Search Results

Search found 7249 results on 290 pages for 'https everywhere'.

Page 66/290 | < Previous Page | 62 63 64 65 66 67 68 69 70 71 72 73  | Next Page >

• Allow Incoming Responses Apache. On Ubuntu 11.10 - Curl

  - by Daniel Adarve

  I'm trying to get a Curl Response from an outside server, however I noticed I cant neither PING the server in question nor connect to it. I tried disabling the iptables firewall but I had no success. My server is running behind a Cisco Linksys WRTN310N Router with the DD-wrt firmware Installed. In which I already disabled the firewall. Here are my network settings: Ifconfig eth0 Link encap:Ethernet HWaddr 00:26:b9:76:73:6b inet addr:192.168.1.120 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::226:b9ff:fe76:736b/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:49713 errors:0 dropped:0 overruns:0 frame:0 TX packets:30987 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:52829022 (52.8 MB) TX bytes:5438223 (5.4 MB) Interrupt:16 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:341 errors:0 dropped:0 overruns:0 frame:0 TX packets:341 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:27604 (27.6 KB) TX bytes:27604 (27.6 KB) /etc/resolv.conf nameserver 192.168.1.1 /etc/nsswitch.com passwd: compat group: compat shadow: compat hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis /etc/host.conf order hosts,bind multi on /etc/hosts 127.0.0.1 localhost 127.0.0.1 callcenter # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters /etc/network/interfaces # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet static address 192.168.1.120 netmask 255.255.255.0 network 192.168.1.1 broadcast 192.168.1.255 gateway 192.168.1.1 The Url to which im trying to get a connection to is https://www.veripayment.com/integration/index.php When I ping it on terminal heres what I get daniel@callcenter:~$ ping https://www.veripayment.com/integration/index.php ping: unknown host https://www.veripayment.com/integration/index.php daniel@callcenter:~$ ping www.veripayment.com PING www.veripayment.com (69.172.200.5) 56(84) bytes of data. --- www.veripayment.com ping statistics --- 2 packets transmitted, 0 received, 100% packet loss, time 1007ms PHP Function in codeigniter public function authorizePayment(){ //--------------------------------------------------- // Authorize a payment //--------------------------------------------------- // Get variables from POST array $post_str = "action=payment&business=" .urlencode($this->input->post('business')) ."&vericode=" .urlencode($this->input->post('vericode')) ."&item_name=" .urlencode($this->input->post('item_name')) ."&item_code=" .urlencode($this->input->post('item_code')) ."&quantity=" .urlencode($this->input->post('quantity')) ."&amount=" .urlencode($this->input->post('amount')) ."&cc_type=" .urlencode($this->input->post('cc_type')) ."&cc_number=" .urlencode($this->input->post('cc_number')) ."&cc_expdate=" .urlencode($this->input->post('cc_expdate_year')).urlencode($this->input->post('cc_expdate_month')) ."&cc_security_code=" .urlencode($this->input->post('cc_security_code')) ."&shipment=" .urlencode($this->input->post('shipment')) ."&first_name=" .urlencode($this->input->post('first_name')) ."&last_name=" .urlencode($this->input->post('last_name')) ."&address=" .urlencode($this->input->post('address')) ."&city=" .urlencode($this->input->post('city')) ."&state_or_province=" .urlencode($this->input->post('state_or_province')) ."&zip_or_postal_code=" .urlencode($this->input->post('zip_or_postal_code')) ."&country=" .urlencode($this->input->post('country')) ."&shipping_address=" .urlencode($this->input->post('shipping_address')) ."&shipping_city=" .urlencode($this->input->post('shipping_city')) ."&shipping_state_or_province=" .urlencode($this->input->post('shipping_state_or_province')) ."&shipping_zip_or_postal_code=".urlencode($this->input->post('shipping_zip_or_postal_code')) ."&shipping_country=" .urlencode($this->input->post('shipping_country')) ."&phone=" .urlencode($this->input->post('phone')) ."&email=" .urlencode($this->input->post('email')) ."&ip_address=" .urlencode($this->input->post('ip_address')) ."&website_unique_id=" .urlencode($this->input->post('website_unique_id')); // Send URL string via CURL $backendUrl = "https://www.veripayment.com/integration/index.php"; $this->curl->create($backendUrl); $this->curl->post($post_str); $return = $this->curl->execute(); $result = array(); // Explode array where blanks are found $resparray = explode(' ', $return); if ($resparray) { // save results into an array foreach ($resparray as $resp) { $keyvalue = explode('=', $resp); if(isset($keyvalue[1])){ $result[$keyvalue[0]] = str_replace('"', '', $keyvalue[1]); } } } return $result; } This gets an empty result array. This function however works well in the previous server where the script was hosted before. No modifications where made whatsoever Thanks in Advance

  Read the article

• Nginx .zip files return 404

  - by Kenley Tomlin

  I have set up Nginx as a reverse proxy for Node and to serve my static files and user uploaded images. Everything is working beautifully except that I can't understand why Nginx can't find my .zip files. Here is my nginx.conf. user nginx; worker_processes 1; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include mime.types; proxy_cache_path /var/www/web_cache levels=1:2 keys_zone=ooparoopaweb_cache:8m max_size=1000m inactive=600m; sendfile on; upstream *******_node { server 172.27.198.66:8888 max_fails=3 fail_timeout=20s; #fair weight_mode=idle no_rr } upstream ******_json_node { server 172.27.176.57:3300 max_fails=3 fail_timeout=20s; } server { #REDIRECT ALL HTTP REQUESTS FOR FRONT-END SITE TO HTTPS listen 80; server_name *******.com www.******.com; return 301 https://$host$request_uri; } server { #MOBILE APPLICATION PROXY TO NODE JSON listen 3300 ssl; ssl_certificate /*****/*******/json_ssl/server.crt; ssl_certificate_key /*****/******/json_ssl/server.key; server_name json.*******.com; location / { proxy_pass http://******_json_node; proxy_redirect off; proxy_set_header Host $host ; proxy_set_header X-Real-IP $remote_addr ; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ; proxy_set_header X-Forwarded-Proto https; client_max_body_size 20m; client_body_buffer_size 128k; proxy_connect_timeout 90s; proxy_send_timeout 90s; proxy_read_timeout 90s; proxy_buffers 32 4k; } } server { #******.COM FRONT-END SITE PROXY TO NODE WEB SERVER listen 443 ssl; ssl_certificate /***/***/web_ssl/********.crt; ssl_certificate_key /****/*****/web_ssl/myserver.key; server_name mydomain.com www.mydomain.com; add_header Strict-Transport-Security max-age=500; location / { gzip on; gzip_types text/html text/css application/json application/x-javascript; proxy_pass http://mydomain_node; proxy_redirect off; proxy_set_header Host $host ; proxy_set_header X-Real-IP $remote_addr ; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ; proxy_set_header X-Forwarded-Proto https; client_max_body_size 20m; client_body_buffer_size 128k; proxy_connect_timeout 90s; proxy_send_timeout 90s; proxy_read_timeout 90s; proxy_buffers 32 4k; } } server { #ADMIN SITE PROXY TO NODE BACK-END listen 80; server_name admin.mydomain.com; location / { proxy_pass http://mydomain_node; proxy_redirect off; proxy_set_header Host $host ; proxy_set_header X-Real-IP $remote_addr ; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ; client_max_body_size 20m; client_body_buffer_size 128k; proxy_connect_timeout 90s; proxy_send_timeout 90s; proxy_read_timeout 90s; proxy_buffers 32 4k; } } server { # SERVES STATIC FILES listen 80; listen 443 ssl; ssl_certificate /**/*****/server.crt; ssl_certificate_key /****/******/server.key; server_name static.domain.com; access_log static.domain.access.log; root /var/www/mystatic/; location ~*\.(jpeg|jpg|png|ico)$ { gzip on; gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/rss+xml text/javascript image/svg+xml application/vnd.ms-fontobject application/x-font-ttf font/opentype image/png image/jpeg application/zip; expires 10d; add_header Cache-Control public; } location ~*\.zip { #internal; add_header Content-Type "application/zip"; add_header Content-Disposition "attachment; filename=gamezip.zip"; } } } include tcp.conf; Tcp.conf contains settings that allow Nginx to proxy websockets. I don't believe anything contained within it is relevant to this question. I also want to add that I want the zip files to be a forced download.

  Read the article

• curl failed setting cipher list

  - by synapse

  I'm trying to make curl use GOST2001-GOST89-GOST89 cipher which is available and usable by OpenSSL but keep getting failed setting cipher list error despite the fact that curl sees gost engine and can use GOST client certificates. How can I fix this? All the libraries are compiled from source. $ openssl ciphers | grep -o '\(GOST[[:digit:]]\+-\?\)\+' GOST2001-GOST89-GOST89 GOST94-GOST89-GOST89 $ openssl engine | grep gost (gost) Reference implementation of GOST engine $ openssl version OpenSSL 1.0.1 14 Mar 2012 $ curl -V curl 7.25.0 (x86_64-apple-darwin11.3.0) libcurl/7.25.0 OpenSSL/1.0.1 zlib/1.2.5 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smtp smtps telnet tftp Features: IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP $ curl --engine gost --ciphers GOST2001-GOST89-GOST89 https://localhost:4433 curl: (59) failed setting cipher list

  Read the article

• Python2.7 / Pip2.7 install in Centos6: root does not see /usr/local/bin

  - by Erotemic

  I am trying to install Python2.7 in Centos 6. It's a pain as centos6 ships with python26 and yum is dependent on it. Furthermore yum does not seem to have python2.7 I ended up building it from source: wget https://www.python.org/ftp/python/2.7.6/Python-2.7.6.tgz gunzip Python-2.7.6.tgz tar -xvf Python-2.7.6.tar cd Python-2.7.6 ./configure --prefix=/usr/local --enable-unicode=ucs4 --enable-shared LDFLAGS="-Wl,-rpath /usr/local/lib" make sudo make altinstall cd ~ This installed python2.7 to /usr/local/bin and I can use it. But I cannot call it with sudo unless I specify the whole pathname To install pip I had to do: wget https://bootstrap.pypa.io/get-pip.py sudo /usr/local/bin/python2.7 get-pip.py Now whenever I want a package I have to call sudo /usr/local/bin/pip2.7 install somepackage Is there a clean way to be able to run: sudo pip2.7 install somepackage without having to specify the absolute path? Is a symlink into /usr/bin safe?

  Read the article

• UFW blocks SSL connections Varnish/Apache2 on Ubuntu 12.04

  - by user1383815

  I have installed Virtualmin on a Ubuntu 12.04 server and I'm using LAMP stack with Varnish (:80) in front of Apache (:8000). However, I cannot access https when UFW is enabled. When I disable UFW, all works fine. Here is what UFW logging shows when I attempt to access a website via https: Dec 14 05:42:29 localhost kernel: [64491.327263] [UFW BLOCK] IN=eth0 OUT= MAC=e4:11:5b:e5:ef:8c:00:d0:02:8f:f0:00:08:00 SRC=MY_IP_ADDRESS DST=SERVER_IP_ADDRESS LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=2524 DF PROTO=TCP SPT=56430 DPT=20000 WINDOW=8192 RES=0x00 SYN URGP=0 Here is my UFW ruleset: $ ufw status Status: active To Action From -- ------ ---- 2221 ALLOW Anywhere 10000 ALLOW Anywhere 80 ALLOW Anywhere 21 ALLOW Anywhere 8000 ALLOW Anywhere Apache Secure ALLOW Anywhere 2221 ALLOW Anywhere (v6) 10000 ALLOW Anywhere (v6) 80 ALLOW Anywhere (v6) 21 ALLOW Anywhere (v6) 8000 ALLOW Anywhere (v6) Apache Secure (v6) ALLOW Anywhere (v6) Does anyone have any pointers how to fix this problem? Thank you for your time.

  Read the article

• I am unable to get the subdomain from the URL in NGINX

  - by Jean-Nicolas Boulay Desjardins

  I am unable to get the subdomain from the URL in NGINX. Here is my config: server { listen 80; server_name ~^(?<appname>)\.example\.com$; rewrite ^ https://$appname.example.com$request_uri? permanent; } When I do: http://bob.example.com/ I am sent to: https://.example.com/ I don't know what I am doing wrong. I am using NGiNX 1.2.7. I have another config for the: http://example.com/ So I have one server block for the domain without the subdomain and the second with the subdomain... This is about the subdomain.

  Read the article

• Relaying requests between third party server and Heroku for static IP

  - by Gady

  I have a rails application hosted on Heroku that I need to integrate with 3rd party payments provider. The payment provider requires that my application will have a static IP for incoming and outgoing HTTPS requests. I want to deploy a proxy on a Linode VPS so it can relay the information as a proxy. Relaying the request to the service provider seems easy, I just use their IP. Can I relay requests coming from the service provider to the heroku application? Can I realy the request using a URL (https://myapp.herokuapp.com) ? What is the recommended proxy server to use?

  Read the article

• How do I force .htaccess authorization to occur over ssl?

  - by kenja

  I'm trying to force a particular directory to require only allowed IPs and a valid username/password through basic authorization. To ensure that the username/password are sent in encrypted form, I want the directory to also force SSL use. Here is what I have in my .htaccess file: # Force HTTPS-Connection RewriteEngine On RewriteCond %{SERVER_PORT} !^443$ RewriteRule (.*) https://www.mywebsite.com%{REQUEST_URI} [R,L] ## password begin ## AuthName "Restricted Access" AuthUserFile /var/www/admin/.htpasswd AuthType Basic Require valid-user Order deny,allow Deny from all Allow from 79.1.231.151 62.123.134.83 Satisfy All Unfortunately, when I access that directory using http protocol, it is asking for the password before it redirects the page to the secure version. This means the password is sent unencrypted. What am I doing wrong? Is there a way to do this?

  Read the article

• Ad Server does not serve ads in Firefox, but works fine in Chrome, IE, & Safari!?

  - by HipHop-opatamus

  I'm having a strange (likely JavaScript) related issue. I'm running Open X Ad Server ( http://www.openx.org ) which serves ads to the website http://upsidedowndogs.com . The ads load fine every time when visiting the site via Chrome, IE, or Safari, but sometimes don't load at all in FireFox - Hence, it is a client side issue, which leads me to believe its something up with the javascript. The fact that the problem is intermittent, and does not through any error codes to FireBug, also doesn't make it any easier to diagnose and address. Any ideas how to diagnose / address this issue? Thanks! Here is the code generated by OpenX (it goes in the page header - additional code is then used in each ad unit, as seen on the page) if (typeof(OA_zones) != 'undefined') { var OA_zoneids = ''; for (var zonename in OA_zones) OA_zoneids += escape(zonename+'=' + OA_zones[zonename] + "|"); OA_zoneids += '&amp;nz=1'; } else { var OA_zoneids = escape('1|2|3|4'); } if (typeof(OA_source) == 'undefined') { OA_source = ''; } var OA_p=location.protocol=='https:'?'https://ads.offleashmedia.com/server/www/delivery/spc.php':'http://ads.offleashmedia.com/server/www/delivery/spc.php'; var OA_r=Math.floor(Math.random()*99999999); OA_output = new Array(); var OA_spc="<"+"script type='text/javascript' "; OA_spc+="src='"+OA_p+"?zones="+OA_zoneids; OA_spc+="&amp;source="+escape(OA_source)+"&amp;r="+OA_r; OA_spc+=(document.charset ? '&amp;charset='+document.charset : (document.characterSet ? '&amp;charset='+document.characterSet : '')); if (window.location) OA_spc+="&amp;loc="+escape(window.location); if (document.referrer) OA_spc+="&amp;referer="+escape(document.referrer); OA_spc+="'><"+"/script>"; document.write(OA_spc); function OA_show(name) { if (typeof(OA_output[name]) == 'undefined') { return; } else { document.write(OA_output[name]); } } function OA_showpop(name) { zones = window.OA_zones ? window.OA_zones : false; var zoneid = name; if (typeof(window.OA_zones) != 'undefined') { if (typeof(zones[name]) == 'undefined') { return; } zoneid = zones[name]; } OA_p=location.protocol=='https:'?'https://ads.offleashmedia.com/server/www/delivery/apu.php':'http://ads.offleashmedia.com/server/www/delivery/apu.php'; var OA_pop="<"+"script type='text/javascript' "; OA_pop+="src='"+OA_p+"?zoneid="+zoneid; OA_pop+="&amp;source="+escape(OA_source)+"&amp;r="+OA_r; if (window.location) OA_pop+="&amp;loc="+escape(window.location); if (document.referrer) OA_pop+="&amp;referer="+escape(document.referrer); OA_pop+="'><"+"/script>"; document.write(OA_pop); } var OA_fo = ''; OA_fo += "<"+"script type=\'text/javascript\' src=\'http://ads.offleashmedia.com/server/www/delivery/fl.js\'><"+"/script>\n"; document.write(OA_fo);

  Read the article

• Installing GitBlit GO as Service in Ubuntu Server 14.04

  - by Luis Masuelli

  I downloaded it (version 1.6.0), unpacked it in /opt/gitblit (ubuntu server 14.04.1), configured http to 8280 and disabled https assigning 0 (I expose it by https using nginx). I created gitblit user and added it to 'sudo' group by running: sudo adduser gitblit sudo (gitblit user has a strong password). I installed it as a service by running: /opt/gitblit/install-service-ubuntu.sh. I tried to start it by running: sudo service gitblit start. The message Starting gitblit server appears. It's the only message. When I hit -in the same local machine- http://127.0.0.1:8280, the connection could not be made. When I run sudo netstat -anp | grep 8280, nothing appears. I see no error messages, but the server is not starting. Question: What am I missing?

  Read the article

• fail2ban with Cloudflare

  - by tatersalad58

  I'm using fail2ban to block web vulnerability scanners. It is working correctly when visiting the site if CloudFlare is bypassed, but a user can still access it if going through it. I have mod_cloudflare installed. Is it possible to block users with IPtables when using Cloudflare? Ubuntu Server 12.04 32-bit Access.log: 112.64.89.231 - - [29/Aug/2012:19:16:01 -0500] "GET /muieblackcat HTTP/1.1" 404 469 "-" "-" Jail.conf [apache-probe] enabled = true port = http,https filter = apache-probe logpath = /var/log/apache2/access.log action = iptables-multiport[name=apache-probe, port="http,https", protocol=tcp] maxretry = 1 bantime = 30 # Test Apache-probe.conf [Definition] failregex = ^<HOST>.*"GET \/muieblackcat HTTP\/1\.1".* ignoreregex =

  Read the article

• Apache 2 Symbolic link not allowed or link target not accessible

  - by djechelon

  While the title of this question matches an already asked question, in my case I already set Options +FollowSymLinks. The setup is the following: my hosting setup includes htdocs/ directory that is the default document root for HTTP websites and htdocs-secure that is for HTTPS. They are meant for sites that need a different HTTPS version. In case both share the same files I create a link from htdocs-secure to htdocs by ln -s htdocs htdocs-secure but here comes the problem! Log still says Symbolic link not allowed or link target not accessible: /path/to/htdocs-secure Vhost fragment Header always set Strict-Transport-Security "max-age=500" DocumentRoot /path/to/htdocs-secure <Directory "/path/to/htdocs-secure"> allow from all Options +FollowSymLinks </Directory> I think it's a correct setup. The HTTP version of the site is accessible, so it doesn't look like a permission problem. How to fix this? [Add] other info: I use MPM-itk and I set AssignUserId to the owner/group of both the directories

  Read the article

• In Nginx can I set Keep-Alive dynamically depending on ssl connection?

  - by ck_

  I would like to avoid having to repeat all the virtualhost server {} blocks in nginx just to have custom ssl settings that vary slightly from plain http requests. Most ssl directives can be placed right in the main block, except one hurdle I cannot find a workaround for: different keep-alive for https vs http Is there any way I can use $scheme to dynamically change the keepalive_timeout ? I've even considered that I can use more_set_input_headers -r 'Keep-Alive: timeout=60'; to conditionally replace the keep-alive timeout only if it already exists, but the problem is $scheme cannot be used in location ie. this is invalid location ^https {}

  Read the article

• http proxy caching headers

  - by David Hagan

  I have a service for which I'm about to upgrade the authentication. However, I'm trying to ensure that I make the right decision about where the encryption algorithms occur. I currently have two options: option 1) the authentication module is deployed to the client as a javascript library over https and executes client-side, so that the client can POST back an encrypted string. option 2) the authentication module is kept server-side so that the client need only POST back an unencrypted string. I know that many http proxies cache/log the query-string (and therefore any query parameters), but does anyone know of any http proxies that cache the headers as well? If the headers are being cached, then I'll clearly want to encrypt the password inside the SSL encryption, because to my understanding the headers of an HTTPS request may not always be encrypted (depending on the capabilities of the browser etcetera). Can anyone shed any light on the caching of headers by http proxies? Do you have one that does, or know of one that does?

  Read the article

• Two Tomcat SSL Providers & One FreeBSD

  - by mosg

  Hello everyone. Question: On FreeBSD8 I need to have two opened HTTPS different ports (443 and 444, for example). In other words, I need two providers, working simultaneously: Ordinary SSL signed certificate (# Thawte) on 443 port Special russian security provider (# DIGTProvider, based on CryptoPro CSP software) on 444 port I also have to mentioned, that the major provider is the 2'nd provider. Here is some of DIGTProvider options: add to ${JRE_HOME}/lib/security/java.security this line security.provider.N=com.digt.trusted.jce.provider.DIGTProvider ssl.SocketFactory.provider=com.digt.trusted.jsse.provider.DigtSocketFactory uncomment and edit in conf/server.xml HTTPS section: sslProtocol="GostTLS" (added) edit bin/catalina.sh and add: export LD_LIBRARY_PATH="${LD_LIBRARY_PATH}:/opt/cprocsp/lib/ia32" export JAVA_OPTS="${JAVA_OPTS} -Dcom.digt.trusted.jsse.server.certFile=/home//server-gost.cer -Dcom.digt.trusted.jsse.server.keyPasswd=11111111" As I know if I just define in server.xml tomcat's configuration file two SSL connectors, tomcat would not start, because in JRE you can use only one JSSE provider. Thanks for help.

  Read the article

• Single file changed: intrusion or corruption?

  - by Michaël Witrant

  rkhunter reported a single file change on a virtual server (netstat binary). It didn't report any other warning. The change was not the result of a package upgrade (I reinstalled it and the checksum is back as it was before). I'm wondering whether this is a file corruption or an intrusion. I guess an intrusion would have changed many other files watched by rkhunter (or none if the intruder had access to rkhunter's database). I disassembled both binaries with objdump -d and stored the diff here: https://gist.github.com/3972886 The full dump diff generated with objdump -s is here : https://gist.github.com/3972937 I guess a file corruption would have changed either large blocks or single bits, not small blocks like this. Do these changes look suspicious? How could I investigate more? The system is running Debian Squeeze.

  Read the article

• firehol (firewall) with bridge: how to filter

  - by Leon

  I have two interfaces: eth0 (public address) and lxcbr0 with 10.0.3.1. I have a LXC guest running with ip 10.0.3.10 This is my firehol config: version 5 trusted_ips=`/usr/local/bin/strip_comments /etc/firehol/trusted_ips` trusted_servers=`/usr/local/bin/strip_comments /etc/firehol/trusted_servers` blacklist full `/usr/local/bin/strip_comments /etc/firehol/blacklist` interface lxcbr0 virtual policy return server "dhcp dns" accept router virtual2internet inface lxcbr0 outface eth0 masquerade route all accept interface any world protection strong #Outgoing these protocols are allowed to everywhere client "smtp pop3 dns ntp mysql icmp" accept #These (incoming) services are available to everyone server "http https smtp ftp imap imaps pop3 pop3s passiveftp" accept #Outgoing, these protocols are only allowed to known servers client "http https webcache ftp ssh pyzor razor" accept dst "${trusted_servers}" On my host I can connect only to "trusted servers" on port 80. In my guest I can connect to port 80 on every host. I assumed that firehol would block that. Is there something I can add/change so that my guest(s) inherit the rules of the eth0 interface?

  Read the article

• Apache Front End....Tomcat back end...SSL question

  - by Jared

  Hi Everyone, Question.... I have Apache setup as my webserver. Tomcat is hooked into Apache via mod_jk, so the user never interacts with Tomcat. I have set up SSL on the Apache Webser...I can hit it with https:// localhost When I try to access my application at ...https://localhost/app I get a directory not found error. Catch is when I go regular http... I can hit it fine... http:// localhost/app What do I have to edit for this connection to work? I have uncommented the AJP connector in server.xml I have added my virtual host to httpd.conf What am I missing? Thanks in advance. Jared

  Read the article

• Cannot access Azure Portal: We were unable to find any subscriptions associated with your account

  - by Marc

  I am trying to get access to my Windows Azure Portal. Although I can access my user profile which shows two active subscriptions, I cannot access the portal (https://manage.windowsazure.com/). I get redirected to this site: https://manage.windowsazure.com/Error/NoSubscriptions, saying We were unable to find any subscriptions associated with your account. Now, this is a clear issue for the Azure support, but unfortunately, as azure thinks I don't have any subscriptions, I cannot get support, either, because I get redirected to the same error page. I've spent two hours talking and chatting with incompetent support people, i.e.: I've submitted feedback on the azure site but have no idea whether I will ever get a response. Maybe somebody has had this issue before, or can hint me which way to go?

  Read the article

• Creating self-signed SSL on IIS - Remote access problem

  - by ile

  I followed these instructions to create self-signed ssl: http://www.visualwin.com/SelfSSL/ (I opened SelfSSL and typed selfssl /T) When I access https: //localhost/ than it works, but when I try to access it remotely (i set up my router to port forward to localhost), for example https: //myip the page does not load. Also, I noticed one other thing. When I access localhost locally then I am asked to enter user/pass, but if I access remotely the I get the following warning: Under Construction The site you were trying to reach does not currently have a default page. It may be in the process of being upgraded and configured. ... I don't know if it is related with this but I hope someone know the answer. Thanks, Ile

  Read the article

• Windows Phone 7 Connect to SharePoint via SOAP

  - by Mitchell Skurnik

  I am making my second application for the Windows 7 Phone Series platform and I cannot seem to connect to a SharePoint server using https. 99% of the following is not my code. I have borrowed it from http://blog.daisley-harrison.com/blog/post/Practical-Silverlight-and-SharePoint-Integration-Part-Two.aspx untill I can further understand how SOAP works in W7P Series. I know that I need some way of sending credentials over but the win 7 API does not seem to let you. ServiceReferences.ClientConfig <?xml version="1.0" encoding="utf-8"?> <configuration> <system.serviceModel> <bindings> <basicHttpBinding> <binding name="ViewsSoap" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647" transferMode="Buffered"> <security mode="TransportCredentialOnly"/> </binding> </basicHttpBinding> </bindings> <client> <endpoint address="https://my.secureconnection.com/_vti_bin/views.asmx" binding="basicHttpBinding" bindingConfiguration="ViewsSoap" contract="SharePointListService.ViewsSoap" name="ViewsSoap" /> </client> </system.serviceModel> </configuration> This is my maincode page: public partial class MainPage : PhoneApplicationPage { public MainPage() { InitializeComponent(); SupportedOrientations = SupportedPageOrientation.Portrait | SupportedPageOrientation.Landscape; try { Uri serviceUri = new Uri("https://my.secureconnection.com" + SERVICE_LISTS_URL); BasicHttpBinding binding; if (serviceUri.Scheme == "https") { binding = new BasicHttpBinding(BasicHttpSecurityMode.Transport); } else { binding = new BasicHttpBinding(BasicHttpSecurityMode.None); } EndpointAddress endpoint = new EndpointAddress(serviceUri); ListsSoapClient listSoapClient = new ListsSoapClient(binding, endpoint); NetworkCredential creds = new NetworkCredential("administrator", "iSynergy1", "server001"); //listSoapClient.ClientCredentials.Windows.AllowedImpersonationLevel = TokenImpersonationLevel.Identification; //listSoapClient.ClientCredentials.Windows.ClientCredential = creds; listSoapClient.GetListCollectionCompleted += new EventHandler<GetListCollectionCompletedEventArgs>(listSoapClient_GetListCollectionCompleted); listSoapClient.GetListCollectionAsync(); } catch (Exception exception) { handleException("Failed to get list collection", exception); } } #region ShowExceptionDetail Property public static readonly DependencyProperty ShowExceptionDetailDependencyProperty = DependencyProperty.Register("ShowExceptionDetail",typeof(bool),typeof(Page),new PropertyMetadata(true)); public bool ShowExceptionDetail { get { return (bool)GetValue(ShowExceptionDetailDependencyProperty); } set { SetValue(ShowExceptionDetailDependencyProperty, value); } } #endregion private void handleException(string context, Exception exception) { this.Dispatcher.BeginInvoke(delegate() { bool showExceptionDetail = this.ShowExceptionDetail; string message = ""; Exception next = exception; do { if (message.Length > 0) { message += ";" + Environment.NewLine; } if (next.Message == null || next.Message.Length == 0) { message += next.GetType().FullName; } else { message += next.Message; } if (showExceptionDetail) { if (next.Data.Count > 0) { bool first = true; message += " {"; foreach (string key in next.Data.Keys) { if (first) { first = false; } else { message += ", "; } message += key + "=\"" + next.Data[key] + "\""; } message += "}"; } if (next.InnerException != next) { next = next.InnerException; continue; } } next = null; } while (next != null); MessageBox.Show(message, context, MessageBoxButton.OK); }); } private const string SERVICE_LISTS_URL = "/_vti_bin/lists.asmx"; void listSoapClient_GetListCollectionCompleted(object sender, GetListCollectionCompletedEventArgs e) { try { myList.Text = e.Result.ToString(); } catch (Exception exception) { handleException("Failed to get list collection", exception); } } } When I run this and it gets to the "ListsSoapClient" part, it breaks. If you dig down into the error output it says access is denied. I have tried various methods of sending credentials but none seem to work. "ClientCredentials.Windows" is not supported and ClientCredentials.UsersName.Username is read only.

  Read the article

• Different settings for secure & non-secure versions of Django site using WSGI

  - by Jordan Reiter

  I have a Django website where some of the URLs need to be served over HTTPS and some over a normal connection. It's running on Apache and using WSGI. Here's the config: <VirtualHost example.org:80> ServerName example.org DocumentRoot /var/www/html/mysite WSGIDaemonProcess mysite WSGIProcessGroup mysite WSGIScriptAlias / /path/to/mysite/conferencemanager.wsgi </VirtualHost> <VirtualHost *:443> ServerName example.org DocumentRoot /var/www/html/mysite WSGIProcessGroup mysite SSLEngine on SSLCertificateFile /etc/httpd/certs/aace.org.crt SSLCertificateKeyFile /etc/httpd/certs/aace.org.key SSLCertificateChainFile /etc/httpd/certs/gd_bundle.crt WSGIScriptAlias / /path/to/mysite/conferencemanager_secure.wsgi </VirtualHost> When I restart the server, the first site that gets called -- https or http -- appears to select which WSGI script alias gets used. I just need a few settings to be different for the secure server, which is why I'm using a different WSGI script. Alternatively, it there's a way to change settings in the settings.py file based on whether the connection is secure or not, that would also work. Thanks

  Read the article

• How do I force .htaccess authorization to occur over ssl?

  - by kenja

  I'm trying to force a particular directory to require only allowed IPs and a valid username/password through basic authorization. To ensure that the username/password are sent in encrypted form, I want the directory to also force SSL use. Here is what I have in my .htaccess file: # Force HTTPS-Connection RewriteEngine On RewriteCond %{SERVER_PORT} !^443$ RewriteRule (.*) https://www.mywebsite.com%{REQUEST_URI} [R,L] ## password begin ## AuthName "Restricted Access" AuthUserFile /var/www/admin/.htpasswd AuthType Basic Require valid-user Order deny,allow Deny from all Allow from 79.1.231.151 62.123.134.83 Satisfy All Unfortunately, when I access that directory using http protocol, it is asking for the password before it redirects the page to the secure version. This means the password is sent unencrypted. What am I doing wrong? Is there a way to do this?

  Read the article

• How to switch off Outlook Synchronization Manager

  - by mr.nothing

  I have one strange thing which is happening to my outlook. It tries to synchronize something (seems it do this every time send/recieve triggers). Does anybody know how to switch this manager off? Here is the icon of the sync manager in the task bar (left one) https://www.sugarsync.com/pf/D9085558_69411843_95701 Thanks in advance! p.s. it's also annoying me that something gone wrong and sync failed. Also every time it tries to sync something internet explorer says me that there are too many temporary internet files and asking me to expand space for its storing. https://www.sugarsync.com/pf/D9085558_69411843_95781 Please, help! This makes me crazy.

  Read the article

• Stunnel too many clients

  - by davidsmalley

  I'm trying to hook up stunnel and haproxy to forward https connections through to some backend servers. I've got haproxy setup right, and I seem to have stunnel set up right. Trouble is that when I hit the setup with a load test after a while I start to see these log entries: 2010.05.05 11:24:43 LOG7[3498:3086792368]: https accepted FD=512 from 10.195.158.225:52579 2010.05.05 11:24:43 LOG4[3498:3086792368]: Connection rejected: too many clients (=500) I guess I've hit a limit somewhere but I wasn't sure how to fix it, there doesn't seem to be a config file option for stunnel to change this. Does anyone know how to configure stunnel for a potentially large number of connections?

  Read the article

< Previous Page | 62 63 64 65 66 67 68 69 70 71 72 73  | Next Page >