Apache Proxy with CORS headers

You want to have your JavaScript application access a remote API but that remote API does not have CORS headers. What to do?

Instead of pointing to that remote API, point to a location on an Apache server that you have control of, have it connect to that remote API for you, and also add the CORS headers so JavaScript is happy.

Apache can proxy, or hand off the API request for you while also injecting the CORS header Access-Control-Allow-Origin to that remote API response.

Requirements:
Apache mod_proxy
Apache mod_headers

# Proxy for BaseServer
<LocationMatch "/api">
   ProxyPass http://remote-server.com:8000/api/
   Header add "Access-Control-Allow-Origin" "*"
</LocationMatch>

Now instead of pointing my JavaScript to http://remote-server.com:8000/api/, I point it to my Apache server at /api/ and that will serve the data from http://remote-server.com:8000/api/ with the CORS header.

http://enable-cors.org/server_apache.html

If you are using mod_rewrite along with this, you might need the [P] flag which tells mod_rewrite to handle the request with mod_proxy.

https://httpd.apache.org/docs/2.4/rewrite/flags.html

An alternate animate.css animation order

Animate.css is a wonderful CSS animation library.

http://daneden.github.io/animate.css/

On the website, animations are grouped by types – “Attention Seekers”, “Bouncing Entrances”, “Bouncing Exits”, etc.

What I present is a revised order with In’s and Out’s grouped next to each other. This gives a nice effect when cycling through all the animations.

Continue reading “An alternate animate.css animation order”

A botnet of browsers – websocket command and control

A botnet of browsers

socket.io is an amazing library which makes it very easy to use websockets. This library gives us real-time communication ability in the browser with very little code.

In this article, I go into an example of a potential misuse of socket.io. I explain how to create a Linux router, then to modify that router to harvest clients into the socket.io network. One web page, the command and control, can see everything. It could send JavaScript to all the clients at once (which is executed on the client’s browser). Or JavaScript could be targeted to individual clients as well. Every connected client’s document object model (DOM) and JavaScript fully accessible from one webpage – in real time.

This article is written for people already familiar with Linux, and Internet networking and security concepts.

Continue reading “A botnet of browsers – websocket command and control”

Shut off Nagios Notifications

$ cat shh.sh

#!/bin/sh
now=`date +%s`
commandfile='/var/lib/nagios3/rw/nagios.cmd'
echo "[%lu] DISABLE_NOTIFICATIONS\n" $now > $commandfile

Enabling notifications across the board is similar:

$ cat enable-notifications.sh

#!/bin/sh
now=`date +%s`
commandfile='/var/lib/nagios3/rw/nagios.cmd'
echo "[%lu] ENABLE_NOTIFICATIONS\n" $now > $commandfile

Creating Retina Favicons

Simple instructions for creating Retina favicon:

Create a 16×16 PNG-24 for your low-res icon

Create a 32×32 PNG-24 for your high-res icon

Head over to http://convertico.org/Multi_Image_to_one_icon/ and upload those two icons together to create a dual-resource ico file which you rename to favicon.ico.

Upload that favicon.ico in the root of your webroot.

For some reason the meta tag <link rel=”icon” href=”favicon.ico”> seems to prevent the high-res version from working so I temporarily removed it. If you know the correct meta tag to be using for retina please let me know.

Here is what the difference looks like:
retina favicon