This post is meant to be the sequel of the one I wrote one month ago about CentOS as router, transparent proxy, and much more. A big chunk of the precedent article is on how configure squid and squidGuard to act as a transparent proxy with URLs filtering capabilities. But there’s a problem with that: nowadays many sites (f4c3b00k.c0m just to name the most annoying one) are HTTPS. With HTTP one can really easily intercept a packet and read the payload (which contains the URL) but with HTTPS this is not possible anymore since the payload is encrypted. …

As usual, long story short: I’ve to setup a firewall to log traffic, block some stuff and do some other things. – epel repo is required – The system is made of a single CentOS machine with 2 physical network adapters: eth0, connected to WAN, static IP address 192.168.0.3 eth1, connected to LAN, static IP address 10.0.0.1/24 .:. Network adapters configuration WAN network adapter: [root@CentOS ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE="eth0" BOOTPROTO="none" HWADDR="**:**:**:**:**:**" IPADDR=192. …

Given that SSL and TLS, especially v1.0, suffer from serious security issues (e.g. https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS) I thought it would be a good idea to use the latest and more secure version of it: v1.2. On CentOS 6.4 the openssl version included is quite old and doesn’t support TLS v1.1 and 1.2. So, first of all we have to install the latest version 1.0.1e, it can be done compiling from sources or by adding a third party repository; I chose the latter. …

One of the things I was planning to do but never did is installing nginx as reverse proxy in front of Apache. nginx is present in the epel repos for CentOS, so the installation process is just a matter of: yum install nginx mysql mysql-server phpmyadmin httpd wget -q -O - http://www.atomicorp.com/installers/atomic | sh yum install mod_rpaf mkdir /etc/nginx/v.hosts vi /etc/nginx/nginx.con http { include v.hosts/*.conf; include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access. …

Yesterday’s night I installed a test machine to play with KVM and some other stuff, obviously the OS of choice is the trusty CentOS. I did a pretty minimal net-install but decided to install gnome desktop environment anyway because why not, not that it will be of much use, but still. Anyway, since the machine is an headless server it’s mandatory to be able to control it remotely, like the past 2 or 3 times, I installed XRDP expecting everything will be fine and working without any problem. …