When you are using the default MIME-Type configuration and your application allows uploading files, it can be a security issue.
Example:
A user uploads a file with HTML/JavaScript content using no file extension.
In the Apache default configuration if you access the file it will have no Content-Type
. Some browsers will guess/autodetect it as HTML and now you are vulnerable to XSS.
To prevent this, you can set a default Content-Type (e.g. plain/text
or application/octet-stream
).
Related cards:
FAQ for When PostgreSQL Indexes Are Corrupted After Locale Changes
When changing glibc versions, it's possible to end up with corrupt indexes in PostgreSQL.
Are My Indexes Affected?
If your database has...
Elasticsearch unassigned replica shards on single node instances
If you have a single node elasticsearch instance and indices with replicas enabled your cluster state will be yellow. If you have replica shards they should be moved to a different node for high availability purposes. With a single node this can't...
Keepalived VRRP FAQ
How can I configure virtual IP's?
There are two parameter to set up virtual ips in Keepalived:
virtual_ipaddress
Addresses defined here are included into the VRRP Packages and are therefore limited in number, especially with IPv6.
Add...
Installing throttled to fix Lenovo laptops with nvidia graphics running Ubuntu losing performance after a while
We have observed Lenovo laptops with nvidia graphics losing performance after they have been in use for a few minutes. While we have not been able to pinpoint exactly what triggered the performance loss, we have found it mostly correlated with hig...
Mind your locales with glibc upgrades when using PostgreSQL
When changing the glibc version, it's possible that the upgrade also includes changes to how locales work.
This is especially relevant when using [PostgreSQL databases (of any version)](https://wiki.postgresql.org/wiki/Locale_data_changes#What_in...
HowTo: enable termination protection for all EC2 instances not in autoscaling groups via aws cli
aws ec2 describe-instances --output text --query 'Reservations[].Instances[?!not_null(Tags[?Key == `aws:autoscaling:groupName`].Value)] | [].[InstanceId]' | xargs -L1 -t aws ec2 modify-instance-attribute --disable-api-termination --instance-id...
Exim: investigating frozen messages in the mailqueue
Investigate why mails are frozen
The exim documentation says:
Freezing occurs when a bounce message encounters a permanent failure because the...
Resize an Areca Raid by swapping disks
If you want to expand your Areca Raid by swapping out the disks for larger ones you will need to do the following:
-
Swap out all disks one by one and wait until the syncronisation is finished in between.
-
Reboot your server and enter the Rai...
HowTo apply Test Driven Development to Container Images
Apply Test Driven Development(TDD) to the process of building container images by defining test before writing code and automate the testing process. Iterate through the TDD cycle while developing and running the tests later in continuous integrat...
Intel Microcode Versions and Updates
Intel CPUs receive updates, including security relevant upgrades, through 2 channels:
- Firmware/UEFI BIOS updates can also update the microcode in CPUs. This is the preferred and persistent way
- the
intel-microcode
package can patch the micro...