Search Results

Search found 944 results on 38 pages for 'exposed'.

Page 13/38 | < Previous Page | 9 10 11 12 13 14 15 16 17 18 19 20  | Next Page >

  • modsecurity apache mod-security.conf missing

    - by TechMedicNYC
    Greetings Serverfaultians. I'm not a server guy as you can see from my noob score of 1 point. But maybe those more versed can help me. I'm using Ubuntu v13.10 32-bit Server and Apache2 v2.4.6 and I'm trying to set up and configure modsecurity and modevasive on an internet-exposed production/test server. I am trying to follow this tutorial: http://www.thefanclub.co.za/how-to/how-install-apache2-modsecurity-and-modevasive-ubuntu-1204-lts-server. But at step 3: Now add these rules to Apache2. Open a terminal window and enter: sudo vi /etc/apache2/mods-available/mod-security.conf This file does not exist. Any suggestions?

    Read the article

  • I need something substantial to do [on hold]

    - by Christian Delapena
    I'm a 19 year old computer geek who was recently exposed to Linux. I know quite a bit of it now and would like to do something substantial with it. I've visited websites like openhatch where you can get started on opensource projects but I'm more interested in something Linux-specific like hosting a website or tracking some important operation. Maybe running a script that will give me data on something important. I don't know. I'm essentially bored and I want to put my knowledge and love of Linux to good use. Someone please point me in the right direction.

    Read the article

  • Using IIS7 as a reverse proxy

    - by Jon
    Hi All, My question is pretty much identical to the question listed but they did not get an answer as they ended up using Linux as the reverse proxy. http://serverfault.com/questions/55309/using-iis7-as-a-reverse-proxy I need to have IIS the main site and linux (Apache) being the proxied site(s). so I have site1.com (IIS7) site2.com (Linux Apache) they have subdomains of sub1.site1.com sub2.site1.com sub3.site2.com I want all traffic to go to site1.com and to say anything that is site2.com should be proxied to linux box on internal network, (believe ARR can do this but not sure how). I can not have it running as Apache doing the proxying as I need IIS exposed directly. any and all advice would be great. Thanks

    Read the article

  • Apache: Setting up a reverse proxy configuration with SSL with url rewriting

    - by user1172468
    There is a host: secure.foo.com that exposes a webservice using https I want to create a reverse proxy using Apache that maps a local http port on a server internal.bar.com to the https service exposed by secure.foo.com Since it a web service I need to map all urls so that a path: https://secure.foo.com/some/path/123 is accessible by going to: http://internal.bar.com/some/path/123 Thanks. I've gotten this far: <VirtualHost *:80> ServerName gnip.measr.com SSLProxyEngine On ProxyPass / https://internal.bar.com/ </VirtualHost> I think this is working except for the url rewriting. Some resources I've found on this are: Setting up a complex Apache reverse proxy Apache as reverse proxy for https server

    Read the article

  • NVRAM for journals on Linux?

    - by symcbean
    I've been thinking about ways of speeding up disk I/O, and one of the bottlenecks I keep coming back to is the journal. There's an obvious benefit to using an SSD for the journal - over and above just write caching unless of course I just disable the journal with the write cache (after all devicemapper doesn't seem to support barriers). In order to get the benefits from using a BB write cache on the controller, then I'd need to disable journalling - but then the OS should try to fsck the system after an outage. Of course if the OS knows what's in the batter-backed memory then it could use it as the journal - but that means it must be exposed as a block device and only be under the control of the operating system. However I've not been able to find a suitable low-cost device (no, write-levelling for Flash is not adequate for a journal, at least one which uses Smartmedia). While there's no end of flash devices, disk/array controllers with BB write caches, so far I've not found anything which just gives me non-volatile memory addressable as a block storage device.

    Read the article

  • Securing RDP access to Windows Server 2008 R2: is Network Level Authentication enough?

    - by jamesfm
    I am a dev with little admin expertise, administering a single dedicated web server remotely. A recent independent security audit of our site recommended that "RDP is not exposed to the Internet and that a robust management solution such as a VPN is considered for remote access. When used, RDP should be configured for Server Authentication to ensure that clients cannot be subjected to man-in-the-middle attacks." Having read around a bit, it seems like Network Level Authentication is a Good Thing so I have enabled the "Allow connections only from Remote Desktop with NLA" option on the server today. Is this acion enough to mitigate the risk of a Man-in-the-Middle attack? Or are there other essential steps I should be taking? If VPN is essential, how do I go about it?

    Read the article

  • how to run an AFS file server on a specific ethernet card (in Debian)

    - by listboss
    I have a linux box running Debian server with minimal number of packages (so no GUI for network management). The box has two ethernet cards, one of which (eth0) is connected to a Mac OSX computer using a cross-cable. I can bring up eth0 and assign a static ip (10.10.11.16) to it. This way I can ssh to the box through the cross-cable. This is what I run on Linux box: ifconfig eth0 10.10.11.16 netmask 255.255.255.0 up I also installed/started a file server (AFS) on Debian. So far, the file server can only be accessed through eth1 which is exposed to my home LAN and www. My goal is to set up the file server so that it's only visible through eth0. Is this possible? and if yes, how can I do it?

    Read the article

  • Get the "source network address" in Event ID 529 audit entries on Windows XP

    - by Make it useful Keep it simple
    In windows server 2003 when an Event 529 (logon failure) occures with a logon type of 10 (remote logon), the source network IP address is recorded in the event log. On a windows XP machine, this (and some other details) are omitted. If a bot is trying a brute force over RDP (some of my XP machines are (and need to be) exposed with a public IP address), i cannot see the originating IP address so i don't know what to block (with a script i run every few minutes). The DC does not log this detail either when the logon attempt is to the client xp machine and the DC is only asked to authenticate the credentials. Any help getting this detail in the log would be appreciated.

    Read the article

  • Active DFS node did not restore after failure

    - by Mark Henderson
    On Tuesday we had a Server 2008 R2 DFS-R node go offline unexpectedly. DFS did the right thing and started routing requests to a different node, which was in a remote site. This is by design, because even though it's slow, at least it's still working. We had the local DFS-R node back online within an hour, and it had synced all its changes 10 minutes after that. 3 of the 5 terminal servers reset themselves to the local DFS node, but the other two stayed pointing at the remote DFS node for three days, until someone finally piped up about how slow requests were. What reasons could there be why some, but not all, of the server reverted? Is the currently active DFS node for a namespace exposed anywhere in the OS (WMI, or even scripts) so that we can monitor the active nodes?

    Read the article

  • media is write protected when using diskshadow.exe, start-bitstransfer powershell cmdlet

    - by Aaron - Solution Evangelist
    i am trying to use the powershell start-bitstransfer cmdlets to transfer a file i have exposed using a vss snapshot (via diskshadow), but unfortunately i am receiving the following error: Start-BitsTransfer : The media is write protected. At line:1 char:49 + Import-CSV c:\hda1\bits.txt | start-bitstransfer <<<< -transfertype upload -Authentication "Basic" -Credential $cred + CategoryInfo : InvalidOperation: (:) [Start-BitsTransfer], Exception + FullyQualifiedErrorId : StartBitsTransferCOMException,Microsoft.BackgroundIntelligentTransfer.Management.NewBits TransferCommand we really want to utilize the bits endpoint we are attempting to transfer the files to. is there any other way we can go about this (aside from copying the files elsewhere first, unless we can copy one slice at a time and transfer that)?

    Read the article

  • Is there an encrypted write-only file system for Linux?

    - by Grumbel
    I am searching for an encrypted filesystem for Linux that can be mounted in a write-only mode, by that I mean you should be able to mount it without supplying a password, yet still be able to write/append files, but neither should you be able to read the files you have written nor read the files already on the filesystem. Access to the files should only be given when the filesystem is mounted via the password. The purpose of this is to write log files or similar data that is only written, but never modified, without having the files themselves be exposed. File permissions don't help here as I want the data to be inaccessible even when the system is fully compromised. Does such a thing exist on Linux? Or if not, what would be the best alternative to create encrypted log files? My current workaround consists of simply piping the data through gpg --encrypt, which works, but is very cumbersome, as you can't easily get access to the filesystem as a whole, you have to pipe each file through gpg --decrypt manually.

    Read the article

  • Storage setup for large files

    - by Mecca
    I need to store over 200TB of data (all types, biggest being video files) and be able to access it over a local network. The files will be accessed for editing or searches. I don't need versioning, but a setup that would keep me safe from harddrive failures would be nice. Right now the content is on different harddrives, some external drives, some regular. I don't exclude the possibility of buying new/extra drives if necessary. If they will ever be exposed to the web, it wont be to the public, but just a couple of people. I have no idea what to buy to make this happen. I see some NAS solutions over the internet like this http://www.bestbuy.com/site/a/2266043.p?id=1218317764591&skuId=2266043 but the storage is not enough, plus it doesn't seem to be scalable. What do you recommend? Thanks

    Read the article

  • Prevent machine in a LAN from receiving a remote shutdown

    - by WebDevHobo
    I'm probably just overreacting, but I recently came across a LAN-scanner that showed me the option "remote shutdown", for all found computers on the scanned network. Now, how exactly does this work? If I send such a message, will the shutdown happen no matter what, or is it required to have the password/user-name of the user of that other computer. Mostly I'm wondering: can this be done to me and how do I prevent it? EDIT: what's more, I had the scanner check for shares. The result being this: Double clicking the links opens them in explorer, basically meaning my entire C and F drive(only 2 HD's I have) are completely exposed to anyone in my LAN. Or can I open these because it's my own machine?

    Read the article

  • How to write a ProxyPass rule to go from HTTPS to HTTP in IIRF

    - by Keith Nicholas
    I have a server which is running a web app that self serves HTTP. I'm wanting to use IIS6 (on the same server) to provide a HTTPS layer to this web app. From what I can tell doing a reverse proxy will allow me to do this. IIRF seems like the tool to do this job. There are no domain names involved.... its all ip numbers. So I think I want :- https:<ipnumber>:5001 to send all its requests to the same server but on a different port and use HTTP ( not exposed to the net ) http:<ipnumber>:5000 but not sure how to go about it with IIRF, I'm not entirely sure how to write the rules? I think I need to make a virtual web app on 5001 using HTTPS? then add a rules file.

    Read the article

  • cluster of services and restarting on package upgrade

    - by Marcin Cylke
    I'm using puppet to manage a bunch of servers. Those servers run a simple service - exposed to the world via load balancer. That service's instances are independent in that they can run on their own, are are deployed on multiple servers to increase responsiveness. Now, when I push a new package to repo and puppet catches up with it appearing there it just updates this package on all services. This results in a short downtime of entire service. Is there a way of configuring puppet to do restart the services sequentially? Or using any other kind of strategy?

    Read the article

  • Configure iptables with a bridge and static IPs

    - by Andrew Koester
    I have my server set up with several public IP addresses, with a network configuration as follows (with example IPs): eth0 \- br0 - 1.1.1.2 |- [VM 1's eth0] | |- 1.1.1.3 | \- 1.1.1.4 \- [VM 2's eth0] \- 1.1.1.5 My question is, how do I set up iptables with different rules for the actual physical server as well as the VMs? I don't mind having the VMs doing their own iptables, but I'd like br0 to have a different set of rules. Right now I can only let everything through, which is not the desired behavior (as br0 is exposed). Thanks!

    Read the article

  • Recurring network issues the same time every day.

    - by Peter Turner
    Something has been happening on my company's network at 9:30 every day. I'm not the sysadmin but he's not a ServerFault guy so I'm not privy to every aspect of the network but I can ask questions if follow up is needed. The symptoms are the following : Sluggish network and download speed (I don't notice it, but others do) 3Com phones start ringing without having people on the other end. We've got the following ports exposed to the public for a web server, a few other ports for communicating with our clients for tech support and a VPN. We've got a Cisco ASA blocking everything else. We've got a smallish network (less than 50 computers/vms on at any time). An Active Directory server and a few VM servers. We host our own mail server too. I'm thinking the problem is internal, but what's a good way to figure out where it's coming from?

    Read the article

  • Get the "source network address" in Event ID 529 audit entries on Windows XP

    - by Make it useful Keep it simple
    In windows server 2003 when an Event 529 (logon failure) occures with a logon type of 10 (remote logon), the source network IP address is recorded in the event log. On a windows XP machine, this (and some other details) are omitted. If a bot is trying a brute force over RDP (some of my XP machines are (and need to be) exposed with a public IP address), i cannot see the originating IP address so i don't know what to block (with a script i run every few minutes). The DC does not log this detail either when the logon attempt is to the client xp machine and the DC is only asked to authenticate the credentials. Any help getting this detail in the log would be appreciated.

    Read the article

  • Laptop white screen on power-up. Still displays via HDMI output

    - by Inno
    my wife's laptop recently started displaying a white screen. It doesn't show post or anything, just a white screen when it's powered on. However, it works normally with HDMI output to our television. I took it apart and fiddled with both ends of the display cable, but I either didn't fiddle correctly or that's just not the problem. I also noticed that the screen won't turn off anymore when the laptop is closed. Is there a name for the mechanism that controls this function, so I can try and locate it? My guesses are that the problem lies with the screen itself or the display cable, but I'm curious if there's anything else I might be overlooking. Also of note is that the left hinge is partially broken. The corner of the plastic computer case broke off, so the hinge is exposed and doesn't stay in place. I've tried holding it in place, wiggling it around, tapping various parts of the computer, but the white screen remains.

    Read the article

  • What are the practical limits on file extension name lengths?

    - by GorillaSandwich
    I started using DOS back before Windows, and ever since have taken it for granted that Every file has a file extension, like .txt, .jpg, etc That extension is always short (usually 3 letters) I learned early that the extension is basically just a hint to the OS as to what the content type is. Eventually I got exposed to Mac and Linux, files with no extensions, etc. And of course I've seen shorter extensions, like .rb and .py. I just noticed that markdown-formatted files can have the extension .markdown, and it made me wonder - how long can that extension be? If I make it .mycrazylongextensiontypewoohoo, will certain operating systems or programs choke on the file? Are extension names generally short just for convenience, or is this based on some limitation, legacy or current?

    Read the article

  • Monitor Windows Terminal Sessions from Linux/Mac

    - by mhd
    I'm writing some scripts to make remote connections to a Windows 2003 server a bit more user-friendly, and in doing this I want to see who's logged in already. In Windows, I could use qwinsta.exe to do this, even for remote servers. So it is exposed somehow, but I couldn't find a matching command line tool for Unix. Lacking such a tool, I could install an ssh server on the machine and call it remotely, parsing the output or write a small service of my own that would expose this via http, if I don't want full-blown ssh access. Do I have to do this, or is there already a tool for querying terminal services remotely?

    Read the article

  • RemoteApps and Cached Credentials

    - by user66774
    I'm looking for a guidance on an issue we're having. We are hosting an application over terminal services through RDWeb on Windows 2008 Server. To give users the ability to change their password we've exposed the iisadmpwd to allow the users to change their passwords. When the users change their password, they are prompted to log into broker server, even if they log off of the RDWeb page and log back in. What we've found is that the credentials seem to be cached in memory after logging in. Ending task on TSWBPRXY.EXE, WKSPRT.EXE, closing IE and logging back into the RDWEb page, then launching the application allows the user to log into the application without additional credentials. I'm wondering if there is a better way to either have the user change their password from a web interface, but allow them to reestablish their connection from the RDWeb login page rather than through the RDP login prompt that comes up.

    Read the article

  • how to copy photos in ipad to my pc?

    - by davidshen84
    hi, i used the iTune to sync my photos to my ipad. but now, i lost the copies of the photos on my pc, so i want to restore them back from my ipad. but from the storage folder that ipad exposed, i cannot find my photos. and i am not sure if the photo sync function in iTune can sync the photos on my ipad to my pc, because it seems it can only sync stuffs from pc to ipad. i am not sure if jail break the ipad can help me.

    Read the article

  • How can I prevent Apache from exposing a user's password?

    - by Marius Marais
    When using basic authentication (specifically via LDAP, but htpasswd also) with Apache, it makes the REMOTE_USER variable available to the PHP / Ruby / Python code underneath -- this is very useful for offloading authentication to the webserver. In our office environment we have lots of internal applications working like this over SSL, all quite secure. BUT: Apache exposes the PHP_AUTH_USER (=REMOTE_USER) and PHP_AUTH_PW variables to any application inside PHP. (PHP_AUTH_PW contains the plaintext password the user entered.) This means it's possible for the app to harvest usernames and passwords. Presumably the same information is available to Python and Ruby (all three are currently in use; PHP is being phased out). So how can I prevent Apache from doing this? One idea is to use Kerberos Negotiate authentication (which does not expose the password and has the benefit of being SSO), but that automatically falls back to Basic for some browsers (Chrome and in some cases Firefox), causing the password to be exposed again.

    Read the article

  • Does Google Chrome officially work on Windows 7 64-Bit Yet?

    - by Nick Josevski
    As soon as I jumped onto one of the beta releases for Windows 7, I tried to install Google Chrome. Being on a 64-bit installation it came up with a 'non-supported OS' or some error (can't remember). Having a look around at the time I saw lots of posts/tips about just appending --in-process-plugins to the shortcut for chrome, after trying this and still not having luck, I found more posts including what seemed ones from the Chrome developers saying this was not wise and exposed a security risk. So does anyone have a well sourced answer, as to what's holding up Win 7 64-bit support in Chrome, or better yet an "official" answer to say that it is supported in Win7 x64 RTM and works well now...

    Read the article

< Previous Page | 9 10 11 12 13 14 15 16 17 18 19 20  | Next Page >