« January 2013 | Main | March 2013 »

4 posts from February 2013

02/27/2013

Powershell Two-Liner to Get External IP

It has been a while since I've had a Windows machine to play with but I get requests from developers quite often who want to know the external IP a partner will see when one of our servers are accessing that partner's site. On Unix and Unix-like servers, you can just run curl ifconfig.me (assuming curl is installed) and you're done, (curl -x [protocol][proxy_server][:port] ifconfig.me if you need to declare an anonymous outbound proxy server).

Windows server administrators though don't seem to install curl on their servers too often but there is a very good chance Powershell will be installed on it. If you're looking for a way to grab your external IP from the command line on Windows, the following Powershell 3.0 two-liner will work, (it definitely works on Windows 8):

$resp = Invoke-WebRequest -Uri https://ifconfig.me/ip -Method Get
Write-Output $resp.ParsedHtml.body.innerHtml

If you need to declare an outbound proxy (which does not require authentication), add -Proxy [proxy_server][:port] after -Method Get. Save it in a new script named something like "Get-MyExtIP.ps1" and you are all set.

Yes, one could just fire up Internet Explorer from a Terminal Services session and go to one of those external IP sites but this is a powershell post. :)

02/25/2013

Apache HTTP Server 2.4.4 Released

The Apache HTTP Server project released version 2.4.4. Although there are quite a few bug fixes in this release, there are two cross-site scripting security vulnerabilities that are also fixed in this new version:

  • SECURITY: CVE-2012-3499 (cve.mitre.org)
    Various XSS flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp.

  • SECURITY: CVE-2012-4558 (cve.mitre.org)
    XSS in mod_proxy_balancer manager interface.

See the changelog for more information and download Apache HTTP Server v2.4.4 source and binaries from a mirror near you.

Windows Azure Service Disruption from Expired Certificate

Possibly one of the worst types of outages, which all of us have had or will have experienced in our careers, is the outage caused by an expired ssl cert:

Windows Azure Storage experienced a worldwide outage impacting HTTPS traffic due to an expired SSL certificate. HTTP traffic was unaffected but the event impacted a number of Windows Azure services that are dependent on Storage. We executed the repair steps to update the SSL certificate on the impacted clusters and availability was restored to >99% worldwide by 1:00 AM PST on February 23. At 8:00 PM PST on February 23, we completed the restoration effort and confirmed full availability worldwide.

I'll be looking to see if a root cause analysis ends up getting posted but I have a few guesses as to what could have caused this. According to this article on Techcrunch, Microsoft To Refund Windows Azure Customers Hit By 12 Hour Outage That Disrupted Xbox Live and the full blog post on the Windows Azure log I'm linking to in the title of this post, it took 12 hours to restore service to 99% of customers on clusters impacted by the expired cert which makes me think a good portion of that time was spent by the Ops folks trying to figure out what an unhelpful error message in the logs actually meant followed by many hours of importing updated certs (or restarting app servers caching the old certificates).