Blocking abusive scrapers, bots and scanners with mod_qos| Frederik Himpe
Configuring Apache with mod_qos to block AI scrapers and other bad bots and scanners from crawling your website.| Frederik Himpe
In a previous article, I discussed how to set up ModSecurity with the Core Rule Set on Debian. This can be considered as a first line of defense against malicious HTTP traffic. In a defense in depth strategy of course we want to add additional layers of protection to your web servers. One such layer is Snuffleupagus. Snuffleupagus is a PHP module which protects your web applications against various attacks. Some of the hardening features it offers are encryption of cookies, disabling XML Exte...| Frederik Himpe
PHP-FPM is an ideal candidate to secure with AppArmor. Not only can the security of a web server be endangered by security bugs in PHP itself, it can also be affected by security holes in PHP applications. By confining PHP-FPM with AppArmor, we can limit abuse when a security hole is exploited, by preventing PHP-FPM for example from reading arbitrary files on your system or executing random binaries, which may contain a Linux backdoor or crypto-miner malware.| Frederik Himpe
While creating AppArmor profiles, I recently encountered a few problems with the packages on Debian 12 Bookworm. If you use a more recent Linux kernel than the one which is in Bookworm (Linux 6.1 from Bookworm works fine), apparmor_parser can hang on certain profiles and cause a null pointer dereference in the kernel. This bug is also being tracked as upstream bug 346 and a partial fix has been committed to the Apparmor git repository. Another problem I encountered, is that aa-logprof and aa-...| Frederik Himpe
The Fediverse is the social network that consists of different social media services, such as Mastodon, Pixelfed, Peertube, Lemmy and much more, communicating with each other through the ActivityPub protocol. The Fedriverse network is decentralized, which means that anyone can set up his own server (callend an instance). This has the advantage compared to the proprietary traditional social media platforms, that not a single, often commercial, party has control over the network. Watch this vid...| Frederik Himpe
If you want to optimize PostgreSQL for the best performance, you can use the PGTune tool. Of course I strongly recommend not blindly implementing these on your system, but instead try to understand what the proposed configuration exactly means and why it is recommended. Two settings I learned only now, can improve the PostgreSQL performance […]| Frederik Himpe
Finally I moved this WordPress website from the Miniva theme to the Twenty Twenty-Five theme. I could not get the Activitypub theme display Fediverse reactions on Miniva, probably because this theme is not based on the block editor. Anyway, it worked with the Twenty Twenty-Five theme. While the Twenty Twenty-Five theme by default is probably […]| Frederik Himpe
The Fediverse is the social network that consists of different social media services, such as Mastodon, Pixelfed, Peertube, Lemmy and much more, communicating with each other through the ActivityPub protocol. The Fedriverse network is decentralized, which means that anyone can set up his own server (callend an instance). This has the advantage compared to the […]| Frederik Himpe
Where to report phishing websites and other malicious URL’s in order to get them blocked and taken down: VirusTotal, Google Safebrowsing and others.| Frederik Himpe
How to configure a dual stack IPv4 and IPv6 Wireguard VPN gateway with systemd-networkd and the Foomuuri NFTables firewall on Debian GNU/Linux.| Frederik Himpe
Configure a Wireguard VPN tunneling IPv6 traffic on Linux by setting up an NDP proxy with Shorewall.| Frederik Himpe
Security hardening the OpenSSH server is one of the first things that should be done on any newly installed system. Brute force attacks on the SSH daemon are very common and unfortunately I see it…| Frederik Himpe
A web application firewall (WAF) filters HTTP traffic. By integrating this in your web server, you can make sure potentially dangerous requests are blocked before they arrive to your web application or sensitive data leaks out of your web server. This way you add an extra defensive layer potentially offering extra protection against zero-day vulnerabilities in your web server or web applications. In this blog post, I give a tutorial how to install and configure ModSecurity web application fir...| Frederik Himpe
This week the DNS4EU initiative launched its public European DNS resolvers. I already wrote an article about public DNS resolvers but it’s time for an update. Not only do we have DNS4eu now, but with DNS0 there is another public DNS resolver focused on Europe available. And of course there is still Quad9, which has servers worldwide, but is a foundation with headquarters in Switzerland.| Frederik Himpe
Review of public European DNS resolvers DNS4EU, DNS0.EU and Quad9: comparison of security, privacy, speed.| Frederik Himpe
How to use the Solo V2 FIDO2 authentication key for two-factor authentication and OpenSSH| Frederik Himpe
Step-by-step guide explaining how to upgrade from Debian 12 Bookworm to Debian 13 Trixie| Frederik Himpe
How to improve Apache security on Debian by setting up the ModSecurity web application firewall with the Core Rule Set to protect against zero-days.| Frederik Himpe
How to mitigate security vulnerability CVE-2025-29927 in Next.js with Modsecurity web application firewall.| Frederik Himpe
Configuration guide explaining how to set up Foomuuri firewall and how to tune Apache and configure mod_qos to mitigate DDoS attacks.| Frederik Himpe
On the Internet we can find (usually crowdsourced) lists of malicious IP addresses responsible for attacks. We can easily integrate...| Frederik Himpe
How to secure your system from exploits in PHP applications by confining them with an AppArmor profile, separating different sites with AppArmor hats.| Frederik Himpe
The bookworm-frehi Debian package repository contains newer packages for AppArmor and libapache2-mod-qos fixing some bugs in Debian 12 Bookworm.| Frederik Himpe
How to use AppArmor to protect your Linux system against zero-day exploits with example profiles for Knot Resolver and Postfix.| Frederik Himpe
Tutorial explaining how to configure the Foomuuri firewall on Debian GNU/Linux to filter incoming and outgoing connections| Frederik Himpe