      $this->initSessionData = $this->read($session_id);
    }

    return true;
  } // open()



  /**
   * closing the session
   *
   * @return bool
   */
  public function close()
  {
    $this->lifeTime = null;
    $this->initSessionData = null;

    unset($this->memcached);
    return true;
  } // close()



  /**
   * reading of the session data
   * if the data couldn't be found in the Memcache, we try to load it from the
   * DB we have to update the time of data expiration in the db using
   * _updateDbExpiration() the life time in Memcache is updated automatically
   * by write operation
   *
   * @param string $session_id
   * @return string
   */
  public function read($session_id)
  {
    $now = time();
    $data = $this->memcached->get($this->sessionPrefix.$session_id);
    $this->memcached->set($this->sessionPrefix.$session_id, $data,MEMCACHE_COMPRESSED, $this->lifeTime);
    return $data ? $data : '';
  } // read()



  /**
   * cache write - this is called when the script is about to finish,
   * or when session_write_close() is called
   * data are written only when something has changed
   *
   * @param string $session_id
   * @param string $data
   * @return bool
   */
  public function write($session_id, $data){
    // we store time of the db record expiration in the Memcache
    $result = $this->memcached->set($this->sessionPrefix.$session_id, $data, MEMCACHE_COMPRESSED,$this->lifeTime);
 return $result;
  } // write()



  /**
   * destroy of the session
   *
   * @param string $session_id
   * @return bool
   */
  public function destroy($session_id){
    $this->memcached->delete($this->sessionPrefix.$session_id);
    return true;
  } // destroy()



  /**
   * called by the garbage collector
   *
   * @param int $maxlifetime
   * @return bool
   */
  public function gc($maxlifetime){
    return true;
  } // gc()
}


Useage :


<?php
// Initialize custom session management.
new Memcached_SessionHandler();


Enjoy!

Thursday, January 14, 2016

IT Linux : Csync2 - error "Received record packet of unknown type 73" [solve]

IT Linux : Csync2 : "Received record packet of unknown type 73"


this error apper when you run command "csync2 -xv"

Received record packet of unknown type 73
While syncing file /var/www/html/index.php

error details: 
direcotry structrue mismatch between the servers.

Slove:
  1. make  in server 2 the missing directories
    1. mkdir -p /var/www/html
  2. run the command "csync2 -xv" again.
enjoy!