Error 1000 by Cloudflare?

My static file proxy p.rst.im got an error sometime, saying:

Error 1000
DNS points to prohibited IP

I tried to tcpdump on port 80

And I found some header added by cloudflare:

Cloudflare might treat it infinitely loop, so I remove these headers on nginx:

Now, what caused it:

Here is how I get to these files:

Since I have that proxy on my VPS, it works like:

It IS a loop.

Error 1000 by Cloudflare? by @sskaje: https://sskaje.me/2016/08/error-1000-cloudflare/

iptables disallow nat by source

drop/reject are not allowed in nat, so, forward to other port if source matches.

iptables disallow nat by source by @sskaje: https://sskaje.me/2016/08/iptables-disallow-nat-source/

VMware Windows 10 Guest Shared Folder Fixer

Windows 10 Shared folder hang in VMware Fusion.
According to @steve goddard, this is caused by Microsoft upgrades destroying registry settings.

I wrote a VBScript check and fix the registry.

github project: https://github.com/sskaje/vmware_windows_10_shared_folder_fixer

VMware Windows 10 Guest Shared Folder Fixer by @sskaje: https://sskaje.me/2016/08/vmware-windows-10-guest-shared-folder-fixer/

静态资源代理服务

之前为了让blog能被大陆地区正常访问(主要是G家css和字体),在ngnix上配了一些替换规则

之前blog强制走https,也加了一些乱七八糟的nginx规则。
现在单独拿出一个域名干这事情,p.rst.im,这样一来,可能有些资源可以被直接被第三方引用:

例如 jquery 的google cdn:https://ajax.googleapis.com/ajax/libs/jquery/3.1.0/jquery.min.js
可以使用 https://p.rst.im/p/ajax.googleapis.com/ajax/libs/jquery/3.1.0/jquery.min.js

也可以用 //p.rst.im

目前启用的规则包括下列域名及子域名:

  • google.com
  • googleapis.com
  • googleusercontent.com
  • gstatic.com
  • jquery.com
  • bootstrapcdn.com

替换做得比较简单粗暴,所以可能有部分js无法正常访问。
有问题欢迎反馈,有需要添加域名的也请提出来。

这里只尽量保证静态资源能正常被使用,想拿这个当web proxy的还是歇了吧。

如果你的blog使用nginx/tengine并且启用了 ngx_http_substitutions_filter_module,可以参考如下配置:

静态资源代理服务 by @sskaje: https://sskaje.me/2016/08/web-static-resource-proxy/

EdgeRouter OpenVPN Connectivity Monitor

VPN protocols are censored and blocked in China.

I’ve set up an PPTP client and a Site-to-site OpenVPN connection on my EdgeRouter Lite.

PPTP is insecure and is easier to censor, so I’ve removed PPTP client from my router.

OpenVPN is better than PPTP, not only secured, but also much more stable. But traffics are occasionally lost, reset works at most cases.

But I cannot get ssh access anywhere anytime, so I have to write an script monitor and run ‘reset’ if necessary.

You are not authorised to read all content in this post.

Please login…

EdgeRouter OpenVPN Connectivity Monitor by @sskaje: https://sskaje.me/2016/08/edgerouter-openvpn-connectivity-monitor/