Category: security

Drupal HTTPS images

Posted by on March 2, 2011 | No comments
DrupalHostingPHPsecurity

I was involved with a project for a while which was using Drupal as the CMS. The entire site was being served over HTTPS, which was quite annoying as a large pile of the images that were being posted were being served over HTTP from their respective webservers. Naturally, this resulted in everyone getting very annoyed at their browser warning about loading unsecured content on a secure page.

So, I came up with this module. I’ve been meaning to release it for ages, but as I need to clear down the server it was running on it’s made me take the five minutes to write this post. Still needs a bit of work, but does what it says on the tin.

It identifies non-local images in content, downloads them and serves them from a local cache.

Download the module here: img_proxy.tar.gz

If you use Drupal, you should already know the drill – extract the file to your modules directory and enable it in the modules page. The module is implemented as an input filter, so you will then have to add it to the appropriate input formats at http://your.site.com/admin/settings/filters

Notes

  • Licenced under the GPL version 2.
  • *** There is nothing in the code that verifies the file being proxied is an image!! *** (that’ll be in the next version!)
  • May not work with sites that check the referer of the request for images.
  • I’ve been meaning to release this for ages, but there is sill a lot of debug code thats just commented out.

Hopefully I’m not the only webmaster that ever had this issue and somebody will find this handy.

Maybe one day I’ll tidy up the code and submit it to the Drupal Module repository!

Enjoy.

If you find this article useful, buy me a beer!

Tags: , , , , ,

Group Policy to disable Autorun

Posted by on January 21, 2009 | 5 comments
Active Directorygroup policysecurityTech

Well, its been a while, but I thought I’d share this little snippet.

Theres a big hoo-ha going round at the minute about a number of viruses that are exploiting autorun.inf to spread.

You can read all the gorey details over at CERT “Microsoft Windows Does Not Disable AutoRun Properly

Essentially, the recommended fix is to set a registry key. I did read somewhere that this makes windows handle the file as a Win95 ini file but sadly I can’t find the blog/article where I read that anymore.

Approaching this as a sysadmin and wanting to undertake minimal effort to resolve this issue I’ve create a Group Policy adm file to solve apply it to all the machines in an Active Directory domain. I’ve copied the contents below and attached the file to this post.

To use it:

  1. Create a new group policy object in your AD
  2. Edit it, right click on the Administrative Templates folder and remove all the default ones listed and add the one below.
  3. Right click on the Administrative Templates folder and change the view filtering to not hide settings that can’t be fully managed
  4. Group poicy editor will now display the setting to disable autorun which will set the appropriate registry key

ADM files are just text. You can either download the one below or copy and paste this (watch for the line wrap on the last line!):
» Read the full post

If you find this article useful, buy me a beer!

Tags: , , ,

Powered by Wordpress and Stripes Theme Entries (RSS) | Comments (RSS)