Tools

Site Scanners and Online Tools

This is a list of a few online tools I often use to audit for both security and speed of a site.

SSL LABS

https://www.ssllabs.com/ssltest/ – SSL Labs will determine how secure the settings are on HTTPS settings of a server.  Check https://mozilla.github.io/server-side-tls/ssl-config-generator/ for way more information then you ever wanted to know about TLS and get help with some boiler plate for the web server of choice to get a good security setup.

SECURITY HEADERS IO

https://securityheaders.io – SSL Labs is good for servers, but not for browsers.  Securityheaders.io will give you HTTP Headers to set to help protect the browser from itself.

YELLOW LAB TOOLS

http://yellowlab.tools – Yellowlabs is my goto tool to audit a website and determine bottle necks from a front end point of view.  I like it more then other tools as it is gives the most human readable information on how to fix the issues that it finds.  It also does a good job on focusing on whats current, and not the “new shiny” things like lighthouse.  A docker image is also available to run so you do not have to wait in line.  https://github.com/jguyomard/docker-yellowlabtools

Errors

WordPress – Sorry, you are not allowed to access this page

Just got done with many hours of fighting wordpress and its “Sorry, you are not allowed to access this page” generic output after doing some HTTPS update settings.  Turns out I had the drupal expected setting in haproxy and not the wordpress one.  Ensure you are passing the following is using haproxy

backend backend-default
  http-request add-header HTTP_X_FORWARDED_PROTO https