From c5594e4a3edc29270de91ba1d61e6c9e5d040ee9 Mon Sep 17 00:00:00 2001 From: Ming Di Leom <2809763-curben@users.noreply.gitlab.com> Date: Wed, 1 Sep 2021 09:19:18 +0000 Subject: [PATCH] post(aws-waf): regional ACL - style: standardise edit date --- source/_posts/aws-waf.md | 4 +++- source/_posts/caddy-nixos-part-1.md | 2 +- source/_posts/dns-filtering.md | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/source/_posts/aws-waf.md b/source/_posts/aws-waf.md index 6644aef..d347c16 100644 --- a/source/_posts/aws-waf.md +++ b/source/_posts/aws-waf.md @@ -2,7 +2,7 @@ title: Convert AWS WAF ACLs to human-readable format excerpt: Run the attached script to download and convert ACLs date: 2021-06-27 -updated: 2021-07-23 +updated: 2021-09-01 tags: - aws - security @@ -12,6 +12,8 @@ I regularly need to audit my company's access control lists (ACLs) implemented i The script is [available here](https://gitlab.com/curben/aws-scripts/-/blob/main/waf-acl.py). It currently only supports Cloudfront ACL, feel free to extend it to support regional ACL. +(Edit: 1 Sep 2021) regional ACL is now supported. + ## ACL schema The underlying format of a web ACL is JSON. In this use case, I'm only concern with two keys: diff --git a/source/_posts/caddy-nixos-part-1.md b/source/_posts/caddy-nixos-part-1.md index f6a06d6..cbddb05 100644 --- a/source/_posts/caddy-nixos-part-1.md +++ b/source/_posts/caddy-nixos-part-1.md @@ -39,7 +39,7 @@ This website's JAMstack workflow goes like this: 4. Markdown files are processed into HTML pages using Nodejs-powered Hexo. 5. Generated pages are hosted on curben.netlify.app -_(Edit 22 Feb 2021: static site is now hosted primarily on Cloudflare Pages curben.pages.dev, with Netlify as a standby)_ +(Edit: 22 Feb 2021) static site is now hosted primarily on Cloudflare Pages curben.pages.dev, with Netlify as a standby. Right off the bat I can already see the need of setting up a private server due to the second requirement (ability to remove HTTP header). I had an option to drop Netlify by building the pages on my workstation and deploy to the web server (using a Hexo deployer plugin). So far I do find Netlify service to be reliable and it offers features like adding headers and reverse proxy which are easy to setup. Speaking of Netlify's features, I then had an idea of setting up a web server which reverse proxy to Netlify. This approach meets all the four requirements; a side-benefit is that if I screw up the web server, at least my website is still up on curben.netlify.app and I can easily migrate this domain to Netlify. diff --git a/source/_posts/dns-filtering.md b/source/_posts/dns-filtering.md index 2926953..b197f55 100644 --- a/source/_posts/dns-filtering.md +++ b/source/_posts/dns-filtering.md @@ -69,7 +69,7 @@ PhishTank is a notable example of this kind of discrepancy. Despite being operat Using URLhaus and PhishTank alone cannot possibly determine the effectiveness of malicious-blocking DNS providers accurately. I believe there are many malicious links out there that are not covered in those datasets. While I do think they are high quality and every DNS provider should consider utilising them, they are not _representative_ samples. So, take DNS-filtering testing which has limited sample with a grain of salt. -(Edit 14/07/2020) I was curious if the result is due to the samples being too _fresh_ (7 hours); DNS providers may not update their sources in real-time and perhaps only update once or twice a day. I ran the tests again on 13 July 2020 using the same samples (which I downloaded in 10 July 2020), a 3-day delay. The results show no significant change though. +(Edit: 14 Jul 2020) I was curious if the result is due to the samples being too _fresh_ (7 hours); DNS providers may not update their sources in real-time and perhaps only update once or twice a day. I ran the tests again on 13 July 2020 using the same samples (which I downloaded in 10 July 2020), a 3-day delay. The results show no significant change though. ## Google Safe Browsing