{"id":4078,"date":"2014-01-20T16:20:51","date_gmt":"2014-01-20T14:20:51","guid":{"rendered":"http:\/\/skeletor.org.ua\/?p=4078"},"modified":"2024-06-25T10:48:15","modified_gmt":"2024-06-25T07:48:15","slug":"%d0%b7%d0%b0%d1%89%d0%b8%d1%82%d0%b0-%d0%be%d1%82-%d0%bd%d0%b5%d0%b1%d0%be%d0%bb%d1%8c%d1%88%d0%be%d0%b3%d0%be-ddosa","status":"publish","type":"post","link":"https:\/\/skeletor.org.ua\/?p=4078","title":{"rendered":"\u0417\u0430\u0449\u0438\u0442\u0430 \u043e\u0442 \u043d\u0435\u0431\u043e\u043b\u044c\u0448\u043e\u0433\u043e DDoS’a"},"content":{"rendered":"

\u0427\u0442\u043e \u0438\u043c\u0435\u0435\u043c: \u0435\u0441\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440 (8\u0413\u0431 \u043f\u0430\u043c\u044f\u0442\u0438, Intel(R) Xeon(R) CPU E31220 @ 3.10GHz<\/strong>) FreeBSD 8.4 Release amd64, \u0441\u0430\u0439\u0442 \u043d\u0430 php5.2, nginx+apache+mysql<\/strong>.<\/p>\n

\u041f\u0435\u0440\u0435\u0439\u0442\u0438 \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u043d\u0430 php-fpm<\/strong> \u043d\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u043e\u0441\u044c, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u043f\u0440\u0438\u0448\u043b\u043e\u0441\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0442\u044c\u0441\u044f \u043a\u0430\u043a \u0435\u0441\u0442\u044c. \u042d\u0442\u043e \u043f\u043e\u043c\u043e\u0436\u0435\u0442 \u043e\u0442\u0440\u0430\u0437\u0438\u0442\u044c \u043d\u0435\u0431\u043e\u043b\u044c\u0448\u0443\u044e syn flood<\/strong> \u0430\u0442\u0430\u043a\u0443.<\/p>\n

\u041d\u0438\u0436\u0435 \u0431\u0443\u0434\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0434\u0435\u043d\u044b \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u043d\u044b\u0435 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0434\u043b\u044f \u043e\u0442\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0430\u0442\u0430\u043a.<\/p>\n

<\/p>\n

1) \u0422\u044e\u043d\u0438\u043d\u0433 sysctl.<\/span><\/strong><\/p>\n

\/boot\/loader.conf<\/span><\/em>:<\/p>\n

kern.ipc.nmbclusters=65535
\nnet.inet.tcp.syncache.hashsize=1024
\nnet.inet.tcp.syncache.bucketlimit=100
\nnet.inet.tcp.tcbhashsize=4096<\/code><\/p>\n

\/etc\/sysctl.conf<\/span><\/em>:<\/p>\n

vfs.usermount=0
\nsecurity.bsd.see_other_uids=0
\nsecurity.bsd.see_other_gids=0
\nsecurity.bsd.hardlink_check_uid=1
\nsecurity.bsd.hardlink_check_gid=1
\nsecurity.bsd.conservative_signals=1
\nsecurity.bsd.unprivileged_proc_debug=0
\nsecurity.bsd.unprivileged_read_msgbuf=0
\nsecurity.bsd.unprivileged_get_quota=0
\nkern.ipc.somaxconn=32768
\nkern.ipc.maxsockets=204800
\nkern.ipc.maxsockbuf=2097152
\nkern.maxfiles=204800
\nkern.maxfilesperproc=200000
\nkern.random.sys.harvest.ethernet=0
\nkern.random.sys.harvest.interrupt=0
\nkern.random.sys.harvest.point_to_point=0
\nnet.link.ether.inet.max_age=1200
\nnet.link.ether.inet.log_arp_movements=0
\nnet.local.stream.sendspace=65536
\nnet.local.stream.recvspace=65536
\nnet.inet6.ip6.redirect=0
\nnet.inet.ip.portrange.first=1024
\nnet.inet.ip.portrange.last=65535
\nnet.inet.ip.fw.dyn_max=8192
\nnet.inet.ip.redirect=0
\nnet.inet.ip.sourceroute=0
\nnet.inet.ip.accept_sourceroute=0
\nnet.inet.ip.ttl=128
\nnet.inet.ip.random_id=1
\nnet.inet.ip.intr_queue_maxlen=4096
\nnet.inet.icmp.drop_redirect=1
\nnet.inet.icmp.bmcastecho=0
\nnet.inet.icmp.maskrepl=0
\nnet.inet.icmp.icmplim=50
\nnet.inet.icmp.log_redirect=0
\nnet.inet.udp.recvspace=65536
\nnet.inet.udp.maxdgram=57344
\nnet.inet.tcp.blackhole=2
\nnet.inet.udp.blackhole=1
\nnet.inet.tcp.log_in_vain=0
\nnet.inet.udp.log_in_vain=0
\nnet.inet.tcp.sendspace=64395
\nnet.inet.tcp.recvspace=64395
\nnet.inet.tcp.drop_synfin=1
\nnet.inet.tcp.syncookies=1
\nnet.inet.tcp.rfc1323=1
\nnet.inet.tcp.msl=15000
\nnet.inet.tcp.icmp_may_rst=0
\nnet.inet.tcp.sack.enable=0
\nnet.inet.tcp.finwait2_timeout=20000
\nnet.inet.tcp.fast_finwait2_recycle=1
\nnet.inet.tcp.sendbuf_max=16777216
\nnet.inet.tcp.recvbuf_max=16777216
\nnet.inet.tcp.maxtcptw=40960
\nnet.inet.tcp.sack.enable=0
\nnet.inet.tcp.delayed_ack=0
\nnet.inet.tcp.nolocaltimewait=1<\/code><\/p>\n

2) \u0424\u0430\u0439\u0435\u0440\u0432\u043e\u043b.<\/span><\/strong><\/p>\n

\u041f\u0440\u0438\u0448\u043b\u043e\u0441\u044c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0442\u044c \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0439 \u0441 \u043e\u0434\u043d\u043e\u0433\u043e IP<\/strong> \u0434\u043e 20 \u0448\u0442.<\/p>\n

ipfw add check-state
\n...
\nipfw add allow tcp from any to me 80, 443 limit src-addr 20 via ${LanOut}
\nipfw add allow tcp from 10.0.0.0\/8 to me 80, 443 via ${LanIn} # \u0434\u043b\u044f \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0445 \u044e\u0437\u0435\u0440\u043e\u0432
\nipfw deny tcp from any to me dst-port 80,443
\n...<\/code><\/p>\n

3) Nginx<\/span><\/strong><\/p>\n

– GeoIP<\/span><\/em><\/p>\n

\u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0441\u0430\u0439\u0442 \u0431\u044b\u043b \u0443\u043a\u0440\u0430\u0438\u043d\u043e\u044f\u0437\u044b\u0447\u043d\u044b\u043c, \u0442\u043e \u0440\u0435\u0448\u0435\u043d\u043e \u0431\u044b\u043b\u043e \u0432\u043d\u0435\u0434\u0440\u0438\u0442\u044c GeoIP<\/strong> (nginx<\/strong> \u043f\u0440\u0438\u0448\u043b\u043e\u0441\u044c \u043f\u0435\u0440\u0435\u0441\u043e\u0431\u0440\u0430\u0442\u044c \u0441 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u043e\u0439 \u044d\u0442\u043e\u0433\u043e \u043c\u043e\u0434\u0443\u043b\u044f) \u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0442\u044c \u0434\u043b\u044f UA, RU, US<\/strong> (\u0434\u043b\u044f \u0433\u0443\u0433\u043b\u043e\u0431\u043e\u0442\u043e\u0432 \u0438 \u043f\u0440\u043e\u0447\u0438\u0445 \u0431\u043e\u0442\u043e\u0432 bingo, yahoo<\/strong>,…).<\/p>\n

\u0421\u043a\u0430\u0447\u0438\u0432\u0430\u0435\u043c \u0441\u0432\u0435\u0436\u0438\u0435 \u0431\u0430\u0437\u044b GeoIP \u0438 \u0440\u0430\u0441\u043f\u0430\u043a\u043e\u0432\u044b\u0432\u0430\u0435\u043c:<\/p>\n

#mkdir \/usr\/local\/etc\/nginx\/geoip && cd \/usr\/local\/etc\/nginx\/geoip
\n#fetch http:\/\/geolite.maxmind.com\/download\/geoip\/database\/GeoLiteCountry\/GeoIP.dat.gz && gunzip GeoIP.dat.gz
\n#fetch http:\/\/geolite.maxmind.com\/download\/geoip\/database\/GeoLiteCity.dat.gz && gunzip GeoLiteCity.dat.gz
\n<\/code>
\n\u0414\u0430\u043b\u0435\u0435 \u0432 \/usr\/local\/etc\/nginx\/nginx.conf<\/strong> \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u0442\u0430\u043a\u043e\u0439 \u043a\u043e\u0434 \u0432 \u0440\u0430\u0437\u0434\u0435\u043b http<\/strong>:<\/p>\n

map $geoip_country_code $good_country {
\ndefault no;
\nUA yes;
\nRU yes;
\nUS yes;
\n}<\/code><\/p>\n

– nginx map<\/span><\/em><\/p>\n

\u0427\u0442\u043e \u0431\u044b \u0440\u0430\u0437\u0440\u0435\u0448\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u044e\u0437\u0435\u0440\u0430\u043c \u0438\u0437 \u043b\u043e\u043a\u0430\u043b\u043a\u0438 \u043d\u0443\u0436\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u0442\u044c map \u0434\u043b\u044f \u043d\u0443\u0436\u043d\u044b\u0445 IP’\u043e\u043a. \u0414\u043b\u044f \u044d\u0442\u043e\u0433\u043e \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u0442\u0430\u043a\u043e\u0439 \u043a\u043e\u0434 \u0432 \/usr\/local\/etc\/nginx\/nginx.conf<\/strong> \u0432 \u0440\u0430\u0437\u0434\u0435\u043b http<\/strong>:<\/p>\n

geo $net_geo {
\ndefault 0;
\n10.0.0.0\/8 yes;
\n127.0.0.0\/8 yes;
\n}<\/code><\/p>\n

– \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u0441\u0430\u0439\u0442\u0430<\/span><\/em><\/p>\n

\u0427\u0442\u043e \u0431\u044b \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 GeoIP + map<\/strong> \u0434\u043b\u044f \u043d\u0430\u0448\u0435\u0433\u043e \u0441\u0430\u0439\u0442\u0430, \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u0442\u0430\u043a\u043e\u0439 \u043a\u043e\u0434 \u0432 \u0440\u0430\u0437\u0434\u0435\u043b server<\/strong>:<\/p>\n


\nset $GOOD 0;
\nmap $good_country:$net_geo $GOOD {
\n\"yes\":\"yes\" '1';
\ndefault '0';
\n}
\nif ($GOOD = 0) {
\nreturn 444;
\n}
\n<\/code><\/p>\n

\u0418\u043b\u0438 \u0443\u0441\u0442\u0430\u0440\u0435\u0432\u0448\u0438\u0439 \u0432\u0430\u0440\u0438\u0430\u043d\u0442:<\/p>\n

set $GOOD 0;
\nif ($good_country = yes) {
\nset $GOOD 1;
\n}
\nif ($net_geo = yes) {
\nset $GOOD 1;
\n}
\nif ($GOOD = 0) {
\nreturn 444;
\n}<\/code><\/p>\n

– \u043f\u0440\u043e\u0447\u0438\u0435 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u0434\u043b\u044f nginx<\/span><\/em><\/p>\n

\u0412 \u0441\u0435\u043a\u0446\u0438\u0438 server<\/strong> \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c<\/p>\n

worker_rlimit_nofile  200000;
\nevents {
\nworker_connections 10240;
\nuse kqueue;
\n}
\n<\/code>
\n\u0412 \u0441\u0435\u043a\u0446\u0438\u0438 http<\/strong> \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c<\/p>\n

sendfile on;
\ntcp_nopush on;
\ntcp_nodelay on;
\nkeepalive_timeout 65;
\nreset_timedout_connection on;
\nclient_body_timeout 10;
\nclient_header_timeout 10;
\nsend_timeout 10;<\/code><\/p>\n

4) \u041f\u0440\u043e\u0447\u0438\u0435.<\/span><\/strong><\/p>\n

\u041c\u043e\u0436\u043d\u043e \u043d\u0430\u043f\u0438\u0441\u0430\u0442\u044c \u0441\u043a\u0440\u0438\u043f\u0442, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0431\u0443\u0434\u0435\u0442 \u043f\u0430\u0440\u0441\u0438\u0442\u044c netstat<\/strong> \u043d\u0430 \u043f\u0440\u0435\u0434\u043c\u0435\u0442 syn<\/strong> \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0439 \u0441 window size<\/strong> 0 \u0438 \u0431\u0430\u043d\u0438\u0442\u044c IP<\/strong>.<\/p>\n

\u0422\u0430\u043a \u0436\u0435 \u043f\u043e\u043b\u0435\u0437\u043d\u043e \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c access<\/strong>-\u043b\u043e\u0433\u0438 \u0432 apache\/nginx<\/strong>, \u0435\u0441\u043b\u0438 \u043e\u043d\u0438 \u043d\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0434\u043b\u044f \u043a\u0430\u043a\u043e\u0439-\u0442\u043e \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0438. \u0414\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u043c\u043e\u0436\u043d\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043a\u0435\u0448\u0435\u0440 (APC, eAccelerator<\/strong>, …) \u0438 \u0441\u043c\u043e\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u0430\u043f\u043a\u0443 \u0441 \u043a\u0435\u0448\u0435\u043c \u043a\u0430\u043a tmpfs<\/strong>. \u0414\u043b\u044f mysql<\/strong> tmp-\u043f\u0430\u043f\u043a\u0443 \u0442\u043e\u0436\u0435 \u0441\u043c\u043e\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432 tmpfs<\/strong>.<\/p>\n

\u041d\u0430\u0448\u0451\u043b \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u041f\u041e ( http:\/\/synflood-defender.net\/docs ) \u0442\u0438\u043f\u0430 \u0434\u043b\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u043e\u0442 \u0430\u0442\u0430\u043a, \u043d\u043e \u043d\u0435 \u0441\u0438\u043b\u044c\u043d\u043e \u0432\u0435\u0440\u044e, \u0447\u0442\u043e \u043e\u043d\u043e \u043f\u043e\u043c\u043e\u0436\u0435\u0442 ))<\/p>\n

\u041c\u043e\u0436\u043d\u043e \u043f\u043e\u043f\u0440\u043e\u0431\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u0441\u0442\u0430\u0432\u0438\u0442\u044c Varnish<\/a> \u0434\u043b\u044f \u043a\u0435\u0448\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u0442\u0440\u0430\u043d\u0438\u0446, \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e, \u0435\u0441\u043b\u0438 \u0431\u043e\u0442\u044b \u0437\u0430\u043f\u0440\u0430\u0448\u0438\u0432\u0430\u044e\u0442 \u043e\u0434\u043d\u0443 \u0438 \u0442\u0443 \u0436\u0435.<\/p>\n

5) \u0414\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u0430\u044f \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0430 \u0447\u0435\u0440\u0435\u0437 \u0444\u0430\u0439\u0435\u0440\u0432\u043e\u043b<\/span><\/strong><\/p>\n

pf:<\/p>\n

### block probes that can possibly determine our operating system by disallowing\n### certain combinations that are commonly used by nmap, queso and xprobe2, who\n### are attempting to fingerprint the server.\n### * F : FIN  - Finish; end of session\n### * S : SYN  - Synchronize; indicates request to start session\n### * R : RST  - Reset; drop a connection\n### * P : PUSH - Push; packet is sent immediately\n### * A : ACK  - Acknowledgement\n### * U : URG  - Urgent\n### * E : ECE  - Explicit Congestion Notification Echo\n### * W : CWR  - Congestion Window Reduced\nblock drop in quick on $ext_if proto tcp flags FUP\/WEUAPRSF\nblock drop in quick on $ext_if proto tcp flags WEUAPRSF\/WEUAPRSF\nblock drop in quick on $ext_if proto tcp flags SRAFU\/WEUAPRSF\nblock drop in quick on $ext_if proto tcp flags \/WEUAPRSF\nblock drop in quick on $ext_if proto tcp flags SR\/SR\nblock drop in quick on $ext_if proto tcp flags SF\/SF\n<\/pre>\n
ipfw:<\/p>\n
ipfw add deny tcp from any to any in via $ext_if tcpflags fin, syn, rst, psh, ack, urg\nipfw add deny tcp from any to any in via $ext_if tcpflags !fin, !syn, !rst, !psh, !ack, !urg\nipfw add deny tcp from any to any in via $ext_if not established tcpflags fin\nipfw add deny tcp from any to any not verrevpath in via $ext_if \n<\/pre>\n
\u0414\u043e\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435: \u043d\u0435\u043f\u043b\u043e\u0445\u043e\u0439 \u043f\u0440\u0438\u043c\u0435\u0440 \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438 \u0447\u0435\u0440\u0435\u0437 \u0444\u0430\u0439\u0435\u0440\u0432\u043e\u043b pf \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 country code https:\/\/it-notes.dragas.net\/2024\/06\/16\/freebsd-blocking-country-access\/<\/p>\n","protected":false},"excerpt":{"rendered":"
\u0427\u0442\u043e \u0438\u043c\u0435\u0435\u043c: \u0435\u0441\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440 (8\u0413\u0431 \u043f\u0430\u043c\u044f\u0442\u0438, Intel(R) Xeon(R) CPU E31220 @ 3.10GHz) FreeBSD 8.4 Release amd64, \u0441\u0430\u0439\u0442 \u043d\u0430 php5.2, nginx+apache+mysql. \u041f\u0435\u0440\u0435\u0439\u0442\u0438 \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u043d\u0430 php-fpm \u043d\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u043e\u0441\u044c, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u043f\u0440\u0438\u0448\u043b\u043e\u0441\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0442\u044c\u0441\u044f \u043a\u0430\u043a \u0435\u0441\u0442\u044c. \u042d\u0442\u043e \u043f\u043e\u043c\u043e\u0436\u0435\u0442 \u043e\u0442\u0440\u0430\u0437\u0438\u0442\u044c \u043d\u0435\u0431\u043e\u043b\u044c\u0448\u0443\u044e syn flood \u0430\u0442\u0430\u043a\u0443. \u041d\u0438\u0436\u0435 \u0431\u0443\u0434\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0434\u0435\u043d\u044b \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u043d\u044b\u0435 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0434\u043b\u044f \u043e\u0442\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0430\u0442\u0430\u043a.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,13],"tags":[],"class_list":["post-4078","post","type-post","status-publish","format-standard","hentry","category-freebsd","category-security"],"_links":{"self":[{"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/posts\/4078","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4078"}],"version-history":[{"count":8,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/posts\/4078\/revisions"}],"predecessor-version":[{"id":6400,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/posts\/4078\/revisions\/6400"}],"wp:attachment":[{"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4078"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4078"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4078"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}