Search Results

Search found 1512 results on 61 pages for 'deny prasetyo'.

Page 37/61 | < Previous Page | 33 34 35 36 37 38 39 40 41 42 43 44 | Next Page >

How can I diagnose cache misses when using Apache as a reverse proxy?

- by johnstok

I have set up Apache 2.2 as a reverse proxy with the following configuration: # jBoss proxying ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass /foo http://localhost:9080/foo ProxyPassReverse /foo http://localhost:9080/foo ProxyPassReverseCookiePath /foo /foo # Reverse proxy caching CacheEnable disk /foo # Compression SetOutputFilter DEFLATE BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4\.0[678] no-gzip BrowserMatch \bMSIE\s(7|8) !no-gzip !gzip-only-text/html DeflateCompressionLevel 9 Header append Vary User-Agent env=!dont-vary However, in a number of cases where I expect a cached response to be returned the request is sent through to the origin server at localhost:9080. Responses have a HTTP Vary header of 'Accept-Encoding,User-Agent' which is to be expected given the mod_deflate configuration. How can I determine why Apache is unable to serve a response from the cache?

Read the article
Iptables Allow MYSQL server incoming requests

- by thompatry

I am trying to get my new MediaWiki server to allow connections to our MySql Server and right now I cannot get my iptables firewall set up right for this. The rule I am applying is the following iptables -A INPUT -p tcp -d 129.130.155.39 --dport 3306 -j ACCEPT # MySQL But my iptables log is still show that the connections can not be established and is being blocked/denied. Nov 21 09:48:39 hds-it kernel: Firewall Deny: [OUTPUT] IN= OUT=eth1 SRC=129.130.155.210 DST=129.130.155.39 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=29232 DF PROTO=TCP SPT=58862 DPT=3306 SEQ=914529531 ACK=0 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A03BCF2BC0000000001030307) When I turn off iptables, everything works as it should including editing the wiki database. What am I doing wrong with my rule.

Read the article
Blocking IP's Nginx behind proxy

- by FunkyChicken

I'm running a Nginx 1.2.4 webserver here, and I'm behind a proxy of my hoster to prevent ddos attacks. The downside of being behind this proxy is that I need to get the REAL IP information from an extra header. In PHP it works great by doing $_SERVER[HTTP_X_REAL_IP] for example. Now before I was behind this proxy of my hoster I had a very effective way of blocking certain IP's by doing this: include /etc/nginx/block.conf and to allow/deny IP's there. But now due to the proxy, Nginx sees all traffic coming from 1 IP. Is there a way I can get Nginx to read the IP's like how PHP does, with the X-REAL-IP header?

Read the article
Ldap access lists users even if user has no rights...

- by Patkos Csaba

I am trying to set up a more complex Active Directory structure for some testing purposes. What I did so far: set up 2 windows (one 2008 and one 2003) to control the same domain set up an Organizational Unit (ou): Developers set up 2 child OUs: "one" and "two" each OU has it's admin: adminOne and adminTwo I denied all access to OU "two" by removing on the Security tab all the groups I don't want to access it. now, when I log in as adminOne and I try to click on OU "two" it says I don't have permissions to see the users and properties of "two" - this is perfect, it's what I want Here comes my problem: I do a LDAP query with the adminOne user on the "Developers" What I expect to happen: I expect to retrieve the users from Developer - One I expect to NOT be able to retrieve the users from Developers - Two What actually happens: ldap shows all the users, both from Developers - One and Developers - Two, even if the user should not have permissions to Developers - Two And now my question: is there any specific settings on Windows 2003 or 2008 Active Directory servers which allow or deny access over LDAP? I could not find any.

Read the article
Overriding Apache auth directive

- by Machine

Hi! I'm trying to allow public access to a method that generates a WSDL-file for our API. The rest of the site is behind basic auth protection. Can you guys take a look at the following virtual-host configuration and see why the override does not take place? <VirtualHost *:80> ServerName xyz.mydomain.com DocumentRoot /var/www/dev/public <Directory /var/www/dev/public> Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all SetEnv APPLICATION_ENV testing </Directory> <Location /> AuthName "XYZ Development Server" AuthType Basic AuthUserFile /etc/apache2/xyz.passwd Require valid-user </Location> <Location /api/soap/wsdl> Satisfy Any allow from all </Location> </VirtualHost>

Read the article
How to Configure Different Gateways for Different VLANs

- by Bryan

I have around 10 VLANs, and two different internet gateways. I want traffic on some VLANs to use one gateway, and traffic on other VLANs to use another gateway. (e.g. I wish to route server traffic via one gateway and desktop internet traffic down another). Is it possible to configure different default routes for different VLANs on a Dell 6224 switch? Or is their a better way of doing what I'm trying to achieve? The core switch I am using is a Dell PowerConnect 6224 switch. Currently I'm using: ip route 0.0.0.0 0.0.0.0 10.58.3.16 which creates the default gateway for all VLANs. I did consider adding multiple routes with equal metric, and setting ACLs between the VLANs to deny access to the 'wrong' gateway, but that idea just doesn't feel right to me.

Read the article
Apache - Restrict to IP not working.

- by Probocop

Hi, I've a subdomain that I only want to be accessible internally; I'm trying to achieve this in Apache by editing the VirtualHost block for that domain. Can anybody see where I'm going wrong? Note, my internal IP address here are 192.168.10.xxx. My code is as follows: <VirtualHost *:80> ServerName test.epiphanydev2.co.uk DocumentRoot /var/www/test ErrorLog /var/log/apache2/error_test_co_uk.log LogLevel warn CustomLog /var/log/apache2/access_test_co_uk.log combined <Directory /var/www/test> Order allow,deny Allow from 192.168.10.0/24 Allow from 127 </Directory> </VirtualHost> Thanks

Read the article
Windows Server 2008 constantly spamming external IP's on outbound TCP port 445

- by RSXAdmin

Hi Server Fault, I have a Windows Server 2008 box running as a Domain Controller. I have noticed in my Cisco ASA firewall logs that this box is continuously sending out (like a thousand requests a second) requests on TCP port 445 to external hosts. I have made an effort to deny this outbound traffic from getting on the internet (using the ASA), however I would like these requests to stop from even occurring at all. I have tried disabling TCP/IP over NetBIOS. I have even turned on Windows Advanced Firewall on the box itself to block outbound 445 but the ASA still detects this particular traffic hitting it. I have other DC's and similar type boxes which are not behaving the same way as this box. Is this normal? Is there a way to stop this spamming? Have I been infected? Thank you universe.

Read the article
VPN provider for remote access to servers from a known IP address

- by brentkeller

My organization has a few servers that are being hosted by a provider and we limit remote access to a whitelist and deny access to any IPs not on the whitelist. We would like to find a hosted VPN service that we can connect to that would give us a known IP that we could add to our whitelist and gain access to the servers while on the road. Does anyone know of any such services? I don't think we can just setup the VPN built in to Windows Server since the servers are hosted. Any suggestions would be appreciated.

Read the article
Prevent folder deletes at top level only on Server 2008

- by DomoDomo

I'm trying to prevent folders moves, really folder delete in NTFS parlance, for series of folders within a network share. So let's say I have: FolderA, FolderB, FolderC. Each folder has various files and subfolders. I want the Domain Users group to have modify access to all files and folders beneath FolderA, FolderB, and FolderC. However I don't want them to be able to delete these three top level folders. The issue we are having right now is people keep accidentally dragging one top level folder into another. I've tried used advanced NTFS permissions to deny domain users delete access to these top level folders, and set the permissions to apply to "This folder only", however it seems to only affect sub-folders, and not the top level. Platform is Server 2008 Standard. Thanks in advance.

Read the article
Nginx HTTPS redirects causing loop

- by Ben Chiappetta

I've been banging my head against the wall trying to figure this out, so if anyone can help I'd appreciate it. My Nginx conf has three different redirect loops, haven't been able to get any of the three to work right. The three problem areas are: Redirecting memcache directory to SSL Redirecting accounts directory to SSL Redirecting SSL to www if non-www nginx.conf: user nginx; worker_processes 1; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; error_log /var/log/nginx/error.log notice; sendfile on; #tcp_nopush on; keepalive_timeout 65; proxy_set_header X-Url-Scheme $scheme; #gzip on; rewrite_log on; include /etc/nginx/conf.d/*.conf; } conf.d/default.conf: server { listen 80; server_name <redacted>.net; rewrite ^(.*) http://www.<redacted>.net$1; } server { listen 80; server_name www.<redacted>.net; set_real_ip_from 192.168.30.4; set_real_ip_from 192.168.30.5; set_real_ip_from 192.168.30.10; real_ip_header X-Forwarded-For; #charset koi8-r; access_log /var/log/nginx/host.access.log main; root /var/www/html; index index.php index.html index.htm; location =/memcache { rewrite ^/(.*)$ https://$server_name$request_uri? permanent; } location /accounts { rewrite ^/(.*)$ https://$server_name$request_uri? permanent; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { } # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include /etc/nginx/fastcgi_params; try_files $uri = 404; } # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # location ~ /\.ht { deny all; } } conf.d/ssl.conf: # HTTPS server # server { listen 443; server_name <redacted>.net; rewrite ^(.*) https://www.<redacted>.net$1; } server { listen 443 default_server ssl; server_name www.<redacted>.net; set_real_ip_from 192.168.30.4; set_real_ip_from 192.168.30.5; set_real_ip_from 192.168.30.10; real_ip_header X-Forwarded-For; proxy_set_header X-Forwarded_Proto https; proxy_set_header Host $host; proxy_redirect off; proxy_max_temp_file_size 0; proxy_set_header X-Forwarded-Ssl on; set $https_enabled on; ssl_certificate <redacted>.crt; ssl_certificate_key <redacted>.key; ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; root /var/www/html; index index.php index.html index.htm; location /memcache { auth_basic "Restricted"; auth_basic_user_file $document_root/memcache/.htpasswd; } location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param HTTPS on; include /etc/nginx/fastcgi_params; try_files $uri = 404; } }

Read the article
How to block all multicast traffic travelling through a Cisco Catalyst 3750

- by TrueDuality

Something changed today. I can't seem to track down what, but one of our 3750s decided that it was going to forward all the multicast traffic it saw from the ghost server across every VLAN it has. I've tried writing a simple access group that consists of the following: access-list 100 deny ip any 224.0.0.10 0.0.0.255 access-list 100 permit ip any any I apparently mistakenly assumed that once applied to an interface that it would block all of the multicast traffic on that interface regardless of VLAN. I do not want any multicast traffic flowing through this particular switch to any VLAN or even to stay on the same VLAN beyond this switch. Does anyone have any ideas?

Read the article
How to exclude a sub-folder from HTaccess RewriteRule

- by amb9800

I have WordPress installed in my root directory, for which a RewriteRule is in place. I need to password-protect a subfolder ("blue"), so I set the htaccess in that folder as such. Problem is that the root htaccess RewriteRule is applying to "blue" and thus I get a 404 in the main WordPress site (instead of opening the password dialog for the subfolder). Here's the root htaccess: RewriteEngine on <Files 403.shtml> order allow,deny allow from all </Files> <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> I tried inserting this as the second line, to no avail: RewriteRule ^(blue)($|/) - [L] Also tried inserting this before the index.php RewriteRule: RewriteCond %{REQUEST_URI} !^/blue/ That didn't work either. Also inserted this into the subfolder's htaccess, which didn't work either: <IfModule mod_rewrite.c> RewriteEngine off </IfModule> Any ideas?

Read the article
Lighttpd referer issue

- by Chris

I have a problem to block files from accessing from different domains as my one. I have added to my lighty config in the "virual host" following: $HTTP["referer"] !~ "^($|http://www\.my-site\.net)" { url.access-deny = ( "" ) } but anyway the site www.example.com can access http://player.my-site.net/player.swf, also it can be accessed directly without a referrer. any idea? //EDIT here is my old apache .htaccess with a rewrite rule thats works perfect, but i dont know how to convert it for lighty: RewriteEngine on RewriteBase / RewriteCond %{HTTP_REFERER} !^http://my-site\.net/ [NC] RewriteCond %{HTTP_REFERER} !^http://www\.my-site\.net/ [NC] RewriteCond %{HTTP_REFERER} !^http://player\.my-site\.net/ [NC] RewriteCond %{HTTP_REFERER} !^http://stream\.my-site\.net/ [NC] RewriteRule .* - [L,R=404]

Read the article
Apache Balancing by source IP

- by Daniel

I am using Apache's Proxy Balancer to balance one sub domain (e.g. subdomain.domain.com) to an application which is located on 2 servers. Here an extract from my Apache configuration file: <Proxy *> Order deny,allow Allow from all </Proxy> <Proxy balancer://cluster1> BalancerMember http://server1:28081 route=w1 BalancerMember http://server2:28082 route=w2 </Proxy> ProxyPass /path balancer://cluster1/path ProxyPassReverse /path balancer://cluster1/path My question is, if it's possible to decide with the source IP-address which BalancerMember should be used for the request? To e.g. Requests from 1.2.3.4 to Member 1?

Read the article
Windows Server 2008 R2 - Can't connect RDP over the Internet

- by Jonathan DeMarks

I have two networks: Domain and Public, Domain is a VPN connection and Public is the local connection to the network. This is not a domain controller or a DNS/DHCP server. I can connect via RDP from the local network (192.168.1.), from the VPN network (10.1.2.), and from the VPN network over the internet. I cannot connect from the internet (anywhere besides where the server is VPN'd) Wireshark indicates that the server is getting packets, and the audit log is indicating that the packets are being dropped. Advanced Firewall has explicit options to allow RDP, and has no deny policies. I have also tried turning Firewall off completely to no avail. I'm really lost on this one.

Read the article
Apache mod_setenvif Server_Addr

- by user18330

I have an Apache server in a DMZ, reachaable on the LAN from 192.168.1.1, public 123.456.789.123. I'm trying to get it to require authentication if the inbound hits are coming from the public side. This doesn't seem to work: SetEnvIf SERVER_ADDR 123.456.789.123 local_nic=1 <Location /junk> Order Deny,Allow AuthName "Access required" AuthType Basic AuthUserFile /etc/httpd/conf/htpasswd Require valid-user </Location> What am I doing wrong? Sorry, HTML tags were wiping out my Apache directives.

Read the article
XenServer 5.6.1-fp1. Can't get network working

- by casey_miller

I have a PC where XenServer 5.6.1 fp-1 has been successfully installed. I've manually set the network settings: 192.168.1.50 255.255.255.0 192.168.1.1 but it's set to xenbr0 iface. While eth0 is empty. When I click on "Configure Management Inteface" it shows that eth0 is connected. But when I ping a default gateway (which is 100% should be accessible) it fails. I used to another shell (Alt+F3) and logged as root. I also failed to ping. with both: ping -I eth0 192.168.1.1 and ping -I xenbr0 192.168.1.1 Be assured that: Cable works Ethernet adapter is 100% functional (prev OS was Ubuntu it was working) There is no firewall rule to deny anything. (everything is allowed) So the question is: What is a problem???

Read the article
Web server replica not working in other server

- by user761076

I have a Drupal installation (php+mysql) in a server, and I'm trying to copy this installation to another server with the same configuration, same physical and virtual path, same db configuration, etc. The thing is, in my new server I get the homepage to work, but not the inner pages, so I guess has something to do with rewrite (mod_rewrite is installed) (both .htaccess are the same). When I access http://localhost/myweb/content/mypage I get a 404 or a "Forbidden" if I uncomment this in httpd.conf (original httpd.conf does not have this entry): <Directory path/to/docs"> DirectoryIndex index.php index.html Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> Any clue? Thank you

Read the article
trouble loggin into a Mac share from a Windows PC on the network

- by villares

I have this mixed network and usually log into the Macs from the Windows XP home machines and vice versa. I have no real networking knowledge, things just seem to work, more or less, with the default settings. Now I've got a new Snow Leopard Mac with a shared folder (added the user names of the Windows users at the sharing preferences) and the trouble is some machines can open the share and others can't. I can't see the difference. It feels like some Windows machines have a "cache" and won't ask for the share password, just deny access. I can also see old shares proposed at the Windows "add network place wizard".

Read the article
Avoiding users to corrupt and use a script

- by EverythingRightPlace

Is it possible to deny the right to copy files? I have a script which should be executable by others. They are also allowed to read the file (though it would not be a problem to forbid reading). But I don't want the script to be changed and executed. It's not a problem to set those permissions, but one could easily copy, change and run the script. Can this even be avoided? /edit The OS is Red Hat Enterprise Linux Workstation release 6.2 (Santiago).

Read the article
Preventing - Large Number of Failed Login Attempts from IP

- by Silver89

I'm running a CentOS 6.3 server and currently receive emails entitled "Large Number of Failed Login Attempts from IP" from my server every 15 minutes or so. Surely with the below configured it should mean only the person using the (my static ip) should be able to even try and log in? If that's the case where are these remote unknown users trying to log into which is generating these emails? Current Security Steps: root login is only allowed without-password StrictModes yes SSH password login is disabled - PasswordAuthentication no SSH public keys are used SSH port has been changed to a number greater than 40k cPHulk is configured and running Logins limited to specific ip address cPanel and WHM limited to my static ip only hosts.allow sshd: (my static ip) vsftpd: (my static ip) whostmgrd: (my static ip) hosts.deny ALL : ALL

Read the article
Change Apache DocumentDirectory path in trueCrypt partition

- by Alan C

Hello, I'm recently moving from windows to linux, so I've setup my machine to dual boot Windows7 and Ubuntu 10.04. I was able to successfully setup Apache on the Ubuntu partition, but I need to move the DocumentRoot since my websites are on a TrueCrypt partition that is in another hard drive so I can have them accessible in both OS. I followed some guides on how to change the path for the DocumentRoot so I end up modifiying the default file at /etc/apache2/sites-available DocumentRoot /media/truecrypt1/www <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /media/truecrypt1/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> Those are the lines that I've changed, but now when I go to localhost I always get the Forbidden You don't have permission to access / on this server. Apache/2.2.14 (Ubuntu) Server at localhost Port 80

Read the article
How to find malicious IPs?

- by alfish

Cacti shows irregular and pretty steady high bandwidth to my server (40x the normal) so I guess the server is udnder some sort of DDoS attack. The incoming bandwidth has not paralyzed my server, but of course consuming the bandwidth and affects performance so I am keen to figure out the possible culprits IPs add them to my deny list or otherwise counter them. When I run: netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n I get a long list of IPs with up to 400 connections each. I checked the most numerous occurring IPs but they come from my CDN. So I am wondering what is the best way to help monitor the requests that each IP make in order to pinpoint the malicious ones. I am using Ubuntu server. Thanks

Read the article
Nginx proxy SOAP request

- by user2606078

looking for a right way to accomplish the following: there is an app that have URL(1) hardcoded and no way/time to change it in the source http://dev.server.com/example.com/admin/soap/action/index?pr=1 and it should use (and get response from) URL(2) http://example.com/admin/soap/action/index?pr=1 what should I configure in Nginx (apache as backup used) conf on dev.server.com in order to give that app when it asks URL(1) answer from URL(2)? On dev.server.com Apache has virtual host: dev.server.com enabled. Also I've tried to proxy in apache instead of nginx by using ProxyPass: <Directory /var/www/dev> Options Indexes FollowSymLinks MultiViews AllowOverride all Order allow,deny allow from all </Directory> <Location /example.com/admin/soap> ProxyPass http://example.com/admin/soap </Location>

Read the article

< Previous Page | 33 34 35 36 37 38 39 40 41 42 43 44 | Next Page >