Blog

What Is CIDR Notation?

Published: December 15, 2016

Tags:

Recently, I was involved in mitigating malicious scripted activity against a site that was found to be coming from a range of IP addresses. whois is a useful tool when dealing with this type of an issue. It can provide a network range for a given IP address.

➜  ~ whois 104.232.39.143

NetRange:       104.232.32.0 - 104.232.47.255
CIDR:           104.232.32.0/20
NetName:        NET3-INC
NetHandle:      NET-104-232-32-0-1
Parent:         NET104 (NET-104-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       AS36352, AS62584, AS55286
Organization:   Net3 Inc. (NETIN-11)
RegDate:        2014-10-27
Updated:        2014-10-27
Ref:            https://whois.arin.net/rest/net/NET-104-232-32-0-1


OrgName:        Net3 Inc.
OrgId:          NETIN-11
Address:        8195 Sheridan Drive
City:           Buffalo
StateProv:      NY
PostalCode:     14221
Country:        US
RegDate:        2013-07-10
Updated:        2015-08-14
Ref:            https://whois.arin.net/rest/org/NETIN-11


OrgTechHandle: NOC13226-ARIN
OrgTechName:   Network Operations Center
OrgTechPhone:  +1-289-408-9989
OrgTechEmail:  [email protected]
OrgTechRef:    https://whois.arin.net/rest/poc/NOC13226-ARIN

OrgAbuseHandle: NOC13226-ARIN
OrgAbuseName:   Network Operations Center
OrgAbusePhone:  +1-289-408-9989
OrgAbuseEmail:  [email protected]
OrgAbuseRef:    https://whois.arin.net/rest/poc/NOC13226-ARIN

OrgNOCHandle: NOC13226-ARIN
OrgNOCName:   Network Operations Center
OrgNOCPhone:  +1-289-408-9989
OrgNOCEmail:  [email protected]
OrgNOCRef:    https://whois.arin.net/rest/poc/NOC13226-ARIN

I provided the range of IP addresses (104.232.32.0 - 104.232.47.255) to the hosting company to block at the firewall. However, in their correspondence, they began referring to the IP address range in a way I wasn’t familiar with. It looked like this:

104.232.32.0/20.

Curious as always, I did a little investigation and found out that this way of referring to networks is called CIDR notation. I became interested and decided to learn a little more about CIDR notation…what is it used for and why? Here, I’ll share my learnings for anyone else who is curious.

Full List of Apache Hooks

Published: December 7, 2016

Tags:

Apache’s hooking system provides a very convenient way to customize request processing. However, thorough documentation is difficult to track down. The Apache developer documentation refers readers to the Doxygen documentation, however that page makes no mention of some commonly used hooks such as log_header_size_post_read_request.

Writing An Apache Module To Add Custom "%" Directives

Published: December 5, 2016

Tags:

mod_log_config provides many useful ”%” directives for defining CustomLog formats. In combination with its friend, mod_logio, 99% percent of logging use cases are covered. However, one day, you may find that there’s something you want to log that is not accessible with the tools Apache provides you. Luckily, you can utilize Apache’s module system to add your own logging directives. In this guide, we’ll write an Apache module that adds a %^IH % directive which records request header size, in bytes.

Foreign Key Constraints Are Business Decisions

Published: December 1, 2016

A foreign key constraint is defined by Wikipedia as follows…

A field (or collection of fields) in one table that uniquely identifies a row of another table or the same table.

Sounds pretty technical, right? Frequently, a developer uses his or her judgement when planning the architecture of some feature to decide when a foreign key is appropriate. However, I had an experience today where I learned that often, foreign key constraint enforcement is a business decision rather than a technical one.

Logging PHP Arrays

Published: November 30, 2016

How should I log a PHP array?

If you work as a PHP developer this is probably a question you’ve asked yourself before. There are quite a few guides you’ll find online in regards to this subject.

Typically, they point to PHP’s print_r function.

Log PHP Array Google Search Results

Unfortunately, they’re wrong :open_mouth:

So why, exactly, does print_r suck for logging? Allow me to elaborate.

HTTP Request Header Size Limits

Published: November 26, 2016

Recently, I caught wind of an issue which was reported by the client as follows…

Customers are getting error screens stating that their request was blocked.

At first glance, it smelled like an issue at the WAF (web application firewall).

A quick call with our hosting provider later, we confirmed that requests were, indeed, violating the WAF’s “max header size” policy. Let’s take a look at the what and the why.