js1018's questions

I created a Rewrite rule in the .htaccess of a website to block traffic with blank user-agents and user-agents with only "-", except when the request comes from the webserver itself. The rule only works for requests made to the site root (example.com), but not for pages within the site, existing or otherwise (example.com/someradompage). The webserver is apache2.

.htaccess config

RewriteCond %{HTTP_USER_AGENT} "^$|^-$" [NC]

RewriteCond %{REMOTE_ADDR} "!^x\.x\.x\.x$" <- Public IP address of the webserver.

RewriteRule ^.* - [F,L]

I tested this with the following curl commands:

curl -k -A "" https://example.com -> Returns status code 403 forbidden.

curl -k -A "" https://example.com/someradompage -> Serves the page or returns status code 404 not found if the page doesn't exist.

How can I also block requests from these blank and "-" user-agents for pages inside the site?

The Problem:

When I try to run gather stats over OpenVPN on my Oracle 19c database, SQL Developer doesn't return the typical "PL/SQL procedure successfully completed" message if it runs for more than a certain amount of time.

Apparently, the connection hangs after a while, and I either need to disconnect from OpenVPN or kill SQL Developer in Windows Task Manager to close it.

My Oracle 19c database and OpenVPN server are on different cloud providers.

Running gather stats on this database typically takes about half an hour.

Running the gather stats command on SQL Developer

What I checked:

1. Nothing unusual on the Iptables and OpenVPN logs on the OpenVPN Server or on the listener and alert logs on the Oracle 19c Server.

2. net.ipv4.tcp_keepalive_time and net.netfilter.nf_conntrack_tcp_timeout_established are set to their default values of 7200 (2 hours) and 432000 (5 days) on both machines.

3. If I connect to the database as system and run:

   select x.sid, x.serial#, x.username, x.status, x.osuser, x.machine, x.program, x.event, x.state, sql.sql_text from v$sqlarea sql, v$session x where x.sql_hash_value = sql.hash_value and x.sql_address = sql.address and x.username = 'myuser';

After about half an hour, I noticed that the session for gather stats is inactive. So I assume that gather stats does indeed run and finish successfully, but just doesn’t return the aforementioned output message.

Gather stats running on the database

Gather stats session inactive after about half an hour

What I tried:

1. On a smaller database in the same instance, running gather stats over OpenVPN returns the aforementioned success message. This one takes around 10 minutes.

2. Connecting directly (without OpenVPN) to the database by adding my IP address to the firewall of the cloud provider and running gather stats also returns the aforementioned success message.

3. Generating a SSH public/private key pair on the Oracle 19c server and using SSH Hosts on SQL Developer, but the connection is very unstable/always resetting.

4. Setting up a Dante proxy server. Apparently, SQL Developer can only use some kind of special proxy server.

5. Setting up a IPSEC VPN with StrongSwan. My Windows 10 couldn't establish a connection with it for some reason.

Objective: Need to install an SMTP server (preferably postfix) that will send messages to other common mail providers like gmail, outlook, yahoo, etc.

Problem: Google Cloud blocks usage of SMTP port 25 (but not 465 or 587) and only provides details on how to use external mail providers. Another workaround is to create a gmail account, configure relay as smtp.gmail.com and use the said account to send the messages. The problem with this is that the daily message limit for the relay is probably going to be exceeded with the volume of messages that are expected to be sent.

Tried:

1. Sending a message using mail on ubuntu 18.04 on google cloud using the default postfix configuration and only changing "inet_protocols" to "ipv4". This gives a timeout message on log.

postfix/smtp[]: connect to ALT2.ASPMX.L.GOOGLE.COM[x.x.x.x]:25: Connection timed out

2. Tried changing the following lines in master.cf

smtp inet - - y - - smtpd

smtp unix - - y - - smtp

to

587 inet - - y - - smtpd

587 unix - - y - - smtp

adding "smtp_use_tls = yes" to main.cf

and restarting postfix. This puts postfix listening and sending messages on port 587, but it still gives the same massage.

postfix/smtp[]: connect to ALT3.ASPMX.L.GOOGLE.COM[x.x.x.x]:587: Connection timed out

3. Messages are sent by using the same configuration as on 1 in another hosting service (port 25 not blocked).

There are people that say smtp between servers only works on port 25, but I've been unable to find any information that confirms this, and not knowing much about mail servers am unsure if it's at all possible to configure another port on postfix for this effect.

Am I just wasting my time trying to configure this on Google Cloud and should just change hosting service? Or is there some kind of way to configure postfix to work with port 25 blocked?