wpad on pfSense with lighttpd

Setting up proxy auto-configuration on pfSense has a handy documentation page, but sadly the first thing they say is that you have to run the webConfigurator GUI in HTTP mode, which is kind of annoying. Given the auto-config of nginx (which runs the pfSense GUI) will likely blat any changes I make, I decided to use lighttpd instead. In short, we’re going to: install a web server make a pac file make it available at a couple of different URLs via that web server have cake Here’s how I did it… [Read More]

pfSense VPN for Road Warriors

This is current for v2.4.1, and is by no means a configuration I’d stand behind as far as being terribly secure for anything you should care about! :) I’ve got a static IP address, so I have a DNS entry that points at my router. If you’ve got a dynamic address, it’d be worth configuring Dynamic DNS to make connecting to your VPN possible. Here we go… it’s all done in the pfSense webUI of course. [Read More]

Internode IPv6 configuration for pfSense

After running a mikrotik router for a long time and fighting with the IPv6 configuration, I gave up this week and started using pfSense as a test. Within about half an hour (after figuring out the USB boot option wasn’t possible with my machine) I was up and running better than ever! WAN interface config General Configuration IPv6 Configuration Type: DHCP6 DHCP6 Client Configuration section Advanced Configuration: not needed Use IPv4 connectivity as parent interface: enabled Request only an IPv6 prefix: enabled DHCPv6 Prefix Delegation size: 56 Send IPv6 prefix hint: enabled Debug: disabled Do not wait for a RA: disabled Do not allow PD/Address release: disabled LAN Interface Configuration General Configuration IPv6 Configuration Type: Track Interface [Read More]

F5 APM with IPV6 Network ACLs

I ran into an issue while configuring an F5 SSLVPN for IPV6 last night, and googling it didn’t return anything of use.. so here we are again! This is for the IPV6 LAN Address Space option, under Client Settings in the Network Settings tab under… don’t hold your breath… Access ›› Connectivity / VPN : Network Access (VPN) : Network Access Lists : (yourprofile) I know they’re complex, but the configuration’s getting hilariously convoluted to find sometimes. [Read More]

Blocking WordPress password resets

Had an issue with people attempting password resets against one of my wordpress instances, when it’s something I’ll literally never require. Since it’s running on Apache, I decided to use mod_security to implement, blocking and alerting with ease. SecRule REQUEST_FILENAME "wp-login.php" "id:'400002',chain,deny,log,msg:'Password reset form attempt'" SecRule ARGS:action "@contains lostpassword" This is really simple, and nukes the ability for people to reset the password - and easy to remove if someone does have to do it :) [Read More]


Noun As in the opposite of benefit. Because using drawbacks is bad; similarly ‘pros’ and ‘cons’. Donated by Justin [Read More]


Verb To precisely understand something, one would assume? Don’t misunderestimate me, sir! Donated by Harvey [Read More]


Verb The act of having a conversation, in the future tense. We will conversate about this later Donated by Justin [Read More]


Adjective If you’re planful you’ve made a plan? Maybe? We should be more planful about this in future. Donated by Justin [Read More]