Search Results

Search found 3399 results on 136 pages for 'rule'.

Page 34/136 | < Previous Page | 30 31 32 33 34 35 36 37 38 39 40 41  | Next Page >

  • Common "truisms" needing correction the most

    - by Charles Bretana
    In addition to "I never met a man I didn't like", Will Rogers had another great little ditty I've always remembered. It went: "It's not what you don't know that'll hurt you, it's what you do know that ain't so." We all know or subscribe to many IT "truisms" that mostly have a strong basis in fact, in something in our professional careers, something we learned from others, lessons learned the hard way by ourselves, or by others who came before us. Unfortuntely, as these truisms spread throughout the community, the details—why they came about and the caveats that affect when they apply—tend to not spread along with them. We all have a tendency to look for, and latch on to, small "rules" or principles that we can use to avoid doing a complete exhaustive analysis for every decision. But even though they are correct much of the time, when we sometimes misapply them, we pay a penalty that could be avoided by understooding the details behind them. For example, when user-defined functions were first introduced in SQL Server it became "common knowledge" within a year or so that they had extremely bad performance (because it required a re-compilation for each use) and should be avoided. This "trusim" still increases many database developers' aversion to using UDFs, even though Microsoft's introduction of InLine UDFs, which do not suffer from this issue at all, mitigates this issue substantially. In recent years I have run into numerous DBAs who still believe you should "never" use UDFs, because of this. What other common not-so-"trusims" do you know, which many developers believe, that are not quite as universally true as is commonly understood, and which the developer community would benefit from being better educated about? Please include why it was "true" to start off with, and under what circumstances it's not true. Limit responses to issues that are technical, where the "common" application of a "rule or principle" is in fact correct most of the time, or was correct back when it was first elucidated, but—in the edge cases, or because of not understanding the principle thoroughly, because technology has changed since it first spread, or applying the rule today without understanding the details behind the rule—can easily backfire or cause the opposite of the intended effect.

    Read the article

  • JSF redirect doesn't work

    - by user319331
    I have a problem with redirecting a page in my JSF application. My navigation rule look like this : <navigation-rule> <from-view-id>/index.xhtml</from-view-id> <navigation-case> <from-action>#{registerBean.registerUser}</from-action> <from-outcome>success</from-outcome> <to-view-id>/confirmation.xhtml</to-view-id> <redirect/> </navigation-case> </navigation-rule> In my case the redirect tag doesn't work, the URL remains unchanged, and when I refresh the page the registerUser action is executed again. I just have no idea what I'm doing wrong; I'm not very experienced with JSF. Can anyone please tell why the redirect tag doesn't work? Thanks. (I'm using JSF 2.0 and NetBeans IDE)

    Read the article

  • declarative_authorization permissions on roles

    - by William
    Hey all, I'm trying to add authorization to a rather large app that already exists, but I have to obfuscate the details a bit. Here's the background: In our app we have a number or roles that are hierarchical, roughly like this: BasicUser -> SuperUser -> Admin -> SuperAdmin For authorization each User model instance has an attribute 'role' which corresponds to the above. We have a RESTful controller "Users" that is namespaced under Backoffice. So in short it's Backoffice::UsersController. class Backoffice::UsersController < ApplicationController filter_access_to :all #... RESTful actions + some others end So here's the problem: We want users to be able to give permissions for users to edit users but ONLY if they have a 'smaller' role than they currently have. I've created the following in authorization_rules.rb authorization do role :basic_user do has_permission_on :backoffice_users, :to => :index end role :super_user do includes :basic_user has_permission_on :backoffice_users, :to => :edit do if_attribute :role => is_in { %w(basic_user) } end end role :admin do includes :super_user end role :super_admin do includes :admin end end And unfortunately that's as far as I got, the rule doesn't seem to get applied. If I comment the rule out, nobody can edit If I leave the rule in you can edit everybody I've also tried a couple of variations on the if_attribute: if_attribute :role => is { 'basic_user' } if_attribute :role => 'basic_user' and they get the same effect. Does anybody have any suggestions?

    Read the article

  • Basic user authentication with records in AngularFire

    - by ajkochanowicz
    Having spent literally days trying the different, various recommended ways to do this, I've landed on what I think is the most simple and promising. Also thanks to the kind gents from this SO question: Get the index ID of an item in Firebase AngularFire Curent setup Users can log in with email and social networks, so when they create a record, it saves the userId as a sort of foreign key. Good so far. But I want to create a rule so twitter2934392 cannot read facebook63203497's records. Off to the security panel Match the IDs on the backend Unfortunately, the docs are inconsistent with the method from is firebase user id unique per provider (facebook, twitter, password) which suggest appending the social network to the ID. The docs expect you to create a different rule for each of the login method's ids. Why anyone using 1 login method would want to do that is beyond me. (From: https://www.firebase.com/docs/security/rule-expressions/auth.html) So I'll try to match the concatenated auth.provider with auth.id to the record in userId for the respective registry item. According to the API, this should be as easy as In my case using $registry instead of $user of course. { "rules": { ".read": true, ".write": true, "registry": { "$registry": { ".read": "$registry == auth.id" } } } } But that won't work, because (see the first image above), AngularFire sets each record under an index value. In the image above, it's 0. Here's where things get complicated. Also, I can't test anything in the simulator, as I cannot edit {some: 'json'} To even authenticate. The input box rejects any input. My best guess is the following. { "rules": { ".write": true, "registry": { "$registry": { ".read": "data.child('userId').val() == (auth.provider + auth.id)" } } } } Which both throws authentication errors and simultaneously grants full read access to all users. I'm losing my mind. What am I supposed to do here?

    Read the article

  • How to achieve to following C++ output formatting?

    - by Yan Cheng CHEOK
    I wish to print out double as the following rules : 1) No scietific notation 2) Maximum decimal point is 3 3) No trailing 0. For example : 0.01 formated to "0.01" 2.123411 formatted to "2.123" 2.11 formatted to "2.11" 2.1 formatted to "2.1" 0 formatted to "0" By using .precision(3) and std::fixed, I can only achieve rule 1) and rule 2), but not rule 3) 0.01 formated to "0.010" 2.123411 formatted to "2.123" 2.11 formatted to "2.110" 2.1 formatted to "2.100" 0 formatted to "0" Code example is as bellow : #include <iostream> int main() { std::cout.precision(3); std::cout << std::fixed << 0.01 << std::endl; std::cout << std::fixed << 2.123411 << std::endl; std::cout << std::fixed << 2.11 << std::endl; std::cout << std::fixed << 2.1 << std::endl; std::cout << std::fixed << 0 << std::endl; getchar(); } any idea?

    Read the article

  • How can I create a rules engine without using eval() or exec()?

    - by Angela
    I have a simple rules/conditions table in my database which is used to generate alerts for one of our systems. I want to create a rules engine or a domain specific language. A simple rule stored in this table would be..(omitting the relationships here) if temp > 40 send email Please note there would be many more such rules. A script runs once daily to evaluate these rules and perform the necessary actions. At the beginning, there was only one rule, so we had the script in place to only support that rule. However we now need to make it more scalable to support different conditions/rules. I have looked into rules engines , but I hope to achieve this in some simple pythonic way. At the moment, I have only come up with eval/exec and I know that is not the most recommended approach. So, what would be the best way to accomplish this?? ( The rules are stored as data in database so each object like "temperature", condition like "/=..etc" , value like "40,50..etc" and action like "email, sms, etc.." are stored in the database, i retrieve this to form the condition...if temp 50 send email, that was my idea to then use exec or eval on them to make it live code..but not sure if this is the right approach )

    Read the article

  • GetLocalValueEnumerator() Not Returning All Properties

    - by a_hardin
    I am trying to perform validation in my WPF application using the solution in Detecting WPF Validation Errors. public static bool IsValid(DependencyObject parent) { // Validate all the bindings on the parent bool valid = true; LocalValueEnumerator localValues = parent.GetLocalValueEnumerator(); while (localValues.MoveNext()) { LocalValueEntry entry = localValues.Current; if (BindingOperations.IsDataBound(parent, entry.Property)) { Binding binding = BindingOperations.GetBinding(parent, entry.Property); foreach (ValidationRule rule in binding.ValidationRules) { ValidationResult result = rule.Validate(parent.GetValue(entry.Property), null); if (!result.IsValid) { BindingExpression expression = BindingOperations.GetBindingExpression(parent, entry.Property); System.Windows.Controls.Validation.MarkInvalid(expression, new ValidationError(rule, expression, result.ErrorContent, null)); valid = false; } } } } // Validate all the bindings on the children for (int i = 0; i != VisualTreeHelper.GetChildrenCount(parent); ++i) { DependencyObject child = VisualTreeHelper.GetChild(parent, i); if (!IsValid(child)) { valid = false; } } return valid; } The problem I am running into is that when I step through the code for a TextBox, I'm not getting the Text property. The only properties I get are "PageHeight", "Instance", and "UndoManagerInstance". Therefore, I can not Validate the rules for the binding on the TextBox. Does anyone have any idea why I wouldn't be getting the correct properties? Is there another way to force validaton on controls in WPF? I haven't been able to find anyone else who has had this problem. Update: The TextBoxes I am trying to validate are within a DataTemplate. I found that if I copy one of the TextBoxes and place it directly in the Window, I am able to get the data. Using Woodstock, I saw that the data source for the TextBoxes in the template is "ParentTemplate", but it's "Local" for the TextBox outside of the template. So, the question now is, how can I get the DependencyProperties for controls inside a DataTemplate?

    Read the article

  • How can I configure Symantec Endpoint Protection Agent to allow access to windows shares?

    - by Peter Bernier
    I'm having some difficulties exposing a standard windows file share on a Windows Embedded Standard 2009 device that is running Symantec Endpoint Protection Agent 5.1. I'm using simply file sharing to expose a particular directory. That share is visible locally on the machine and externally visible when I disable the endpoint protection agent. I've added a rule (and moved it to the to ensure priority) allowing all hosts access on TDP ports 137,138,138,445 and another rule allowing UDP access on ports 137,138,139. When I try to connect, two endpoint protection dialogs pop up saying: Traffic has been blocked from this application: NWLINK2 IPX Protocol Driver (nwlnkipx.sys) Traffic has been blocked from this application: IPv6 driver (tcpip6.sys) I'm not using IPv6 anywhere. Interestingly, I discovered a workaround in that I can white-list all traffic from the subnet the device is on, which meets my needs, but I'm still curious as to why my original approach wasn't successful. Can anyone suggestion a reason why the above endpoint protection rules won't allow me to access windows file shares on the device?

    Read the article

  • Rewrite rules doesn’t work apache 1.3

    - by Sander Versluys
    I'm using a couple of rewrite directives that always works before on apache2 but now i'm trying new a shared hosting and the rewrite rules do not seem to get applied. I've reduced the .htaccess files to the following essential rules: RewriteEngine On Rewritebase /demo/ RewriteRule ^(.*)$ index.php/$1 [L] As you can see, i want to rewrite every request to my index.php file in the demo folder from root. So everything like http://www.example.com/demo/albums/show/1 should be processed by http://www.example.com/demo/index.php for a standard MVC setup. (I'm using CodeIgniter btw) The directives above results in a 500 error, so i thought maybe because of some possible syntax differences between 1.3 and 2.x. After some trail and error editing, i've found the rewrite rule itself to be at fault but i really don't understand why. Any ideas to why my rewrite rule doesn't work? it did before on lots of different servers. Suggestions how to fix it? Note: mod_rewrite does work, i've written a small test to be sure

    Read the article

  • postfwd not rate limiting sasl users

    - by golemwashere
    I would like to use postfwd version 2 to limit the amount of daily mail sent by my sasl authenticated users. I installed latest tarball: postfwd-1.35 with latest postfix from Centos 6.4 In my I have only this rule id=RULEZEROSASL sasl_username=~/^(\S+)$/ action=rcpt(sasl_username/500/86400/REJECT only 500 recipients per day for $$sasl_username) which should reject only mail with authenticated users (not mail from trusted mailservers). My postfwd2 listens on tcp 10045 and in my postfix main.cf I have # Restriction Classes smtpd_restriction_classes = postfwdcheck postfwdcheck = check_policy_service inet:127.0.0.1:10045 127.0.0.1:10045_time_limit = 3600 ... smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated permit_tls_clientcerts reject_unauth_destination check_recipient_access hash:/etc/postfix/access reject_invalid_helo_hostname # postfwd con rate limiting check_policy_service inet:127.0.0.1:10045 warn_if_reject reject_non_fqdn_helo_hostname warn_if_reject reject_unknown_helo_hostname warn_if_reject reject_unknown_client reject_non_fqdn_sender reject_non_fqdn_recipient reject_unknown_sender_domain reject_unknown_recipient_domain warn_if_reject reject_unverified_sender reject_unverified_recipient reject_rbl_client zen.spamhaus.org permit in /etc/postfix/policy . postfwdcheck I see no rule matching entries in log and the command postfwd2 -vv --dumpcache -f /etc/postfwd.cf shows the request number [STATS] postfwd2::policy 1.35: **5** requests since 0 days, 01:05:31 hours increasing only for manual tests done with: nc 127.0.0.1 10045 <request.sample Any idea why postfwd is not engaged by postfix?

    Read the article

  • IIS 7.5 URL Rewrite - missing “route to server” option

    - by Martin
    (Question moved from StackOverflow) I am running Windows 7 Ultimate, and have activated IIS (Version 7.5.7600.16385). I have installed the following modules using Microsoft Web Platform Installer 2.0: * IIS URL Rewrite Module 2 * Microsoft Application Request Routing Version 2 for IIS 7 * Microsoft Web Farm Framework Version 1 for IIS 7 * Microsoft External Cache Version 1 for IIS 7 Now I am trying to configure a URL Rewrite rule using the "Route to Server" option. However, in the Edit Inbound Rule page, there is no such option: all I have available are: * Rewrite * None * Redirect * Custom Response * Abort Request Why is there no "route to server" option ?

    Read the article

  • Exchange Server 2007 Forwarding Circles

    - by LorenVS
    Hello, I asked a question quite a while ago about two members of an organization who wanted to receive all of each other's emails, and yet maintain seperate mailboxes. (so all emails to mike@company get sent to mike and dave and all emails to dave@company get sent to mike and dave). At the time, I actually only needed to implement one side of this (only mikes emails got sent to both receipients) and (with the help of ServerFault) I set up forwarding on dave's inbox so that all of his emails would also be sent to mike. I'm now in a situation where I have to implement the other side of this relation (such that mike's emails will also forward to dave). I still remember how to set up the forwarding rule, but I'm worried that I might be creating a circular forwarding rule such that mike@compnay forwards to dave@company which forwards to mike@company and so on. Can anyone clear up my confusion (just want to make sure I don't make a stupid mistake). Thanks a ton

    Read the article

  • TMG Forefront Proxy blocking internal HTTP requests

    - by Pascal
    I have TMG Forefront with Proxy installed and configured. However, whenever I make internal HTTP requested to servers on the internal network with a fully qualified dns name, the proxy denies the connection. Denied Connection FRW-02 18/03/2011 20:06:37 Log type: Web Proxy (Forward) Status: 12202 Forefront TMG denied the specified Uniform Resource Locator (URL). Rule: Default rule Source: Internal (10.50.75.21:21492) Destination: Internal (10.50.75.10:8080) Request: GET http://app-01.mydomain.com.br:9871/internalwebserver_deploy/MyServiceService.svc?wsdl Filter information: Req ID: 0a157279; Compression: client=No, server=No, compress rate=0% decompress rate=0% Protocol: http User: anonymous How can I get around this block? This is an internal call, so it should block it. If I use only http://app-01:9871/internalwebserver_deploy/MyServiceService.svc?wsdl, without the domain after the server name, then it doesn't get blocked. 10.50.75.10 is the firewall's ip, and the internal network's gateway.

    Read the article

  • OpenVPN slow with Firewall enabled on Zyxel ZyWall USG-100

    - by aleroot
    I have an OpenVPN server on a Linux machine, after installing a ZyWall USG-100 I'm experiencing extremely slowness navigating web servers on my remote LAN through the VPN connection, while accessing the web interface of the ZyWall is fast. I have configured everything : the Virtual Server for the OpenVPN Server, the static route as with the replaced router that I had before installing the ZyWall Today. I even added a rule to the firewall that allows connection to the OpenVPN Server machine : but navigation on the LAN through the VPN still slow, it seems that the Firewall is blocking packages, since if I disable the firewall on the USG-100 everything works fast as usual, while with the firewall enabled it is extremely slow. Why ? Do I need to add some other rule to the firewall to speed up ?

    Read the article

  • ISA Proxy - HTTPS Traffic

    - by x100
    We have an ISA 2006 setup for our organisations proxy. It's been working well for the last few months just blocking everything except a few allowed web site and web applications. We need to allow some people to access a web application hosted off site via HTTPS. I've tried and tried, wasted 3 days on it and have given in. Can someone please tell me how on earth this is achieved? Looking at the Monitor, it looks like it passes one rule, then is blocked by the default rule. I just don't unterstand it well enough to take it on further.

    Read the article

  • many partitions on a single filegroup?¿ does it make sense?

    - by river0
    Hi, I'm designing a datawarehouse solution and I'm a newbie in disk configuration issues, let me explain you. Our storage is spread over 6 storage enlosures having each of them 5 raid-1 disk arrays, and having 2 LUNS defined per each disk array, which makes a total 48 LUNS (this is following Microsoft fast track recommendations for datawarehouse architectures). I would like to partition my data, on other projects I have worked before, we always followed a 1 partition - 1 filegroup rule. On the microsoft fast track recomendations it is advised to create a filegroup and then for that filegroup a data file per each lun... but I pretend to have a week level partitioning... if I apply that rule I think that I'll get too many files and a complex layout. I'm thinking of just creating just one filegroup (with the 48 lun data files), but still create the partitions since I want to keep soem of the benefits of partitions like partition switching... Is this scenario not recommended? What would you suggest?

    Read the article

  • Web server behind MikroTik and dynamic dns

    - by danielrvt
    I recently purchased a MikroTik router, it works great! However, I haven't been able to make my web server work from outside my lan I'll explain better: I have two domains in my disposal, before I switched to Mikrotik, the were working perfectly and all my websites were online. Since I changed the router, every time I try to access my websites from outside my lan, my websites can't be found. I have my websites domains associated with a dynamic dns provider, I managed to create a port forwarding rule to redirect all my incoming traffic from port 80 to my web server, and it works, but only when I'm connected to my MikroTik router. Is there something else I have to do? PD: I also created a static dns rule in my router with my domains to associate it to my webserver (which is behind my router) PD2: All I want is to redirect requests from outside to my webserver...

    Read the article

  • Filtering junk mail in Outlook 2007

    - by Faruz
    I keep getting mail which I try to filter as junk. Problem is, it is sent from my e-mail address while writing that the name of the sender is "Viagra yada yada yada ([email protected])" I can't add a rule to outlook according to sender's name, right? Is there any other way I can filter those e-mails (I can't add a rule to junk-mail my own e-mail address). The subject of the e-mails keeps changing in the following formats: "Faruz 76% discount now!" "Faruz 80% discount now!" "Now! 78% discount Faruz" (They seem to have infinite ideas of saying the same thing... :) ) So I also seem to have problems filtering according to subject. ideas?

    Read the article

  • Trailing dots in url result in empty 404 page on IIS

    - by Peter Hahndorf
    I have an ASP.NET site on IIS8, but IIS7.5 behaves exactly the same. When I enter a URL like: mysite.com/foo/bar.. I get the following error with a '500 Internal Server Error' status code: even though I have custom error pages set up for 500 and 404 and I don't see anything wrong with my custom error page. In my web.config system.web node I have the following: <customErrors mode="On"> <error statusCode="404" redirect="/404.aspx" /> </customErrors> If I remove that section, I get a 404.0 response back but the page itself is blank. In web.config system.webServer I have: <httpErrors errorMode="DetailedLocalOnly"> <remove statusCode="404" subStatusCode="-1" /> <error statusCode="404" prefixLanguageFilePath="" path="404.html" responseMode="File" /> </httpErrors> But whether that is there or not, I get the same blank 404.0 page rather than my expected custom error page, or at least an internal IIS message. So first of all why is the asp.net handler picking up a request for '..' (also works with one or more trailing dots) If I remove the following handler from applicacationHost.config: <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" responseBufferLimit="0" /> I get my expected custom 404 page, but of course removing that handler breaks routing in asp.net among other things. Looking at the failure trace I see: Windows Authentication is disabled for the site, so why is that module even in the request pipeline? For now my fix is to use the URL Rewrite module with the following rule: <rewrite> <rules> <rule name="Trailing Dots" stopProcessing="true"> <match url="\.+$" /> <action type="Rewrite" url="/404.html" appendQueryString="false" /> </rule> </rules> </rewrite> This works okay, but I wonder why IIS/ASP.NET behaves this way?

    Read the article

  • Apache configuration for silent rewrite of query strings like codeigniter

    - by jwir3
    Codeigniter rewrites query strings like the following: http://somedomain.com/index.php?q=something to become: http://somedomain.com/index.php/q/something I'd like to imitate this behavior on a (very) lightweight website I am developing for a wedding RSVP system. I don't want the bloat of codeigniter, nor do I need anything else that it provides. The only thing I'd like is this. Unfortunately, I don't know how to setup a mod-rewrite rule that accomplishes this. I can setup a rule that translates /q/something into ?q=something, but I can't get one that does that without changing the URL the user is viewing. I'm basically looking for something that is, in effect, a "silent" version of the rewrite. That is, I want something that rewrites q/something to ?q=something, but leaves the user's URL in their address bar as q/something. Thanks in advance!

    Read the article

  • DRS: Unknown JNLP Location

    - by Joe
    We are using Deployment Rule Sets to limit access to the older JRE to well-known applications like - but are running into a problem. One business critical applications has the following properties (*s to protect info): title: Enterprise Services Repository location: null jar location: http://app.*.com:52400/rep/repository/*.jar jar version: null isArtifact: true The application downloads a .jnlp file, and uses java web start to execute. Since the location is null, this application cannot be targeted by a location rule. And the certificate hash method only works when the application is cached (being ran more than once). If cache storing is off, which is the case in some situations, how can this application be targeted? Or at least told to run with an older JRE on start? This problem is specifically noted in this bug Thanks!

    Read the article

  • IIS7 URL Rewrite - Rewrite CSS files

    - by user1231958
    I'm trying to rewrite certain CSS files with some rules, so it replaces every single instance of links in the CSS (as in background: url("/myuri.jpg")) with a prefix (as in background: url("/zeus/myuri.jpg")) These are the rules. <rule name="ReverseProxyOutboundRule2" preCondition="IsCSS" enabled="true" stopProcessing="false"> <match filterByTags="None" pattern="url\(&quot;(.*)&quot;\)" /> <action type="Rewrite" value="url(&quot;/zeus{R:1}&quot;)" /> <conditions> <add input="{URL}" pattern="/zeus" /> </conditions> </rule> <preCondition name="IsCSS"> <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/css" /> </preCondition> However, only one url is being replaced this way and somehow the rest is being ignored. Thank you beforehand.

    Read the article

  • Apache rewrite rules not causes a download dialog of the PHP file

    - by Shaihi
    I have Apache 2.2.17 using the WAMPServer 2.1 installation. I am debugging a website fully local on my computer. I have the following rule in the .htaccess: # Use PHP5 Single php.ini as default AddHandler application/x-httpd-php5s .php Options +FollowSymlinks RewriteEngine on Rewritebase / RewriteRule ^bella/(.*)/(.*)$ beauty.php?beauty_id=$1 [L] RewriteRule ^(argentina|brasil|chile|colombia|espana|mexico|rep_dominicana|uruguay|venezuela|peru|bolivia|cuba|ecuador|panama|paraguay|puerto_rico)/$ country.php?name=$1 [L] RewriteRule ^(argentina|brasil|chile|colombia|espana|mexico|rep_dominicana|uruguay|venezuela|peru|bolivia|cuba|ecuador|panama|paraguay|puerto_rico)/(hi5|facebook|twitter|orkut)/$ socialnetw.php?country=$1&category=$2 [L] The problem When I enable this rule and try to access http://localhost/index.php using FF I get a download dialog for the PHP file. If I comment the Rewrite* part in the .htaccess file then the index.php file loads fine, but navigation in the page is broken...

    Read the article

  • Routing traffic to another internal network

    - by Jason
    OK, so here is the scenario. I have 4 Locations connected with an MPLS. I have installed an ASA at the primary location which is 10.20.1.0. Traffic is fine internally and to the world, however... I can't route traffic over the MPLS to another network. It is being blocked by an implicit deny rule even though there is a rule to allow any to any less secure interface (it should be using the same interface in/out, right?). I have a static route for the network in and the ASA can ping it - Just not traffic on the internal network of the ASA. -Jason

    Read the article

  • Squid Proxy: url_regex acl is not working?

    - by bharathi
    I am using squid proxy 3.1 in ubuntu machine. I want to allow only urls matching our pattern through our proxy server. I configured acl like below. Acl for dstdomain is working fine. If i access any url besides .zmedia.com , I got proxy connection refused. But the url_regex is not working. What i am trying here is. Allow only request from ".zmedia.com" domain and the request url should be in "/blog" context. # # Recommended minimum configuration: # acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 ::1 acl urlwhitelist url_regex -i ^http(s)://([a-zA-Z]+).zmedia.com/blog/.*$ acl allowdomain dstdomain .zmedia.com acl Safe_ports port 80 8080 8500 7272 # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl SSL_ports port 7272 # multiling http acl CONNECT method CONNECT # # Recommended minimum Access Permission configuration: # # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager http_access deny !allowdomain http_access allow urlwhitelist http_access allow CONNECT SSL_ports http_access deny CONNECT !SSL_ports # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed http_access allow localhost # And finally deny all other access to this proxy http_access deny all # Squid normally listens to port 3128 http_port 3128 # We recommend you to use at least the following line. hierarchy_stoplist cgi-bin ? # Uncomment and adjust the following to add a disk cache directory. #cache_dir ufs /var/spool/squid 100 16 256 # Leave coredumps in the first cache dir coredump_dir /var/spool/squid append_domain .zmedia.com # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 Please correct me , If i did anything wrong?

    Read the article

< Previous Page | 30 31 32 33 34 35 36 37 38 39 40 41  | Next Page >