Reject-www-data and sites with multiple addresses


#1

Hi,

I have the default ‘50-reject-www-data’ rule enabled. I have to add some sites (for example wordpress.com) to this file to allow things to work correctly.

Recently I’ve found that I can’t easily embed YouTube videos into WordPress posts. I’m pretty sure that this is because of the number of different IP addresses that ‘www.youtube.com’ can resolve to, whenever the firewall is reloaded all that gets put into the chain in the firewall is (I assume) the address that currently resolves as ‘www.youtube.com’.

Has anyone come up with any strategies to get around this? I could just disable the www-data reject completely, but it seems to me like a good thing to have in place.

Thanks

Andy


#2

Hi Andy,

Bytemark have made changes to the way they do things with WordPress recently. I have a dedicated server running Symbiosis and 50-reject-www-data is disabled.

Have a look at this document for how they suggest that WordPress sites are now set up.


#3

That’s a very useful document, thanks for the pointer.

Andy


#4

There are a few typos in that document, in the blocks of code that pipe ‘here’ documents into bash.

The blocks contain &lt; instead of a literal <.

I’ve added some feedback to the page, but thought I’d post it here in case it’s not seen.

Andy