<?xml version="1.0" encoding="ISO-8859-1"?>

<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/">
	<channel>
		<title>Forum du club des développeurs et IT Pro - Sécurité</title>
		<link>https://www.developpez.net/forums/</link>
		<description>Vos questions sur la sécurité sous Linux/Unix</description>
		<language>fr</language>
		<lastBuildDate>Tue, 14 Jul 2026 07:41:43 GMT</lastBuildDate>
		<generator>vBulletin</generator>
		<ttl>15</ttl>
		<image>
			<url>https://forum.developpez.be/images/misc/rss.png</url>
			<title>Forum du club des développeurs et IT Pro - Sécurité</title>
			<link>https://www.developpez.net/forums/</link>
		</image>
		<item>
			<title>Le certificat https neutralise le firewall UFW</title>
			<link>https://www.developpez.net/forums/showthread.php?t=2183481&amp;goto=newpost</link>
			<pubDate>Wed, 29 Apr 2026 11:36:07 GMT</pubDate>
			<description>Bonjour, 
 
Je tente de...</description>
			<content:encoded><![CDATA[<div>Bonjour,<br />
<br />
Je tente de bloquer un visiteur indésirable, qui fouille régulièrement mon site web, hébergé sur un VPS Linux Ubuntu, chez OVH Strasbourg.<br />
Son IP commence par 188.143.x.x, les deux derniers octets changent, d'une visite à l'autre.<br />
<br />
Je n'utilise jamais les ports par défaut.<br />
Dans le certificat ssl_gateway d'OVH, j'ai remplacé le port http 80 par le port 12345, et programmé Apache2 pour l'écouter.<br />
Ca fonctionne, c'est parfait !<br />
<br />
J'ai donc programmé une règle UFW<br />
ufw insert 4 deny from 188.143.0.0/16 to any port 12345 proto tcp<br />
<br />
Ok, elle apparaît bien dans la liste des ufw status numbered<br />
[ 4] Anywhere                   DENY IN     188.143.0.0/16<br />
Les trois premiers ne sont que des DENY du même genre.<br />
<br />
Ce matin, je constate qu'il passe toujours.<br />
<br />
Mon IP commence toujours par 111.222, que m'alloue mon FAI,<br />
telle que le révèle la superglobale PHP $_SERVER['REMOTE_ADDR']<br />
<br />
Intrigué, je me bloque moi-même en https, pour faire un test<br />
ufw insert 2 deny from 111.222.0.0/16 to any port 12345 proto tcp<br />
[ 2] 12345/tcp                  DENY IN     111.222.0.0/16<br />
<br />
Ensuite, je surfe sur mon VPS, auquel j'ai toujours accès, alors que je me suis interdit l'accès au port http.<br />
Même après un redémarrage d'Apache2 et d'UFW.<br />
<br />
Visiblement, la règle [2] DENY d'UFW ne me bloque pas du tout.<br />
Je me demande si ce n'est pas dû au certificat ssl gateway.<br />
Car mon nom de domaine monDomaine.be pointe sur le certificat, chez dns.be,<br />
qui, à son tour, désigne l'IP et le port http 12345 de mon VPS.<br />
<br />
Est ce que le certificat OVH ssl_gateway ne masquerait pas la véritable IP de mes visiteurs http, paralysant, ainsi, le firewall UFW ?<br />
Je ne parle pas des autres services (ssh, mysql, ...) qui ne sont pas concernés par le certificat.<br />
<br />
Alors que pourtant la superglobale PHP $_SERVER['REMOTE_ADDR'] la détecte bien.<br />
Pour qu'il la détecte, je me souviens d'avoir du installer (il y a quatre ans) un fichier dans la config de PHP<br />
Sans quoi, tous mes visiteurs avaient la REMOTE_ADDR du certificat.<br />
<br />
Comment configurer UFW pour qu'il filtre les demandes en HTTP sur base de l'IP réelle du visiteur ?<br />
Afin de bloquer les &#128023; qui &#128061;fouillent impunément mon site web.<br />
Si PHP affiche bien l'IP réelle du visiteur, UFW doit aussi pouvoir y avoir accès.<br />
<br />
Merci.<br />
Christian.</div>

]]></content:encoded>
			<category domain="https://www.developpez.net/forums/f331/systemes/linux/securite/">Sécurité</category>
			<dc:creator>cmascart</dc:creator>
			<guid isPermaLink="true">https://www.developpez.net/forums/d2183481/systemes/linux/securite/certificat-https-neutralise-firewall-ufw/</guid>
		</item>
		<item>
			<title>Problème bizarre ce matin</title>
			<link>https://www.developpez.net/forums/showthread.php?t=2181045&amp;goto=newpost</link>
			<pubDate>Fri, 19 Dec 2025 11:37:54 GMT</pubDate>
			<description><![CDATA[Bonjour, 
 
D'habitude j'ai...]]></description>
			<content:encoded><![CDATA[<div>Bonjour,<br />
<br />
D'habitude j'ai ça, après un <span style="font-family: monospace; padding: 2px; background: #ddd; display: inline-block"><span style="color: #0080ff;">ps</span> ax</span> :<br />
<div class="bbcode_container">
	<div class="bbcode_description">Code:</div>
	<hr /><code class="bbcode_code"><table cellspacing="0" cellpadding="0"><tr><td valign="top" width="33"><div style="border: 1px dashed gray; padding-left: 5px; padding-right: 5px; margin-right: 5px; text-align: right; font-family: monospace">1<br />2<br />3<br />4<br />5<br />6<br />7<br />8<br />9<br />10<br />11<br />12<br />13<br />14<br />15<br />16<br /></div></td><td valign="top"><pre style="margin: 0">   ...
   <span style="color: #cc66cc;">1342</span> ?        Ss     <span style="color: #cc66cc;">0</span>:00 <span style="color: black">/</span>usr<span style="color: black">/</span>sbin<span style="color: black">/</span>cupsd <span style="color: #339933;">-l</span>
   <span style="color: #cc66cc;">1347</span> ?        Sl     <span style="color: #cc66cc;">0</span>:00 package-update-indicator
   <span style="color: #cc66cc;">1364</span> ?        Ssl    <span style="color: #cc66cc;">0</span>:00 <span style="color: black">/</span>usr<span style="color: black">/</span>libexec<span style="color: black">/</span>colord
   <span style="color: #cc66cc;">1380</span> ?        Ssl    <span style="color: #cc66cc;">0</span>:00 <span style="color: black">/</span>usr<span style="color: black">/</span>libexec<span style="color: black">/</span>upowerd
   <span style="color: #cc66cc;">1395</span> ?        Ssl    <span style="color: #cc66cc;">0</span>:00 <span style="color: black">/</span>usr<span style="color: black">/</span>libexec<span style="color: black">/</span>gvfs-udisks2-volume-monitor
   <span style="color: #cc66cc;">1407</span> ?        Ssl    <span style="color: #cc66cc;">0</span>:00 <span style="color: black">/</span>usr<span style="color: black">/</span>libexec<span style="color: black">/</span>gvfs-afc-volume-monitor
   <span style="color: #cc66cc;">1413</span> ?        Ssl    <span style="color: #cc66cc;">0</span>:00 <span style="color: black">/</span>usr<span style="color: black">/</span>libexec<span style="color: black">/</span>gvfs-gphoto2-volume-monitor
   <span style="color: #cc66cc;">1418</span> ?        Ssl    <span style="color: #cc66cc;">0</span>:00 <span style="color: black">/</span>usr<span style="color: black">/</span>libexec<span style="color: black">/</span>gvfs-goa-volume-monitor
   <span style="color: #cc66cc;">1423</span> ?        Ssl    <span style="color: #cc66cc;">0</span>:00 <span style="color: black">/</span>usr<span style="color: black">/</span>libexec<span style="color: black">/</span>gvfs-mtp-volume-monitor
   <span style="color: #cc66cc;">1429</span> ?        Ssl    <span style="color: #cc66cc;">0</span>:00 <span style="color: black">/</span>usr<span style="color: black">/</span>libexec<span style="color: black">/</span>packagekitd
   <span style="color: #cc66cc;">1434</span> ?        Sl     <span style="color: #cc66cc;">0</span>:00 <span style="color: black">/</span>usr<span style="color: black">/</span>libexec<span style="color: black">/</span>gvfsd-trash <span style="color: #339933;">--spawner</span> :<span style="color: #cc66cc;">1.9</span> <span style="color: black">/</span>org<span style="color: black">/</span>gtk<span style="color: black">/</span>gvfs<span style="color: black">/</span>exec_spaw<span style="color: black">/</span><span style="color: #cc66cc;">0</span>
   <span style="color: #cc66cc;">1458</span> ?        Sl     <span style="color: #cc66cc;">0</span>:00 <span style="color: black">/</span>usr<span style="color: black">/</span>lib<span style="color: black">/</span>menu-cache<span style="color: black">/</span>menu-cached <span style="color: black">/</span>run<span style="color: black">/</span>user<span style="color: black">/</span><span style="color: #cc66cc;">0</span><span style="color: black">/</span>menu-cached-:<span style="color: #cc66cc;">0</span>
   <span style="color: #cc66cc;">1542</span> ?        Sl     <span style="color: #cc66cc;">0</span>:00 lxterminal
   <span style="color: #cc66cc;">1545</span> pts<span style="color: black">/</span><span style="color: #cc66cc;">0</span>    Ss     <span style="color: #cc66cc;">0</span>:00 <span style="color: #0080ff;">bash</span>
   <span style="color: #cc66cc;">1629</span> pts<span style="color: black">/</span><span style="color: #cc66cc;">0</span>    R+     <span style="color: #cc66cc;">0</span>:00 <span style="color: #0080ff;">ps</span> ax</pre></td></tr></table></code><hr />
</div>qui m'inspire confiance.<br />
Le problème aujourd'hui c'est quand je lance le navigareur FireFox, car 3 fenêtres apparaissent en haut à droite de l'écran :<br />
<br />
<img src="https://www.developpez.net/forums/attachments/p672653d1766143959/systemes/linux/securite/probleme-bizarre-matin/3alertes.png/" border="0" alt="Nom : 3alertes.png
Affichages : 320
Taille : 44,5 Ko"  style="float: CONFIG" /><br />
<br />
qui n'inspirent pas du tout confiance !<br />
<br />
Jusqu'à hier tout allait bien, alors que faire sous Linux Debian 12.12 ? <br />
<br />
Il n'y a rien de particulier dans <span style="font-family: monospace; padding: 2px; background: #ddd; display: inline-block"><span style="color: black">/</span>usr<span style="color: black">/</span>share<span style="color: black">/</span>applications</span>, voilà les fichiers les plus récents :<br />
<div class="bbcode_container">
	<div class="bbcode_description">Code:</div>
	<hr /><code class="bbcode_code"><table cellspacing="0" cellpadding="0"><tr><td valign="top" width="26"><div style="border: 1px dashed gray; padding-left: 5px; padding-right: 5px; margin-right: 5px; text-align: right; font-family: monospace">1<br />2<br />3<br /></div></td><td valign="top"><pre style="margin: 0"><span style="color: #339933;">-rw-r--r--</span> <span style="color: #cc66cc;">1</span>  <span style="color: #cc66cc;">3826</span>  <span style="color: #cc66cc;">9</span> d&eacute;c.  <span style="color: #cc66cc;">23</span>:02 firefox-esr.desktop
<span style="color: #339933;">-rw-r--r--</span> <span style="color: #cc66cc;">1</span>  <span style="color: #cc66cc;">9692</span> <span style="color: #cc66cc;">11</span> d&eacute;c.  <span style="color: #cc66cc;">11</span>:<span style="color: #cc66cc;">10</span> thunderbird.desktop
<span style="color: #339933;">-rw-r--r--</span> <span style="color: #cc66cc;">1</span> <span style="color: #cc66cc;">26910</span> <span style="color: #cc66cc;">14</span> d&eacute;c.  <span style="color: #cc66cc;">18</span>:<span style="color: #cc66cc;">10</span> mimeinfo.cache</pre></td></tr></table></code><hr />
</div>Le lancement de FF se situant là-dedans : <span style="font-family: monospace; padding: 2px; background: #ddd; display: inline-block"><span style="color: black">/</span>usr<span style="color: black">/</span>lib<span style="color: black">/</span>firefox-esr</span>,<br />
j'y jette un coup d'œil mais ça n'est pas intéressant : voilà ce que montre un <span style="font-family: monospace; padding: 2px; background: #ddd; display: inline-block"><span style="color: #0080ff;">ps</span> ax</span> :<br />
<div class="bbcode_container">
	<div class="bbcode_description">Code:</div>
	<hr /><code class="bbcode_code"><table cellspacing="0" cellpadding="0"><tr><td valign="top" width="33"><div style="border: 1px dashed gray; padding-left: 5px; padding-right: 5px; margin-right: 5px; text-align: right; font-family: monospace">1<br />2<br />3<br />4<br />5<br />6<br />7<br />8<br />9<br />10<br />11<br />12<br />13<br />14<br />15<br />16<br />17<br />18<br />19<br />20<br />21<br /></div></td><td valign="top"><pre style="margin: 0">   ...
   <span style="color: #cc66cc;">1687</span> ?        Sl     <span style="color: #cc66cc;">0</span>:01 leafpad <span style="color: black">&lt;&lt;&lt;</span> lanc&eacute; par moi pour prendre des notes
   <span style="color: #cc66cc;">2337</span> ?        I      <span style="color: #cc66cc;">0</span>:00 <span style="color: black">&#91;</span>kworker<span style="color: black">/</span><span style="color: #cc66cc;">0</span>:<span style="color: #cc66cc;">2</span>-events<span style="color: black">&#93;</span>
   <span style="color: #cc66cc;">2571</span> ?        I      <span style="color: #cc66cc;">0</span>:00 <span style="color: black">&#91;</span>kworker<span style="color: black">/</span>u2:<span style="color: #cc66cc;">0</span>-events_unbound<span style="color: black">&#93;</span>
   <span style="color: #cc66cc;">2572</span> ?        I      <span style="color: #cc66cc;">0</span>:00 <span style="color: black">&#91;</span>kworker<span style="color: black">/</span>u2:<span style="color: #cc66cc;">1</span>-ext4-rsv-conversion<span style="color: black">&#93;</span>
   <span style="color: #cc66cc;">3022</span> ?        I      <span style="color: #cc66cc;">0</span>:00 <span style="color: black">&#91;</span>kworker<span style="color: black">/</span><span style="color: #cc66cc;">0</span>:<span style="color: #cc66cc;">1</span>-events<span style="color: black">&#93;</span>
   <span style="color: #cc66cc;">3036</span> ?        I      <span style="color: #cc66cc;">0</span>:00 <span style="color: black">&#91;</span>kworker<span style="color: black">/</span><span style="color: #cc66cc;">0</span>:<span style="color: #cc66cc;">3</span>-events<span style="color: black">&#93;</span>
   <span style="color: #cc66cc;">3057</span> pts<span style="color: black">/</span><span style="color: #cc66cc;">0</span>    Sl+    <span style="color: #cc66cc;">0</span>:04 <span style="color: black">/</span>usr<span style="color: black">/</span>lib<span style="color: black">/</span>firefox-esr<span style="color: black">/</span>firefox-esr
   <span style="color: #cc66cc;">3062</span> ?        Sl     <span style="color: #cc66cc;">0</span>:00 <span style="color: black">/</span>usr<span style="color: black">/</span>lib<span style="color: black">/</span>firefox-esr<span style="color: black">/</span>crashhelper <span style="color: #cc66cc;">3057</span> <span style="color: #cc66cc;">9</span> <span style="color: black">/</span>tmp<span style="color: black">/</span> <span style="color: #cc66cc;">11</span>
   <span style="color: #cc66cc;">3115</span> pts<span style="color: black">/</span><span style="color: #cc66cc;">0</span>    Sl+    <span style="color: #cc66cc;">0</span>:00 <span style="color: black">/</span>usr<span style="color: black">/</span>lib<span style="color: black">/</span>firefox-esr<span style="color: black">/</span>firefox-esr <span style="color: #339933;">-contentproc</span> <span style="color: #339933;">-parentBuildID</span> <span style="color: #cc66cc;">20251201132345</span> <span style="color: #339933;">-prefsHandle</span> <span style="color: #cc66cc;">0</span>:
   <span style="color: #cc66cc;">3116</span> ?        Ss     <span style="color: #cc66cc;">0</span>:00 <span style="color: black">/</span>lib<span style="color: black">/</span>systemd<span style="color: black">/</span>systemd-timedated
   <span style="color: #cc66cc;">3133</span> pts<span style="color: black">/</span><span style="color: #cc66cc;">0</span>    Sl+    <span style="color: #cc66cc;">0</span>:00 <span style="color: black">/</span>usr<span style="color: black">/</span>lib<span style="color: black">/</span>firefox-esr<span style="color: black">/</span>firefox-esr <span style="color: #339933;">-contentproc</span> <span style="color: #339933;">-isForBrowser</span> <span style="color: #339933;">-prefsHandle</span> <span style="color: #cc66cc;">0</span>:<span style="color: #cc66cc;">41407</span> <span style="color: #339933;">-prefMapHa</span>
   <span style="color: #cc66cc;">3137</span> pts<span style="color: black">/</span><span style="color: #cc66cc;">0</span>    Sl+    <span style="color: #cc66cc;">0</span>:00 <span style="color: black">/</span>usr<span style="color: black">/</span>lib<span style="color: black">/</span>firefox-esr<span style="color: black">/</span>firefox-esr <span style="color: #339933;">-contentproc</span> <span style="color: #339933;">-parentBuildID</span> <span style="color: #cc66cc;">20251201132345</span> <span style="color: #339933;">-prefsHandle</span> <span style="color: #cc66cc;">0</span>:
   <span style="color: #cc66cc;">3175</span> pts<span style="color: black">/</span><span style="color: #cc66cc;">0</span>    Sl+    <span style="color: #cc66cc;">0</span>:00 <span style="color: black">/</span>usr<span style="color: black">/</span>lib<span style="color: black">/</span>firefox-esr<span style="color: black">/</span>firefox-esr <span style="color: #339933;">-contentproc</span> <span style="color: #339933;">-isForBrowser</span> <span style="color: #339933;">-prefsHandle</span> <span style="color: #cc66cc;">0</span>:<span style="color: #cc66cc;">50445</span> <span style="color: #339933;">-prefMapHa</span>
   <span style="color: #cc66cc;">3223</span> pts<span style="color: black">/</span><span style="color: #cc66cc;">0</span>    Sl+    <span style="color: #cc66cc;">0</span>:00 <span style="color: black">/</span>usr<span style="color: black">/</span>lib<span style="color: black">/</span>firefox-esr<span style="color: black">/</span>firefox-esr <span style="color: #339933;">-contentproc</span> <span style="color: #339933;">-parentBuildID</span> <span style="color: #cc66cc;">20251201132345</span> <span style="color: #339933;">-sandboxingKind</span>
   <span style="color: #cc66cc;">3225</span> pts<span style="color: black">/</span><span style="color: #cc66cc;">0</span>    Sl+    <span style="color: #cc66cc;">0</span>:00 <span style="color: black">/</span>usr<span style="color: black">/</span>lib<span style="color: black">/</span>firefox-esr<span style="color: black">/</span>firefox-esr <span style="color: #339933;">-contentproc</span> <span style="color: #339933;">-isForBrowser</span> <span style="color: #339933;">-prefsHandle</span> <span style="color: #cc66cc;">0</span>:<span style="color: #cc66cc;">42882</span> <span style="color: #339933;">-prefMapHa</span>
   <span style="color: #cc66cc;">3247</span> pts<span style="color: black">/</span><span style="color: #cc66cc;">0</span>    Sl+    <span style="color: #cc66cc;">0</span>:00 <span style="color: black">/</span>usr<span style="color: black">/</span>lib<span style="color: black">/</span>firefox-esr<span style="color: black">/</span>firefox-esr <span style="color: #339933;">-contentproc</span> <span style="color: #339933;">-isForBrowser</span> <span style="color: #339933;">-prefsHandle</span> <span style="color: #cc66cc;">0</span>:<span style="color: #cc66cc;">42939</span> <span style="color: #339933;">-prefMapHa</span>
   <span style="color: #cc66cc;">3249</span> pts<span style="color: black">/</span><span style="color: #cc66cc;">0</span>    Sl+    <span style="color: #cc66cc;">0</span>:00 <span style="color: black">/</span>usr<span style="color: black">/</span>lib<span style="color: black">/</span>firefox-esr<span style="color: black">/</span>firefox-esr <span style="color: #339933;">-contentproc</span> <span style="color: #339933;">-isForBrowser</span> <span style="color: #339933;">-prefsHandle</span> <span style="color: #cc66cc;">0</span>:<span style="color: #cc66cc;">42939</span> <span style="color: #339933;">-prefMapHa</span>
   <span style="color: #cc66cc;">3371</span> pts<span style="color: black">/</span><span style="color: #cc66cc;">1</span>    Ss     <span style="color: #cc66cc;">0</span>:00 <span style="color: #0080ff;">bash</span>
   <span style="color: #cc66cc;">3403</span> pts<span style="color: black">/</span><span style="color: #cc66cc;">0</span>    Sl+    <span style="color: #cc66cc;">0</span>:00 <span style="color: black">/</span>usr<span style="color: black">/</span>lib<span style="color: black">/</span>firefox-esr<span style="color: black">/</span>firefox-esr <span style="color: #339933;">-contentproc</span> <span style="color: #339933;">-isForBrowser</span> <span style="color: #339933;">-prefsHandle</span> <span style="color: #cc66cc;">0</span>:<span style="color: #cc66cc;">42939</span> <span style="color: #339933;">-prefMapHa</span>
   <span style="color: #cc66cc;">3423</span> pts<span style="color: black">/</span><span style="color: #cc66cc;">1</span>    R+     <span style="color: #cc66cc;">0</span>:00 <span style="color: #0080ff;">ps</span> ax</pre></td></tr></table></code><hr />
</div>Ce qui est amusant, c'est le comportement du machin : tout à l'heure il m'a balancé 3 fenêtres en même temps, j'ai rebooté et là il a pris son temps pour en afficher une, puis encore du temps pour la deuxième et enfin encore du temps pour la troisième.<br />
<br />
Si quelqu'un a une solution...<br />
<br />
PS : les images ne sont pas toujours les mêmes.</div>


	<div style="padding:10px">

	

	
		<fieldset class="fieldset">
			<legend>Images attachées</legend>
				<div style="padding:10px">
				<img class="attach" src="https://www.developpez.net/forums/attachments/p672653d1766143959/systemes/linux/securite/probleme-bizarre-matin/3alertes.png/" alt="" />&nbsp;
			</div>
		</fieldset>
	

	

	

	</div>
]]></content:encoded>
			<category domain="https://www.developpez.net/forums/f331/systemes/linux/securite/">Sécurité</category>
			<dc:creator>Jipété</dc:creator>
			<guid isPermaLink="true">https://www.developpez.net/forums/d2181045/systemes/linux/securite/probleme-bizarre-matin/</guid>
		</item>
		<item>
			<title>comment faire en sortes que les fichiers php.bak ne soient pas téléchargeable ?</title>
			<link>https://www.developpez.net/forums/showthread.php?t=2180038&amp;goto=newpost</link>
			<pubDate>Thu, 23 Oct 2025 09:24:43 GMT</pubDate>
			<description>bonjour, 
 
sur certains cms,...</description>
			<content:encoded><![CDATA[<div>bonjour,<br />
<br />
sur certains cms, je crée un .bak des fichiers de config .php (où ya le mdp en clair de la bdd/admin...etc).<br />
comment faire en sortes que le .bak ne soient pas téléchargeable via le navigateur (si par malchance un pirate le cherche)?<br />
<br />
merci de votre conseil.</div>

]]></content:encoded>
			<category domain="https://www.developpez.net/forums/f331/systemes/linux/securite/">Sécurité</category>
			<dc:creator>clavier12AZQSWX</dc:creator>
			<guid isPermaLink="true">https://www.developpez.net/forums/d2180038/systemes/linux/securite/faire-sortes-fichiers-php-bak-ne-soient-telechargeable/</guid>
		</item>
	</channel>
</rss>
