Press "Enter" to skip to content

Category: Life: Work and Techy

Techy: Nixstats And Cloudflare – Allowing IPs

What is NixStats?

I’m currently trying the NixStats (affiliate link) monitoring tool for servers and websites – mainly because it’s cheap (starts at $0/month for 5 monitors and 1 server, $9.95/month for 10 servers and 25 web monitors) and partially because it’s owned by WebPros. Not heard of WebPros? Me neither until I went digging and found out that not only do they now own NixStats but also cPanel Inc and Plesk (both “rivals” in the web hosting control panel world) – along with a few others(!)

The Problem – Cloudflare’s security being triggered

Anyway – one of the sites I am monitoring using Nixstats is under the Cloudflare system – and because of the frequent monitoring, it may “trip up” Cloudflare’s security features so I needed to “allow list” (aka “white list”) the IP addresses used by NixStats. Luckily, they do provide a list at https://nixstats.com/whitelist.php and https://nixstats.com/whitelist.php?v6 (I’ve got no idea how often these are updated though) – but you can’t simply import these into Cloudflare due to two issues:

  1. One of the IP addresses (in the first list) has a trailing tab character which Cloudflare just rejects as being an invalid IP address. Took me a while to find that!
  2. The IPv6 addresses are not in a format that Cloudflare accepts – they only accept CIDR’d IPv6 address on a /64 or smaller (and if you are not that techy, you are forgiven for not understanding that!).

The solution

So I’ve put together a downloadable CSV file listing all those IP addresses in the “correct format” for you to easily import into Cloudflare’s lists (Cloudflare don’t have an export option šŸ™ ).

You can download the file from here but I give no guarantee of accuracy etc etc.

But where in Cloudflare do I use the file?

It’s a two stage operation – first you’ve got to create the list and then you’ve got to setup the firewall rules.

Creating the IP Address List in Cloudflare

  1. Log into your Cloudflare account and get onto the main account screen (i.e. where it lists your individual sites)
  2. On the left hand menu near the bottom, there is an option labelled “Manage Account” – expand that.
  3. Under “Manage Account”, select “Configurations”
  4. On the “Configurations” screen, select “Lists”
  5. Select “Create new list” (free Cloudflare accounts can only create a single list by the way)
  6. Create the list with a name such as “nixstats” and a “Content type” of “IP Addresses”
  7. Edit the list and select “Add items”
  8. Select “Upload CSV” and upload the CSV of IP addresses ,
  9. Click “Add to list” and it should load them into the list.

Setting Cloudflare to use the list

  1. Log into Cloudflare (or, if you are already logged in, click the Cloudflare logo in the top left to return to home)
  2. Select the account of the domain name you are monitoring
  3. In the left hand menu, expand “Security”
  4. Under “Security”, select “WAF” (Web Application Firewall)
  5. Under “Firewall rules” (free accounts get 5 active firewall rules), select “Create firewall rule”
  6. Set a “Rule name” of something like “nixstats”
  7. Under the “When incoming requests match…” heading use the following settings
    • Field: “IP Source Address”
    • Operator: “is in list”
    • Value: “nixstats” (i.e. the list you created above)
  8. Under “Then…” select “Allow”
  9. Click “Deploy firewall rule” and it should take affect.

You’ll need to do this for each account you are monitoring using nixstats.

Getting Mailvelope working on Brave Browser

For the last few years, I’ve been using Brave as my primary web browser due to its advert and tracking blocking abilities – extremely useful on YouTube! It’s based on Chromium (like Google Chrome and Microsoft Edge), but more privacy/anti-ad orientated.

I’ve also been wanting to GPG/PGP sign some emails using my web based email clients so I’ve installed the Mailvelope plugin from the Google Chrome store and in conjunction with GPG4Win it means I should have access to all the PGP and GPG keys stored on my Windows 10 machine… Except it doesn’t work – it fails to list any installed keys… Why?

Well, it all comes down to a Chrome based protocol called NativeMessaging which requires software (such as GPG4Win) to registered their “acknowledgement” of browser plugins such as Mailvelope by adding (in the case of Windows) various registry settings for the browser to read and interlink.

In the case of Brave, it appears the others of GPG4Win aren’t (currently) aware of it and so don’t set the various registry settings for it to work correctly – and Brave, unlike Microsoft Edge, has no “fall back” facilities to check other browsers for their Native messaging setup. I have reported this to both the Brave Community and to GnuPG (the maintainers of GPG4Win) on their bug tracker – including suggested fixes for both organisations, but it may be some time before this is fixed. So what can you do in the meantime?

Easiest way:

If trust running random commands on your computer, run the following two commands in an escalated permissions (“Run as Administrator”) Windows Command Prompt to copy the existing settings from Chrome over:

REG COPY "HKCU\Software\Google\Chrome\NativeMessagingHosts\gpgmejson" "HKCU\Software\BraveSoftware\Brave-Browser\NativeMessagingHosts\gpgmejson" /s
REG COPY "HKLM\Software\Google\Chrome\NativeMessagingHosts\gpgmejson" "HKLM\Software\BraveSoftware\Brave-Browser\NativeMessagingHosts\gpgmejson" /s

Restart Brave and all should be working.

Manual way

Add/Set the following registry key:

Path: HKEY_CURRENT_USER\Software\BraveSoftware\Brave-Browser\NativeMessagingHosts\gpgmejson
Type: Reg_SZ
Data: C:\Program Files (x86)\Gpg4win\bin\gpgme-chrome.json

(updating the “Data” path to where you’ve installed Gpg4Win as appropriate)

Restart Brave and all should be working.

iPhone Windows 10 Microsoft Store Firmware location

I’ve just been trying to recover an old iPhone 5s which is stuck in recovery (DFU) mode and whilst I haven’t yet had any luck getting beyond the Apple logo yet, I hope the following information may help others.

I installed iTunes 12.10.7.3 on my Windows 10 Professional machine using the Microsoft Store (which now appears to be the preferred way Apple is distributing it) and I connected it up, it saw the iPhone and downloaded the 2.9Gb firmware. I did then try a few other applications to try and fix the Apple iPhone but they needed the firmware – but where was it on my machine?

A few sites suggested checkingĀ C:\Users\<Username>\AppData\Roaming\Apple Computer\iTunesĀ – but that path was empty for me. However, using Windows 10’s resource monitor, I soon spotted the firmware file was atĀ C:\Users\<Username>\AppData\Local\Packages\AppleInc.iTunes_nzyj5cx40ttqa\LocalCache\Roaming\Apple Computer\iTunes\iPhone Software Updates\iPhone_4.0_64bit_12.4.7_16G192_Restore.ipsw

I suspect the name of the “Package” may differ between iTunes versions, but that should help guide you to the iPhone IPSW firmware file (which I could have also downloaded from http://updates-http.cdn-apple.com/2020SpringFCS/fullrestores/061-94832/B6D93224-1059-4DF0-9438-78CD3BED57FE/iPhone_4.0_64bit_12.4.7_16G192_Restore.ipsw – but “guessing” that URL might have been tricky).

Windows 10 OpenSSH – Configuring Windows Git

This article is the last of a series I’ve written about migrating from using PuTTy on Windows to using the native OpenSSH client now available on Windows 10: you can read the rest of the articles via:

  1. Installation
  2. Storing keys using the SSH Agent
  3. Importing existing keys
  4. Creating a new public/private key pair
  5. Other useful OpenSSH commands
  6. Configuring Windows Git < You are here

If you are using Git for Windows and had previously been using PuTTy, you need to make a small tweak to the configuration for Git to use Windows 10’s OpenSSH client.

If you’ve been getting an error like:

FATAL ERROR: Disconnected: No supported authentication methods available (server sent: publickey)
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

when running git clone, but a test such as ssh git@github.com works, then you need to do the following steps.

  1. (Perhaps optional): Uninstall Git if you already have it installed. In theory, this can be done from Window’s “Add or Remove Programs”, but this was playing up for me. If you go into C:\Program Files\Git there should be a unins000.exe executable which will remove Git for you
  2. Install the latest version of Git (I actually uninstalled version 2.21.0.windows.1 and installed 2.23.0.windows.1) and during the setup, you’ll be prompt “Choosing the SSH executable”.
  3. Select “Use (Tortoise)Plink“, but enter in the path to Window’s OpenSSH SSH client: “c:\windows\system32\openssh\ssh.exeSelect (Tortoise)Plink and provide the path c:\windows\system32\openssh\ssh.exe to the Git setup
  4. Open a fresh PowerShell window and cloning should work!
    You might get a warning such as “warning: agent returned different signature type ssh-rsa (expected rsa-sha2-512)”, but that’s caused by a mismatch of keys and key types probably from the conversion from PuTTy keys. Generating a new public/private key pair and uploading that public key to Github/Bitbucket will fix that.

Windows 10 OpenSSH – Useful commands

This article is the fifth of a series I’ve written about migrating from using PuTTy on Windows to using the native OpenSSH client now available on Windows 10: you can read the rest of the articles via:

  1. Installation
  2. Storing keys using the SSH Agent
  3. Importing existing keys
  4. Creating a new public/private key pair
  5. Other useful OpenSSH commands < You are here
  6. Configuring Windows Git
Check the keys have been imported to the SSH agent
ssh-add -l

2048 SHA256:9hLEuBRdTBGDmAWxaDXhSwvqYLGVxDVtGiMumz9NUak C:\Users\userName/.ssh/id_rsa (RSA)
Show the public keys in the ssh-agent
ssh-add -L

ssh-rsa AAAAB3Nza...1F53nyTYMlmtcrZZp C:\Users\userName/.ssh/id_rsa
Delete all keys from the ssh-agent
ssh-add -D : hope you kept a backup!
Delete a specific key from the ssh-agent
ssh-add -d C:\Users\userName/.ssh/id_rsa