Search Results

Search found 5589 results on 224 pages for 'rules and constraints'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 14/224 | < Previous Page | 10 11 12 13 14 15 16 17 18 19 20 21  | Next Page >

  • PCRE limits exceeded, but triggering rules are SQL related

    - by Wolfe
    [Mon Oct 15 17:12:13 2012] [error] [client xx.xx.xx.xx] ModSecurity: Rule 1d4ad30 [id "300014"][file "/usr/local/apache/conf/modsec2.user.conf"][line "349"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "domain.com"] [uri "/admin.php"] [unique_id "UHx8LEUQwYEAAGutKkUAAAEQ"] And similar are spamming my error log for apache. It's only the admin side.. and only these two lines in the config: line 349: #Generic SQL sigs SecRule ARGS "(or.+1[[:space:]]*=[[:space:]]1|(or 1=1|'.+)--')" "id:300014,rev:1,severity:2,msg:'Generic SQL injection protection'" And line 356: SecRule ARGS "(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\(.*from)" Is there a way to fix this problem? Can someone explain what is going on or if these rules are even valid to cause this error? I know it's supposedly a recursion protection.. but these protect against SQL injection so I'm confused.

    Read the article

  • Public Facing Recursive DNS Servers - iptables rules

    - by David Schwartz
    We run public-facing recursive DNS servers on Linux machines. We've been used for DNS amplification attacks. Are there any recommended iptables rules that would help mitigate these attacks? The obvious solution is just to limit outbound DNS packets to a certain traffic level. But I was hoping to find something a little bit more clever so that an attack just blocks off traffic to the victim IP address. I've searched for advice and suggestions, but they all seem to be "don't run public-facing recursive name servers". Unfortunately, we are backed into a situation where things that are not easy to change will break if we don't do so, and this is due to decisions made more than a decade ago before these attacks were an issue.

    Read the article

  • mod_rewrite rules to run fcgi for different subdomains

    - by Anthony Hiscox
    On my shared hosting server (Hostmonster) I have django (actually pinax) setup so that a .htaccess mod_rewrite rule rewrites the request to a pinax.fcgi file: RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.*)$ pinax.fcgi/$1 [QSA,L] What I would like to do is have a different pinax.fcgi file get called depending on the domain used (or subdomain), something like this: RewriteCond %{HTTP_HOST} ^subdomain\.domain\.com$ [NC] RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.*)$ pinax2.fcgi/$1 [QSA,L] RewriteCond %{HTTP_HOST} ^domain\.com$ [NC] RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.*)$ pinax.fcgi/$1 [QSA,L] This is stored in a .htaccess file in my ROOT public_html folder (not in the public_html/subdomain/ folder), but unfortunately just results in internal redirect errors. How can I write these rules so that they use a different fcgi file for different domains?

    Read the article

  • Rules to choose hardware for OLTP systems (sql server)

    - by Roman Pokrovskij
    Ok. We know database size, number of concurrent users, number of transactions per minute; should choose number of processors, RAID, RAM, mirroring and clustering. There are no exact rule.. but may be there are no rules at all? In my practice in every case I have "legacy" system, and after some inspections and interview I can form an opinion how hardware and design can be improved. But every time when I meet "absolutely" new system (I guess there are no new systems, but sometimes are such tasks) I can't say anything trustful. So I'm interesting how people deal with such tasks? They map task on theirs experience or have some base formulas?

    Read the article

  • Creating IIS Rewrite Rules

    - by Tom Bell
    I'm having a hard time converting old .htaccess rewrite rules to new IIS ones so I was wondering if anyone could point me in the right direction. Below are some example URLs I would like rewriting. http://example.org.uk/about/ Rewrites to http://example.org.uk/about/about.html ----------- http://example.org.uk/blog/events/ Rewrites to http://example.org.uk/blog/events.html ----------- http://example.org.uk/blog/2010/11/foo-bar Rewrites to http://example.org.uk/blog/2010/11/foo-bar.html The directories and file names are generic and could be anything. Any help would be greatly appreciated.

    Read the article

  • NAT rules betweek 2 network interfaces (with iptables)

    - by Simone Falcini
    this is the current network that I have: UBUNTU: eth0: ip: 212.83.10.10 bcast: 212.83.10.10 netmask 255.255.255.255 gateway 62.x.x.x eth1: ip: 192.168.1.1 bcast: 192.168.1.255 netmask: 255.255.255.0 gateway ? CENTOS: eth0: ip: 192.168.1.2 bcast: 192.168.1.255 netmask 255.255.255.0 gateway 192.168.1.1 I basically want this: Make specific NAT rules from the internet to specific internal servers depending on the port: Connections incoming to port 80 must be redirected to 192.168.1.2:80 Connections incoming to port 3306 must be redirected to 192.168.1.3:3306 and so on... I also need one NAT rule to allow the servers in the subnet 192.168.1.x to browse the internet. I need to route the requests on eth0 to eth1 to be able to exit to internet. Can I do this on the UBUNTU machine with iptables? Thanks!

    Read the article

  • Nginx rewrite rules, some work, some don't

    - by Lawrence Goldstien
    Here are the two rewrite rules: This one works rewrite ^/knowledgebase/([0-9]+)/[a-z0-9_-]+.html$ /./knowledgebase.php?action=displayarticle&id=$1 last; This one doesn't rewrite ^/announcements/([0-9]+)/[a-z0-9_-]+.html$ /./announcements.php?id=$1 last; There is no difference between the two as far as I can see. The url to be rewritten for announcements is: /announcements/2/New-Site-Design.html And should be rewritten to: /announcements.php?id=2 I really can't see how the announcements one doesn't work compared to the knowledgebase one. Any tips would be greatly appreciated.

    Read the article

  • Delete a iptables chain with its all rules

    - by timy
    I have a chain appended with many rules like: > :i_XXXXX_i - [0:0] > -A INPUT -s 282.202.203.83/32 -j i_XXXXX_i > -A INPUT -s 222.202.62.253/32 -j i_XXXXX_i > -A INPUT -s 222.202.60.62/32 -j i_XXXXX_i > -A INPUT -s 224.93.27.235/32 -j i_XXXXX_i > -A OUTPUT -d 282.202.203.83/32 -j i_XXXXX_i > -A OUTPUT -d 222.202.62.253/32 -j i_XXXXX_i > -A OUTPUT -d 222.202.60.62/32 -j i_XXXXX_i > -A OUTPUT -d 224.93.27.235/32 -j i_XXXXX_i when I try to delete this chain with: iptables -X XXXX but got error like (tried iptables -F XXXXX before): iptables: Too many links. Is there a easy way to delete the chain by once command?

    Read the article

  • Software for defining rules for folder permissions and monitoring deviations

    - by Kjensen
    Let's say a company has a large number of users, and each user has a home area. On each share used for home area folders, I would like to define some rules saying who is supposed to have which permissions on the folder. Then I would like to audit automatically, that this is actually the case and get some sort of report on deviations. So a rule for \MegaServer\Home01 could be defined something like: Domain Admins - Full Control Backup Agent - Read [Home folder owner] - Full Control I am talking about Windows platform and Windows servers, although I think it would most likely also work for *nix machines that expose Windows shares. Does software like this exist? I could roll my own basic version, but if something already exists, that is usually a better option. I am aware of tools to make displaying permissions easier (AccessEnum, DumpSec), but that is not what I am looking for.

    Read the article

  • Iptables rules make communication so slow

    - by mmc18
    When I have send a request to an application running on a machine which following firewall rules are applied, it waits so long. When I have deactivated the iptables rule, it responses immediately. What makes communication so slow? -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p esp -j ACCEPT -A INPUT -i ppp+ -j ACCEPT -A INPUT -p udp -m udp --dport 500 -j ACCEPT -A INPUT -p udp -m udp --dport 4500 -j ACCEPT -A INPUT -p udp -m udp --dport 1701 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -i lo -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 -A FORWARD -i ppp+ -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT

    Read the article

  • Need help translating rate limiting iptables rules to Puppet format

    - by geoffroy
    I use Puppet Iptables module to manage Iptables rules on my machine. I'd like to implement to rate limit failed SSH connections as described here : Hundreds of failed ssh logins iptables -A INPUT -p tcp --dport 22 -m recent --update --seconds 60 --hitcount 5 --name SSH --rsource -j DROP iptables -A INPUT -p tcp --dport 22 -m recent --set --name SSH --rsource -j ACCEPT Is it possible to translate it to Puppet syntax, such as firewall { '015 drop 5 failed attemps to connect to SSH in a minute ': proto => 'tcp', port => 22, action => 'drop', // what are the other paramters ? } Any help welcome. Best regards Geoffroy

    Read the article

  • what are the rules for SLI ( GTX 550 Ti )

    - by equivalent8
    I got ASUS GTX 550 Ti and I want to SLI it with another graphic card. I heard that not all graphic cards are good idea to SLI, (or not all combinations) because sometimes the final performance could be even worse that with one graphic card. Is that true? What are the rules ? ( maybe chip-set needs to be same or something ? ) I was wondering if you can recommend me what Graphic card should I use as with mine. Should I use same one (GTX 550 Ti) ?

    Read the article

  • Set generic iptables rules?

    - by tftd
    This may be a really dumb question but how can you open a port on multiple interfaces without defining the interfaces? For example how do I open port 22 on all interfaces? On my machine I have some interfaces that are dynamic and may or may not be available so I have to set "generic" rules. This code is not working for me but I can't figure out why: # My default policy is to drop the input. # The other policies are required like that. $IPTABLES -P INPUT DROP $IPTABLES -P OUTPUT ACCEPT $IPTABLES -P FORWARD ACCEPT $IPTABLES -t nat -P POSTROUTING ACCEPT $IPTABLES -t nat -P PREROUTING ACCEPT $IPTABLES -t mangle -P OUTPUT ACCEPT $IPTABLES -t mangle -P PREROUTING ACCEPT #Open port 22 on all interfaces ? $IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT So apparently there's something wrong with the last line... but I can't see it?

    Read the article

  • Is there a find and replace application with multiple rules?

    - by Joe
    I'm looking for a search and replace tool that takes a list of rules and either a file (or directory) and runs those rules on the files. I have a bunch of different things that need to be changed in many files, and I'd like to be able to run all the rules in one shot. I was hoping I could put the rules separate file, and use the same set of rules over and over again. Does such a tool exist?

    Read the article

  • Speech Recognition Grammar Rules using delphi code

    - by XBasic3000
    I need help to make ISeechRecoGrammar without using xml format. Like creating it on runtime on delphi. example: procedure TForm1.FormCreate(Sender: TObject); var AfterCmdState: ISpeechGrammarRuleState; temp : OleVariant; Grammar: ISpeechRecoGrammar; PropertiesRule: ISpeechGrammarRule; ItemRule: ISpeechGrammarRule; TopLevelRule: ISpeechGrammarRule; begin SpSharedRecoContext.EventInterests := SREAllEvents; Grammar := SpSharedRecoContext.CreateGrammar(m_GrammarId); TopLevelRule := Grammar.Rules.Add('TopLevelRule', SRATopLevel Or SRADynamic, 1); PropertiesRule := Grammar.Rules.Add('PropertiesRule', SRADynamic, 2); ItemRule := Grammar.Rules.Add('ItemRule', SRADynamic, 3); AfterCmdState := TopLevelRule.AddState; TopLevelRule.InitialState.AddWordTransition(AfterCmdState, 'test', temp, temp, '****', 0, temp, temp); Grammar.Rules.Commit; Grammar.CmdSetRuleState('TopLevelRule', SGDSActive); end; can someone reconstruct or midify this delphi code (above) to be exactly same function below(xml). <GRAMMAR LANGID="409"> <!-- "Constant" definitions --> <DEFINE> <ID NAME="RID_start" VAL="1"/> <ID NAME="PID_action" VAL="2"/> <ID NAME="PID_actionvalue" VAL="3"/> </DEFINE> <!-- Rule definitions --> <RULE NAME="start" ID="RID_start" TOPLEVEL="ACTIVE"> <P>i am</P> <RULEREF NAME="action" PROPNAME="action" PROPID="PID_action" /> <O>OK</O> </RULE> <RULE NAME="action"> <L PROPNAME="actionvalue" PROPID="PID_actionvalue"> <P VAL="1">albert</P> <P VAL="2">francis</P> <P VAL="3">alex</P> </L> </RULE> </GRAMMAR> sorry for my english...

    Read the article

  • Error with Drools .brl to .drl rule conversion - Adding dynamic rules

    - by jillika iyer
    Hi, I want to add rules dynamically in drools. What is the main plus point of using KNowledge builder?? Or is it better to just list the Files in the rules directory and add it to my program?? But in this case when I convert from a .brl to .drl file at runtime - my new created .drl is not detected. How can I update the new rule and add it at runtime?? Please help. Thank you J

    Read the article

  • Extract Rules from InfoPath Form

    - by marr75
    Is there a way to automatically grab the rules, in their original, human readable format from an InfoPath 2007 form (probably the manifest.xsf file, they're not human readable here)? A commercial tool would be fine, even. We're looking to build a summary of the rules as they appear in the design form for easy browsing by a maintenance team.

    Read the article

  • Subgraph isomorphism on disconnected graphs with connection rules

    - by Mac
    Hello I was wondering if anyone knows about a solution to the following problem: Given a graph g as query and a set of graphs B with connection rules R. The connection rules describe how two graphs out of B can be linked together. Linking points are marked vertexes. Find all combination of graphs in B that contain g as a subgraph. Regards Mac

    Read the article

  • What/Where are the Naming Rules for Controller actions in a Zend_Application App

    - by Alan Storm
    I've created a Zend_Application using the zf tool that's bundled with Zend Framework (1.96, if that matters) What at the rules for formatting action names and how those action names get translated into into URL paths, and where in the Framework codebase does this happen? I ask because I tried to create an action like public function createFooAction() { } and it wouldn't load with a URL like http://example.com/controller/createFoo BUT, the following did work public function createfooAction() { } http://example.com/controller/createfoo I also know non-alphanumeric characters get treated differently, and I'd like to know the base rules I'm dealing with.

    Read the article

  • mod_rewrite - can't combine rules

    - by mikua
    I have 3 rules: # DEL www. from URL RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] RewriteRule ^(.*)$ http://%1/$1 [R=301,L] # DEL /index.php fron URL RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([^/]+/)*index\.php\ HTTP/ RewriteRule ^(([^/]+/)*)index\.php$ http://masterok.kiev.ua/$1 [R=301,L] # ADD / to URL RewriteRule ^([^.]+[^./])$ /$1/ [R=301,L] All the rules work individually, but when you use them at the same time - there is a looping and the site don't open... Help please to combine them

    Read the article

  • Transport rule - Exchange 2010

    - by Jeff
    I have two transport rules on my exchange server. One is: > Apply rule to messages: From users that are 'outside the organization' > and when any of the recipients in the To or Cc fields is a member of > '[email protected]' Forward the messageto sender's manager > for moderation The second is: Apply rule to messages from a member of '[email protected]' and sent to users that are 'outside the organization' forward the message to the sender's manager for moderation. nointernetmail is a distribution group, and each user has the managed by set to there local manager. However these transport rules do not work, internet mail is still sent and received without issue. I have read various tutorials / articles of how to do this on sites such as msexchangeblog and even microsoft technet, however even after following the guides I am still unable to have this function properly. Any help is appreciated.

    Read the article

  • Curve fitting: Find the smoothest function that satisfies a list of constraints.

    - by dreeves
    Consider the set of non-decreasing surjective (onto) functions from (-inf,inf) to [0,1]. (Typical CDFs satisfy this property.) In other words, for any real number x, 0 <= f(x) <= 1. The logistic function is perhaps the most well-known example. We are now given some constraints in the form of a list of x-values and for each x-value, a pair of y-values that the function must lie between. We can represent that as a list of {x,ymin,ymax} triples such as constraints = {{0, 0, 0}, {1, 0.00311936, 0.00416369}, {2, 0.0847077, 0.109064}, {3, 0.272142, 0.354692}, {4, 0.53198, 0.646113}, {5, 0.623413, 0.743102}, {6, 0.744714, 0.905966}} Graphically that looks like this: We now seek a curve that respects those constraints. For example: Let's first try a simple interpolation through the midpoints of the constraints: mids = ({#1, Mean[{#2,#3}]}&) @@@ constraints f = Interpolation[mids, InterpolationOrder->0] Plotted, f looks like this: That function is not surjective. Also, we'd like it to be smoother. We can increase the interpolation order but now it violates the constraint that its range is [0,1]: The goal, then, is to find the smoothest function that satisfies the constraints: Non-decreasing. Tends to 0 as x approaches negative infinity and tends to 1 as x approaches infinity. Passes through a given list of y-error-bars. The first example I plotted above seems to be a good candidate but I did that with Mathematica's FindFit function assuming a lognormal CDF. That works well in this specific example but in general there need not be a lognormal CDF that satisfies the constraints.

    Read the article

  • DirectAccess Server firewall rules blocking ports

    - by StormPooper
    I have configured DirectAccess on my Server 2012 Essentials box and most of it works great - I can remotely access the server via RDP and the default IIS website on port 80. However, I can't access anything that uses other ports. For this example, the Team Foundation Server website. The only way to access it is by accessing http://localhost:8080/tfs on the server directly - even when using http://servername:8080/tfs or http://192.168.1.100:8080/tfs won't work. I've tried adding the ports to the NAT exceptions using Set-NetNatTransitionConfiguration –IPv4AddressPortPool and while that has allowed some ports used internally (Deluge, for example) it hasn't allowed me access to the URL. I think I've narrowed it down to the "DirectAccess Server Settings" Group Policy that is created when configuring DirectAccess. When I disable the link for this GPO, the TFS site works again, but the default IIS site stops working (but RDP still works). I already have rules in the firewall on the server for TFS and before enabling this Group Policy (so before configuring DirectAccess) I could access both sites. Does anybody have any suggestions for things I can change to allow access to both? I've uploaded the full GPO report and my Remote Access Configuration Summary for more details.

    Read the article

  • Ubuntu Hardy : Testing for environment variables in udev rules doesn't seem to work

    - by Fred
    I have a Ubuntu 8.04 LTS (server edition), and I need to write a udev rule for it to act upon plugging a USB thumb drive. However, I need a different action depending on the filesystem of the drive. I know I can use the ID_FS_TYPE environment variable to check for the filesystem on the drive. Following instructions found here, I try a dummy udev rule as such : KERNEL!="sd[a-z][0-9]", GOTO="my_udev_rule_end" ACTION=="add", RUN+="/usr/bin/touch /tmp/test_udev_%E{ID_FS_TYPE}" ACTION=="add", ENV{ID_FS_TYPE}=="vfat", RUN+="/usr/bin/touch /tmp/test_udev_it_works" LABEL="my_udev_rule_end" However, when I plug in a thumb drive with a vfat filesystem (which should trigger both rules), I end up with a file called /tmp/test_udev_vfat, meaning the first rule was triggered successfully, and that the ID_FS_TYPE environment variable is "vfat", but I don't have the other file, meaning that although I know the ID_FS_TYPE env variable is "vfat", I can't seem to check against it for a match. I tried googling the thing, but pretty much every result seems to assume ENV{ID_FS_TYPE}=="vfat" works. I also tested the exact same udev rule on Ubuntu 10.04 LTS server, and I have the same result. I'm probably missing something very simple, but I just don't get it. Does anyone see what is wrong with my udev rule that would prevent it from matching on ENV{ID_FS_TYPE}? Thanks.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 10 11 12 13 14 15 16 17 18 19 20 21  | Next Page >