RECENT POSTS
- Introduction to FreeBSD Security Best Practices
- Working with Package Management in FreeBSD
- Understanding FreeBSD Security Advisories and Updates
- Troubleshooting Common System Administration Issues in FreeBSD
- Tips for Hardening FreeBSD to achieve System Protection
- Setting Up DHCP Server in FreeBSD
- Secure User and Group Management in FreeBSD Systems
- Secure Remote Access with SSH in FreeBSD
- Optimizing System Performance in FreeBSD
- Network Packet Capture with tcpdump in FreeBSD
- All posts ...
Do you have GDPR compliance issues ?
Check out Legiscope a GDPR compliance software, that will save you weeks of work, automating your documentation, the training of your teams and all processes you need to keep your organisation compliant with privacy regulations
P5-lwpx-paranoidagent
Jul 20, 2023
Subclass of LWP::UserAgent that protects you from harm
LWPxParanoidAgent is a class subclassing LWPUserAgent, but paranoid against attackers. It’s to be used when you’re fetching a remote resource on behalf of a possibly malicious user.
This class can do whatever LWPUserAgent can callbacks, uploads from files, etc, except proxy support is explicitly removed, because in that case you should do your paranoia at your proxy.
Also, the schemes are limited to http and https, which are mapped to LWPxProtocolhttp_paranoid and LWPxProtocolhttps_paranoid, respectively, which are forked versions of the same ones without the “_paranoid”. Subclassing them didn’t look possible, as they were essentially just one huge function.
This class protects you from connecting to internal IP ranges unless you whitelist them, hostnames/IPs that you blacklist, remote webserver tarpitting your process the timeout parameter is changed to be a global timeout over the entire process, and all combinations of redirects and DNS tricks to otherwise tarpit and/or connect to internal resources.
Checkout these related ports:
- Zope213 - Object-based web application platform Version 2.13
- Zola - Fast static site generator
- Zgrab2 - Fast Go application scanner
- Zerowait-httpd - Lightweight and fast http server
- Zenphoto - Simpler web photo gallery
- Zend-framework - Framework for developing PHP web applications
- Yuicompressor - The Yahoo! JavaScript and CSS Compressor
- Ytdl - YouTube downloader written in Go
- Yt-dlp - Command-line program for downloading videos from various platforms
- Youtube_dl - Program for downloading videos from various services
- Yourls - Your Own URL Shortener
- You-get - Dumb downloader that scrapes the web
- Yaws - Web server for dynamic content written in Erlang
- Yarr - Yet another rss reader
- Yarn - Package manager for node, alternative to npm (meta port)