HTTP Blog

If you are running squid or any other proxy software and you want to hide your real IP for security or privacy you should adjust your proxy server source or config to disable the following HTTP Headers:

REMOTE_ADDR = proxy_server_ip
HTTP_VIA = proxy_server_ip
HTTP_X_FORWARDED_FOR = proxy_server_ip

With squid (version 3) you can setup the following config in quid.conf file:

forwarded_for off

as well as add the following settings:

request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access All deny all

Are you looking forward to balance HTTP or HTTPS traffic to multiple back-end servers? Nginx is one of the best choices – it’s very lightweight, requires less resources and it’s completely free.

You need to compile the nginx (there are many resources and howto’s) and add the following lines to your nginx.conf file:

upstream webcluster {
server 10.10.10.1;
server 10.10.10.2
server 10.10.10.3;
}

location / {
proxy_pass http://webcluster;
break;
}

Where 10.10.10.1, 10.10.10.2, 10.10.10.3 are the back-end web servers located in internal network defined in upstream settings above. The location / specifies that all URLs should be balanced to back-end servers.

Many folks prefer to serve HTTPS traffic with nginx and then forward all requests via HTTP protocol to the back-end servers. The back-end servers should be located on a safe VLAN or internal network.

Nginx developers have released two patches – one that fixes null pointer reference, gx_http_parse_complex_uri() buffer underflow. Update immediate or your site can be attacked and nginx stopped remotely (so I heard).
Download the latest stable version and recompile the binary. Then run

kill -USR2 nginx_master_pid

Make sure you see new master nginx process running (you will see two master processes), kill the old one:

kill nginx_master_pid

And your site will be safe and screamingly fast once again!

The amount of web traffic that plays a role in dynamic Internet content is large, and it has become much larger as users demand higher levels of personalization. It has become more important for content providers to provide information that is tailored to the specific needs of the customer. The biggest challenge with achieving this is the cost. With current technology, generating dynamic content can be quite expensive. It does not help that basic web schemes are not very useful for generating pages that are dynamic. There are two techniques that show a lot of progress in the field of dynamic content delivery. These two delivery techniques are Class Based Delta Encoding and Edge Side Includes.

A sizeable number of web pages on the Internet today are dynamically created. They will be created based on the profile of the user who is making the request, or it will be based on the attributes of the request itself. Users enjoy having their content personalized, and dynamic pages are becoming much more popular on the web. The biggest problem with trying to produce dynamic content is the fact that the pages are costly to produce, and the process of constructing the pages can be tedious. When a naive web delivery system is used, most request for information will be sent to the server. The latency will be much higher, and the consumption of the bandwidth will be higher than usual.

It is these factors that will reduce the success of a naive delivery system. Despite this, there are a few new techniques that have been proposed which can alleviate many of these problems. Some of these techniques deal with reducing the load that will be placed on the server, but may not have an effect on the traffic that will move through the network. Despite this, the best technique is one that takes this into consideration as well as network savings and the caching of important parts of the content. The Edge Side Includes is a technique that was promoted by Oracle. It is specifically related to the assembly of a page.

The goal of ESI is to allow for the assembly of a page that was created from smaller pieces, or fragments. The fragments can be transferred independently of each other, and they can be cached once they are in close proximity of the client. Unlike most techniques which simply generate an HTML page as a single unit, the server will create ESI fragments that will each have the HTML code for the fragments with special directives, directives that are ESI based. The fragments will be cached on distinct edge servers, and these servers will be responsible for the assembly of the page. The assembly will be performed based on the directions that are placed in the fragments by ESI.

The second system is called class based delta encoding. With this method, the server will create a number of distinct base files. When a client makes a request, the server will create an instance of the page, and a special device will be responsible for finding the best file to be used with this specific page.

It’s always better to use SSH not Telnet if you are connected from a remote location and someone may snoop your password.

You must enable SSH on the Cisco gear by using:

crypto key generate rsa

Tune timeout and re-tries:

ip ssh timeout 120

ip ssh authentication-retries 3

Look up if you have SSH enabled on your Cisco router:

show ip ssh

See the SSH status:

show ssh

Many popular websites and blogs have some serious problems with uptime and reliable hosting. Some hosting services are just, plainly put, bad yet others simply suffer from issues with bandwidth and reliability. Using a Content Delivery Network can definitely help with uptime, as well as decrease the load on your shared hosting account or dedicated host. You can increase download speeds from your site using a Content Delivery Network.

Using a Content Delivery Network to store and deliver much of your static content to the user is one of the easiest ways to decrease your server load, and increase server access and reliability. Static content such as: images, PDF files, and other downloadable content all create a lot of requests to the server as well as require a lot of bandwidth. Moving all this static content to an independent Content Delivery Network removes much of the load caused by image and other content static requests and decrease loading times. Because Content Delivery Network are distributed across multiple servers the load is shared between all the server hardware as well as each servers dedicated bandwidth. This reduces stress on each server, making it less likely that the server will crash and increasing overall reliability. Having content hosted on multiple servers decreases the chances of your content hosting going down, because if one server goes down one of the other servers is instantly able to take all the traffic in its place.

Uptime is very important to any webmaster because if your website or blog is down no one can access it. Keeping a website operational 24 hours a day, 7 days a week is unbelievably important and using a Content Delivery Network ensures quality uptime. As mentioned before, Content Delivery Network store your content on multiple servers, each located in a different physical location. Every server failing at the same time is nearly impossible, and as long as at least one of the servers in your Content Delivery Network is function all content will be accessible to your website.

Not only does using a Content Delivery Network help with uptime and reliability, it also helps with access speeds. By distributing your content across multiple servers it is much more likely that a user will connect to a server which they can access quickly. Unlike a single point access system, not all viewers will load your website from the same physical server. By distributing the content you also remove the stress caused by a single user downloading a large file, enabling other users to access the rest of your content without a slowdown.

Overall using a Content Delivery Network (CDN) is a great idea for your website or blog. Content Delivery Networks can easily increase reliability of your hosting, increase your server uptime, and increase speeds. All three of these are greatly desired by any webmaster, and a Content Delivery Network is one of the cheapest and easiest ways to achieve all three for your site!

I suggest setting up maximum memory that named can use – e.g. for zones and caching.

in named.conf use the following value in options {}; settings:

max-cache-size 50M;

This means that named shouldn’t use more than 50MB of system memory when available. A pretty good hack to make sure named doesn’t take all the server memory due to hack or flood from the local trusted users.

This is a very good question. I have been running Windows based workstation for over 10 years and it’s been a pleasant experience, unless I get the blue screen from time to time. Anyway, I am always using ZoneAlarm lite firewall software – it’s completely free and is good enough for most home users.
Of course there are a few other firewall software that has better features, but they tend advance to pay use and you have to re-install and always search for a free firewall. This is why I stick to Zonealarm and voila – there I go

We have partnered together with Streaming1 to delivery our on-demand video and streaming files to end-users in Europe much faster and for lower fees than any of our competition.
Streaming1 has the ability to stream on-demand the following formats:

* Windows Media Network
* ShoutCast
* QuickTime
* IceCast
* Real Media
* aacPlus

The highest streaming benefits would be for users located in Germany, Italy, France, United Kingdom, but all EU end-users will experience much faster streaming service than hosting in USA.

A virtual private server is one server that has been partitioned near the root, and is split into numerous servers which are dedicated. The good thing about this is that the user can share the cost of the connection, as well as the maintenance and hardware. Like the shared hosting, you can split the cost with other users, but you are given a larger degree of freedom. The most powerful advantage to the virtual private server is that you are allowed to have complete maintenance over the site, and you are not at the mercy of a system administrator. It should also be noted that this server type has a high level of security for a very competitive cost.

The virtual private server is a great option for small or medium sized companies. These businesses tend to have needs which are quite complex, and the virtual private server can meet them. Despite this, there are disadvantages to the virtual private server as well. Users are expected to have a certain level of programming experience if they want to change the settings. However, many companies will provide you with a manual, and this will make things easier.

A control panel is tied with an operating system to maintain and check the controls and settings of it. The major functions performed by control panel are controling of web hosting accounts, account features, disk space, traffic, POP3/IMAP settings, disk partitions, software, network connections, date, time and other options. It also is used for managing multiple user accounts of a single system, adding or removing software applications, security and packet filter rules etc.

CPanel is also a control panel designed for managing and administrating the websites. The cPanel is designed to run on Linux based operating systems such as the Fedora, Centos, RedHat or even the FreeBSD. The authentication of the cPanel is carried out using web page login or a Hypertext transfer protocol (HTTP). The several operations provided by cPanel for the client are the management of the mailing list database and FTP accounts manages the cryptographic authentication and privacy of the websites. It also helps in the management of software packages of the operating systems it is functioning upon and also helps in upgrading MySQL, PHP and other software. This helps in maintaining the recent version of the software to provide better functionality of the package. The cPanel also have several levels of testing and debugging such as the edge, current, release and stable and they are often referred to as the Builds of the cPanel – control panel. The cPanel along with WebHost Manager (WHM) have designed a totally supported web hosting control panel. They help for providing a link between the web hosting company’s staff and the customers.

The various advantages of cPanel – control panel are that it can be easily installed, however it requires a paid license, it has unlimited domains assigned for each server, it has a full server administration facility. Interestingly it also provides free virus scan, and also multi-lingual support for the users using different themes..

By default Centos, RedHat and Fedora starts multiple daemons that are actually not needed, for example:

nfs
nfslock
cups
gpm

and I am suggesting you disable these services asap. You can turn it off via chkconfig command or even remove from the execution at init levels as well.

chkconfig –del cups

chkconfig –level 3 cups off

The above line with –del will simply remove it

the second line with –level 3 option will turn off in init #3

My personal choice is Cpanel – it’s somehow more friendly for me and has a lot of more features. However, DirectAdmin requires less resources from my own experience. Anyway, I will stick with Cpanel – I have used it for years and it does a nice job with hosting small web sites. For large site, blog or forum hosting the clear choice is LAMP.

Squid is very good for putting it in the front of your current web servers, thus accelerating the content that doesn’t change that often. Depending on your web site configuration and hits, I suggest you go for 2GB or even 4GB of RAM for the squid(s) front-end accelerator servers. The best benefit is to have most of the cached content into the memory – this is the best and fastest method. IO is kinda slow and that is why you need a lot of memory.

A lot of folks have been doing this for years and squid has been reliable and fast enough for these needs. Install it on your server and see the performance raising immediately. You may also need to review nginx for proxying. Very good and fast daemon.

Finally, I just spot a company that offers quality Oracle database remote management service. SharpAdmin offers fully outsourced and remote “Oracle database administrator” service for as low as ~ 330 USD per server. This is really cheap comparing to hiring in-house Oracle database administrator and shelling out more than 70.000 USD yearly.