Search Results

Search found 3399 results on 136 pages for 'rule'.

Page 67/136 | < Previous Page | 63 64 65 66 67 68 69 70 71 72 73 74  | Next Page >

  • Standard Protection:Prevent IRC communication

    - by awe
    I have McAffee virusscan on my work computer, and every time I start up, I get 2 log entries like this: Blocked by port blocking rule C:\Program Files\Skype\Phone\Skype.exe Anti-virus Standard Protection:Prevent IRC communication The difference between the two, is that at the end there are 2 different IP addresses (which I don't recognise as belongs to us) with port :6667 on one and :6669 on the other. Although this is logged, Skype seems to work as expected; including talking, chatting and screen sharing (new feature in Skype 4.1). Anyone knows anything about what this is? EDIT: I also have a Skype certified plugin in Skype called Cucku Backup. I did not find anything in the documentation that Cucku is trying to access these ports through Skype, but it could be...? EDIT2: I did a search on the IP addresses in question on www.webyield.net, and resulted in the following: IP 71.251.72.173 (this one used port :6667): Host name: pool-71-251-72-173.tampfl.fios.verizon.net IP 79.87.54.165 (this one used port :6669): Host name: 165.54.87-79.rev.gaoland.net

    Read the article

  • Using pfSense, OpenVPN Connects but Still Can't See the Network

    - by nicorellius
    I am having an OpenVPN issue. I have a pfSense box at home configured to allow traffic through a VPN tunnel. The client computer is Windows XP Home, behind a standard Comcast connection and a Netgear wireless router. I use OpenVPN to access my work network (from where I am trying to get out of in this post) from home (with an XP Pro machine behind pfSense), and this works fine. The client config is similar but has the changes specific to my setup... Here is my XP Home config: client dev tun proto tcp remote pfsense.*.org 1194 (starred out by me) resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client.crt key client.key ns-cert-type server comp-lzo verb 3 When I launch the OpenVPN GUI, the Tunnel TAP network connection turns red, and I can right-click that to connect to the server. Everything seems to work fine until I browse for the actual network. The Tunnel TAP connection turns green and it says connected to 10.1.1.6 (I have tried different IP pools here too with no luck). I can see the internal network fine, but my home network behind pfSense is not there. I have tried browsing there by using Tools Map Network Drive, using the browser, with no success. When I open the command line on the client and use the ipconfig -all command, I get the following: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : TAP-Win32 Adapter V9 Physical Address. . . . . . . . . : *** (starred out by me) Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 10.1.1.6 Subnet Mask . . . . . . . . . . . : 255.255.255.252 Default Gateway . . . . . . . . . : DHCP Server . . . . . . . . . . . : 10.1.1.5 Lease Obtained. . . . . . . . . . : Monday, March 15, 2010 1:18:37 PM Lease Expires . . . . . . . . . . : Tuesday, March 15, 2011 1:18:37 PM I noticed that the default gateway is not present. Could this be my problem? I am still relatively new to firewalls, VPN, and network configuration so I'm sure I am messing up something simple. Oh yah, I should note that I have firewall rules configured for pfSense to allow traffic through the WAN and the LAN. At first there was just the WAN firewall rule, because that is what I got from the literature I was reading. I then created a LAN rule as well, but I'm not sure if this was correct. Neither way works, though. Screen shots below: Any help is much appreciated.

    Read the article

  • HP Loadrunner failed to start .NET Diagnostics probe

    - by Johnbo
    I've got a HP Diagnostics Server (commander mode) installed in the same PC where HP Loadrunner is. I've installed the .NET probe in the web application server. When I navigate localhost:2006/registrar/health I can see the CommandingServer and three instances of the probe, all in green and connected. Then, when in LoadRunner controller I enable Diagnostics, select the probe and start the scenario, I get the next error: Failed to start J2EE/.NET Diagnostics run. (Facade error: Unable to send 'startRun' notification to probe MyAgent.1347615505142149) I've looked at the firewall logs and the rule that lets the server send commands to the probes has been matched three times. What else could it be what doesn't let me start the probe?

    Read the article

  • Accessing Squid Proxy over internet

    - by prateekdayal
    Hi, I recently finished installing Squid on a VPS I have in the US and its working fine locally (I verified by setting http_proxy variable and using lynx). I want to access this proxy over the internet (as an anonymizer) so that I can see how some ads show up for US traffic on my website. I have setup authentication so abuse is not a problem. However, I am not able to access the proxy over the internet. I have set the following rule in squid.conf http_access allow all Is this not possible to do what I want or I am missing something? The port 3128 is open in the firewall so that is not an issue. Squid is running on 0.0.0.0 Thanks Prateek

    Read the article

  • Accessing Squid Proxy over internet

    - by user37074
    Hi, I recently finished installing Squid on a VPS I have in the US and its working fine locally (I verified by setting http_proxy variable and using lynx). I want to access this proxy over the internet (as an anonymizer) so that I can see how some ads show up for US traffic on my website. I have setup authentication so abuse is not a problem. However, I am not able to access the proxy over the internet. I have set the following rule in squid.conf http_access allow all Is this not possible to do what I want or I am missing something? The port 3128 is open in the firewall so that is not an issue. Squid is running on 0.0.0.0 Thanks

    Read the article

  • XenServer 5.6.1-fp1. Can't get network working

    - by bakytn
    I have a PC where XenServer 5.6.1 fp-1 has been successfully installed. I've manually set the network settings: 192.168.1.50 255.255.255.0 192.168.1.1 but it's set to xenbr0 iface. While eth0 is empty. When I click on "Configure Management Inteface" it shows that eth0 is connected. But when I ping a default gateway (which is 100% should be accessible) it fails. I used to another shell (Alt+F3) and logged as root. I also failed to ping. with both: ping -I eth0 192.168.1.1 and ping -I xenbr0 192.168.1.1 Be assured that: Cable works Ethernet adapter is 100% functional (prev OS was Ubuntu it was working) There is no firewall rule to deny anything. (everything is allowed)

    Read the article

  • ISA 2006 refuses VPN DHCP requests as spoofing

    - by Daniel
    I'm running ISA 2006 with PPTP VPN for my AD-controlled network. DHCP is located on the ISA server itself and authentication is done by RADIUS (NPS) located on the DC. Right now my VPN clients can connect, access local DNS, and can ping ISA, the DC, and other clients. Here's where it gets weird. I noticed that despite all this, ipconfig shows the following: PPP adapter North Horizon VPN: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : North Horizon VPN Physical Address. . . . . . . . . : DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 10.42.4.7(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.255 Default Gateway . . . . . . . . . : 0.0.0.0 DNS Servers . . . . . . . . . . . : 10.42.1.10 NetBIOS over Tcpip. . . . . . . . : Enabled So I went over and checked my ISA logs for both DHCP requests and replies, only to find out that my VPN clients are being denied because ISA thinks its a spoof. Here's some relevant information from the log (the VPN subnet is 10.42.4.0/24): Client IP: 10.42.4.6 Destination: 255.255.255.255:67 Client Username: (blank) Protocol: DHCP (request) Action: Denied Connection Rule: (blank) Source Network: VPN Clients Destination Network: Local Host Result Code: 0xc0040014 FWX_E_FWE_SPOOFING_PACKET_DROPPED Network Interface: 10.42.4.11 --------------------------------------------------------- Original Client IP: 10.42.4.6 Destination: 10.42.1.1 Client Username: (valid user) Protocol: PING Action: Initiated Connection Rule: Allow PING to ISA Source Network: VPN Clients Destination Network: Local Host Result Code: 0x0 ERROR_SUCCESS Network Interface: (blank) I wasn't sure what this 10.42.4.11 network interface was - it certainly wasn't something I had setup - untill I saw it in Routing and Remote Access under IP Routing General as an interface called "Internal" bound to the same IP address. I also noticed that since ISA takes blocks of 10 IP addresses from DHCP for VPN, it had reserved 10.42.4.2-11. I'm not sure if it means anything, though. Thanks for your help.

    Read the article

  • Recommended SpamAssassin update channels?

    - by Timo Geusch
    I'm currently using SpamAssassin on a couple of mail servers that I look after. SpamAssassin runs in the context of amavisd-new on those servers and with the usual bunch of plugins (FuzzyOCR, DCC, pyzor, razor). Currently the servers are getting their rule updates from the default SpamAssassin update channel (updates.spamassassin.org). Overall the setup seems to be reasonably effective but some types of spam seem to wander right through it even though I've made repeated attempts at training spamassassin. My guesstimate is that about 85%-90% of the spam that gets through policyd-weight makes it through the filters and it's been getting a lot worse recently as spammers are getting better at working their way through filters. Can someone recommend additional sources of filters to make SpamAssassin more effective? So far I've found OpenProtect's update channel but are there others worth looking at?

    Read the article

  • Configure mod_wsgi WSGIScriptAlias with mod_rewrite

    - by Lazik
    I want to redirect ex.com to www.ex.com but I still want www.ex.com/ to point to my app.wsgi without it showing up in the url. When I use the conf below and I go to ex.com, I get a 404 error saying can't find www.ex.com/app.wsgi/ If I change the WSGIScriptAlias / /var/www/vhosts/ex/app.wsgi to WSGIScriptAlias /app.wsgi /var/www/vhosts/ex/app.wsgi Then all my url look like www.ex.com/app.wsgi/blabla/... Is it possible to use some kind of rule to redirect ex.com to www.ex.com and still keeping / as the app.wsgi root? my conf file <VirtualHost *:80> ServerName www.ex.com ServerAlias ex.com *.ex.com RewriteEngine On RewriteCond %{HTTP_HOST} !^www\. RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L] WSGIDaemonProcess ex user=www-data group=www-data processes=1 threads=5 WSGIScriptAlias / /var/www/vhosts/ex/app.wsgi <Directory /var/www/vhosts/ex> WSGIProcessGroup ex WSGIApplicationGroup %{GLOBAL} Order deny,allow Allow from all </Directory> </VirtualHost>

    Read the article

  • proxy pass for activeMQ

    - by user1172482
    I have a apache server that I'm trying to use for proxy access my activeMQ admin page. I am able to load the inital landing page properly, but I can't seem to load any of the sub-pages (Queues, Connections, etc.). My proxypass rules on the apache server are the following: ProxyPass /foo http://10.5.124.108:8161/admin ProxyPassReverse /foo http://10.5.124.108:8161/admin The activeMQ installation included a activemq-httpd.conf file in /etc/httpd/conf.d/. Proxy connections there are enabled: ProxyRequests On ProxyVia On <Proxy *> Allow from all Order allow,deny </Proxy> ProxyPass /admin http://localhost:8161/admin ProxyPassReverse /admin http://localhost:8161/admin ProxyPass /message http://localhost:8161/admin/send ProxyPassReverse /message http://localhost:8161/admin/send From what I've read the proxypass rules should be recursive (the rule for /foo should also work for /foo/bar). Is there something else that I'm missing here that's preventing me from accessing pages beyond the initial admin landing page?

    Read the article

  • OpenSSH SFTP server with chroot() + user with chroot exception

    - by HannesFostie
    I am currently setting up an SFTP server but there is one detail I can't seem to figure out. When I add a user, I would like him to connect using his client and be able to write in his "root dir" right away. My Match case for the SFTP-users group currently has ChrootDirectory set as "/home/%u", and inside that directory I have to have a subdirectory owned by the user, while /home/%u itself is owned by root. Next to that, the "root dir" also has a couple files, .bashrc to name one. Is it possible to put these files somewhere else, remove them, or at least make them invisible to the user? Thanks EDIT: One more little thing I'd like to implement is for one account to have read (or rw, not sure yet) access to all other users' home directories. What is the easiest way to implement this? EDIT 2: Basically, having one user be an exception to the chroot rule would get me started.

    Read the article

  • Preventing out of office storms Exchange 2010, OWA and Auto Forward to a group

    - by Simon McLaren
    In my organization we have a group mailbox for a particular function. The actual function is preformed by 15 - 20 individuals on a rotating basis. The group mailbox serves as a record for all e-mail sent to that function. Individual access to the mailbox is established by adding a user to an A/D group. For convenience, those members of the group would prefer to not have to "check" this group/non-entiyy mailbox. To achieve that, I want to forward all incoming mail to the group mailbox to that group. So far I am not seeing any consistency in the way an out of office response looks in order to build an exception to the forward rule. We have not turned this feature on for the group, instead waiting until we are sure this will not be an issue. How do I preventing out of office replies to the group mailbox from being forwarded to the group? Management of the mailbox is conducted via OWA. Exchange 2010

    Read the article

  • Apache -> redirect requests to PhpMyAdmin?

    - by AXL
    I am seeing a lot of requests where users are trying to request PhPMyAdmin directory on my web-server and I would like to put an end to it. They try a few different directories like PhpMyAdmin-2.10 or just PhpMyAdmin or just PhpMyAdmin-2.09 Would Apache Re-write rule be the best thing to re0direct them to a blackhole that bans their IP from accessing the IP again? Or I could simply create these directories and put in a javascript redirect to black-hole them as well. Thoughts on a good solution are appreciated.

    Read the article

  • Apache mod_rewrite driving me mad

    - by WishCow
    The scenario I have a webhost that is shared among multiple sites, the directory layout looks like this: siteA/ - css/ - js/ - index.php siteB/ - css/ - js/ - index.php siteC/ . . . The DocumentRoot is at the top level, so, to access siteA, you type http://webhost/siteA in your browser, to access siteB, you type http://webhost/siteB, and so on. Now I have to deploy my own site, which was designed with having 3 VirtualHosts in mind, so my structure looks like this: siteD/ - sites/sitename.com/ - log/ - htdocs/ - index.php - sites/static.sitename.com - log/ - htdocs/ - css - js - sites/admin.sitename.com - log/ - htdocs/ - index.php As you see, the problem is that my index.php files are not at the top level directory, unlike the already existing sites on the webhost. Each VirtualHost should point to the corresponding htdocs/ folder: http://siteD.com -> siteD/sites/sitename.com/htdocs http://static.siteD.com -> siteD/sites/static.sitename.com/htdocs http://admin.siteD.com -> siteD/sites/admin.sitename.com/htdocs The problem I cannot have VirtualHosts on this host, so I have to emulate it somehow, possibly with mod_rewrite. The idea Have some predefined parts in all of the links on the site, that I can identify, and route accordingly to the correct file, with mod_rewrite. Examples: http://webhost/siteD/static/js/something.js -> siteD/sites/static.sitename.com/htdocs/js/something.js http://webhost/siteD/static/css/something.css -> siteD/sites/static.sitename.com/htdocs/css/something.css http://webhost/siteD/admin/something -> siteD/sites/admin.sitename.com/htdocs/index.php http://webhost/siteD/admin/sub/something -> siteD/sites/admin.sitename.com/htdocs/index.php http://webhost/siteD/something -> siteD/sites/sitename.com/htdocs/index.php http://webhost/siteD/sub/something -> siteD/sites/sitename.com/htdocs/index.php Anything that starts with http://url/sitename/admin/(.*) will get rewritten, to point to siteD/sites/admin.sitename.com/htdocs/index.php Anything that starts with http://url/sitename/static/(.*) will get rewritten, to point to siteD/sites/static.sitename.com/htdocs/$1 Anything that starts with http://url/sitename/(.*) AND did not have a match already from above, will get rewritten to point to siteD/sites/sitename.com/htdocs/index.php The solution Here is the .htaccess file that I've come up with: RewriteEngine On RewriteBase / RewriteCond %{REQUEST_URI} ^/siteD/static/(.*)$ [NC] RewriteRule ^siteD/static/(.*)$ siteD/sites/static/htdocs/$1 [L] RewriteCond %{REQUEST_URI} ^/siteD/admin/(.*)$ [NC] RewriteRule ^siteD/(.*)$ siteD/sites/admin/htdocs/index.php [L,QSA] So far, so good. It's all working. Now to add the last rule: RewriteCond %{REQUEST_URI} ^/siteD/(.*)$ [NC] RewriteRule ^siteD/(.*)$ siteD/sites/public/htdocs/index.php [L,QSA] And it's broken. The last rule catches everything, even the ones that have static/ or admin/ in them. Why? Shouldn't the [L] flag stop the rewriting process in the first two cases? Why is the third case evaluated? Is there a better way of solving this? I'm not sticking to rewritemod, anything is fine as long as it does not need access to server-level config. I don't have access to RewriteLog, or anything like that. Please help :(

    Read the article

  • Disable ProxyPass rules within a virtual host on apache 2

    - by chinto
    I have a global proxypass rule in httpd.conf rules at global level ProxyPass /test/css http://myserver:7788/test/css ProxyPassReverse /test/css http://myserver:7788/test/css and I have a virtual host Listen localhost:7788 NameVirtualHost localhost:7788 <VirtualHost localhost:7788> Alias /test/css/ "C:/jboss/server/default/deploy/test.ear/test-web-app.war/css/" </VirtualHost> I would like to disable all global proxypass rules applying in this virtual host? NoProxy doesn't seem to work. (The reason I would like to do this is I have below global rules which create a 502 proxy loop if applied within this virtual host #pass all requests to application server ProxyPass /test http://localhost:8080/test ProxyPassReverse /test http://localhost:8080/test ) What I'm trying to do is, serve all static content (like css) using apache, while still proxying all the rest of requests to the application server.

    Read the article

  • Wyse Z Class Thin Client (WES7) Image Deployment

    - by nsr81
    We are currently working on deploying a few Wyse WES7 thin clients (Z Class, exact model escapes me at the moment). We have WDM setup, and are able to see new clients show up, interact with them, pull/push images. Our current workflow is something like this: Unpack & boot up the device Disable Windows Firewall, reboot Device shows up in WDM Publish our custom image to the new device. My question is whether or not there is a way I can bypass step 2, and put my image on the client right out of the box. Either using PXE or USB boot disk, such that I can boot into some sort of menu and tell the client to pull a particular image from the WDM server. With HP thin clients, we have a rule setup which detects new clients on the network and pushes our custom image to them first time they show up. I haven't been able to figure it out with Wyse.

    Read the article

  • OpenLdap TLS authentication setup

    - by CrazycodeMonkey
    I am trying to setup openldap on ubuntu 12.04 by following this guide https://help.ubuntu.com/12.04/serverguide/openldap-server.html When I tried to enable TLS on the server by creating a self signed crtificate as decribed in the guide above, I got the following error command that I ran ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ssl/certinfo.ldif Content of ldif file dn: cn=config add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem - add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ssl/certs/ldap01_slapd_cert.pem - add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem Error Message ldap_modify: Inappropriate matching (18) additional info: modify/add: olcTLSCertificateFile: no equality matching rule After hours of searching on google, I have not found anything that tells much about this error. Does anyone have any more information on this?

    Read the article

  • IPFW not locking people out

    - by Cole
    I've had some brute-forcing of my ssh connection recently, so I got fail2ban to hopefully prevent that. I set it up, and started testing it out by giving wrong passwords on my computer. (I have physical access to the server if I need to unblock myself) However, it never stops me from entering passwords. I see in /var/log/fail2ban.log that fail2ban kicked in and banned me, and there's a ipfw entry for my IP, but I'm not locked out. I've changed the configuration around, and then tried just using the ipfw command myself, but nothing seems to lock me out. I've tried the following blocks: 65300 deny tcp from 10.0.1.30 to any in 65400 deny ip from 10.0.1.30 to any 65500 deny tcp from 10.0.1.30 to any My firewall setup has a "allow ip from any to any" rule after these though, maybe that's the problem? I'm using Mac OS 10.6 (stock ipfw, it doesn't seem to have a --version flag) Thanks in advance.

    Read the article

  • AWS EC2 security group source

    - by greener
    I'm currently trying to configure a security group and allow MS SQL connections from my other instance. I want to be able to specify the security group's name as the source. But the connection is not going through. The instance's firewall has a rule to allow connections on the port. In fact, if I specify the IP of the machine as the source, it works. Just not the security group name. There are two other rules for the same port and they're for specific IPs only. What am I doing wrong?

    Read the article

  • Restrict VPN user to Remote Desktop only with Sonicwall

    - by Matt
    Basically I want him to only be able to log onto the VPN in order to use Remote Desktop to use HIS machine. Not surf the internet or do anything like that, but just use the programs on his machine that he doesn't have at home. We use a Sonicwall NSA 220 with their regular VPN client. I can create a user for him, but when I create an access rule it applies to all VPN users. How can I make something like that only apply to ONE user?

    Read the article

  • Django Dying on Shared Hosting Environment (Too Many MySQL Connections)

    - by Tom
    I've had a Django site up and running on HostGator (client requirement), following these instructions, for a few weeks now. I had seen two error emails about pages dying with (1040: Too many MySQL connections) but had never been able to recreate the problem. As of today, the site is completely unresponsive and all pages, even the static files, are dying with that error. Two questions: What can I do to fix this (other than caching more stuff)? Why would static files be dying like that? I can request them directly without a problem, so how are they getting run through Django? The shared hosting setup doesn't allow for a <Location> block, but there's a flag in the rewrite rule that says only requests for files that don't exist in the filesystem should be processed. All of my static files exist on the system, though they are symbolically linked files if it matters.

    Read the article

  • iproute2 rules and iptables NAT... what is the difference?

    - by Jakobud
    We have 2 different ISP connections. Our previous "IT guy" setup our firewall like so: When /etc/rc.local was executed on startup, it did a bunch of ip rule add and ip route add commands in order to route certain internal hosts to use certain ISP connections. Then at the end of /etc/rc.local, he executed our iptables firewall rules that were generated by Firewall Builder. These iptables rules have both Policy and NAT rules setup in them. What I don't understand, is why did he use iproute2 to specify rules and routes but also specify NAT rules for iptables? Why didn't he just do it all in one or the other instead of using them both? Could he have got rid of the iproute2 rules and routes and just put all those same rules into the iptables NAT settings?

    Read the article

  • How to determine source of file corruption for downloaded images?

    - by sunpech
    I've been downloading Visual Studio 2010 off of the Dreamspark.com website using Akamai Downloader. The .img file is 2.2 GB in size. I've downloaded it twice so far, and when I try to mount it using Gizmo, it complains that "the disk structure is corrupted and unreadable". The drive does mount, but it is unreadable. Is there a way to determine where the source of the data corruption is coming from? Is it my computer as it's receiving it? The hosting server(s)? My ISP? My router? My ethernet cable? It's a hefty download to do again and again from home, only to find out once it's fully downloaded that it's unreadable. I think I can almost rule out my PC, router, and ethernet cable, as I've been able to download various other files without corruption. Note: There is no checksum to verify against

    Read the article

  • Turn off the Linux OOM killer by default?

    - by Peter Eisentraut
    The OOM killer on Linux wreaks havoc with various applications every so often, and it appears that not much is really done on the kernel development side to improve this. Would it not be better, as a best practice when setting up a new server, to reverse the default on the memory overcommitting, that is, turn it off (vm.overcommit_memory=2) unless you know you want it on for your particular use? And what would those use cases be where you know you want the overcommitting on? As a bonus, since the behavior in case of vm.overcommit_memory=2 depends on vm.overcommit_ratio and swap space, what would be a good rule of thumb for sizing the latter two so that this whole setup keeps working reasonably?

    Read the article

  • E-mail from specific domain not delivered to one of the cc: recipients on Exchange 2010

    - by BobC
    we have a user on Exchange 2010 server who doesn't get email from one specific domain if her address is in cc: field. If she is a main recipient (To:) it goes through. We checked Exchange logs and it looks like our server doesn't even try to deliver it, it simply ignores her email address completely. We did several tests: send email with her email address in cc: field from another domain, succeeded send email with her email address in to: field from another domain, succeeded send email with her email address in to: field from affected domain, succeeded turn off all email rules check via webmail We also turned off firewall, antispam and antivirus for SMTP rule. Does anyone have any idea what could be an issue here? Thanks

    Read the article

< Previous Page | 63 64 65 66 67 68 69 70 71 72 73 74  | Next Page >