Blogging Techstacks

This article has been superseded by this one. 
No further updates will be made to this article. 

A recent vulnerability scan showed a large number of sites that I maintain have the HTTP Trace method enabled. All of my sites are front-ended by an F5 BigIP load-balancer but I have a bunch of different web servers--apache 1.3, apache 2.0, apache 2.2, IIS5, and IIS6 and even some tomcat servers. So, instead of visiting each type of server and applying the relevant scan, I thought it would be pretty interesting to write a rule on the BigIP that would reject any request coming in to a site that utilized the HTTP TRACE method. Below is the rule. Steal it or modify it to your hearts content but if you do modify it to make it even better or more useful, post it in the comments.

when HTTP_REQUEST {
set default_pool [LB::server pool]
if { [HTTP::method] equals "TRACE" } {
reject
} else {
pool $default_pool
}
}

The "set default_pool" statement sets the pool to whatever the default pool assigned to a particular Virtual IP is set to. The rest is pretty self-explanatory....if the method is TRACE, reject the request, otherwise, do nothing.

At work I use a third party vendor implementation of apache and tomcat from a company named Covalent. I installed this locally in order to have a sandbox to play in and I wanted to set up JMX on the tomcat instance in order to play with Groovy, Glassbox, and some other useful open-source tools.

Setting up JMX when it isn't already set up for you can be a real headache. Setting up JMX in tomcat on Windows can be a really big headache. This may apply to regular tomcat but I haven't tested it yet--it was definitely applicable to the covalent-implementation.

If you have the tomcat instance installed as a service, any JAVA_OPTS updates that are made won't take affect unless you delete the service and recreate it. I spent hours trying to get this working on my new Vista machine. Everything looked right but the RMI port still would not bind. Finally, out of frustration, I deleted the service and re-created it and everything worked.

I'd like to know if this is Vista specific or if it happens across other Windows versions so if any one reading this could comment on Win2k or if this is the case with regular apache, it would be a good tip for the knowledge base.

As I mentioned in the previous post, I bought a new laptop that is primarily used for work. I would have bought a macbook but my tax rebate wasn't that good and even though many of the interesting sites that I run now are Apache/Java/Tomcat/Jboss-based, the majority of sites are still running IIS5 and IIS6. So, I stopped by a local large electronics store and found a Gateway laptop normally selling for $750 on sale for $600.

The machine is good enough for work but it is running Windows Vista. Now, I'm not planning on knocking Vista in this particular post but the one thing I've noticed in the two weeks or so that I've had this thing is that there seems to be a dearth of useful blog editors for Windows.

I've grown accustomed to using MarsEdit on my iMac but that machine sits upstairs in my study and I'm lazy. I don't think this blog will necessarily get to the point where I would be able to consider myself a professional blogger and "going pro" is over-rated anyway. The one nice thing about being an amateur is that you can be wrong and simply shrug it off to not being a "professional". If someone winds up posting some comment about how I'm suggesting something wild and outlandish or even downright wrong, I can just chuckle it away and blissfully write along enjoying my status as "amateur-blogger". But I digress.

If I'm going to continue to use Vista on this laptop, I'm hoping that if anyone out there is actually reading this, I'd love to know if there is any editor out there that will work with Blogger and is as good as MarsEdit. I'm tried Qumana, Windows Live Writer, Blogjet and I've been a bit underwhelmed. Right now, I'm writing this with the built-in blog editor in Flock, which seems to be surprisingly well up to the task. Blogjet looks the most promising of the commercial editors right now but I think I should post the question out there to those who might be more knowledgeable that me on this. Thanks in advance!