Search Results

Search found 1461 results on 59 pages for 'blocked'.

Page 33/59 | < Previous Page | 29 30 31 32 33 34 35 36 37 38 39 40 | Next Page >

Reverse proxy with SSL and IP passthrough?

- by Paul

Turns out that the IP of a much-needed new website is blocked from inside our organization's network for reasons that will take weeks to fix. In the meantime, could we set up a reverse proxy on an Internet-based server which will forward SSL traffic and perhaps client IPs to the external site? Load will be light. No need to terminate SSL on the proxy. We may be able to poison DNS so original URL can work. How do I learn if I need URL rewriting? Squid/apache/nginx/something else? Setup would be fastest on Win 2000, but other OSes are OK if that would help. Simple and quick are good since it's a temporary solution. Thanks for your thoughts!

Read the article
Moving Mail between Exchange Mail Queues

- by Eli

We have multiple Microsoft Exchange 2007 nodes and 2 Exchange hubs. One of our users unfortunately had their account compromised, which then sent out several thousand emails before we were able to stop them. During this time, however, several primary mail providers blocked one of our Exchange hubs as a spam source. We now have nearly 500 messages built up on the one hub server waiting to go out to a provider who is currently blocking that hub. I know it is possible to change the location of the mailqueue and I could copy the queue database over from one hub to another and than change the location the HUB is looking at to a different file - let the mail spool out and then change the location back, but I would like a cleaner solution. Therefore, the question: is there a way to quickly and easily move messages from one Exchange hub server to another Exchange hub server?

Read the article
How can I get rid of the long Google results URLs?

- by Teifi

google.com is always shielded by our firewall. When I search something at google.com, a result list appears. Then I click the link, the URL changes to a processed url like: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CDcQFjAA&url=http%3A%2F%2Fwww.amazon.com%2F&ei=PE_AUMLmFKW9iAfrl4HoCQ&usg=AFQjCNGcA9BfTgNdpb6LfcoG0sjA7hNW6A&cad=rjt Then my browser is blocked because of google.com I guess. The only useful information in that long like processed URL is http%3A%2F%2Fwww.amazon.com(http://www.amazon.com). My quesitons: What's the meaning of that long like processed URL? Is there a way to remove the header google.com/url?sa.. each time I click the search results?

Read the article
one of my web hostings is down - only for me - why ?

- by Thomas Traub

My first post here, I am reading / learning a lot, thanks ;). I've got a mysterious issue (for me) and would really appreciate to get it solved. I've rent a reseller package with bibihost.com and it's now the second time that all my domaines the hoster's site are unavailable from my connection (my Mac and my iPhone), (in browser, per FTP, ping, ab, and traceroute) This has never before happened to me with other web addresses. traceroute get's always stuck at a specific server 40g.vss-1-6k.routers.chtix.eu (91.121.131.29) The sites are all up for everyone else, I've checked with downforeveryoneorjustme.com, a homegrown script loaded to another server and montastic.com My question(s) : Why am I blocked ? Is there anything I can do about it ? If I cannot solve this issue I have to change the hoster, but I really would like to know what's going on. my domaines on this server : tienstiens.fr tomlegrand.com

Read the article
Use .htaccess to block *All* access to specific folders.

- by Urda

I am not sure how to do this, but I want to block all access to a specific set of folders on my web server. Say secret01 and secret 02... homeDir |- data |- www | |- .htaccess (file) | |- images | |- js | |- secret01 | |- secret02 | |... |... What rule(s) do I need to add to my root .htaccess file to do this? I want all access from the web blocked from going into these folders, period. Only way one could get to them would be over SFTP or SSH. So what rule am I looking for? I am preferably looking for a one-liner so I can add more folders or move it to another site down the road. I really would prefer if the rule could be placed in the .htaccess root file so I don't have to jump all over the place to lock and unlock folders.

Read the article
How to open a server port outside of an OpenVPN tunnel with a pf firewall on OSX (BSD)

- by Timbo

I have a Mac mini that I use as a media server running XBMC and serves media from my NAS to my stereo and TV (which has been color calibrated with a Spyder3Express, happy). The Mac runs OSX 10.8.2 and the internet connection is tunneled for general privacy over OpenVPN through Tunnelblick. I believe my anonymous VPN provider pushes "redirect_gateway" to OpenVPN/Tunnelblick because when on it effectively tunnels all non-LAN traffic in- and outbound. As an unwanted side effect that also opens the boxes server ports unprotected to the outside world and bypasses my firewall-router (Netgear SRX5308). I have run nmap from outside the LAN on the VPN IP and the server ports on the mini are clearly visible and connectable. The mini has the following ports open: ssh/22, ARD/5900 and 8080+9090 for the XBMC iOS client Constellation. I also have Synology NAS which apart from LAN file serving over AFP and WebDAV only serves up an OpenVPN/1194 and a PPTP/1732 server. When outside of the LAN I connect to this from my laptop over OpenVPN and over PPTP from my iPhone. I only want to connect through AFP/548 from the mini to the NAS. The border firewall (SRX5308) just works excellently, stable and with a very high throughput when streaming from various VOD services. My connection is a 100/10 with a close to theoretical max throughput. The ruleset is as follows Inbound: PPTP/1723 Allow always to 10.0.0.40 (NAS/VPN server) from a restricted IP range >corresponding to possible cell provider range OpenVPN/1194 Allow always to 10.0.0.40 (NAS/VPN server) from any Outbound: Default outbound policy: Allow Always OpenVPN/1194 TCP Allow always from 10.0.0.40 (NAS) to a.b.8.1-a.b.8.254 (VPN provider) OpenVPN/1194 UDP Allow always to 10.0.0.40 (NAS) to a.b.8.1-a.b.8.254 (VPN provider) Block always from NAS to any On the Mini I have disabled the OSX Application Level Firewall because it throws popups which don't remember my choices from one time to another and that's annoying on a media server. Instead I run Little Snitch which controls outgoing connections nicely on an application level. I have configured the excellent OSX builtin firewall pf (from BSD) as follows pf.conf (Apple App firewall tie-ins removed) (# replaced with % to avoid formatting errors) ### macro name for external interface. eth_if = "en0" vpn_if = "tap0" ### wifi_if = "en1" ### %usb_if = "en3" ext_if = $eth_if LAN="{10.0.0.0/24}" ### General housekeeping rules ### ### Drop all blocked packets silently set block-policy drop ### all incoming traffic on external interface is normalized and fragmented ### packets are reassembled. scrub in on $ext_if all fragment reassemble scrub in on $vpn_if all fragment reassemble scrub out all ### exercise antispoofing on the external interface, but add the local ### loopback interface as an exception, to prevent services utilizing the ### local loop from being blocked accidentally. ### set skip on lo0 antispoof for $ext_if inet antispoof for $vpn_if inet ### spoofing protection for all interfaces block in quick from urpf-failed ############################# block all ### Access to the mini server over ssh/22 and remote desktop/5900 from LAN/en0 only pass in on $eth_if proto tcp from $LAN to any port {22, 5900, 8080, 9090} ### Allow all udp and icmp also, necessary for Constellation. Could be tightened. pass on $eth_if proto {udp, icmp} from $LAN to any ### Allow AFP to 10.0.0.40 (NAS) pass out on $eth_if proto tcp from any to 10.0.0.40 port 548 ### Allow OpenVPN tunnel setup over unprotected link (en0) only to VPN provider IPs ### and port ranges pass on $eth_if proto tcp from any to a.b.8.0/24 port 1194:1201 ### OpenVPN Tunnel rules. All traffic allowed out, only in to ports 4100-4110 ### Outgoing pings ok pass in on $vpn_if proto {tcp, udp} from any to any port 4100:4110 pass out on $vpn_if proto {tcp, udp, icmp} from any to any So what are my goals and what does the above setup achieve? (until you tell me otherwise :) 1) Full LAN access to the above ports on the mini/media server (including through my own VPN server) 2) All internet traffic from the mini/media server is anonymized and tunneled over VPN 3) If OpenVPN/Tunnelblick on the mini drops the connection, nothing is leaked both because of pf and the router outgoing ruleset. It can't even do a DNS lookup through the router. So what do I have to hide with all this? Nothing much really, I just got carried away trying to stop port scans through the VPN tunnel :) In any case this setup works perfectly and it is very stable. The Problem at last! I want to run a minecraft server and I installed that on a separate user account on the mini server (user=mc) to keep things partitioned. I don't want this server accessible through the anonymized VPN tunnel because there are lots more port scans and hacking attempts through that than over my regular IP and I don't trust java in general. So I added the following pf rule on the mini: ### Allow Minecraft public through user mc pass in on $eth_if proto {tcp,udp} from any to any port 24983 user mc pass out on $eth_if proto {tcp, udp} from any to any user mc And these additions on the border firewall: Inbound: Allow always TCP/UDP from any to 10.0.0.40 (NAS) Outbound: Allow always TCP port 80 from 10.0.0.40 to any (needed for online account checkups) This works fine but only when the OpenVPN/Tunnelblick tunnel is down. When up no connection is possbile to the minecraft server from outside of LAN. inside LAN is always OK. Everything else functions as intended. I believe the redirect_gateway push is close to the root of the problem, but I want to keep that specific VPN provider because of the fantastic throughput, price and service. The Solution? How can I open up the minecraft server port outside of the tunnel so it's only available over en0 not the VPN tunnel? Should I a static route? But I don't know which IPs will be connecting...stumbles How secure would to estimate this setup to be and do you have other improvements to share? I've searched extensively in the last few days to no avail...If you've read this far I bet you know the answer :)

Read the article
Windows 7 is blocking ports

- by Caleb1994

I am trying to open port 80 and 3690 for HTTP and svnserve respectively. I have Windows Firewall off, and have tried temporarily disabling Mcafee VirusScan Enterprise, to no avail. According to http://www.yougetsignal.com/tools/open-ports/, both ports 80 and 3690 are still blocked. I can't think of what would be blocking them if Windows Firewall and my antivirus are disabled. Here is the output of netsh firewall show state Firewall status: ------------------------------------------------------------------- Profile = Standard Operational mode = Disable Exception mode = Enable Multicast/broadcast response mode = Enable Notification mode = Enable Group policy version = Windows Firewall Remote admin mode = Disable Ports currently open on all network interfaces: Port Protocol Version Program ------------------------------------------------------------------- 3690 TCP Any (null) 22 TCP Any (null) 80 TCP Any (null) 1900 UDP Any (null) 2869 TCP Any (null) Any help? I'm not sure what each item on the list of enabled/disabled items is, but "Operational Mode" is disabled, so I assume that one refers to me disabling Windows Firewall. I know that since Windows Firewall is off, this output might not be useful, but I figured I'd include it just in case, haha.

Read the article
Windows 7 is blocking ports

- by Caleb1994

I am trying to open port 80 and 3690 for HTTP and svnserve respectively. I have Windows Firewall off, and have tried temporarily disabling Mcafee VirusScan Enterprise, to no avail. According to http://www.yougetsignal.com/tools/open-ports/, both ports 80 and 3690 are still blocked. I can't think of what would be blocking them if Windows Firewall and my antivirus are disabled. Here is the output of netsh firewall show state Firewall status: ------------------------------------------------------------------- Profile = Standard Operational mode = Disable Exception mode = Enable Multicast/broadcast response mode = Enable Notification mode = Enable Group policy version = Windows Firewall Remote admin mode = Disable Ports currently open on all network interfaces: Port Protocol Version Program ------------------------------------------------------------------- 3690 TCP Any (null) 22 TCP Any (null) 80 TCP Any (null) 1900 UDP Any (null) 2869 TCP Any (null) Any help? I'm not sure what each item on the list of enabled/disabled items is, but "Operational Mode" is disabled, so I assume that one refers to me disabling Windows Firewall. I know that since Windows Firewall is off, this output might not be useful, but I figured I'd include it just in case, haha.

Read the article
Group policy doesn't let me execute Chrome

- by George Katsanos

Where I work, the admins just migrated us to Windows 7. They gave me admin rights but still, I had to "Run as Administrator" my Google Chrome installation. After I managed to install it, I realized I even have to go through the "Run as Administrator" shortcut every time I have to execute the application. I even edited the properties of the shortcut to check "Always run as Administrator" but nothing changed. The message I get when I'm trying to launch Chrome is "This program is blocked by group policy. For more information contact your system administrator"... Is it something I could work out alone or I have to convince them to change the "policy"?

Read the article
Process vsserv.exe attempts connection to unknown host (clients.your-server.de)

- by pushpraj

from past few day I notice a new connection is being made from my system, I discovered it within the outpost firewall, it is blocked by default with the reason Block Transit Packets in the image above you can see that the process vsserv.exe is attempting a connection to static.88-198-155-41.clients.your-server.de I tried to search on google but could not find any relevant info, however this link http://www.webmasterworld.com/search_engine_spiders/3963600.htm says that your-server.de hosts bad bots. I am bit concerned if something is not correct. Could you help me understand the same?

Read the article
Number of malicious attacks defended/done on the average user daily [closed]

- by DalexL

As a web hoster, it is very easy to notice the large amounts of exploit/abuse attempts done on my servers. Out of curiosity, how often are these attempts done on the average user? I'm assuming almost all of them are prevented just by simple security protocols in place by their browsers, local network, etc. How many attempts, on average, are committed against a single user daily through any method? (email, internet, downloads, etc.)? If known, what percentage of these things are blocked by the average users security? I tried googling but I was having a hard time getting the right search terms together.

Read the article
How to block access to files in the current directory with .htaccess

- by kfir

I have a few private files in a public folder and I want to block access to them. For example lets say I have the following files tree: DictA FileA FileA FileB FileC I want to block access to FileB and FileA in the current directory and allow access to the FileA in the DictA directory. The first thing that came to mind was to use the FilesMatch directive as follows: <FilesMatch "^(?:FileA)|(?:FileB)$"> Deny from all </FilesMatch> The problem here is that FileA inside DictA will also be blocked, which is not what I wanted. I could override that by adding another .htaccess file to DictA but I would like to know if there is a solution which wont involve that. P.S: I can't move the private files to a separate folder.

Read the article
aptana/eclipse blocks other apps

- by waquner

Hi, I've got a fresh win7 installation, the only apps installed so far are aptana (beta 3)/eclipse and firefox + chrome (except antivirus and drivers) Every time I start aptana, chrome and firefox are blocked, so firefox can't load a webpage (or sometimes takes veeeery long) and chrome doesn't even take care of events (so for example hovering over a link doesn't change the cursor and a click does...nothing or typing in an url, press enter - nothing happens) First I thought, aptana downloads something and blocks my internet connection... but IE works well and also there are no signs in the taskmanager (cpu%, network or memory) When I close Aptana, all works as before. I tried updating Java, which didn't help... On my office-computer I use the same apps and it works perfect. Got any ideas? TIA, waquner

Read the article
How can I force certain applications to use specific network connections?

- by snicker

Let's say I have two active network connections that let me out to the internet. I want certain applications to only use Network Connection 1, while some others should use Network Connection 2. Is this possible in Windows XP? If so, how can it be done? The main reason I wish to do this is I want to use a tethered phone's network for certain applications and an ethernet connection for others. Certain ports and networks are blocked by the ethernet connection, whereas they are not on my tethered phones connection.

Read the article
OS X Server: SMTP Server problem

- by plucked

Hi, I have problem to setup my mail server. My system is a OS X 10.6.2. Server. I configured the mail server so far, but I cannot connect to the smtp server correctly. Correctly means that I can connect via telnet (and do the "HELO") from another server within the same serverrack, but not from outside. But when I try to telnet my http server, it works fine from outside. I already checked my firewall rules with "sudo ipfw list" and the port 25 is not blocked in any case. What could be the problem with connecting to port 25 via telnet from outside of the serverrack? Cheers

Read the article
Cannot connect to FTP server from external host

- by h3.

I have a FTP server (vsftpd) setuped on a Linux box (Ubuntu server). When I try to connect with a computer on the same network everything works fine as expected. But as soon the IP is external it won't connect.. I first assumed the port was blocked, but then: localserver:$ sudo tail -f /var/log/vsftpd.log Wed Jan 13 14:21:17 2010 [pid 2407] CONNECT: Client "xxx.xxx.107.4" remotemachine:$ netcat svn-motion.no-ip.biz 21 220 FTP Server And it hangs there. Do any ports other than 21 need to be open?

Read the article
Windows 8 Program Sharing?

- by Martin W. Seitz

How do I, as the administrator, share the Skype program with a user on the same PC? I tried to download Skype to the user from the windows store that said it was blocked and I must contact the administrator. The Skype icon appears on the user desktop but with an X in the corner with no way to allow it to work as the administrator. In the administrator desktop the Skype icon appears without the x and it does work. I have tried to research this issue and so far all I have been able to find and do is the enable $admin share at this link http://www.intelliadmin.com/index.php/2012/10/windows-8-enable-the-admin-share/ Now that I have done this how do I use it to share the Skype program? Thanks in advance. Marty Seitz

Read the article
SFTP not working, but SSH is

- by Dan

I've had a server running CentOS for a few months now. A few days ago, I stopped being able to connect to it over SFTP. I've tried from multiple computers, OSes, clients, and internet connections. I can SSH in just fine, though. For example, Nautilus gives me this: Error: DBus error org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken. Please select another viewer and try again. I was under the impression that SFTP was just pure SSH, and if one worked, the other would, and vice-versa. Clearly that's not the case, though. What could I have done wrong?

Read the article
SSH Tunnel doesn't work in China

- by Martin

Last year I was working in China for a few months. I never bothered setting up a real VPN, but just created a SSH tunnel, and changed my browsers proxy settings to connect through it. Everything worked great (except flash of course) but that was fine. However, now I'm back in China but I'm having problems with this approach. I do the same thing as last time, and according to https://ipcheckit.com/ my IP address is indeed the IP of my (private) server in the US, and I'm logging in to my server using a fingerprint I created long before going to China so no MITM should be possible. Furthermore the certificate from ipcheckit.com is from GeoTrust - so everything should be OK However, I still can't access sites which are blocked in China. Any idea how this could be possible?

Read the article
Possible to load entries into hosts.deny from text file?

- by Tar

I have around 96 million IP addresses that I have collected and routinely validate to be VPN providers, proxies, etc. I want these blocked. Currently, I am including the list formatted like deny ip; in nginx and that works perfectly. I want to use this list on another server, but nginx isn't an option, and I don't trust apache to handle this without slowing down. Is there a way to load this list into hosts deny via some command like aclexec or something? Are there other alternatives like setting up a DNSBL or using hosts.deny in conjunction with one?

Read the article
reverse-proxy web access on a server where only SSH is allowed

- by Kaii

Every once in a while i have to connect to a server where access is highly restricted. Only inbound SSH is allowed by the DMZ firewall - outbound HTTP connections are blocked. I'm looking for a good way to tunnel web access through my SSH session, so i can install updates and software via yum / apt-get. What do you do in such a situation? SSH has the -D <port> SOCKS proxy option. But unfortunately it is one-way only from client to server and there is no reverse option.

Read the article
transparently set up Windows 7 as remote workstation

- by Áxel

Maybe is a very basic question, but I can't find the exact terms to Google for it and find the concrete answer to my doubt. Suppose we have several PCs in which individual employees work. One of them has an extremely powerful CPU, and it's very useful to use that computer to perform heavy computations, but go there and set up your task means its user has to stop working for a while. Is it possible to allow a secondary user account to remotly log in, for example via Remote Desktop, and work with a full user environment, while the main user keeps working under his user session? I've used remote desktop many times in the past, but it always blocked current user session, or even terminated it. Lots of thanks in advance guys.

Read the article
Spambot Infection Detection

- by crankshaft

My server has been blocked by CBL for participating in curtwail spambot. Initially we suspected that it was coming from a PC and not from the server, but the router is blocking all packets on 25 except those coming from the server. I have just executed the tcpdump command and every 5 minutes I see a flurry of activity on port 25 that is very suspicious and I am sure that there is some process running on the server: 13:02:30.027436 IP exprod5og110.obsmtp.com.53803 > ubuntu.local.smtp: Flags [S], seq 171708781, win 5744, options [mss 1436,sackOK,TS val 3046699707 ecr 0,nop,wscale 2], length 0 I have stopped postfix, and yet there is still traffic on port 25 above. But how can I find what process is actually communicating on port 25 as it only rund for a few seconds and so for example lsof -i :25 will never catch it. I have been working on this now for 2 days, it is a live server and I cannot simply shut it down, any suggestion on how I can detect the source of this email bot process ?

Read the article
Can't resolve Mac's machine name on VPN

- by Raghuveer

My mac'c machine name is something like this: hostname.company.com but whenever I connect to VPN, it becomes something like vpn-xxxx.company.com where xxxx are some random numbers. Because of this, some of my scripts which are dependent on host name gets blocked. We use the standard mac's vpn setup which comes with OS X Lion (under network preferences). How can I resolve to the correct mac's name even if I am on vpn ? That is even if I am connected to VPN, my machine name should resolve to hostname.company.com and NOT to vpn-xxxx.company.com. Any suggestions would be really appreciated.

Read the article
ZendServer uninstall and xampp install ports conflict

- by BlackFire27

I uninstalled zend, cleaned it from the registry (it doesnt exist there).. when I go to localhost , I can see its favicon. Also my xampp port is blocked by the previous installation of zend that uses the port 80.. so I swapped xampps port to 8080.. it works..but I would rather to use port of 80.. is there a way to achieve so? perhaps changing zends port to something else? or how can I find who is listening to the same port.. By what I can see is that zend is still using the localhost..how i sthat possible

Read the article

< Previous Page | 29 30 31 32 33 34 35 36 37 38 39 40 | Next Page >