Skip to content

Instantly share code, notes, and snippets.

View rlnorthcutt's full-sized avatar
🇺🇦

Ron Northcutt rlnorthcutt

🇺🇦
19 followers · 9 following
View GitHub Profile
@rlnorthcutt
rlnorthcutt / axios-npm-malware-check.md
Created April 1, 2026 13:07
Security Advisory: Detection and Remediation for Axios Malware (March 2026)

On March 31, 2026, a supply chain compromise was identified in the Axios library. Versions 1.14.1 and 0.30.4 were found to include a malicious dependency, plain-crypto-js, which executes a Remote Access Trojan (RAT) upon installation.

🔍 Detection Command

Run the following command from your root projects directory to scan all local repositories. This search prioritizes the "smoking gun" dependency (plain-crypto-js) and the compromised version numbers across all major lockfile formats.

grep -rE "plain-crypto-js|axios.*(1\.14\.1|0\.30\.4)" . \
 --include="*-lock.json" \
@rlnorthcutt
rlnorthcutt / 2026-haproxy-omnissa-blast-healthcheck.cfg
Last active March 12, 2026 15:35
HAProxy Onissa Horizons Config Example - advanced configuration for the custom “Blast” protocol with health checks
# --- FRONTEND CONFIGURATION ---
frontend ft_horizon_tcp_blast
# Blast protocol is tunneled on UAGs, running on port 8443 (external) vs. internal.
bind *:8443
default_backend bk_horizon_tcp_blast
# --- BACKEND CONFIGURATION ---
# 1. Dedicated Health Check Backend (The Source of Truth)
backend be_uag_https
mode http
@rlnorthcutt
rlnorthcutt / haproxy-shift-sheild-ingress-nginx.cfg
Created February 11, 2026 15:13
HAProxy shift and shield config (ingress nginx migration step)
#------------ Global and defaults ------------#
# Set performance tuning and security logging
# [Placeholder: Global/defaults for buffer sizes, timeouts]
#----- Frontend: accept and route traffic -----#
frontend main_ingress
bind :443 ssl crt /etc/haproxy/certs/
mode http
# Apply security policies at the edge
@rlnorthcutt
rlnorthcutt / haproxy-react2shell.cfg
Created December 10, 2025 16:28
HAProxy config - react2shell configuration
frontend www
...
# ensure buffer request is enabled
option http-buffer-request
# acls to detect react CVE
acl is_form_content req.hdr(Content-Type) -m sub multipart/form-data or req.hdr(Content-Type) -m sub application/x-www-form-urlencoded
acl header_has_cve_2025_55182 req.hdr(next-action) -m found or req.hdr(rsc-action-id) -m found
acl body_has_cve_2025_55182 req.body -m sub -i constructor prototype __proto__ _response:
@rlnorthcutt
rlnorthcutt / haproxy.cfg
Created October 7, 2025 14:53
HAProxy Full config for MCP Streaming HTTP
# /etc/haproxy/haproxy.cfg
global
log stdout format raw local0
defaults
mode http
timeout client 50000
timeout server 50000
timeout connect 5000
@rlnorthcutt
rlnorthcutt / mymodule.module
Created September 20, 2025 18:07
Drupal 10+ hook - delete (or unpublish) comment with Cyrillic characters
<?php
declare(strict_types=1);
use Drupal\Core\Entity\EntityInterface;
use Drupal\comment\CommentInterface;
/**
* Implements hook_ENTITY_TYPE_insert().
*
@rlnorthcutt
rlnorthcutt / basic.cfg
Last active May 20, 2025 19:48
Protecting Against SAP NetWeaver Vulnerability (CVE-2025-31324) with HAProxy
# Match both POST and PUT methods that could be used for uploads
acl is_upload method POST PUT
acl is_sap_uploader path -m beg /developmentserver/metadatauploader
# Block the requests
http-request deny deny_status 403 if is_upload is_sap_uploader
Add this configuration to your HAProxy frontend section that handles SAP NetWeaver traffic.
@rlnorthcutt
rlnorthcutt / devcontainer.json
Created May 9, 2025 18:58
Smallweb Devcontainer
// **What is this file?**
// This file is for use with the SmallWeb project, which is a lightweight web server
// and framework for building web applications. The purpose of this file is to
// define the development environment for a SmallWeb dev instance using
// Visual Studio Code's Remote - Containers feature.
// It specifies the configuration for the development container, including the base image,
// features, environment variables, and post-creation commands.Think of it as a recipe for
// creating a consistent and isolated development environment.
@rlnorthcutt
rlnorthcutt / gist:7eb7aeab085e4346329427091a4624f5
Created April 7, 2025 01:15
PocketBase Docs Sitemap April 2025
<?xml version="1.0" encoding="UTF-8"?>
<urlset
xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.sitemaps.org/schemas/sitemap/0.9
http://www.sitemaps.org/schemas/sitemap/0.9/sitemap.xsd">
<url>
<loc>https://pocketbase.io/</loc>
@rlnorthcutt
rlnorthcutt / 2025-load-balancing-vmware-horizons-udp-and-tcp-02.cfg
Last active February 26, 2026 16:50
HAProxy VMWare Horizons Config Example - Sample configuration using advanced options:
backend bk_horizon_tcp_blast
balance source
hash-type consistent sdbm
hash-key addr-port
hash-balance-factor 150
# Still tracking our central health backend server srv1
192.168.1.101:22443 track be_uag_health/srv1 server srv2
192.168.1.102:22443 track be_uag_health/srv2