Archive for January, 2005

NukAlert: EMP Hardened Key Chain Radiation Detector

Posted in Health & Safety on January 13th, 2005

NukAlert

Texas based KI4U is selling a key chain radiation detector. The $160 device is hardened to withstand EMP exposure and has a battery life of up to ten years. Ten different chirps alert you to the presence of radiation.

Gmail Vulnerability Exposed: Gmail Messages Subject to Interception

Posted in Internet Vulnerabilities on January 12th, 2005

HBX Networks has discovered a vulnerability in Google’s Gmail Email Service that allows private email to be intercepted by a third party. The bug is triggered by sending a malformed “From:” header to your own Gmail Account. You will then see third party email contents in the “Show Options” section of the email message. Since this bug was announced on Slashdot, I have not been able to receive any emails at my Gmail Account.

Extended X-Forwarded-For Logging with Apache

Posted in Apache on January 11th, 2005

I ran into a problem this week trying to generate Webtrends Reporting Data for the Apache web servers located behind our Load Balancer. Since the Load Balancer is acting as a proxy, the Load Balancer IP was the only host IP being recorded in the logs. This makes it impossible to get accurate Webtrends Reporting. I found two solutions to this problem. Both rely on the �X-Forwarded-For� http header.

mod_extract_forwarded Apache Module

The website for the module says:

mod_extract_forwarded is designed to transparently modify a connection so
that it looks like it came from the IP behind a proxy server rather than
the proxy itself. This affects all subsequent stages of request processing
including access control, logging, and CGIs. It relies on the
“X-Forwarded-For” header to do this. This header should be added by all
well-behaved proxies. If the proxy doesn’t add it, we can’t do anything
about it.

I decided against using this solution because I didn’t really want to load a 0.1 version module on a production Apache server.

Modifying the Apache LogFormat Directive

I modified the LogFormat directive in httpd.conf by replacing %h with %{X-Forwarded-For}i. An example is below.

#LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined

This causes the IP of the remote client to be written to the logs instead of the Proxy IP. It was easier to implement than the mod_extract_forwarded Apache module and solved my problem without adding additional risk to the production servers.