Press "Enter" to skip to content

Author: Richy B.

Follow me on Mastodon at @rbairwell@mastodon.org.uk or just the posts on this blog by following @richyb@blog.rac.me.uk .

Techy: Nixstats And Cloudflare – Allowing IPs

June 16, 2022
Leave a Comment

What is NixStats?

I’m currently trying the NixStats (affiliate link) monitoring tool for servers and websites – mainly because it’s cheap (starts at $0/month for 5 monitors and 1 server, $9.95/month for 10 servers and 25 web monitors) and partially because it’s owned by WebPros. Not heard of WebPros? Me neither until I went digging and found out that not only do they now own NixStats but also cPanel Inc and Plesk (both “rivals” in the web hosting control panel world) – along with a few others(!)

The Problem – Cloudflare’s security being triggered

Anyway – one of the sites I am monitoring using Nixstats is under the Cloudflare system – and because of the frequent monitoring, it may “trip up” Cloudflare’s security features so I needed to “allow list” (aka “white list”) the IP addresses used by NixStats. Luckily, they do provide a list at https://nixstats.com/whitelist.php and https://nixstats.com/whitelist.php?v6 (I’ve got no idea how often these are updated though) – but you can’t simply import these into Cloudflare due to two issues:

  1. One of the IP addresses (in the first list) has a trailing tab character which Cloudflare just rejects as being an invalid IP address. Took me a while to find that!
  2. The IPv6 addresses are not in a format that Cloudflare accepts – they only accept CIDR’d IPv6 address on a /64 or smaller (and if you are not that techy, you are forgiven for not understanding that!).

The solution

So I’ve put together a downloadable CSV file listing all those IP addresses in the “correct format” for you to easily import into Cloudflare’s lists (Cloudflare don’t have an export option šŸ™ ).

You can download the file from here but I give no guarantee of accuracy etc etc.

But where in Cloudflare do I use the file?

It’s a two stage operation – first you’ve got to create the list and then you’ve got to setup the firewall rules.

Creating the IP Address List in Cloudflare

  1. Log into your Cloudflare account and get onto the main account screen (i.e. where it lists your individual sites)
  2. On the left hand menu near the bottom, there is an option labelled “Manage Account” – expand that.
  3. Under “Manage Account”, select “Configurations”
  4. On the “Configurations” screen, select “Lists”
  5. Select “Create new list” (free Cloudflare accounts can only create a single list by the way)
  6. Create the list with a name such as “nixstats” and a “Content type” of “IP Addresses”
  7. Edit the list and select “Add items”
  8. Select “Upload CSV” and upload the CSV of IP addresses ,
  9. Click “Add to list” and it should load them into the list.

Setting Cloudflare to use the list

  1. Log into Cloudflare (or, if you are already logged in, click the Cloudflare logo in the top left to return to home)
  2. Select the account of the domain name you are monitoring
  3. In the left hand menu, expand “Security”
  4. Under “Security”, select “WAF” (Web Application Firewall)
  5. Under “Firewall rules” (free accounts get 5 active firewall rules), select “Create firewall rule”
  6. Set a “Rule name” of something like “nixstats”
  7. Under the “When incoming requests match…” heading use the following settings
    • Field: “IP Source Address”
    • Operator: “is in list”
    • Value: “nixstats” (i.e. the list you created above)
  8. Under “Then…” select “Allow”
  9. Click “Deploy firewall rule” and it should take affect.

You’ll need to do this for each account you are monitoring using nixstats.

Getting Mailvelope working on Brave Browser

June 15, 2022
Leave a Comment

For the last few years, I’ve been using Brave as my primary web browser due to its advert and tracking blocking abilities – extremely useful on YouTube! It’s based on Chromium (like Google Chrome and Microsoft Edge), but more privacy/anti-ad orientated.

I’ve also been wanting to GPG/PGP sign some emails using my web based email clients so I’ve installed the Mailvelope plugin from the Google Chrome store and in conjunction with GPG4Win it means I should have access to all the PGP and GPG keys stored on my Windows 10 machine… Except it doesn’t work – it fails to list any installed keys… Why?

Well, it all comes down to a Chrome based protocol called NativeMessaging which requires software (such as GPG4Win) to registered their “acknowledgement” of browser plugins such as Mailvelope by adding (in the case of Windows) various registry settings for the browser to read and interlink.

In the case of Brave, it appears the others of GPG4Win aren’t (currently) aware of it and so don’t set the various registry settings for it to work correctly – and Brave, unlike Microsoft Edge, has no “fall back” facilities to check other browsers for their Native messaging setup. I have reported this to both the Brave Community and to GnuPG (the maintainers of GPG4Win) on their bug tracker – including suggested fixes for both organisations, but it may be some time before this is fixed. So what can you do in the meantime?

Easiest way:

If trust running random commands on your computer, run the following two commands in an escalated permissions (“Run as Administrator”) Windows Command Prompt to copy the existing settings from Chrome over:

REG COPY "HKCU\Software\Google\Chrome\NativeMessagingHosts\gpgmejson" "HKCU\Software\BraveSoftware\Brave-Browser\NativeMessagingHosts\gpgmejson" /s
REG COPY "HKLM\Software\Google\Chrome\NativeMessagingHosts\gpgmejson" "HKLM\Software\BraveSoftware\Brave-Browser\NativeMessagingHosts\gpgmejson" /s

Restart Brave and all should be working.

Manual way

Add/Set the following registry key:

Path: HKEY_CURRENT_USER\Software\BraveSoftware\Brave-Browser\NativeMessagingHosts\gpgmejson
Type: Reg_SZ
Data: C:\Program Files (x86)\Gpg4win\bin\gpgme-chrome.json

(updating the “Data” path to where you’ve installed Gpg4Win as appropriate)

Restart Brave and all should be working.

Bookmarks from PinBoard October 24, 2020

October 24, 2020
Leave a Comment

Bookmarks I’ve added on PinBoard.in recently

Digest powered by RSS Digest

iPhone Windows 10 Microsoft Store Firmware location

July 2, 2020
Leave a Comment

I’ve just been trying to recover an old iPhone 5s which is stuck in recovery (DFU) mode and whilst I haven’t yet had any luck getting beyond the Apple logo yet, I hope the following information may help others.

I installed iTunes 12.10.7.3 on my Windows 10 Professional machine using the Microsoft Store (which now appears to be the preferred way Apple is distributing it) and I connected it up, it saw the iPhone and downloaded the 2.9Gb firmware. I did then try a few other applications to try and fix the Apple iPhone but they needed the firmware – but where was it on my machine?

A few sites suggested checkingĀ C:\Users\<Username>\AppData\Roaming\Apple Computer\iTunesĀ – but that path was empty for me. However, using Windows 10’s resource monitor, I soon spotted the firmware file was atĀ C:\Users\<Username>\AppData\Local\Packages\AppleInc.iTunes_nzyj5cx40ttqa\LocalCache\Roaming\Apple Computer\iTunes\iPhone Software Updates\iPhone_4.0_64bit_12.4.7_16G192_Restore.ipsw

I suspect the name of the “Package” may differ between iTunes versions, but that should help guide you to the iPhone IPSW firmware file (which I could have also downloaded from http://updates-http.cdn-apple.com/2020SpringFCS/fullrestores/061-94832/B6D93224-1059-4DF0-9438-78CD3BED57FE/iPhone_4.0_64bit_12.4.7_16G192_Restore.ipsw – but “guessing” that URL might have been tricky).