logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Webmaster Tools & Utilities View previous topic :: View next topic
Reply to topic   Topic: URIports :: Monitoring Web and Mail server
Author
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 3094
Location: Hilversum, NL, EU

PostPosted: Sat 01 Jun '19 11:07    Post subject: URIports :: Monitoring Web and Mail server Reply with quote

While I was implementing MTA-STS (see www.apachelounge.com/viewtopic.php?t=8275 ) with the developers of the Mailserver Surgemail ( https://netwinsite.com/ ), I stumbled over URIports.

URIports is an advanced unified tool to monitor Web and Email Server security and configuration. It collects and process reports from the browser of your site visitors and mail servers

Whether you are looking for a place to collect and process your CSP (Content Security Policy), Expect-CT, Deprecation, Intervention, Crash, NEL (Network Error Logging), Feature Policy Violation, TLS-RPT (SMTP TLS Reporting for MTA-STS and DANE TLSA), DMARC (Domain-based Message Authentication, Reporting & Conformance) reports or ALL OF THEM; is covered!

Using it now for ApacheLounge and Mail Server (Surgemail). It helps to monitor the website and email server health and security.

It is free and easy to implement for Apache (set headers) and Mailserver (Dns TXT entry)

https://www.uriports.com/
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7374
Location: Germany, Next to Hamburg

PostPosted: Tue 09 Feb '21 20:56    Post subject: Reply with quote

Is there a way to implement such a backend on a own server?
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7374
Location: Germany, Next to Hamburg

PostPosted: Mon 10 May '21 21:26    Post subject: Reply with quote

I got an answer at https://www.apachelounge.com/viewtopic.php?p=40138
Back to top
sailor



Joined: 17 Apr 2015
Posts: 82
Location: US

PostPosted: Fri 14 May '21 16:12    Post subject: Reply with quote

James Blond wrote:
I got an answer at https://www.apachelounge.com/viewtopic.php?p=40138


I'm trying this https://shaunc.com/blog/article/implementing-a-reporturi-endpoint-for-expectct-and-other-headers~Xdf4cU8EurV1

In Apache config I have

Header set Expect-CT: "max-age=31536000, report-uri=\"https://my.intranetsite.com/report/rep.php\""

I have in my php.ini an smtp server ip that I know works.

I tried using curl, but was getting an SSL 60 error. It's probably because the site is internal. So, I tried using postman instead of curl. I put in Headers Access-Control-Request-Headers then value of POST, Monkey, X-Cola. I hit send and get a 200 response back, but no email.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7374
Location: Germany, Next to Hamburg

PostPosted: Sat 15 May '21 18:19    Post subject: Reply with quote

with curl I would do this

Code:

curl -i -X POST -H "Content-Type: application/expect-ct-report+json" -d '{"foo":"bar", "date":"2021-05-15T00:00:01+00:00"}' https://my.intranetsite.com/report/rep.php


I tried that out and I get an report mail on my server.

In postman set the headers

Code:
Content-Type: application/expect-ct-report+json


and as data

Code:
{"foo":"bar", "date":"2021-05-15T00:00:01+00:00"}


Well if you use the example script from shaunc
at the top of the script after <?php add
[code]
ini_set('error_reporting',E_ALL);
ini_set('display_errors','On');
[code]

and remove the @ before the mail command. That way you will get an error message when the mail sending fails
Back to top
sailor



Joined: 17 Apr 2015
Posts: 82
Location: US

PostPosted: Fri 04 Jun '21 18:32    Post subject: Reply with quote

I try

C:\jobs\curl>curl -i -X POST -H "Content-Type: application/expect-ct-report+json" -d '{"foo":"bar", "date":"2021-05-15T00:00:01+00:00"}' http://myintranet.com/report/rep.php
curl: (3) unmatched close brace/bracket in URL position 31:
date:2021-05-15T00:00:01+00:00}'

If I try with -g:

C:\jobs\curl>curl -g -i -X POST -H "Content-Type: application/expect-ct-report+json" -d '{"foo":"bar", "date":"2021-05-15T00:00:01+00:00"}' http://myintranet.com/report/rep.php
curl: (3) URL using bad/illegal format or missing URL
HTTP/1.1 200 OK
Date: Fri, 04 Jun 2021 15:55:31 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade
Vary: User-Agent
Content-Length: 0
Content-Type: text/html; charset=UTF-8

I do have a relatively recent version

curl 7.76.1 (x86_64-pc-win32) libcurl/7.76.1 OpenSSL/1.1.1k (Schannel) zlib/1.2.11 brotli/1.0.9 zstd/1.5.0 WinIDN libssh2/1.9.0 nghttp2/1.43.0 libgsasl/1.10.0
Release-Date: 2021-04-14
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli gsasl HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz MultiSSL NTLM SPNEGO SSL SSPI TLS-SRP Unicode UnixSockets zstd
Back to top
sailor



Joined: 17 Apr 2015
Posts: 82
Location: US

PostPosted: Fri 04 Jun '21 18:40    Post subject: Reply with quote

As usual, spoke too soon. This works with extra -d:

C:\jobs\curl>curl -g -i -X POST -H "Content-Type: application/expect-ct-report+json" -d '{"foo":"bar"}' -d {"date":"2021-05-15T00:00:01+00:00"}' "http://myintranet.com/report/rep.php"
Back to top


Reply to topic   Topic: URIports :: Monitoring Web and Mail server View previous topic :: View next topic
Post new topic   Forum Index -> Webmaster Tools & Utilities