Search Results

Search found 5623 results on 225 pages for 'prevent deletion'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 203/225 | < Previous Page | 199 200 201 202 203 204 205 206 207 208 209 210  | Next Page >

  • Questions about shifting from mysql to PDO

    - by Scarface
    Hey guys I have recently decided to switch all my current plain mysql queries performed with php mysql_query to PDO style queries to improve performance, portability and security. I just have some quick questions for any experts in this database interaction tool Will it prevent injection if all statements are prepared? (I noticed on php.net it wrote 'however, if other portions of the query are being built up with unescaped input, SQL injection is still possible' I was not exactly sure what this meant). Does this just mean that if all variables are run through a prepare function it is safe, and if some are directly inserted then it is not? Currently I have a connection at the top of my page and queries performed during the rest of the page. I took a look at PDO in more detail and noticed that there is a try and catch procedure for every query involving a connection and the closing of that connection. Is there a straightforward way to connecting and then reusing that connection without having to put everything in a try or constantly repeat the procedure by connecting, querying and closing? Can anyone briefly explain in layman's terms what purpose a set_exception_handler serves? I appreciate any advice from any more experienced individuals.

    Read the article

  • PHP session token can be used multipletimes?

    - by kornesh
    I got page A which is a normal HTML page and page which is an AJAX response page. And I want to prevent CSRF attacks by tokens. Lets say I use this method for an autocomplete form, is it possible to use same token multiple times (of course the session is only set one time) because i tired this method but the validation keep failing after the first suggestion (obviously the token has changed, somehow) page A <?php session_start(); $token = md5(uniqid(rand(), TRUE)); $_SESSION['token'] = $token; ?> <input id="token" value="<?php echo $token; ?>" type="hidden"></input> <input id="autocomplete" placeholder="Type something"></input> .... The form is autosubmitted every time theres a change using Jquery. page B <?php session_start(); if($_REQUEST['token'] == $_SESSION['token']){ echo 'Im working fine'; } ?>

    Read the article

  • Hide form if javascript disabled

    - by Kero
    I need to check on disabling JavaScript if the user disabled JavaScript from browser or firewall or any other place he will never show the form. I have lots of search and solutions, but unfortunately didn't got the right one. - Using style with no-script tag: This one could be broke with removing style... <noscript> <style type="text/css"> .HideClass { display:none; } </style> </noscript> The past code will work just fine but there is lots of problems in no-script tag as here Beside that i don't want to redirect user with no-script tag too...Beside that i can quickly stop loading the page to broke this meta or disable Meta tag from IE: <meta http-equiv="refresh" content="0; URL=Frm_JavaScriptDisable.aspx" /> Another way to redirect user with JavaScript but this will work let's say for 99% of users and this one isn't lovely way and will slow down the website... window.location="http://www.location.com/page.aspx"; Is there is any other ideas or suggestions to secure working with JavaScript...and prevent user from entering the website or see my form except when JavaScript enabled...

    Read the article

  • Are multiline queries sql-injection safe?

    - by acmatos
    This might be a stupid question. Or maybe my hacking skills are limited (I don't practice them at all). I have a query that looks like this: <?php $query =<<<eot SELECT table_x.field1, table_x.field2, table_y.*, table_z.field4 FROM ( SELECT ... ) as table_y LEFT JOIN table_x ON table_x.field1 = table_y.field_x LEFT JOIN table_z ON table_z.field1 = table_y.field_z WHERE table_x.field3 = '$something' AND table_z.field4 = '1' AND table_z.field5 = '2' eot; ?> I have a lot of other tests on $something before it gets used, like $something = explode(' ',$something); (which later result in a string) none of them intend to prevent injection but they make it hard for the given injection to get as is to the actual query. However, there are ways. We all know how easy it is to replace a space for something else which is still valid.. So, it's not really a problem to make a potentially harmful piece of SQL reach that $something... But is there any way to comment the rest of the original query string if it is multi-line? I can comment AND table_z.field4 = '1' using ;-- but can't comment the following AND table_z.field5 = '2' Is it possible to open a multi-line comment /* without closing it or something looked like and therefore allow the injection to ignore the multi-line query?

    Read the article

  • Checking if a function has C-linkage at compile-time [unsolvable]

    - by scjohnno
    Is there any way to check if a given function is declared with C-linkage (that is, with extern "C") at compile-time? I am developing a plugin system. Each plugin can supply factory functions to the plugin-loading code. However, this has to be done via name (and subsequent use of GetProcAddress or dlsym). This requires that the functions be declared with C-linkage so as to prevent name-mangling. It would be nice to be able to throw a compiler error if the referred-to function is declared with C++-linkage (as opposed to finding out at runtime when a function with that name does not exist). Here's a simplified example of what I mean: extern "C" void my_func() { } void my_other_func() { } // Replace this struct with one that actually works template<typename T> struct is_c_linkage { static const bool value = true; }; template<typename T> void assertCLinkage(T *func) { static_assert(is_c_linkage<T>::value, "Supplied function does not have C-linkage"); } int main() { assertCLinkage(my_func); // Should compile assertCLinkage(my_other_func); // Should NOT compile } Is there a possible implementation of is_c_linkage that would throw a compiler error for the second function, but not the first? I'm not sure that it's possible (though it may exist as a compiler extension, which I'd still like to know of). Thanks.

    Read the article

  • Is there a unique computer identifier that can be used reliably even in a virtual machine?

    - by SaUce
    I'm writing a small client program to be run on a terminal server. I'm looking for a way to make sure that it will only run on this server and in case it is removed from the server it will not function. I understand that there is no perfect way of securing it to make it impossible to ran on other platforms, but I want to make it hard enough to prevent 95% of people to try anything. The other 5% who can hack it is not my concern. I was looking at different Unique Identifiers like Processor ID, Windows Product ID, Computer GUID and other UIs. Because the terminal server is a virtual machine, I cannot locate anything that is completely unique to this machine. Any ideas on what I should look into to make this 95% secure. I do not have time or the need to make it as secure as possible because it will defeat the purpose of the application itself. I do not want to user MAC address. Even though it is unique to each machine it can be easily spoofed. As far as Microsoft Product ID, because our system team clones VM servers and we use corporate volume key, I found already two servers that I have access to that have same Product ID Number. I have no Idea how many others out there that have same Product ID By 95% and 5% I just simply wanted to illustrate how far i want to go with securing this software. I do not have precise statistics on how many people can do what. I believe I might need to change my approach and instead of trying to identify the machine, I will be better off by identifying the user and create group based permission for access to this software.

    Read the article

  • Cannot translate date formats from rails form to mysql db

    - by Steve
    I have a simple search form in rails 3 that has two date fields. I'm having a problem getting these dates into my mysql db. I've tried using the american_date gem, specifying date formats in my initializers, in the config/locales/en.yml file, and directly on the date on the date fields themselves. Currently, I'm setting the rails-approved date format in the view - <%= f.text_field :depart_date, :value=> Date.today.strftime('%Y-%m-%d') %> The dateformat in my DB is also YYYY-mm-dd, so things should be going smoothly. The console tells me that the two date fields are both class = "Date" I think I've found the disconnect. From the logs - Started POST "/searches" for 127.0.0.1 at 2013-10-30 17:43:26 -0400 Processing by SearchesController#create as HTML Parameters: {"utf8"=>"v","search"=>{"depart_date"=>"2013-10-30", "return_date"=>"2013-11-09"} ?[1m?[35m (0.0ms)?[0m BEGIN ?[1m?[36mSQL (0.0ms)?[0m ?[1mINSERT INTO `searches` (`depart_date`,`return_date`) VALUES ('2013-30-10','2013-09-11')?[0m ?[1m?[35m (2.0ms)?[0m COMMIT Note that the month and day values are switched in the insert statement. How can I prevent this from happenening?

    Read the article

  • Script dies, I'm not sure why

    - by Webnet
    I'm trying to parse a 6,000 line 500 KB file into an array so I can import the data into our system. The problem is that the script stops executing somewhere between lines 3000-4000. There are no breaks in the code, we use it on other imports. Any ideas on why this might be happening and what I can do to prevent it? /** * Takes a seperated value string and makes it an array * @param $delimiter string The delimiter to be seperated by, usually a comma or tab * @param $string string The string to seperate * @return array The resulting array */ public function svToArray ($delimiter, $string) { $x = 0; $rowList = array(); $splitContent = preg_split("#\n+#", trim($string)); foreach ($splitContent as $key => $value) { $newData = preg_split("#".$delimiter."#", $value); if ($x == 0) { $headerValues = array_values($newData); } else { $tempRow = array(); foreach ($newData as $rowColumnKey => $rowColumnValue) { $tempRow[$headerValues[$rowColumnKey]] = $rowColumnValue; } $rowList[] = $tempRow; } $x++; } return $rowList; }

    Read the article

  • Encouter error "Linux ip -6 addr add failed" while setting up OpenVPN client

    - by Mickel
    I am trying to set up my router to use OpenVPN and have gotten quite far (I think), but something seems to be missing and I am not sure what. Here is my configuration for the client: client dev tun proto udp remote ovpn.azirevpn.net 1194 remote-random resolv-retry infinite auth-user-pass /tmp/password.txt nobind persist-key persist-tun ca /tmp/AzireVPN.ca.crt remote-cert-tls server reneg-sec 0 verb 3 OpenVPN client log: Nov 8 15:45:13 rc_service: httpd 15776:notify_rc start_vpnclient1 Nov 8 15:45:14 openvpn[27196]: OpenVPN 2.3.2 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Nov 1 2013 Nov 8 15:45:14 openvpn[27196]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Nov 8 15:45:14 openvpn[27196]: Socket Buffers: R=[116736->131072] S=[116736->131072] Nov 8 15:45:14 openvpn[27202]: UDPv4 link local: [undef] Nov 8 15:45:14 openvpn[27202]: UDPv4 link remote: [AF_INET]178.132.75.14:1194 Nov 8 15:45:14 openvpn[27202]: TLS: Initial packet from [AF_INET]178.132.75.14:1194, sid=44d80db5 8b36adf9 Nov 8 15:45:14 openvpn[27202]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Nov 8 15:45:14 openvpn[27202]: VERIFY OK: depth=1, C=RU, ST=Moscow, L=Moscow, O=Azire Networks, OU=VPN, CN=Azire Networks, name=Azire Networks, [email protected] Nov 8 15:45:14 openvpn[27202]: Validating certificate key usage Nov 8 15:45:14 openvpn[27202]: ++ Certificate has key usage 00a0, expects 00a0 Nov 8 15:45:14 openvpn[27202]: VERIFY KU OK Nov 8 15:45:14 openvpn[27202]: Validating certificate extended key usage Nov 8 15:45:14 openvpn[27202]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Nov 8 15:45:14 openvpn[27202]: VERIFY EKU OK Nov 8 15:45:14 openvpn[27202]: VERIFY OK: depth=0, C=RU, ST=Moscow, L=Moscow, O=AzireVPN, OU=VPN, CN=ovpn, name=ovpn, [email protected] Nov 8 15:45:15 openvpn[27202]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Nov 8 15:45:15 openvpn[27202]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Nov 8 15:45:15 openvpn[27202]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Nov 8 15:45:15 openvpn[27202]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Nov 8 15:45:15 openvpn[27202]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA Nov 8 15:45:15 openvpn[27202]: [ovpn] Peer Connection Initiated with [AF_INET]178.132.75.14:1194 Nov 8 15:45:17 openvpn[27202]: SENT CONTROL [ovpn]: 'PUSH_REQUEST' (status=1) Nov 8 15:45:17 openvpn[27202]: PUSH: Received control message: 'PUSH_REPLY,ifconfig-ipv6 2a03:8600:1001:4010::101f/64 2a03:8600:1001:4010::1,route-ipv6 2000::/3 2A03:8600:1001:4010::1,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 194.1.247.30,tun-ipv6,route-gateway 178.132.77.1,topology subnet,ping 3,ping-restart 15,ifconfig 178.132.77.33 255.255.255.192' Nov 8 15:45:17 openvpn[27202]: OPTIONS IMPORT: timers and/or timeouts modified Nov 8 15:45:17 openvpn[27202]: OPTIONS IMPORT: --ifconfig/up options modified Nov 8 15:45:17 openvpn[27202]: OPTIONS IMPORT: route options modified Nov 8 15:45:17 openvpn[27202]: OPTIONS IMPORT: route-related options modified Nov 8 15:45:17 openvpn[27202]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Nov 8 15:45:17 openvpn[27202]: TUN/TAP device tun0 opened Nov 8 15:45:17 openvpn[27202]: TUN/TAP TX queue length set to 100 Nov 8 15:45:17 openvpn[27202]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=1 Nov 8 15:45:17 openvpn[27202]: /usr/sbin/ip link set dev tun0 up mtu 1500 Nov 8 15:45:18 openvpn[27202]: /usr/sbin/ip addr add dev tun0 178.132.77.33/26 broadcast 178.132.77.63 Nov 8 15:45:18 openvpn[27202]: /usr/sbin/ip -6 addr add 2a03:8600:1001:4010::101f/64 dev tun0 Nov 8 15:45:18 openvpn[27202]: Linux ip -6 addr add failed: external program exited with error status: 254 Nov 8 15:45:18 openvpn[27202]: Exiting due to fatal error Any ideas are most welcome!

    Read the article

  • PHP Error / Mk-livestatus in Nagvis

    - by tod
    I have Nagios and Nagvis installed via Debian packages, but when I run Nagvis and try to get into the "General Configuration" menu I get this error Error: (0) Array to string conversion (/usr/share/nagvis/share/server/core/classes/WuiViewEditMainCfg.php:126) #0 /usr/share/nagvis/share/server/core/classes/WuiViewEditMainCfg.php(126): nagvisExceptionErrorHandler(8, 'Array to string...', '/usr/share/nagv...', 126, Array) #1 /usr/share/nagvis/share/server/core/classes/WuiViewEditMainCfg.php(44): WuiViewEditMainCfg->getFields() #2 /usr/share/nagvis/share/server/core/classes/CoreModMainCfg.php(56): WuiViewEditMainCfg->parse() #3 /usr/share/nagvis/share/server/core/functions/index.php(120): CoreModMainCfg->handleAction() #4 /usr/share/nagvis/share/server/core/ajax_handler.php(63): require('/usr/share/nagv...') #5 {main} I'm also having an issue with backends in Nagvis. check-mk-livestatus is installed, but I get this error when hovering over items: Problem (backend: live_1): Unable to connect to the /var/lib/nagios3/rw/live in backend live_1: Connection refused Or when trying to add things: Unable to fetch data from backend - falling back to input field. /var/lib/nagios3/rw/ exists, but there is no "live" file. I'm really not sure what is going on, especially since these were all Debian packages... Here is the most relevant part of the nagvis.ini.php: ; ---------------------------- ; Backend definitions ; ---------------------------- ; Example definition of a livestatus backend. ; In this case the backend_id is live_1 ; The path /usr/local/nagios/var/rw has to exist [backend_live_1] backendtype="mklivestatus" ; The status host can be used to prevent annoying timeouts when a backend is not ; reachable. This is only useful in multi backend setups. ; ; It works as follows: The assumption is that there is a "local" backend which ; monitors the host of the "remote" backend. When the remote backend host is ; reported as UP the backend is queried as normal. ; When the remote backend host is reported as "DOWN" or "UNREACHABLE" NagVis won't ; try to connect to the backend anymore until the backend host gets available again. ; ; The statushost needs to be given in the following format: ; "<backend_id>:<hostname>" -> e.g. "live_2:nagios" ;statushost="" socket="unix:/var/lib/nagios3/rw/live" There is nothing relating to 'backends' or 'mklivestatus' in /var/log/nagios3/nagios.log Any help would be much appreciated

    Read the article

  • Can't ssh tunnel to access a remote mysql server

    - by hobbes3
    I can't seem to figure out why I can't use ssh tunnel to connect to my remote MySQL server. I do ssh tunnel with [hobbes3@hobbes3] ~ $ ssh linode -L 3307:localhost:3306 Then on another terminal, I try [hobbes3@hobbes3] ~ $ mysql -h localhost -P 3307 -u root --protocol=tcp -p Enter password: ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 2 On the server, it shows this: root@li534-120 ~ # channel 4: open failed: connect failed: Connection refused Here is my my.cnf on the server: [mysqld] # Settings user and group are ignored when systemd is used (fedora >= 15). # If you need to run mysqld under different user or group, # customize your systemd unit file for mysqld according to the # instructions in http://fedoraproject.org/wiki/Systemd user=mysql datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock # Disabling symbolic-links is recommended to prevent assorted security risks symbolic-links=0 # Semisynchronous Replication # http://dev.mysql.com/doc/refman/5.5/en/replication-semisync.html # uncomment next line on MASTER ;plugin-load=rpl_semi_sync_master=semisync_master.so # uncomment next line on SLAVE ;plugin-load=rpl_semi_sync_slave=semisync_slave.so # Others options for Semisynchronous Replication ;rpl_semi_sync_master_enabled=1 ;rpl_semi_sync_master_timeout=10 ;rpl_semi_sync_slave_enabled=1 # http://dev.mysql.com/doc/refman/5.5/en/performance-schema.html ;performance_schema [mysqld_safe] log-error=/var/log/mysqld.log pid-file=/var/run/mysqld/mysqld.pid [mysqld] port = 3306 socket=/var/lib/mysql/mysql.sock skip-external-locking key_buffer_size = 64M max_allowed_packet = 128M sort_buffer_size = 512K net_buffer_length = 8K read_buffer_size = 256K read_rnd_buffer_size = 512K myisam_sort_buffer_size = 8M thread_cache = 8 max_connections = 25 query_cache_size = 16M table_open_cache = 1024 table_definition_cache = 1024 tmp_table_size = 32M max_heap_table_size = 32M bind-address = 0.0.0.0 Now sure if this helps but here is the MySQL user list: mysql> select * from mysql.user; +-----------+------+-------------------------------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+------------------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+--------+-----------------------+ | Host | User | Password | Select_priv | Insert_priv | Update_priv | Delete_priv | Create_priv | Drop_priv | Reload_priv | Shutdown_priv | Process_priv | File_priv | Grant_priv | References_priv | Index_priv | Alter_priv | Show_db_priv | Super_priv | Create_tmp_table_priv | Lock_tables_priv | Execute_priv | Repl_slave_priv | Repl_client_priv | Create_view_priv | Show_view_priv | Create_routine_priv | Alter_routine_priv | Create_user_priv | Event_priv | Trigger_priv | Create_tablespace_priv | ssl_type | ssl_cipher | x509_issuer | x509_subject | max_questions | max_updates | max_connections | max_user_connections | plugin | authentication_string | +-----------+------+-------------------------------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+------------------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+--------+-----------------------+ | localhost | root | *664328D3C5E263F4FB25185681AAE7E92B01B2B0 | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | | | | | 0 | 0 | 0 | 0 | | | | 127.0.0.1 | root | *664328D3C5E263F4FB25185681AAE7E92B01B2B0 | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | | | | | 0 | 0 | 0 | 0 | | | | ::1 | root | *664328D3C5E263F4FB25185681AAE7E92B01B2B0 | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | | | | | 0 | 0 | 0 | 0 | | | +-----------+------+-------------------------------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+------------------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+--------+-----------------------+ 3 rows in set (0.00 sec) I read about how MySQL treats localhost vs 127.0.0.1 as connecting via a socket or TCP, respectively. But I'm starting to get confused on what's really going on or if socket vs TCP is even the issue. Thanks in advance and I'm open for any tips and suggestions! Some more info: My MySQL client, running OS X 10.8.4, is mysql Ver 14.14 Distrib 5.6.10, for osx10.8 (x86_64) using EditLine wrapper My MySQL server, running on CentOS 6.4 32-bit, is mysql> SHOW VARIABLES LIKE "%version%"; +-------------------------+--------------------------------------+ | Variable_name | Value | +-------------------------+--------------------------------------+ | innodb_version | 1.1.8 | | protocol_version | 10 | | slave_type_conversions | | | version | 5.5.28 | | version_comment | MySQL Community Server (GPL) by Remi | | version_compile_machine | i686 | | version_compile_os | Linux | +-------------------------+--------------------------------------+ 7 rows in set (0.00 sec)

    Read the article

  • How to allow local LAN access while connected to Cisco VPN?

    - by Ian Boyd
    How can I maintain local LAN access while connected to Cisco VPN? When connecting using Cisco VPN, the server has to ability to instruct the client to prevent local LAN access. Assuming this server-side option cannot be turned off, how can allow local LAN access while connected with a Cisco VPN client? I used to think it was simply a matter of routes being added that capture LAN traffic with a higher metric, for example: Network Destination Netmask Gateway Interface Metric 10.0.0.0 255.255.0.0 10.0.0.3 10.0.0.3 20 <--Local LAN 10.0.0.0 255.255.0.0 192.168.199.1 192.168.199.12 1 <--VPN Link And trying to delete the 10.0.x.x -> 192.168.199.12 route don't have any effect: >route delete 10.0.0.0 >route delete 10.0.0.0 mask 255.255.0.0 >route delete 10.0.0.0 mask 255.255.0.0 192.168.199.1 >route delete 10.0.0.0 mask 255.255.0.0 192.168.199.1 if 192.168.199.12 >route delete 10.0.0.0 mask 255.255.0.0 192.168.199.1 if 0x3 And while it still might simply be a routing issue, attempts to add or delete routes fail. At what level is Cisco VPN client driver doing what in the networking stack that takes overrides a local administrator's ability to administer their machine? The Cisco VPN client cannot be employing magic. It's still software running on my computer. What mechanism is it using to interfere with my machine's network? What happens when an IP/ICMP packet arrives on the network? Where in the networking stack is the packet getting eaten? See also No internet connection with Cisco VPN Cisco VPN Client interrupts connectivity to my LDAP server Cisco VPN stops Windows 7 Browsing How can I prohibit the creation of a route in Windows XP upon connection to Cisco VPN? Rerouting local LAN and Internet traffic when in VPN VPN Client "Allow local LAN Access" Allow Local LAN Access for VPN Clients on the VPN 3000 Concentrator Configuration Example LAN access gone when I connect to VPN Windows XP Documentation: Route Edit: Things I've not yet tried: >route delete 10.0.* Update: Since Cisco has abandoned their old client, in favor of AnyConnect (HTTP SSL based VPN), this question, unsolved, can be left as a relic of history. Going forward, we can try to solve the same problem with their new client.

    Read the article

  • How to reinstall Mac OS X on OS X/Linux dual-boot system?

    - by strangeronyourtrain
    My setup: I have a MacBook Pro 5,5 with a Mac OS X Snow Leopard partition and a Linux partition. I use rEFIt to boot into Linux. I didn't use Boot Camp when I originally installed Linux; instead, I manually created the partition (with either Disk Utility in OS X or Gparted on a Linux live CD--I don't recall which one) and then installed Linux on it from a live CD. The problem: My OS X partition is corrupt, and I need to reinstall Snow Leopard. Since I installed rEFIt from within OS X, I'm concerned that wiping the OS X partition will prevent me from booting into my Linux partition. How can I do this without losing access to my Linux partition? Is it possible to install Snow Leopard on the partition I reserved for it, or will it automatically overwrite the entire drive? And if I do the fresh OS X install and then install rEFIt again, will it automatically recognize my Linux partition? Thanks for any tips! Specs: MacBook Pro 5,5 (Mid-2009); Snow Leopard 10.6.7/64-bit Sabayon Linux, 2.6.36 kernel EDIT/UPDATE: Thanks, but the situation has taken a more complicated turn: I tried to reinstall Snow Leopard from the DVD, but it refused to install onto my Mac partition, claiming: "The disk cannot be used to start up your computer." Disk Utility wouldn't let me resize the partition or create a new one, and it doesn't see my Linux partition. It only displays the two partitions "Macintosh HD" and Linux Swap. I can, however, see all the partitions from Linux. This is the partition table as shown in Gparted: And the output of "fdisk -l" is: WARNING: GPT (GUID Partition Table) detected on '/dev/sda'! The util fdisk doesn't support GPT. Use GNU Parted. Disk /dev/sda: 250.1 GB, 250059350016 bytes 255 heads, 63 sectors/track, 30401 cylinders, total 488397168 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x00000000 Device Boot Start End Blocks Id System /dev/sda1 1 409639 204819+ ee GPT /dev/sda2 409640 349590464 174590412+ af HFS / HFS+ /dev/sda3 483122745 488392064 2634660 82 Linux swap / Solaris /dev/sda4 * 349590465 483122744 66766140 83 Linux Partition table entries are not in disk order I wonder if this is because I originally partitioned my disk with Gparted instead of OS X's Disk Utility (at this point, I don't recall whether I used Gparted or Disk Utility). In any case, it doesn't seem safe to do any reformatting with Disk Utility now, as I'm afraid it will wipe sda2 ("Macintosh HD") as well as sda4 (my Linux partition). So... I'm hoping to find a solution that doesn't involve wiping my entire hard disk. Would it be safe/possible to use Gparted to erase sda2 ("Macintosh HD") and then use the Snow Leopard DVD to install OS X onto [I]just[/I] sda2 without touching the other partitions? Thanks for any insight!

    Read the article

  • Breaking the Outlook 2010 e-mail blue quote line for inline responses

    - by Jez
    This has to be the most infuriating regression from Outlook 2003 to 2007. It also exists the same in Outlook 2010, as far as I can tell. When you reply to an HTML e-mail message in Outlook, the quoted text has a blue line down the side, and is usually at the bottom of the message: Now in Outlook 2003, when replying to HTML-formatted messages in Outlook, you used to be able to reply inline quite easily, by getting to the point in the quoted message you wanted to reply to, and pressing the 'decrease indent' button: Since Outlook 2007 (and 2010), they replaced the e-mail editor with Microsoft Word. This means the blue line is implemented in a different way; it uses a blue left border. This makes it tougher to break the line up. After much ado, I found a couple of pages that said that you could remove all formatting by pressing ctrl-Q, which would remove the blue line next to the cursor and allow inline replies: OK, not too bad on the face of it. I can live with that. But here's the kick in the teeth; try sending that mail. I'll send it to myself. What do I receive? This: Outlook 2010 reinstated the blue line, where I had removed it, upon my sending the e-mail! For God's sake! The two pages I linked to above don't seem to address Outlook's reinstating of the blue line upon sending. So, does anyone know how you can actually reply inline in Outlook 2010 (or Outlook 2007) e-mail without the blue line being reinstated? Before anyone says, I do not want to convert the message to plaintext, and I do not want to just indent replies and have to manually build the blue line myself. I want something like the Outlook 2003 behaviour; I reply, Outlook creates the blue line, and I can break it up with inline replies, send it, and my inline formatting stays. My hopes aren't high - Microsoft seem to have gone to some trouble to actively prevent inline replies here, for some reason - but I'd appreciate anyone's insights. Cheers!

    Read the article

  • What is a good layout for a somewhat advanced home network and storage solution?

    - by Shaun
    My home network/storage needs are changing and I am searching for some opinions and starting points on what a good network/storage layout would be that can serve my needs for a few years into the future. I think I have a decent starting point for equipment, but I am also willing to invest fairly heavily in a solution that can last me for a while. I am a bit of a tech nerd and I have a moderate tolerance for setup of the solution. I would prefer if maintenance of the system is somewhat low once it is setup, but I am willing to accept some tradeoffs. Existing equipment: Router - Netgear WNDR3700 (gigabit) Router - DLink Gamerlounge DGL-4300 (gigabit) Switch - 16 port Trendnet green switch (gigabit) Switch - 5 port Trendnet green (gigabit) Computer - i7-950 office computer (gigabit ethernet) Computer - Q6600 quad core media center, hooked up to TV, records shows (gigabit ethernet) Computer - Acer 1810T ultraportable laptop (gigabit and N ethernet) NAS - Intel SS4200-E (gigabit) External hard drive - 2TB WD Green drive (esata) All kinds of miscellaneous network connected TV, Bluray, Verizon network extender, HDhomerun TV tuners, etc. Requirements: -Robust backup solution for a growing collection of huge family picture files and personal files, around 1.5TB. (Including offsite backup) -Central location for all user's files, while also keeping them secure from each other. -Storage for terabytes of movie backups and recorded TV, and access to them from all computers (maybe around 4TB eventually) -Possibility to host files to friends and family easily Nice to have: -Backup of terabytes of movie backups Intriguing possibilities: -Capability to have users' Windows desktops and files look the same from all network computers I am not sure if the new Windows Home Server 2011 would fit into this well, if I need a domain server, how best to organize my backups, or how to most effectively use RAID. Currently I am simply backing up all computers to a RAID 1 on the NAS box, which I was thinking could prevent a situation where I reach for a backup and find that the disk is corrupt. One possibility that I am thinking about now is simply using my media center PC with a huge RAID of hard drives on which all files are stored. Pseudo-backup of all files would be present because of the RAID, but important files would also be backed up off site via carrying hard drives to work. But what if corruption seeps into the files and the corrupted data is then backed up? Does RAID protect against this? I really want to take next to zero risks with the irreplaceable files. I can handle some degree of risk with the movies and other files. I'm looking for critiques on this idea as well as other possibilities. To summarize, my goal is high functionality, media capable, and robust backup of irreplaceable files.

    Read the article

  • Windows Server 2003 IPSec Tunnel Connected, But Not Working (Possibly NAT/RRAS Related)

    - by Kevinoid
    Configuration I have setup a "raw" IPSec tunnel between a Windows Server 2003 (SBS) machine and a Netgear FVG318 according to the instructions in Microsoft KB816514. The configuration is as follows (using the same conventions as the article): NetA | SBS2003 | FVG318 | NetB 10.0.0.0/24 | 216.x.x.x | 69.y.y.y | 10.0.254.0/24 Both the Main Mode and Quick Mode Security Associations are successfully completed and appear in the IP Security Monitor. I am also able to ping the SBS2003 server on its private address from any computer on NetB. The Problem Any traffic sent from a computer on NetA to NetB, or from SBS2003 to NetB (excluding ICMP Ping responses), is sent out on the public network interface outside the IPSec tunnel (no encryption or header authentication, as if the tunnel were not there). Pings sent from a computer on NetB to a computer on NetA successfully reach computers on NetA, but the responses are silently discarded by SBS2003 (they do not go out in the clear and do not generate any encrypted traffic). Possible Solutions Incorrect Configuration I could have mistyped something, somewhere, or KB816514 could be incorrect in some way. I have tried very hard to eliminate the first option. Have re-created the configuration several times, tried tweaking and adjusting all the settings I could without success (most prevent the SA from being established). NAT/RRAS I have seen multiple posts elsewhere suggesting that this could be due to interaction between NAT and the IPSec filters. Possibly the NetA private addresses get rewritten to 216.x.x.x before being compared with the Quick Mode IPSec filters and don't get tunneled because of the mismatch. In fact, The Cable Guy article from June 2005 "TCP/IP Packet Processing Paths" suggests that this is the case, (see step 2 and 4 of the Transit Traffic path). If this is the case, is there a way to exclude NetA-NetB traffic from NAT? Any thoughts, ideas, suggestions, and/or comments are appreciated. Update (2011-06-26) After failing to solve the problem, I resorted to paid Microsoft support. They were unable to solve the problem. Since then I have implemented a solution based on Linux that is working quite well. I will attempt to evaluate any proposed answers as best I can, but current configurations and time constraints will make this slow...

    Read the article

  • DNSBL listed at zen.spamhaus.org - cant get outgoing mail working? Am I interpreting the response correctly?

    - by Joe Hopfgartner
    I have problem with a mailserver and there is something I kind of not understand! I can connect, authenticate, specify the sender address - but when specifying the reciever i get a error 550 which looks like so: RCPT TO:[email protected] 550-DNSBL listed at zen.spamhaus.org 550 http://www.spamhaus.org/query/bl?ip=62.178.15.161 Now the strange thing is that 62.178.15.161 is my local client address. Not the servers ip address. Also the error code 550 seems to be defined as so: 550 Requested action not taken: mailbox unavailable To me that makes totally no sense. Why this error code with this spamhaus message? Why the local ip adress and not the servers? There is exim running and there is nothing turning up in the logs mail.err mail.info mail.log mail.warn in /var/log I looked up both the servers and the clients ip adress on blacklists. The clients ip adress is listed on some (as expected), but the server is totally clean. Here is the complete telnet log when I reproduced the error. Mail clients like Evolution and Thunderbird give me the same spamhaus error message. joe@joe-desktop:~$ telnet mail.hunsynth.org 25 Trying 193.164.132.42... Connected to mail.hunsynth.org. Escape character is '^]'. 220 hunsynth.org ESMTP Exim 4.69 Sat, 01 Jan 2011 17:52:45 +0100 HELP 214-Commands supported: 214 AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP EHLO AUTH 250-hunsynth.org Hello chello062178015161.6.11.univie.teleweb.at [62.178.15.161] 250-SIZE 52428800 250-PIPELINING 250-AUTH PLAIN LOGIN CRAM-MD5 250-STARTTLS 250 HELP AUTH LOGIN 334 VXNlcm5hbWU6 dGVzdEBodW5zeW50aC5vcmc= 334 UGFzc3dvcmQ6 ***** 235 Authentication succeeded MAIL FROM:[email protected] 250 OK RCPT TO:[email protected] 550-DNSBL listed at zen.spamhaus.org 550 http://www.spamhaus.org/query/bl?ip=62.178.15.161 quit 221 hunsynth.org closing connection Connection closed by foreign host. joe@joe-desktop:~$ Update: I tried the same thing from my other server and could successfully send an email. So it really looks like the server does check the IP wich establiches the connection is in some blacklist. This is theoretically a good thing - but - the authentication on the server should prevent that? Or shouldn't it? Well I just think it would be absurd if I couldn't send email over my smtp server from my dynamic ISP connection because the dynamic is listed, altough i have a clean server with login?

    Read the article

  • Effect of HOME on libreoffice to convert to pdf as non-root user

    - by user1032531
    I installed libreoffice-headless and can convert documents when logged on as root. I then tried doing so as another user, and it didn't show an error, but didn't convert the file. I then found that if I get rid of the HOME=/tmp/ayb, it works with the other user. Doesn't HOME=/tmp/ayb just allow files to default to this directory if not specified? (Sorry, I tried to search "Linux HOME", but as you probably expect, received a bunch of non-relevant results). If not, what is the purpose of specifying HOME? Why does setting HOME prevent it from converting on non-root users? Note that /tmp and /tmp/ayb or both 0777. Thank you [root@desktop ~]# yum install libreoffice-headless [root@desktop ~]# yum install libreoffice-writer [root@desktop ~]# ls -l total 48 -rwxrwxrwx. 1 NotionCommotion NotionCommotion 48128 Jul 30 02:38 document_34.doc [root@desktop ~]# HOME=/tmp/ayb; /usr/bin/libreoffice --headless -convert-to pdf --outdir /tmp/ayb /tmp/ayb/document_34.doc convert /tmp/ayb/document_34.doc -> /tmp/ayb/document_34.pdf using writer_pdf_Export [root@desktop ~]# rm d*.pdf rm: remove regular file `document_34.pdf'? y [root@desktop ~]# /usr/bin/libreoffice --headless -convert-to pdf --outdir /tmp/ayb /tmp/ayb/document_34.doc convert /tmp/ayb/document_34.doc -> /tmp/ayb/document_34.pdf using writer_pdf_Export [root@desktop ~]# rm d*.pdf rm: remove regular file `document_34.pdf'? y [root@desktop ~]# su NotionCommotion sh-4.1$ HOME=/tmp/ayb; /usr/bin/libreoffice --headless -convert-to pdf --outdir /tmp/ayb /tmp/ayb/document_34.doc sh-4.1$ rm d*.pdf rm: cannot remove `d*.pdf': No such file or directory sh-4.1$ /usr/bin/libreoffice --headless -convert-to pdf --outdir /tmp/ayb /tmp/ayb/document_34.doc sh-4.1$ rm d*.pdf rm: cannot remove `d*.pdf': No such file or directory sh-4.1$ exit exit [root@desktop ~]# su NotionCommotion sh-4.1$ /usr/bin/libreoffice --headless -convert-to pdf --outdir /tmp/ayb /tmp/ayb/document_34.doc convert /tmp/ayb/document_34.doc -> /tmp/ayb/document_34.pdf using writer_pdf_Export sh-4.1$ rm d*.pdf sh-4.1$ HOME=/tmp/ayb; /usr/bin/libreoffice --headless -convert-to pdf --outdir /tmp/ayb /tmp/ayb/document_34.doc sh-4.1$ rm d*.pdf rm: cannot remove `d*.pdf': No such file or directory sh-4.1$ /usr/bin/libreoffice --headless -convert-to pdf --outdir /tmp/ayb /tmp/ayb/document_34.doc sh-4.1$ rm d*.pdf rm: cannot remove `d*.pdf': No such file or directory sh-4.1$

    Read the article

  • Ubuntu Natty: 32-bit userland, 64-bit kernel?

    - by dsimcha
    I'm trying to manually install a 64-bit kernel for 32-bit Ubuntu. I have my reasons for doing so, but they're too complicated to explain here. Prior to Natty, this worked fine. Now, on Natty, I get the following error message when I try doing it the same way: dsimcha@dsimcha-laptop:~$ sudo dpkg -i --force-architecture linux-image-2.6.38-8-server_2.6.38-8.42_amd64.deb [sudo] password for dsimcha: dpkg: error processing linux-image-2.6.38-8-server_2.6.38-8.42_amd64.deb (--install): cannot access archive: No such file or directory Errors were encountered while processing: linux-image-2.6.38-8-server_2.6.38-8.42_amd64.deb dsimcha@dsimcha-laptop:~$ cd Downloads/ dsimcha@dsimcha-laptop:~/Downloads$ sudo dpkg -i --force-architecture linux-image-2.6.38-8-server_2.6.38-8.42_amd64.deb dpkg: warning: overriding problem because --force enabled: package architecture (amd64) does not match system (i386) (Reading database ... 159153 files and directories currently installed.) Preparing to replace linux-image-2.6.38-8-server:amd64 2.6.38-8.42 (using linux-image-2.6.38-8-server_2.6.38-8.42_amd64.deb) ... Done. Unpacking replacement linux-image-2.6.38-8-server:amd64 ... Examining /etc/kernel/postrm.d . run-parts: executing /etc/kernel/postrm.d/initramfs-tools 2.6.38-8-server /boot/vmlinuz-2.6.38-8-server run-parts: executing /etc/kernel/postrm.d/zz-update-grub 2.6.38-8-server /boot/vmlinuz-2.6.38-8-server dpkg: dependency problems prevent configuration of linux-image-2.6.38-8-server:amd64: linux-image-2.6.38-8-server:amd64 depends on initramfs-tools (>= 0.36ubuntu6). linux-image-2.6.38-8-server:amd64 depends on coreutils | fileutils (>= 4.0); however: Package coreutils:amd64 is not installed. linux-image-2.6.38-8-server:amd64 depends on module-init-tools (>= 3.3-pre11-4ubuntu3); however: linux-image-2.6.38-8-server:amd64 depends on wireless-crda; however: dpkg: error processing linux-image-2.6.38-8-server:amd64 (--install): dependency problems - leaving unconfigured Errors were encountered while processing: linux-image-2.6.38-8-server:amd64 When I try the dependencies manually, I get, for example: dsimcha@dsimcha-laptop:~/Downloads$ sudo dpkg -i --force-architecture coreutils_8.5-1ubuntu6_amd64.deb dpkg: warning: overriding problem because --force enabled: package architecture (amd64) does not match system (i386) dpkg: error processing coreutils_8.5-1ubuntu6_amd64.deb (--install): coreutils:amd64 8.5-1ubuntu6 (Multi-Arch: no) is not co-installable with coreutils:i386 8.5-1ubuntu6 (Multi-Arch: no) which is currently installed Errors were encountered while processing: coreutils_8.5-1ubuntu6_amd64.deb Has anyone had any success installing 64-bit kernels on 32-bit Natty? If so, how can this be done?

    Read the article

  • Custom initrd init script: how to create /dev/initctl

    - by Posco Grubb
    I have a virtual machine (VMM is Xen 3.3) equipped with two IDE HDD's (/dev/hda and /dev/hdb). The root file system is in /dev/hda1, where Scientific Linux 5.4 is installed. /dev/hdb contains an empty ext2 file system. I want to protect the root file system from writes by the VM by using aufs (AnotherUnionFS) to layer a writable file system on top of the root file system. The changes to / will be written to the file system located on /dev/hdb. (Furthermore, outside the VM, the file backing the /dev/hda will also be set to read-only permissions, so the VMM should also prevent the VM from modifying at that level.) (The purpose of this setup: be able to corrupt a virtual machine using software-implemented fault injection but preserve the file system image in order to quickly reboot the VM to a fault-free state.) How do I get an initrd init script to do the necessary mounts to create the union file system? I've tried 2 approaches: I've tried modifying the nash script that mkinitrd creates, but I don't know what setuproot and switchroot do and how to make them use my aufs as the new root. Apparently, nobody else here knows either. (EDIT: I take that back.) I've tried building a LiveCD (using linux-live-6.3.0) and then modifying the Bash /linuxrc script from the generated initrd, and I got the mounts correct, but the final /sbin/init complains about /dev/initctl. Specifically, my /linuxrc mounts the aufs at /union. The last few lines of /linuxrc effectively do the following: cd /union mkdir -p mnt/live pivot_root . mnt/live exec sbin/chroot . sbin/init </dev/console >/dev/console 2>&1 When init starts, it outputs something like init: /dev/initctl: No such file or directory. What is supposed to create this FIFO? I found no such filename in the original linuxrc and liblinuxlive scripts. I tried creating it via "mkfifo /dev/initctl", but then init complained about a timeout opening or writing to the FIFO. Would appreciate any help or pointers. Thanks.

    Read the article

  • How to solve/disable spam sending with my postfix server on linux

    - by Dukla
    I am quite new in setting up e-mail server on linux - I barely set up the whole think to get it working and connected it with my domain and php script which uses PHPMailer 5.2.1. In my setting I am using smtp server from my web provider (domain) and all e-mail which are not defined (trash) are sent on one simple address like I have address [email protected]. So when somebody will send email to [email protected] it will be forwarded again to [email protected] even in case of failure. I am receiving emails like: Hi. This is the qmail-send program at comercio.interone.com.br. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. <[email protected]>: Sorry, no mailbox here by that name. (#5.1.1) --- Below this line is a copy of the message. Return-Path: <[email protected]> Received: (qmail 49156 invoked from network); 25 Jun 2012 07:34:57 -0300 Received: from unknown (HELO S0106602ad08df877.no.shawcable.net) (70.66.34.103) by hosting.interone.com.br with SMTP; 25 Jun 2012 07:34:57 -0300 Message-Id: <20120625034039.B45C12DCC3B13A22F261@GANDERTO-015445> From: Ezra Whitehead <[email protected]> To: toa <[email protected]> Reply-To: Jamey Mcconnell <[email protected]> Subject: Welcome toa Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Visit our shop http://44090.medicneed.ru/ 113B726C73560AA41A68163AA474D5F1476 0225770686522678 As you can see there is line From: Ezra Whitehead <[email protected]> I am sure I did not send this email from my domain.com with some Davis8FB name and some russian page. This is just one of many and only NOT-delivered e-mails - there can be much more which has been sent successfully! What do I have wrong in my settings? How can I make it right? What should I do to prevent these messages to send? Where should I look? Thank you all.

    Read the article

  • Using OpenVPN, yet netflix.com blocks access

    - by user837848
    I have set up an OpenVPN server on a VPS in the USA and configured it to route all clients traffic through it. Everything seems to work fine regarding the VPN connection in gerneral. All ip lookup sites show me the us server's ip address and even hulu.com works(it won't work if you are not in the usa). But for some reason netflix.com says "Sorry, Netflix is not available in your country yet.". So I thought that netflix probably uses some more sophisticated ways to determine your location beyond just your ip address. But I could not find a way to get it to work until I dropped the idea of using a VPN and instead connected to the server via a simple socks tunnel with ssh by running: ssh -D 9999 user@serverip All I had to do was changing the key network.proxy.socks_remote_dns in Firefox from false to true to prevent DNS leaks and setting up the socks proxy. Then I could finally watch netflix.com. As a result I concluded that there is nothing in the browser(or something like system timezone) that tells netflix the location, so it has to have something to do with the OpenVPN config. After that I used tcpdump to log all the traffic on the server's network interface venet0 (OpenVZ VPS), visited netflix.com on the client while first connected to the VPN and then connected via socks tunnel and afterwards compared both outputs. The only thing that caught my eye was that while using the socks tunnel the server mainly used ipv6 to connect to netflix whereas it only used ipv4 when the client was connected to the OpenVPN server. But I don't get how that could make such a difference. So what am I missing? Is there a way to configure OpenVPN to also use ipv6 to connect to a website although there is only an ipv4 connection between the VPS and the client? Here is the server.conf of the OpenVPN server (OpenVZ VPS) local serverip port 443 proto tcp dev tun ca ./easy-rsa2/keys/ca.crt cert ./easy-rsa2/keys/vps1.crt key ./easy-rsa2/keys/vps1.key # This file should be kept secret dh ./easy-rsa2/keys/dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" client-to-client keepalive 10 120 tls-auth ta.key 0 # This file is secret cipher AES-256-CBC comp-lzo max-clients 4 user nobody group nogroup persist-key persist-tun status openvpn-status.log log-append openvpn.log verb 3 iptables forwarding iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j SNAT --to-source serverip (enabled ipv4 forwarding) I have tried everything always on a Win7 and a Debian client with only ipv4 connections and always made sure that they use the correct DNS server (tested with ipleak.net and tcpdump / wireshark). client.conf: client dev tun proto tcp remote serverip 443 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client.crt key client.key ns-cert-type server tls-auth ta.key 1 cipher AES-256-CBC comb-lzo verb 3

    Read the article

  • Apache2 return 404 for proxy requests before reaching WSGI

    - by Alejandro Mezcua
    I have a Django app running under Apache2 and mod_wsgi and, unfortunately, lots of requests trying to use the server as a proxy. The server is responding OK with 404 errors but the errors are generated by the Django (WSGI) app, which causes a high CPU usage. If I turn off the app and let Apache handle the response directly (send a 404), the CPU usage drops to almost 0 (mod_proxy is not enabled). Is there a way to configure Apache to respond directly to this kind of requests with an error before the request hits the WSGI app? I have seen that maybe mod_security would be an option, but I'd like to know if I can do it without it. EDIT. I'll explain it a bit more. In the logs I have lots of connections trying to use the server as a web proxy (e.g. connections like GET http://zzz.zzz/ HTTP/1.1 where zzz.zzz is an external domain, not mine). This requests are passed on to mod_wsgi which then return a 404 (as per my Django app). If I disable the app, as mod_proxy is disabled, Apache returns the error directly. What I'd finally like to do is prevent Apache from passing the request to the WSGI for invalid domains, that is, if the request is a proxy request, directly return the error and not execute the WSGI app. EDIT2. Here is the apache2 config, using VirtualHosts files in sites-enabled (i have removed email addresses and changed IPs to xxx, change the server alias to sample.sample.xxx). What I'd like is for Apache to reject any request that doesn't go to sample.sample.xxx with and error, that is, accept only relative requests to the server or fully qualified only to the actual ServerAlias. default: <VirtualHost *:80> ServerAdmin [email protected] ServerName X.X.X.X ServerAlias X.X.X.X DocumentRoot /var/www/default <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options FollowSymLinks AllowOverride None Order allow,deny allow from all </Directory> ErrorDocument 404 "404" ErrorDocument 403 "403" ErrorDocument 500 "500" ErrorLog ${APACHE_LOG_DIR}/error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> actual host: <VirtualHost *:80> ErrorDocument 404 "404" ErrorDocument 403 "403" ErrorDocument 500 "500" WSGIScriptAlias / /var/www/sample.sample.xxx/django.wsgi ServerAdmin [email protected] ServerAlias sample.sample.xxx ServerName sample.sample.xxx CustomLog /var/www/sample.sample.xxx/log/sample.sample.xxx-access.log combined Alias /robots.txt /var/www/sample.sample.xxx/static/robots.txt Alias /favicon.ico /var/www/sample.sample.xxx/static/favicon.ico AliasMatch ^/([^/]*\.css) /var/www/sample.sample.xxx/static/$1 Alias /static/ /var/www/sample.sample.xxx/static/ Alias /media/ /var/www/sample.sample.xxx/media/ <Directory /var/www/sample.sample.xxx/static/> Order deny,allow Allow from all </Directory> <Directory /var/www/sample.sample.xxx/media/> Order deny,allow Allow from all </Directory> </VirtualHost>

    Read the article

  • Dual booting Windows 7 & 8.1, using the Windows 8 Startup Options Menu, when Windows 8.1 is already installed and you want to add Windows 7

    - by Josh
    There are many excellent guides out there that explain how to dual-boot Windows 7 & 8. However, they are written for people starting with a Windows 7 installation and add a Windows 8 installation to separate partition. From what I'm reading, following this procedure will result in Windows 8 installing and configuring the Startup Options Menu with an option to boot Windows 7 & 8. However, in my situation I have a Windows 8.1 machine that I want to install Windows 7 on, and enable dual-boot, where I can use the Startup Options Menu to select the OS to boot. I haven't been able to determine how to do this. From everything I've been able to find, it looks like if I install Windows 7, it is going to take over the boot loader process, and I won't have access to the Windows 8 "Startup Options Menu." This answer suggests I boot to VHD, but notes a drawback: You can't do this if the C:\drive is encrypted using ANY encryption shceme. Be that BitLocker or 3rd party. The location of the .VHD file you are booting to must reside on an unencrypted volume. Well, that's a bummer, because that's exactly what I wanted to do--I wanted my Windows 7 partition to be encrypted, and my Windows 8 partition to also be encrypted. The idea being that when OS was booted, it was completely locked out from accessing data on the other OS's partition. At this point, I'm thinking my only option is to install Windows 7, and then re-install Windows 8, which will give me the dual-boot option... am I right? Or is there a way to make this work. I'm thinking that I would need to figure out a process like this: Configure the Windows Startup Options Menu with a "blank" entry for Windows 7, pointing to an empty partition Insert the Windows 7 installation media, install Windows 7, and somehow restrict it to that partition (i.e., prevent it from "taking over" from the Startup Options Menu" Is this possible, and if so, how can I accomplish this? My concern is that if I simply install Windows 7 to a separate partition, Windows 7 will take over the entire boot process and I won't be able to get to my Windows 8 installation any more.

    Read the article

  • nginx, php-cgi and "No input file specified."

    - by Stephen Belanger
    I'm trying to get nginx to play nice with php-cgi, but it's not quite working how I'd like. I'm using some set variables to allow for dynamic host names--basically anything.local. I know that stuff is working because I can access static files properly, however php files don't work. I get the standard "No input file specified." error which normally occurs when the file doesn't exist, but it definitely does exist and the path is correct because I can access the static files in the same path. It could possibly be a permissions thing, but I'm not sure how that could be an issue. I'm running this on Windows under my own user account, so I think it should have permission unless php-cgi is running under a different user without me telling it to. . Here's my config; worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; gzip on; server { # Listen for HTTP listen 80; # Match to local host names. server_name *.local; # We need to store a "cleaned" host. set $no_www $host; set $no_local $host; # Strip out www. if ($host ~* www\.(.*)) { set $no_www $1; rewrite ^(.*)$ $scheme://$no_www$1 permanent; } # Strip local for directory names. if ($no_www ~* (.*)\.local) { set $no_local $1; } # Define default path handler. location / { root ../Users/Stephen/Documents/Work/$no_local.com/hosts/main/docs; index index.php index.html index.htm; # Route non-existent paths through Kohana system router. try_files $uri $uri/ /index.php?kohana_uri=$request_uri; } # pass PHP scripts to FastCGI server listening on 127.0.0.1:9000 location ~ \.php$ { root ../Users/Stephen/Documents/Work/$no_local.com/hosts/main/docs; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi.conf; } # Prevent access to system files. location ~ /\. { return 404; } location ~* ^/(modules|application|system) { return 404; } } }

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 199 200 201 202 203 204 205 206 207 208 209 210  | Next Page >