Apache Proxy with CORS headers

Here is a nice trick to add a proxy that your HTML5 application can use to connect to any remote proxy. Apache can proxy the API request while also injecting the CORS header Access-Control-Allow-Origin to that remote API reponse.

Apache mod_proxy
Apache mod_headers

# Proxy for BaseServer
<LocationMatch "/api">
   ProxyPass http://remote-server.com:8000/api/
   Header add "Access-Control-Allow-Origin" "*"


A botnet of browsers – websocket command and control

A botnet of browsers

socket.io is an amazing library which makes it very easy to use websockets. This library gives us real-time communication ability in the browser with very little code.

In this article, I go into an example of a potential misuse of socket.io. I explain how to create a Linux router, then to modify that router to harvest clients into the socket.io network. One web page, the command and control, can see everything. It could send JavaScript to all the clients at once (which is executed on the client’s browser). Or JavaScript could be targeted to individual clients as well. Every connected client’s document object model (DOM) and JavaScript fully accessible from one webpage – in real time.

This article is written for people already familiar with Linux, and Internet networking and security concepts.

Continue reading

Shut off Nagios Notifications

$ cat shh.sh

now=`date +%s`
echo "[%lu] DISABLE_NOTIFICATIONS\n" $now > $commandfile

Enabling notifications across the board is similar:

$ cat enable-notifications.sh

now=`date +%s`
echo "[%lu] ENABLE_NOTIFICATIONS\n" $now > $commandfile