Is there a way to enable the module 'mod_exec' only with a certain proftdp user?
I've compiled proftp with --with-modules=mod_exec:mod_ifsession and then configured in this way...
<IfModule mod_exec.c>
<IfUser stefano>
ExecEngine on
ExecLog /opt/proftpd-master/logs/proftpd.semics.mod_exec.log
ExecOptions logStderr logStdout
ExecBeforeCommand STOR,RETR /path/to/handler.sh EVENT=BeforeCommand FILE='%f'
ExecOnCommand STOR,RETR /path/to/handler.sh EVENT=OnCommand FILE='%f'
</IfUser>
</IfModule>
or this:
<IfUser stefano>
<IfModule mod_exec.c>
ExecEngine on
ExecLog /opt/proftpd-master/logs/proftpd.semics.mod_exec.log
ExecOptions logStderr logStdout
ExecBeforeCommand STOR,RETR /path/to/handler.sh EVENT=BeforeCommand FILE='%f'
ExecOnCommand STOR,RETR /path/to/handler.sh EVENT=OnCommand FILE='%f'
</IfModule>
</IfUser>
without success. Seems that mod_exec works only if configured outside the conditional statement.
My goal is to enable mod_exec only for user 'stefano' and/or to have several mod_exec configuration accordingly with each user configured.
Any suggestion?
mod_exec.c must be enabled by default and then inside it is possible to configure different actions for different users:
<IfModule mod_exec.c>
ExecEngine on
ExecLog /opt/proftpd-master/logs/proftpd_mod_exec.log
ExecOptions logStderr logStdout
<IfUser stefano>
ExecBeforeCommand STOR,RETR /path/to/script.sh EVENT=BeforeCommand FILE='%f'
ExecOnCommand STOR,RETR /path/to/script.sh EVENT=OnCommand FILE='%f'
</IfUser>
</IfModule>
Thanks to TJ Saunders. I hope this helps.
Related
i am currently working on a wordpress website in which I've a special case. I want one specific search query to be allowed while rejecting all others.
For example:
www.example.com - PASS
www.example.com/page - PASS
www.example.com
www.example.com/?myQuery - PASS
www.example.com/?anyotherQuery - 404
Right now, I have tried it using the following re-write rule but it is also blocking access to other pages.
RewriteBase "/"
RewriteCond %{QUERY_STRING} ! myQuery
RewriteRule ^.* - [F]`
I'm new in rewrite and htaccess thing so need help in achieving this.
Try the following, at the top of your .htaccess file, before the WordPress front-controller.
RewriteCond %{QUERY_STRING} .
RewriteCond %{QUERY_STRING} !=myQuery
RewriteRule ^ - [F]
The above states... for any URL that contains a query string (first condition) and the query string is not exactly myQuery (second condition) then respond with a 403 Forbidden (Apache response, not WordPress).
The = prefix on the CondPattern makes it a lexicographical string comparison (not a regex) and the ! prefix negates the result.
RewriteBase "/"
RewriteCond %{QUERY_STRING} ! myQuery
RewriteRule ^.* - [F]`
The RewriteBase directive is irrelevant here. The space between ! and myQuery is erroneous. But this would potentially block anything where the query string does not contain myQuery, including when there is no query string at all.
I developed a site that shows some products from a store. The site URL looks like that:
http://testsite.com
The site has the functionality of sharing the product (it's already working) generating a link that can be shared at facebook or WhatsApp or anywhere. The link of the shared product is:
http://testsite.com/product/1234
Where 1234 is the product ID. All the products have images with the ID name. Ex: 1234.jpg. The link for the image of the product ID 1234 is:
http://testsite.com/static/imgs/1234.jpg
This site is hosted using a simple NGINX server, that just provides the files.
At the head of my index.html file I have a default og:image for sharing:
<meta property="og:image" content="http://testsite.com/static/imgs/main.jpg">
I wanna the NGINX server to replace this default og:image by the shared ID image. I already know how to do that at NGINX. At the NGINX configuration file (/etc/nginx/conf.d/default.conf) I used the sub_filter option. My NGINX configuration file is:
server {
listen 80;
server_name *.testsite.com;
root /var/www/testsite.com/dist;
location / {
try_files $uri $uri/ /index.html;
index index.html index.htm;
}
location ~ /product/(.*) {
index index.html index.htm;
try_files $uri $uri/ /index.html;
sub_filter 'http://testsite.com/static/imgs/main.jpg'
'http://testsite.com/static/imgs/$1.jpg';
sub_filter_once on;
}
}
This configuration is working for the location /, but for the location ~ /product/(.*) it is not working.
When I test the sub_fiter option at the location / using any other image it replaces correctly.
QUESTIONS:
1) How can I get the product ID (1234) from the URL (http://testsite.com/product/1234)? $1 is not working.
2) I think that when entering at the location ~ /product/(.*), it also redirects for the location /. How can I fix this configuration file to works as expected?
I think your alias statement is the problem.
Reading in nginx docs:
location /i/ {
alias /data/w3/images/;
}
on request of “/i/top.gif”, the file /data/w3/images/top.gif will be sent.
It means that in your case on each ~/product/(.*) request /var/www/testsite.com/dist/index.html will be sent without taking product ID into account. You might want to configure alias on / to avoid that. This is also likely to be the reason you get "redirected" to /.
As for $1, it should work as you have it now. When you fix the alias, I think it will work then. If not, you can try the named match: (?<product>[0-9]+) instead of (.*), then you can use the $product variable to reference the id.
There's another small glitch in your code — you're adding extra quote marks on replace. The second argument to sub_filter is in quotes twice.
Working Example
UPDATE: Ok, I got it working on localhost with the following nginx config (testing on "Hello World"):
location ~ /product/(\d+)$ {
set $product $1;
try_files $uri $uri/ /index.html;
}
location / {
if ( $product = '' ) {
set $search 'Non-Existent-String';
}
if ( $product != '' ) {
set $search 'World'; # the string you want to replace
}
index index.html index.htm;
sub_filter '$search' 'Product #$product';
}
The key here is that when you use try_files, it does get to location /. So we need to sub_filter in /. We also don't want to sub_filter regular /index.html requests. Something like if ($product) sub_filter would be nice, but is impossible with nginx. So I just leave sub_filter but only set real search string for product requests.
I'm hoping that this may just be a case of me not being able to use Google correctly. I'm wanting to do something very specific using MaxScale where I intercept all of the queries going to my database, run explain plan on those queries first, and then reject the queries outright if the explain plan falls beyond a certain complexity threshold. I'm happy to learn how to write in whatever language is required (C, I think). But I can't seem to find any kind of API docs or examples based on my internet digging.
Here's my configuration file (no idea if it will even help). I'd love to post something I've already tried - but I don't even know what to try!
[maxscale]
threads=4
[MySQL Monitor]
type=monitor
module=mysqlmon
servers=master,slave1
user=dbuser
passwd=dbpswd
monitor_interval=10000
[qla]
type=filter
module=qlafilter
options=/tmp/QueryLog
[fetch]
type=filter
module=regexfilter
match=fetch
replace=select
[RW]
type=service
localhost_match_wildcard_host=1
router=readwritesplit
servers=master,slave1
user=dbuser
passwd=dbpswd
max_slave_connections=100%
router_options=slave_selection_criteria=LEAST_CURRENT_OPERATIONS
[RR]
type=service
localhost_match_wildcard_host=1
router=readconnroute
router_options=synced
servers=slave1
user=dbuser
passwd=dbpswd
[Debug Interface]
type=service
router=debugcli
[CLI]
type=service
router=cli
[RWlistener]
type=listener
service=RW
protocol=MySQLClient
address=127.0.0.1
port=3307
[RRlistener]
type=listener
service=RR
protocol=MySQLClient
address=127.0.0.2
port=3307
[Debug Listener]
type=listener
service=Debug Interface
protocol=telnetd
address=127.0.0.2
port=4442
[CLI Listener]
type=listener
service=CLI
protocol=maxscaled
address=127.0.0.2
port=6603
[master]
type=server
address=master.dns.address
port=3306
protocol=MySQLBackend
[slave1]
type=server
address=slave1.dns.address
port=3306
protocol=MySQLBackend
I'm doing my first steps in Puppet and ran into a problem. I've installed PHP on a Linux server and I want to do some slightly changes to php.ini file. I don't want to overwrite the whole ini file with one from repository, just change/create one simple config value.
I want to ensure, that the property upload_max_filesize in php.ini has the value of 10M.
How can I achieve this?
My preferred option would be to leave php.ini alone, and have puppet create a file in php's conf.d directory to override the values you want to change.
The less changes you make to php.ini, the easier it is to see what's going on when you need to merge your changes with the package providers changes when you upgrade php.ini in future.
file {'/etc/php5/conf.d/upload_limits.conf':
ensure => present,
owner => root, group => root, mode => 444,
content => "post_max_size = 10M \nupload_max_filesize = 10M \n",
}
There's basically 3 options:
Use augeas support in puppet (you'll need the ruby augeas libraries installed) like:
augeas { "php.ini":
notify => Service[httpd],
require => Package[php],
context => "/files/etc/php.ini/PHP",
changes => [
"set post_max_size 10M",
"set upload_max_filesize 10M",
];
}
You can use "augtool ls /files/etc/php.ini" to see the sections to understand how augeas is parsing the file and use that to work out the paths you need.
You can use an exec. Something like:
define set_php_var($value) {
exec { "sed -i 's/^;*[[:space:]]*$name[[:space:]]*=.*$/$name = $value/g' /etc/php.ini":
unless => "grep -xqe '$name[[:space:]]*=[[:space:]]*$value' -- /etc/php.ini",
path => "/bin:/usr/bin",
require => Package[php],
notify => Service[httpd];
}
}
set_php_var {
"post_max_size": value => '10M';
"upload_max_filesize": value => '10M';
}
Unfortunately, this solution doesn't understand the sections in php.ini, so adding a variable that's not already there would require extra effort. This will do the wrong thing if a variable appears in more than one section (but examples I'm looking at appear to have all unique variable names). This should work for a variable that's present but commented-out with a semi-colon.
Copy the original php.ini file into your puppet repository and use file with source => 'puppet:///...' or content => template(...) to replace the file entirely, as you indicated you would prefer not to do.
You could also use the file_line resource found in the stdlib module.
file_line{ 'php_upload_max_filesize':
path => '/path/to/php.ini',
line => "upload_max_filesize = 10M",
}
Since this will append the line to the file if one exactly matching it does not exist, and since the last instance of a config value takes precedence over those earlier in the file it will work. This is how I do it when i only have a couple things to change.
An alternative approach, if you're using Apache as your web server, is to set the php variable in your Apache virtualhost file (which will probably be somewhere in your Puppet manifests directory).
For example:
<VirtualHost *:80>
ServerName app.dev
DocumentRoot /srv/app/public
## etc...
php_value upload_max_filesize 10M
</VirtualHost>
This doesn't actually change php.ini, but - depending on your set-up - may be a simple way of achieving the same effect.
So the jist of this is,
I have a file:
search.php
When I goto:
search.php?search=%23HashTag
The search returns: #HashTag
But when I use my .htaccess method:
/search/%23HashTag
Nothing is returned. And i've tested by putting the number sign later in the search and it returns upto that point.
This is what I have:
RewriteRule ^search/([^\.]+)$ search.php?search=$1 [NE,L]
What am I doing wrong..?
Change your flags to [NE,B,L].
http://httpd.apache.org/docs/current/rewrite/flags.html#flag_b
mod_rewrite unescapes the url before applying transformations. I'm not sure why it loses anything after the hash (maybe it re-interprets it as a url, and discards the fragment?). In any case, [B] re-escapes the url before running it through the rewrite rule.
Does replacing it with \%23 work ok?
(Clarity: Opposed to writing the # in the .htaccess file)