Search Results

Search found 6591 results on 264 pages for 'rules engines'.

Page 160/264 | < Previous Page | 156 157 158 159 160 161 162 163 164 165 166 167 | Next Page >

How can I have APF block script kiddies that mod_security detects?

- by Gaia

In one of the vhosts' error_log I found thousands of lines like these, all from the same IP: [Mon Apr 19 08:15:59 2010] [error] [client 61.147.67.206] mod_security: Access denied with code 403. Pattern match "(chr|fwrite|fopen|system|e?chr|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo)\\\\(.*\\\\)\\\\;" at THE_REQUEST [id "330001"] [rev "1"] [msg "Generic PHP exploit pattern denied"] [severity "CRITICAL"] [hostname "x.x.x.x"] [uri "//webmail/config.inc.php?p=phpinfo();"] Given how obvious the situation is, how come mod_security isnt automatically adding at least that IP to deny rules? There is no way someone hasnt thought of this before...

Read the article
SPAN/Port mirroring on Linksys switch

- by Bastien974

Hi all, I'm trying to deploy a Snort box in my LAN. I have a Linksys SRW248G4 and trying to configure Port mirroring so that Snort can listen everything on the network in promiscuous mode. So in ADMIN / Port Mirroring, I have 3 things: Source Port (e1,...e48, g1...g4) Type (Rx, Tx, Both) Target (e1...e48, g1...g4) Last time I played with it, I killed all traffic on the switch, I had to reboot it several times... so now I'm asking question before: Do I need to configure each Source Port (from 1 to 48) to forward to the single promiscuous port ? 48 rules !? Is that correct ? Thanks !

Read the article
Pushing data once a URL is requested

- by Eli Grey

Given, when a user requests /foo on my server, I send the following HTTP response (not closing the connection): Content-Type: multipart/x-mixed-replace; boundary=----------------------- ----------------------- Content-Type: text/html <a href="/bar">foo</a> When the user clicks on foo (which will send 204 No Content so the view doesn't change), I want to send the following data in the initial response. ----------------------- Content-Type: text/html bar How would could I get the second request to trigger this from the initial response? I'm planning on possibly creating a fancy [engines that support multipart/x-mixed-replace (currently only Gecko)]-only email webapp that does server-push and Ajax effects without any JavaScript, just for fun.

Read the article
Syncronizing multiple exchange servers 2007

- by Mustafa Ismail Mustafa

We're introducing a new exchange server for several reasons. After the introduction of the new server, and synchronizing it with the old one (mailboxes, contacts, rules, the whole shebang) we're going to be formatting the old machine, install XenServer 5.5 on it, and create a slices, one of which will have Exchange server, which again will need to be synchronized. Then, we'll have 2 different routes to the mail servers (mx1, mx2) so that if there is an outage on one, the other should be available. So now, I'm wondering how to synch? I can move a mailbox from one server to the other, and I'm sure that can be done in bulk, but that's not what I'm looking for. I'm looking to make both Servers equal, the first time so I can make a backup of the original, and the second time so that they can be made into peers. This is with Exchange 2007 on Windows 2008 R2 (x64) Suggestions? TIA

Read the article
Torrent, ISA Server 2006 and packet dropped due to TCP_NOT_SYNC

- by Pascal

Hi, I'm trying to get uTorrent 2.0.4 to work in a DMZ machine, protected by a ISA Server 2006. I've opened 1 inbound port (via publishing) and opened all the higher ports for that specific machine that runs uTorrent on my DMZ, and it's working almost fine. The problem is that I keep getting packets dropped with 0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED. Is there any way to disable this via registry? Is there any way around this? The download speed fluctuates a lot, and when I starts hitting the upper limit that I've defined in uTorrent, the errors start poping up a lot, and the download speed goes way down, and the process repeats on and on Tks Edit My outbound rules are: Port Range: TCP 10000-65535 Outbound Port Range: UDP 10000-65535 Send Edit It's probably a bug handling requests from Windows 7. When I installed the uTorrent on a XP machine, the problem went away

Read the article
Apache file negotiation failed

- by lorenzo.marcon

I'm having the following issue on a host using Apache 2.2.22 + PHP 5.4.0 I need to provide the file /home/server1/htdocs/admin/contents.php when a user makes the request: http://server1/admin/contents, but I obtain this message on the server error_log. Negotiation: discovered file(s) matching request: /home/server1/htdocs/admin/contents (None could be negotiated) Notice that I have mod_negotiation enabled and MultiViews among the options for the related virtualhost: <Directory "/home/server1/htdocs"> Options Indexes Includes FollowSymLinks MultiViews Order allow,deny Allow from all AllowOverride All </Directory> I also use mod_rewrite, with the following .htaccess rules: RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^([^\./]*)$ index.php?t=$1 [L] </IfModule> It seems very strange, but on the same box with PHP 5.3.6 it used to work correctly. I'm just trying an upgrade to PHP 5.4.0, but I cannot solve this negotiation issue. Any idea on why Apache cannot match contents.php when asking for content (which should be what mod_negotiation is supposed to do)?

Read the article
VirtuaWin shows Visual Studio 2010 in all Desktops

- by w0lf

I'm using VirtuaWin in Windows 7 to have virtual desktop functionality and I think this program is awesome. There's one small issue, though: on the computer at work, when moving to another desktop it hides all windows in the current desktop, except any windows of Visual Studio 2010. This means that VS 2010 shows up in all desktops, while for all other windows, VirtuaWin applies the correct behavior. The strange thing is that this issue happens on one computer only; on the others I have it works OK. I have checked the Window Rules section and nothing seems strange in there. Is anyone else experiencing this kind of problem? Any ideas on how to solve it?

Read the article
Can I port forward to an established reverse ssh tunnel

- by Ben Holness

I have three computers, A, B and C A has initiated a reverse ssh tunnel to B: ssh -nTNx -p 443 -R 22222:localhost:22 [user]@[server] If I log in to B, I can use 'ssh -p 22222 localhost' and I get a login prompt for A. If I try 'ssh -p 22222 [public IP of B]', it doesn't work What I would like to be able to do is have C connect to A without needing to login to B. So from C I could 'ssh -p 22222 [public IP of B]' and I would get the login prompt for A. I am using debian and shorewall and I have a basic understanding of how things work. I have tried various combinations of REDIRECT and DNAT rules, but haven't had any luck. I have tried using the same port (22222) and a different port (forwarding 22223 from C to 22222 on localhost). Any ideas? Cheers, Ben

Read the article
Engine finish() causes segmentation fault

- by Becky

Hello All - I am using M2Crypto revision 723 from the repository. I am trying to clean up my engine. If I have the pkcs11.finish() line in my script, the script finishes but gets a segmentation fault at the end. Without the finish() line, no segmentation fault occurs. Is there something wrong with the way I'm using finish()? dynamic=Engine.load_dynamic_engine("pkcs11","/usr/local/ssl/lib/engines/engine_pkcs11.so") pkcs11 = Engine.Engine("pkcs11") pkcs11.ctrl_cmd_string("MODULE_PATH", "/usr/lib/libeTPkcs11.so") pkcs11.init() # next few steps which I deleted pass password and grab key & cert off token pkcs11.finish() Engine.cleanup() Thanks!

Read the article
is a negative text-indent considered cloaking?

- by John Isaacks

I am using the negative-text-indent technique I learned to show a text-image to the user, while hiding the corresponding actual text. This way the user sees the fancy styled text while search engines can still index it. However I am started to think this sounds like cloaking since I am serving different content to the user vs the spider. However, I am not using this in a deceitful way. Plus it seems like this is a popular technique. So is it SEO-safe or is it cloaking? Thanks!

Read the article
ESXi 5.1 on Poweredge 510 freezes after base-esx update

- by goober

Background / Problem Just experienced an issue where an ESXi host was upgraded from 5.0 -- 5.1 perfectly fine. Then, I did a scan and remediated a patch (ESXi510-201210401-BG) Looking into the host on via the kvm switch, this appears to complete successfully. However, on reboot, the server hangs at the "Initializing Power Management" phase. I've read from various spots around the internet that this usually clears itself up again upon a cold boot, but given that our servers are in a different building with different access rules, the less I have to physically go there, the better. :) Question Is there anything I can do to avoid an ESXi host hanging at the "initialize power management" phase of boot after remediating the host to apply patches?

Read the article
Windows host MIA on network

- by andrewbadera

I've had a machine effectively disappear off my home office network. 192.168.1.100 - Windows 7 laptop (on domain) - problem machine 192.168.1.42 - Windows 2008 server (domain controller) 192.168.1.101 - Windows 7 laptop (guest; not on domain) For some reason I am unable to ping, tracert or remote desktop to 192.168.1.100 from .42 or .101. I can remote between .42 and .101 no problem however. .100 cannot ping nor remote desktop to .42 or .101. Remote Desktop access is enabled on .100. I've opened the firewall rules. I've disabled the firewall domain profile. I've turned the firewall service off entirely. No matter what I do, the .100 host is unreachable by any other host on the network. I'm at my wit's end. Thanks in advance for any debug advice!

Read the article
Use Adblock to allow most ads on a site

- by jrob

I leave Adblock turned on for all sites by default. I allow ads on some sites. You can do this by adding an exception for a site that is allowed to show ads. This puts a site in the white list. However, I do not know how to allow most ads on a page, but block a specific ad. I am not even sure Adblock will do this. I believe it is all or none. If a site is in the white list, it appears that all other rules are ignored. Is there a way to allow most ads on a website, but still block specific ads?

Read the article
plesk 9 spamassassin server wide blacklist via cron?

- by Kqk

hi, we're running ubuntu 8.04 LTS and plesk 9.2 our simple task is to set up a periodic black list for spamassassin, e.g. using this script .. #!/bin/sh #! Script by AJR to update local spamassassin rules cd /tmp wget -c http://www.stearns.org/sa-blacklist/sa-blacklist.current mv sa-blacklist.current local.cf -f mv local.cf /etc/mail/spamassassin -f rm local.cf -f /etc/init.d/psa-spamassassin restart now, this script runs fine, but plesk doesn't seem to recognize the blacklist in its GUI. which is annoying, especially because plesk itself writes to /etc/mail/spamassassin/local.cf. i wasn't able to find out the secret place, where plesk distinguishes between entries in local.cf added via GUI and command line. any help is appreciated! thanks.

Read the article
SQL Server 2008 lincensing question relating to web servers

- by Matty Brown

We purchased SQL Server 2008 Standard licences last year under the server + device CAL licencing model. Since our server has 2 physical CPUs and only 46 clients, this option was by far the cheapest. Now we'd like to be able to query a small number of stored procedures from our Windows Server 2003 Web Edition server, which is in a seperate zone on our firewall. I think SQL Server 2008 Web Edition could be an option to us, but is it possible to replicate/mirror stored procedures and tables to such a server and would we be breaking any rules by doing so? Is this a form of multiplexing? Also, would replication/mirroring work both ways, if we were to want to write back data from the web server?

Read the article
OpenVPN Bridge on pfsense: once LAN pings clients, connectivity breaks

- by Lucas Kauffman

So I'm using a pfsense openvpn to bridge my LAN segment so VPN users can access the servers. The problem I'm having now is that I can establish a connection, I can ping the LAN server from the VPN, but as soon as I ping the client from the LAN server, there is no connectivity anymore between both parties. So: connect from the VPN client to the LAN = works ping the LAN from the VPN client = works access server from the VPN (ssh, ftp,...) = works ping client from server = doesn't work ping LAN from the VPN client = doesn't work anymore My bridge has em1 and ovpns1 bridged. I noted with tcpdump that ICMP is reaching the bridge between LAN and the VPN segment. But it's not put onto the em1 interface for some reason. My pfsense is running on an ESXi host with th vSwitch port enabled in promiscious mode. Firewall rules allow in and outbound traffic regardless origin or destination.

Read the article
WSUS works, but checkhealth logs events 13042 12002 12012 12032 12022 12042 12052

- by jobu1324

Our WSUS server stopped working until the patch related to .NET 4.0 was installed, at which point clients started downloading and updating again. However, the WSUS mmc console occasionally disconnects when performing various tasks, such as running automatic approval rules; also wsusutil checkhealth creates the following events: 13042: Self-update is not working. 12002: The Reporting Web Service is not working. 12012: The API Remoting Web Service is not working. 12032: The Server Synchronization Web Service is not working. 12022: The Client Web Service is not working. 12042: The SimpleAuth Web Service is not working. 12052: The DSS Authentication Web Service is not working. Apparently there are many possible causes for these events. I'm looking for a way to figure out what is wrong, so that I can fix it.

Read the article
Moving MS Exchange 2007 to another machine

- by Mustafa Ismail Mustafa

We have a machine that has been chugging along with the burden of both Exchange and DC and DNS all with SBS 2008. We have a better machine now and I'd like to move Exchange 2007 to that machine and take it off of this machine. In fact, I'm planning on formatting the old machine and get rid of SBS all together because it is making the machine SLOW. How would I go about making the move? I've read on previous versions of Exchange (2000), that all you do is install Exchange on the new machine and then start moving mailboxes one after the other. Well, what about all the different rules we have in place? How do those get moved? How do we de-commission the old exchange and set up the new exchange as the primary one? Come to think of it, how do we have both exchanges recognize each other on the same domain? TIA

Read the article
Google Analytics Widget Tracking

- by Kevin Lamb

Hello, I have a form that is generated on a customer's website (lets say customer.com) with javascript that a user fills out and it sends to my site (app.com). I would like to be able to provide information to the customer such as how effective their AdWords campaign was and what search engines users used to end up filling out the form. I have started looking at the multiple domain linking option but I am not sure this is the right way. Is there a way to query what search engine and key words they used and pass this along with the form?

Read the article
Protect Plesk login page from search engine eyes

- by Iman Samizadeh

Hi Folks, I was wondering if would it be possible to protect the "https://www.DOMAIN.com:8443" URL from search engines listing perhaps using the htaccess to redirect the 8443 port from "DOMAIN" to elsewhere? This is the VZPP Plesk - Login Login to Plesk. Please enter your login information. Username. Password. Interface Language. User Default, ENGLISH (United States), GERMAN (Germany) ... https://www.DOMAIN.com:8443/ - Many Thanks.

Read the article
Dovecot not working pop3 with postfix

- by samer na

$ telnet localhost pop3 Trying ::1... Trying 127.0.0.1... telnet: Unable to connect to remote host: Connection refused $ netstat -l tcp 0 0 *:www : LISTEN tcp 0 0 localhost.localdoma:ipp : LISTEN tcp 0 0 *:smtp : LISTEN tcp 0 0 localhost.localdo:mysql : LISTEN and nothing about dovecot in mail.log or mail.err when I run this service dovecot start I got start: Rejected send message, 1 matched rules; type="method_call", sender=":1.553" (uid=1000 pid=26250 comm="start) interface="com.ubuntu.Upstart0_6.Job" member="Start" error name="(unset)" requested_reply=0 destination="com.ubuntu.Upstart" (uid=0 pid=1 comm="/sbin/init")) in dovecot.conf protocols = imap imaps pop3 pop3s disable_plaintext_auth = no log_timestamp = "%Y-%m-%d %H:%M:%S " mail_location = maildir:/var/spool/mail/%d/%n mail_access_groups = mail first_valid_uid = 106 first_valid_gid = 106 protocol imap { } protocol pop3 { listen=*:110 pop3_uidl_format = %08Xu%08Xv } protocol lda { postmaster_address = [email protected] mail_plugins = quota log_path = /var/log/dovecot-deliver.log info_log_path = /var/log/dovecot-deliver.log } auth default { mechanisms = digest-md5 plain passdb sql { args = /etc/dovecot/dovecot-mysql.conf } userdb sql { args = /etc/dovecot/dovecot-mysql.conf } user = root }

Read the article
Pasting extended ACL contents into telnet session to Cisco Router SIM

- by Kyle Brandt

I have a telnet session to a dynamips router sim. When I try to paste the contents of an actually working ACL retrieved from 'show run' into the access list, only part of gets pasted. The session is something like: enable conf t ip access-list extended Internet <PASTE of Rules> It stops right in the middle of a line: permit tcp any host 123.123.123.123 gt 1 ! should be gt 1023 Anyone know what is happening? The source is an extended access list.

Read the article
Better performance with memcached cluster or local memcaches?

- by Nicholas Tolley Cottrell

I have a small cluster of servers balancing a Java web app. Currently I have 3 memcached servers caching data and all web apps shares all 3 memcached instances. I often get strange slowdowns and timeouts to some of the memcacheds and I wondering if there is a good way of analyzing the performance. I am wondering whether my iptables rules (or some other system limitation) are blocking/slowing connections. I am considering reconfiguring the web apps so that they only query the memcached process on their own localhost.

Read the article
Outlook collapses IMAP folders by default

- by Aron Rotteveel

I recently switched my mail account from POP3 to IMAP and created server-side rules to help me manage my mail better. I use Outlook 2007 as a mail client. For some reason, it seems then ever since I switched to IMAP, all my folders are collapsed by default. Since my folder tree goes down 4 levels, this is pretty annoying. I don't know any better than Outlook remembering my folder preferences, but it seems to forget them as soon as I close the program now. Is there any cause for this, and more importantly, is there a known fix for this problem?

Read the article
Xen private networking between multiple hosts

- by Joe

I have two physical hosts running Xen 3.2, sharing storage via iSCSI. On these two hosts are a number of domUs and I'd like to network them in multiple private networks so they can only contact other domUs on their private network. My understanding of the xen documentation suggests it's possible to do this within one dom0 (ie create virtual networks between domUs), but I've found nothing explaining how this can be implemented across multiple dom0s on different hosts. The only thing that jumps to mind is manually creating iptable rules to route data to the other host, but this seems to lack elegance and could quickly grow cumbersome. Any suggestions? All advice is much appreciated!

Read the article

< Previous Page | 156 157 158 159 160 161 162 163 164 165 166 167 | Next Page >