Home / user-251743

harveyslash's questions

Martin Hope
harveyslash
Asked: 2016-08-13 08:26:01 +0800 CST
  • 0

I have set up mod_evasive and mod_remoteip to change the proxy headers from the load balancer's to the client's actual ip.

But I am running into problems when using mod evasive. at the moment, my configuration for mod evasive is:

DOSHashTableSize 3097
DOSPageCount 1
DOSSiteCount 2
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 100

From what I understand, the above config will allow at the most 1 request to a page per second , or at the most 2 pages anywhere in the website per second.

However, the problem is , the ip address of the load balancer is not static, and so when it tries to perform a health check , mod evasive blocks the load balancer. This results in the ELB thinking that the ec2 instance is not healthy.

What should I do to prevent this problem ? Is it possible to whitelist ip addresses by dns name ? My ELB DNS name is:

something-experimental-lb-123411.ap-northeast-1.elb.amazonaws.com If not, what other options do I have ?

load-balancing denial-of-service amazon-web-services apache-2.4
Martin Hope
harveyslash
Asked: 2016-07-07 02:04:34 +0800 CST
  • 0

I have an rds and ec2 instance in tokyo region. I just set up an rds server to test stuff from my ec2 server.

When I type

mysql -h remdev-experimental-BLEH-northeast-1.rds.amazonaws.com -P 3306 -uUSER -pPass

in ec2 the connection times out.

But i am able to get mysql access from my local computer. I am able to perform operations just fine.

My rds is publicly accessible and my ec2 server allows all traffic into it , and from it

I tried restarting my ec2 server but that didnt fix this issue

amazon-ec2 amazon-web-services amazon-vpc
Martin Hope
harveyslash
Asked: 2016-07-03 07:04:18 +0800 CST
  • 1

I want two origin access identities for cloud front (and s3). One that can just view content , and another , that can just put content (and maybe another that can just delete )

I know I can create an Origin access identity , and in my s3 bucket policy , I can specify which identity has how much access.

But , while signing urls , I don't see any option to choose this identity. The php code I'm using :

        $customPolicy = <<<POLICY
{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Sid":"statement1",
         "Effect":"Allow",
         "Action":[
            "s3:CreateBucket", "s3:ListAllMyBuckets", "s3:GetBucketLocation"  
         ],
         "Resource":[
            "arn:aws:s3:::*"
         ]
       }
    ]
}

POLICY;



// Create a signed URL for the resource using the canned policy
        $signedUrlCannedPolicy = $cloudFront->getSignedUrl([
            'url'         => $streamHostUrl . '/' . $resourceKey,
            'private_key' => base_path().'/'.'cloudfront.pem',
            'key_pair_id' => 'my key pair id',
            'policy' => $customPolicy

        ]);

How does one tell aws who to sign on behalf of ? I created a key pair for cloud front following http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html#private-content-creating-cloudfront-key-pairs.

amazon-web-services amazon-cloudfront cdn
Martin Hope
harveyslash
Asked: 2016-06-18 23:32:58 +0800 CST
  • 2

I have an api into which ill get quite a few requests in https. Since its restful, each time the api is sent , it requires a full ssl handshake. On enabling http-keepalive , the latency of the request is reduced greatly (first request takes same time, but subsequent requests are as fast as http).

Now, I was experimenting with amazon's elb (I will also use cloud front). My question is, how will keep alive work in the same setup , where the request coming from a client can be routed to different machines randomly ?
Or is it not possible at all to prevent an ssl handshake each time a request is made ?

load-balancing amazon-web-services keep-alive
Martin Hope
harveyslash
Asked: 2016-03-15 14:21:40 +0800 CST
  • -4

I was running mamp on el capitan 10.11.3. I decided to update mysql to version 5.7.11, so I ran this:

tar xfvz mysql-5.7*

echo "stopping mamp"
sudo /Applications/MAMP/bin/stop.sh
sudo killall httpd mysqld

echo "creating backup"
sudo rsync -a /Applications/MAMP ~/Desktop/MAMP-Backup

echo "copy bin"
sudo rsync -av mysql-5.7.*/bin/* /Applications/MAMP/Library/bin/ --exclude=mysqld_multi --exclude=mysqld_safe

echo "copy share"
sudo rsync -av mysql-5.7.*/share/* /Applications/MAMP/Library/share/

echo "fixing access (workaround)"
sudo chmod -R o+rw  /Applications/MAMP/db/mysql/
sudo chmod -R o+rw  /Applications/MAMP/tmp/mysql/

echo "starting mamp"
ln -s /Applications/MAMP/tmp/mysql/mysql.sock /tmp/mysql.sock
sudo /Applications/MAMP/bin/start.sh

echo "migrate to new version"
sudo chmod -R 777 /Applications/MAMP/db/mysql/
/Applications/MAMP/Library/bin/mysql_upgrade --user=root --password=root --host=localhost --port=3306

this is a script i found online. The tarball that I used was: mysql-5.7.11-osx10.10-x86_64.tar

now, I am unable to start mamp from the app, and when I run mysql in command line, I get :

ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)

mysql