Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: URIports :: Monitoring Web and Mail server |
|
Author |
|
Steffen Moderator
Joined: 15 Oct 2005 Posts: 3094 Location: Hilversum, NL, EU
|
Posted: Sat 01 Jun '19 11:07 Post subject: URIports :: Monitoring Web and Mail server |
|
|
While I was implementing MTA-STS (see www.apachelounge.com/viewtopic.php?t=8275 ) with the developers of the Mailserver Surgemail ( https://netwinsite.com/ ), I stumbled over URIports.
URIports is an advanced unified tool to monitor Web and Email Server security and configuration. It collects and process reports from the browser of your site visitors and mail servers
Whether you are looking for a place to collect and process your CSP (Content Security Policy), Expect-CT, Deprecation, Intervention, Crash, NEL (Network Error Logging), Feature Policy Violation, TLS-RPT (SMTP TLS Reporting for MTA-STS and DANE TLSA), DMARC (Domain-based Message Authentication, Reporting & Conformance) reports or ALL OF THEM; is covered!
Using it now for ApacheLounge and Mail Server (Surgemail). It helps to monitor the website and email server health and security.
It is free and easy to implement for Apache (set headers) and Mailserver (Dns TXT entry)
https://www.uriports.com/ |
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7374 Location: Germany, Next to Hamburg
|
Posted: Tue 09 Feb '21 20:56 Post subject: |
|
|
Is there a way to implement such a backend on a own server? |
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7374 Location: Germany, Next to Hamburg
|
|
Back to top |
|
sailor
Joined: 17 Apr 2015 Posts: 82 Location: US
|
Posted: Fri 14 May '21 16:12 Post subject: |
|
|
I'm trying this https://shaunc.com/blog/article/implementing-a-reporturi-endpoint-for-expectct-and-other-headers~Xdf4cU8EurV1
In Apache config I have
Header set Expect-CT: "max-age=31536000, report-uri=\"https://my.intranetsite.com/report/rep.php\""
I have in my php.ini an smtp server ip that I know works.
I tried using curl, but was getting an SSL 60 error. It's probably because the site is internal. So, I tried using postman instead of curl. I put in Headers Access-Control-Request-Headers then value of POST, Monkey, X-Cola. I hit send and get a 200 response back, but no email. |
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7374 Location: Germany, Next to Hamburg
|
Posted: Sat 15 May '21 18:19 Post subject: |
|
|
with curl I would do this
Code: |
curl -i -X POST -H "Content-Type: application/expect-ct-report+json" -d '{"foo":"bar", "date":"2021-05-15T00:00:01+00:00"}' https://my.intranetsite.com/report/rep.php
|
I tried that out and I get an report mail on my server.
In postman set the headers
Code: | Content-Type: application/expect-ct-report+json |
and as data
Code: | {"foo":"bar", "date":"2021-05-15T00:00:01+00:00"} |
Well if you use the example script from shaunc
at the top of the script after <?php add
[code]
ini_set('error_reporting',E_ALL);
ini_set('display_errors','On');
[code]
and remove the @ before the mail command. That way you will get an error message when the mail sending fails |
|
Back to top |
|
sailor
Joined: 17 Apr 2015 Posts: 82 Location: US
|
Posted: Fri 04 Jun '21 18:32 Post subject: |
|
|
I try
C:\jobs\curl>curl -i -X POST -H "Content-Type: application/expect-ct-report+json" -d '{"foo":"bar", "date":"2021-05-15T00:00:01+00:00"}' http://myintranet.com/report/rep.php
curl: (3) unmatched close brace/bracket in URL position 31:
date:2021-05-15T00:00:01+00:00}'
If I try with -g:
C:\jobs\curl>curl -g -i -X POST -H "Content-Type: application/expect-ct-report+json" -d '{"foo":"bar", "date":"2021-05-15T00:00:01+00:00"}' http://myintranet.com/report/rep.php
curl: (3) URL using bad/illegal format or missing URL
HTTP/1.1 200 OK
Date: Fri, 04 Jun 2021 15:55:31 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade
Vary: User-Agent
Content-Length: 0
Content-Type: text/html; charset=UTF-8
I do have a relatively recent version
curl 7.76.1 (x86_64-pc-win32) libcurl/7.76.1 OpenSSL/1.1.1k (Schannel) zlib/1.2.11 brotli/1.0.9 zstd/1.5.0 WinIDN libssh2/1.9.0 nghttp2/1.43.0 libgsasl/1.10.0
Release-Date: 2021-04-14
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli gsasl HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz MultiSSL NTLM SPNEGO SSL SSPI TLS-SRP Unicode UnixSockets zstd |
|
Back to top |
|
sailor
Joined: 17 Apr 2015 Posts: 82 Location: US
|
Posted: Fri 04 Jun '21 18:40 Post subject: |
|
|
As usual, spoke too soon. This works with extra -d:
C:\jobs\curl>curl -g -i -X POST -H "Content-Type: application/expect-ct-report+json" -d '{"foo":"bar"}' -d {"date":"2021-05-15T00:00:01+00:00"}' "http://myintranet.com/report/rep.php" |
|
Back to top |
|
|
|
|
|
|