Squid: Controlling network access using Squid and whitelisted domains

Having your production servers go through a proxy like Squid for internet access can be an architectural best practice that provides network security as well as caching efficiencies.

For further security, denying access to all requests but an explicit whitelist of domains provides auditable control.

Continue reading “Squid: Controlling network access using Squid and whitelisted domains”

Ubuntu: Simulating a Web Server using Netcat

ubuntuWhen tasked with deploying a web application and it is not responsive to your browser requests, sometimes you need to take a step back from the complexity of your full stack and run a quick sanity check.

You can use netcat as a simple web server to prove to yourself that the network infrastructure is allowing the traffic, the guest OS is not blocking the port with its own firewall, and the browser can receive the HTTP response.

Start the netcat HTTP Server

If you want to refer back to my post on the minimal TCP server using netcat, read here.  Extending that concept, here is the bash command to echo out a basic set of HTTP headers and body on port 8080:

while true; do { echo -e "HTTP/1.1 200 OK\r\n$(date)\r\n\r\n<h1>hello world from $(hostname) on $(date)</h1>" |  nc -vl 8080; } done

Continue reading “Ubuntu: Simulating a Web Server using Netcat”

Ubuntu: Pre-Validate Network ACL and Firewall Connectivity with Netcat

ubuntuAlthough virtualization has pushed a self-service culture for infrastructure, it is still common in production environments to need your  Network Operations team to open the required ports necessary for any new application deployment.

So, while you may be able to create the base virtualized host, you can’t go much further without the network connectivity.  And there is nothing worse than finding out half way through your full stack deployment that the reason you keep hitting errors is because a stray port was not opened.

I would suggest pre-validating all the TCP and UDP ports you expect open.  This can be done pretty simply by using netcat on both sides of the communication.

Continue reading “Ubuntu: Pre-Validate Network ACL and Firewall Connectivity with Netcat”