Search Results

Search found 6591 results on 264 pages for 'rules engines'.

Page 67/264 | < Previous Page | 63 64 65 66 67 68 69 70 71 72 73 74  | Next Page >

  • Is it ever a bad idea to publish a sitemap for a blog?

    - by mipadi
    I have a blog, and I have been considering publishing a sitemap for it, which would include the index page, archives page, and an entry for each individual blog post. Is this ever a bad idea? Is it a good (or useful) idea? I'm particularly interested in the <changefreq> element: I edit posts from time to time, and while that's not a common occurrence, I don't want to set a particularly infrequent change frequency that prevents search engines like Google from indexing the edits. (The sitemaps protocol says that search engines may still crawl the pages more frequently, but has no further details on the matter.)

    Read the article

  • How Do I make an Acer T230H Touchcreen work on Ubuntu 9.10?

    - by N Rahl
    I've done this so far: sudo nano /etc/udev/rules.d/99-touchscreen.rules And added: SUBSYSTEM=="usb", ATTRS{idVendor}=="0408", ATTRS{idProduct}=="3000", SYMLINK+="usb/quanta_touch" SUBSYSTEM=="input", KERNEL=="event*", ATTRS{idVendor}=="0408", ATTRS{idProduct}=="3000", SYMLINK+="input/quanta_touch" sudo service udev restart then the instructions here: http://ubuntuforums.org/showpost.php?p=8932808&postcount=36 And then added to my xorg conf: Section "InputDevice" Identifier "Acer T230H" Driver "hidtouch" Option "SendCoreEvents" "true" Option "ReportingMode" "Raw" Option "Device" "/dev/usb/quanta_touch" Option "PacketCount" "13" Option "OpcodePressure" "852034" Option "OpcodeX" "65584" Option "OpcodeY" "65585" Option "CalibrationModel" "1" Option "CornerTopLeftX" "0" Option "CornerTopLeftY" "0" Option "CornerTopRightX" "1920" # 1920 for 23" Option "CornerTopRightY" "0" Option "CornerBottomLeftX" "0" Option "CornerBottomLeftY" "1080" # 1080 for 23" Option "CornerBottomRightX" "1920" # 1920 for 23" Option "CornerBottomRightY" "1080" # 1080 for 23" Option "CornerScreenWidth" "1920" # 1920 for 23" Option "CornerScreenHeight" "1080" # 1080 for 23" EndSection Section "ServerLayout" Identifier "Touchscreen" InputDevice "Acer T230H" "SendCoreEvents" EndSection And restarted. And the touchscreen does nothing. Any ideas?

    Read the article

  • OpenType programming

    - by Sorush Rabiee
    Hi all Recently i asked two questions (1 and 2) about using OpenType features in programs written by python and .net languages, but didn't get an answer. i realized there is no way to change text rendering engines of operating systems, or force them to use OpenType. so now want to implement my own. such a program that: provides a text engine that receives glyph shapes from otf and ttf files and renders them in sequence of glyphs in text. generates all of OTL features can be used in other parts of applications like controls and components of .NET or python GUI libraries. if python and .net languages are not suitable in this situation, aware me about other programming languages or tools. comments and answers about text rendering system of common Operating Systems, or designing text engines compatible with unicode 5.02 protocol are welcomed.

    Read the article

  • What other protocols must not be fire-walled for FTP to work?

    - by Chris
    my Netgear router randomly reset itself the other day loosing all of my config settings: DSL details, Firewall rules, the lot! So I set about restoring all of the details manually, but when it came to configuring the firewall I wanted improve the security by explicitly setting 'deny' rules for everything that I figured is 'non-essential', and (although not necessary) whilst I was at it I set explicit 'allow' for the 'essential' protocols. I'll admit now I didn't really know what I was doing and everything was just 'my best guess', but I enabled only DNS, HTTP, HTTPS, FTP, SFTP, TFTP with everything else blocked. This did not work for me as I could not access 99% of web sites (although strangely Google worked!), so I played around a bit more and found that (oddly) if I disabled just the explicit 'allow' rules then everything worked fine, for browsing anyway. Today I came to work on some web-sites via FTP and just could not get a consistent connection, it kept dropping out after a few files or being blocked by the server or simply not connecting. It would authenticate okay but then stop when retrieving the initial directory listing! e.g.: Status: Delaying connection for 1 second due to previously failed connection attempt... Status: Resolving address of ftp.domain.co.uk Status: Resolving address of ftp.domain.co.uk Status: Connecting to 123.123.123.123:21... Status: Connecting to 123.123.123.123:21... Status: Connection established, waiting for welcome message... Status: Connection established, waiting for welcome message... Response: 421 Too many connections (8) from this IP Error: Could not connect to server Status: Delaying connection for 5 seconds due to previously failed connection attempt... Response: 421 Too many connections (8) from this IP Error: Could not connect to server Status: Delaying connection for 5 seconds due to previously failed connection attempt... I've checked and re-checked the FTP settings (they worked before anyway), I have Googled the I.T. out of the various protocols that I have blocked in the fire-wall but none seem essential to FTP (other than FTP/SFTP etc. which I have passively enabled). I'm (clearly) no server engineer, or protocols / fire-wall expert so I was hoping that some one could maybe shed some light on why my FTP is failing. I've been wondering if I ought to be allowing BGP, BOOTP and/or IDENT (or any others)? What other protocols are required for FTP? Thanks in advance!

    Read the article

  • Is there any reasons to prefer SparkViewEngine over XSLT (or vice versa) for a standalone email gene

    - by Stephane
    I have a service that receives an object containing all the data needed to build a newsletter. I need to be able to generate the email using different templates. I don't want to involve the whole ASP.NET stack for that, so I want a separate templating engine. Reading a lot of opinions, I have found that XSLT was not getting very much love when it comes to templating engines. Why? SparkViewEngine is a "new cool toy", but it seems mature enough considering the number of projects that have been built with it. What do you think? Did you used those 2 engines? in which situation, and what strength/pain did you enjoy/endure

    Read the article

  • Implications of not forwarding http:// to http://www.

    - by Michael Wilson
    Hi, my company is running IIS and DNN (I'm not a server guy, so color me ignorant), and I've read previous that you should either redirect your .http://www.mydomain to .http://mydomain or Vice Versa. Can anyone give me reasons to do this? (periods "prepended" to remove href) From what I understand, it's because search engines see those as two different 'sites' (Even when visiting one or the other, I can be logged into one but not the other). I also heard it can be a duplicate content problem, which search engines dislike. Just looking for some professional insight, will help me and others. Thanks!

    Read the article

  • Non-Registry Fix for Secondary Mailboxes Sent Items

    - by Jai Kang
    There is a known issue with Outlook and Exchange where "secondary" mailboxes which are mounted in the same profile, e.g. "John Doe" + CorpMailbox1, CorpMailbox2, CorpMailbox3 will place "sent items" from the secondary mailboxes (e.g. CorpMailbox1) in the user's (e.g. "John Doe") Sent Items folder. There is a registry value (something like DelegateSentItems) to semi-fix this, but I'm looking for an Exchange-side solution. It seems like, at some point, an admin made CC rules to fix this, and for the mailboxes where I see a BCC rule: any item sent to [address] BCC to [address]. The behavior "fixes" the issue, but when I duplicate this work-around for new shared mailboxes, the email ends up in the Inbox and not the Sent Items for the shared mailbox. I don't believe there is any outlook/client-side shenanigans going on, as the intended behavior for the older mailboxes works for new PCs/Users (new imagse) without any Outlook Mailbox Rules.

    Read the article

  • NIC bonding with two uplinks

    - by Karolis T.
    Is bonding the preferred way of implementing ISP redundancy? In the texts I've seen, bond device has a netmask, gateway of it's own. How can this be obtained if there are two different gateways from two uplinks, which one to choose? Do I need any special routing rules to go with it or does simply configuring separate interfaces (using Debian, /etc/network/interfaces), i.e eth1, eth2 for their corresponding uplinks and bonding them to bond0 handle routing automatically? If I want to NAT client machines, do they use bond device's IP as a gateway? Does the bond0 device is the device that goes into iptables nat rules? Thanks

    Read the article

  • mod_rewite Rule: root/? root/app/views/home/home.php

    - by Jonathon David Oates
    I am shocking at mod_rewite, here's the scenario: I need a rule that rewrites mydomain.com to mydomain.com/app/views/home/home.php. The rule, or set of rules rather, must also rewite mydomain.com/signin to mydomain.com/app/views/signin/signin.php, and work in a similar fashion for any subdirectory, for example: mydomain.com/subdir must redirect to mydomain.com/app/views/subdir/subdir.php. The rules must also work with or without the trailing slash, for example: ….com or ….com/. Thank you all, your help is much appreciated! If you could outline how and why your solution works or direct me to a good resource that explains it, I'd be exceptionally grateful! Edit: I have got a simple .htaccess file with this: Options +FollowSymLinks RewriteEngine On RewriteRule ^$ http://mydomain.local/~Jay/some_awesome_app/app/views/home/home.php This does the redirect but changes the URL in the address bar too! I've not got a trailing [R] flag so why would this be?

    Read the article

  • Windows 2003 GPO Software Restrictions

    - by joeqwerty
    We're running a Terminal Server farm in a Windows 2003 Domain, and I found a problem with the Software Restrictions GPO settings that are being applied to our TS servers. Here are the details of our configuration and the problem: All of our servers (Domain Controllers and Terminal Servers) are running Windows Server 2003 SP2 and both the domain and forest are at Windows 2003 level. Our TS servers are in an OU where we have specific GPO's linked and have inheritance blocked, so only the TS specific GPO's are applied to these TS servers. Our users are all remote and do not have workstations joined to our domain, so we don't use loopback policy processing. We take a "whitelist" approach to allowing users to run applications, so only applications that we approve and add as path or hash rules are able to run. We have the Security Level in Software Restrictions set to Disallowed and Enforcement is set to "All software files except libraries". What I've found is that if I give a user a shortcut to an application, they're able to launch the application even if it's not in the Additional Rules list of "whitelisted" applications. If I give a user a copy of the main executable for the application and they attempt to launch it, they get the expected "this program has been restricted..." message. It appears that the Software Restrictions are indeed working, except for when the user launches an application using a shortcut as opposed to launching the application from the main executable itself, which seems to contradict the purpose of using Software Restrictions. My questions are: Has anyone else seen this behavior? Can anyone else reproduce this behavior? Am I missing something in my understanding of Software Restrictions? Is it likely that I have something misconfigured in Software Restrictions? EDIT To clarify the problem a little bit: No higher level GPO's are being enforced. Running gpresults shows that in fact, only the TS level GPO's are being applied and I can indeed see my Software Restictions being applied. No path wildcards are in use. I'm testing with an application that is at "C:\Program Files\Application\executable.exe" and the application executable is not in any path or hash rule. If the user launches the main application executable directly from the application's folder, the Software Restrictions are enforced. If I give the user a shortcut that points to the application executable at "C:\Program Files\Application\executable.exe" then they are able to launch the program. EDIT Also, LNK files are listed in the Designated File Types, so they should be treated as executable, which should mean that they are bound by the same Software Restrictions settings and rules.

    Read the article

  • How do I identify which rewrite rule is being trigger on IIS 7.5?

    - by Jordan Reiter
    I have a set of rewrite rules (offhand, I would say around 40-50) for a given server. It's basically to handle and reroute mangled URLs so that bad links still go to where they're supposed to go. I've come across an URL that is redirecting and I can't figure out which rewrite rule it is applying. My background is Apache and in that case I'd simply enable a rewrite log and look at the logged output to figure out what was happening. Is there an equivalent way to do this in IIS? bonus round Any way for me to view & edit the rewrite rules in a text file rather than the GUI interface?

    Read the article

  • debian gateway using iptables

    - by meijuh
    I am having problems setting up a debian gateway server. My goal: Having eth1 the WAN interface. Having eth0 the LAN interface. Allow both ports 22 (SSH) and 80 (HTTP) accessed from the outside world on the gateway (SSH and HTTP run on this server). What I did was the following: Create a file /etc/iptables.rules with contents: /etc/iptables.rules: *nat -A POSTROUTING -o eth1 -j MASQUERADE COMMIT *filter -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i eth1 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -i eth1 -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -i eth1 -j DROP COMMIT edit /etc/network/interfaces as follows: /etc/network/interfaces: # The loopback network interface auto lo iface lo inet loopback pre-up iptables-restore < /etc/iptables.rules auto eth0 allow-hotplug eth0 iface eth0 inet dhcp #auto eth1 #allow-hotplug eth1 #iface eth1 inet dhcp allow-hotplug eth1 iface eth1 inet static address 217.119.224.51 netmask 255.255.255.248 gateway 217.119.224.49 dns-nameservers 217.119.226.67 217.119.226.68 Uncomment the rule net.ipv4.ip_forward=1 in /etc/sysctl.conf to allow packet forwarding. The static settings for eth1 such as the ip address I got from my router (which I want to replace); I simply copied these. I have a (windows) DNS + DHCP server on ip address 10.180.1.10, which assigns ip address 10.180.1.44 to eth0. What this server does is not really interesting it only maps domain names on our local network and assigns one static ip to the gateway. What works: on the gateway itself I can ping 8.8.8.8 and google.nl. So that is okey. What does not work: (1) Every machine connected to eth0 (indirectly via a switch) can not ping an ip or a domain. So I guess the gateway can not be found. (2) Also when I configure my linux machine (a laptop) to use a static ip 10.180.1.41, a mask and a gateway (10.180.1.44) I can not ping an ip or domain either. This means that maybe my iptables is incorrect of not loaded correctly. Or I maybe have to configure my DNS/DHCP on my windows machine. I have not reset the windows machine net, restart the DNS/DHCP services, should I do this? I did not install dnsmasq as desribed here: http://blog.noviantech.com/2010/12/22/debian-router-gateway-in-15-minutes/. I don't think this is necessary?

    Read the article

  • What kind of router do I need to handle multiple external I.P addresses?

    - by user1308743
    I have 3 dedicated I.P addresses going to a location with a few servers, and 1 RVS4000 router. Right now, only one I.P is being used. I would like a router that can use all 3 I.P addresses and I can make rules like this: IP1:80 goes to ServerA IP2:80 goes to ServerB What kind of router/device with what features do I need to handle this? I will need to set 30-40 rules to forward certain ports to certain servers. Only a couple ports will need to go to IP2 or IP3. Thanks

    Read the article

  • FreeBSD jail with IPFW with loopback - unable to connect loopback interface

    - by khinester
    I am trying to configure a one IP jail with loopback interface, but I am unsure how to configure the IPFW rules to allow traffic to pass between the jail and the network card on the server. I have followed http://blog.burghardt.pl/2009/01/multiple-freebsd-jails-sharing-one-ip-address/ and https://forums.freebsd.org/viewtopic.php?&t=30063 but without success, here is what i have in my ipfw.rules # vim /usr/local/etc/ipfw.rules ext_if="igb0" jail_if="lo666" IP_PUB="192.168.0.2" IP_JAIL_WWW="10.6.6.6" NET_JAIL="10.6.6.0/24" IPF="ipfw -q add" ipfw -q -f flush #loopback $IPF 10 allow all from any to any via lo0 $IPF 20 deny all from any to 127.0.0.0/8 $IPF 30 deny all from 127.0.0.0/8 to any $IPF 40 deny tcp from any to any frag # statefull $IPF 50 check-state $IPF 60 allow tcp from any to any established $IPF 70 allow all from any to any out keep-state $IPF 80 allow icmp from any to any # open port ftp (20,21), ssh (22), mail (25) # ssh (22), , dns (53) etc $IPF 120 allow tcp from any to any 21 out $IPF 130 allow tcp from any to any 22 in $IPF 140 allow tcp from any to any 22 out $IPF 150 allow tcp from any to any 25 in $IPF 160 allow tcp from any to any 25 out $IPF 170 allow udp from any to any 53 in $IPF 175 allow tcp from any to any 53 in $IPF 180 allow udp from any to any 53 out $IPF 185 allow tcp from any to any 53 out # HTTP $IPF 300 skipto 63000 tcp from any to me http,https setup keep-state $IPF 300 skipto 63000 tcp from any to me http,https setup keep-state # deny and log everything $IPF 500 deny log all from any to any # NAT $IPF 63000 divert natd ip from any to any via $jail_if out $IPF 63000 divert natd ip from any to any via $jail_if in but when i create a jail as: # ezjail-admin create -f continental -c zfs node 10.6.6.7 /usr/jails/node/. /usr/jails/node/./etc /usr/jails/node/./etc/resolv.conf /usr/jails/node/./etc/ezjail.flavour.continental /usr/jails/node/./etc/rc.d /usr/jails/node/./etc/rc.conf 4 blocks find: /usr/jails/node/pkg/: No such file or directory Warning: IP 10.6.6.7 not configured on a local interface. Warning: Some services already seem to be listening on all IP, (including 10.6.6.7) This may cause some confusion, here they are: root syslogd 1203 6 udp6 *:514 *:* root syslogd 1203 7 udp4 *:514 *:* i get these warning and then when i go into the jail environment, i am unable to install any ports. any advice much appreciated.

    Read the article

  • Outlook 2007 - Fwd all mail from one mailbox to another email

    - by Simon
    I have two separate mailboxes setup in Outlook. My main everyday one (call this A), and another one which is where clients questions go direct to (call this B) I have a few rules setup on my main inbox. I need to setup a new rule to fwd all incoming email to B, to another colleague. If this was for mailbox A, it would not seem to hard and I would basically follow the instructions here. However, I cant see a way of applying rules to separate MailBoxes. - Does anyone know how to do this?

    Read the article

  • Apache 410 Gone instructions not working with mod_alias nor mod_rewrite

    - by Peter Boughton
    Apache 2.2 seems to be ignoring instructions to return a 410 status. This happens for both mod_alias's Redirect (using 410 or gone) and mod_rewrite's RewriteRule (using [G]), being used inside a .htaccess file. This works: Redirect 302 /somewhere /gone But this doesn't: Redirect 410 /somewhere That line is ignored (as if it had been commented) and the request falls through to other rules (which direct it to an unrelated generic error handling script). Similarly, trying to use a RewriteRule with a [G] flag doesn't work, but the same rule rewriting to a script that generates a 410 does - so the rules aren't the problem and it seems instead to be something about 410/gone that isn't behaving. I can workaround it by having a script sending the 410, but that's annoying and I don't get why it's not working. Any ideas?

    Read the article

  • Desktop notifcations for IMAP subfolders in Outlook 2013

    - by hplieninger
    I use Outlook 2013 and an IMAP account for my mails. I have configured several filters (rules) directly in the webmail application of my provider in order to deliver certain mails, e.g., from my boss, into certain folders other then the "inbox". Note that I did not define any rules in Outlook itself and I also do not want to do so (because I want these mails being delivered into the folders not only in Outlook but also on other devices). The problem is that that I receive desktop notifications only for incoming mails in the main folder ("Inbox") but not for mails in any of the other folders.

    Read the article

  • Does Exchange support plussed users (e.g. [email protected]) or a similar mechanism?

    - by Jens Bannmann
    Sendmail supports a feature called 'plussed users'. Once enabled, emails sent to [email protected], [email protected] and [email protected] are automatically delivered just like mails to [email protected]. There is no need to register or set up these 'plus suffixes'. The user can just use them and set up client-side filtering rules on his own. Does Exchange support a similar mechanism? If so, how to enable it? Note that I don't want answers about other means of filtering, e.g. spam/junk filtering, server-side or client-side rules, email aliases/addresses that are configured explicitly and so on.

    Read the article

  • htaccess - Redirects with more than 1 level deep not working

    - by barfoon
    Hey everyone, Just moved to shared hosting on GoDaddy and Im trying to get my .htaccess rules working. Heres what I have: ErrorDocument 404 /error.php Options FollowSymLinks RewriteEngine On RewriteBase / RewriteCond %{HTTP_HOST} ^www\.mydomain\.org$ RewriteRule ^(.*)$ http://mydomain.org/$1 [R=301,L] RewriteRule ^view/(\w+)$ viewitem.php?itemid=$1 [R=301,L] RewriteRule ^category/(\w+)$ viewcategory.php?tag=$1 [R=301,L] RewriteRule ^faq$ faq.php RewriteRule ^about$ about.php RewriteRule ^contact$ contact.php RewriteRule ^submit$ submit.php RewriteRule ^contactmsg$ handler-contact.php All the pages @ the root of the domain seem to be working i.e mydomain.org/faq, mydomain.org/about are working. But whenever I try mydomain.org/category/somecategory, I get a 404. How can I fix my .htaccess to obey these rules that are more than 1 level deep? Thanks,

    Read the article

  • FTP not listing files behind firewall (setsockopt (ignored): Permission denied)

    - by KennyDs
    We are developing a Magento application that has a module that works with FTP. Today we deployed this on the testing environment which is setup in the following way: Gateway server which has the following iptables rules: # iptables -L -n -v Chain INPUT (policy ACCEPT 2 packets, 130 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 165 13720 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED Chain FORWARD (policy ACCEPT 7 packets, 606 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 15 965 ACCEPT all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0 0 0 REJECT all -- eth1 eth1 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable Chain OUTPUT (policy ACCEPT 126 packets, 31690 bytes) pkts bytes target prot opt in out source destination These are set at runtime via the following bash script: #!/bin/sh PATH=/usr/sbin:/sbin:/bin:/usr/bin # # delete all existing rules. # iptables -F iptables -t nat -F iptables -t mangle -F iptables -X # Always accept loopback traffic iptables -A INPUT -i lo -j ACCEPT # Allow established connections, and those not coming from the outside iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow outgoing connections from the LAN side. iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT # Masquerade. iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE # Don't forward from the outside to the inside. iptables -A FORWARD -i eth1 -o eth1 -j REJECT # Enable routing. echo 1 > /proc/sys/net/ipv4/ip_forward The gateway server is connected to the WAN via eth1 and is connected to the internal network via eth0. One of the servers from eth1 has the following problem when trying to list files over ftp: $ ftp -vd myftpserver.com Connected to myftpserver.com 220 Welcome to MY FTP Server ftp: setsockopt: Bad file descriptor Name (myftpserver.com:magento): XXXXXXXX ---> USER XXXXXXXX 331 User XXXXXXXX, password please Password: ---> PASS XXXX 230 Password Ok, User logged in ---> SYST 215 UNIX Type: L8 Remote system type is UNIX. Using binary mode to transfer files. ftp> ls ftp: setsockopt (ignored): Permission denied ---> PORT 192,168,19,15,135,75 421 Service not available, remote server has closed connection When I try listing the files in passive mode, same result. When I run the same command on the gateway server, everything works fine so I believe that the issue is happening because of the iptables rules not forwarding properly. Does anyone have an idea which rule I need to add to make this work?

    Read the article

  • iptables : how to correctly allow incoming and outgoing traffic for certain ports?

    - by Rubytastic
    Im trying to get incoming and outgoing traffic to be enabled on specific ports, because I block everything at the end of the iptables rules. INPUT and FORWARD reject. What would be the appropiate way to open certain ports for all traffic incoming and outgoing? From docs I found below but one has to really define both lines? iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT I try to open ports for xmpp service and some other deamons running on server. Rules: *filter # Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0 -A INPUT -i lo -j ACCEPT -A INPUT -d 127.0.0.0/8 -j REJECT # Accept all established inbound connections -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow all outbound traffic - you can modify this to only allow certain traffic -A OUTPUT -j ACCEPT # Allow HTTP # Prevent DDOS attacks (http://blog.bodhizazen.net/linux/prevent-dos-with-iptables/) # Disallow HTTPS -A INPUT -p tcp --dport 80 -m state --state NEW -m limit --limit 50/minute --limit-burst 200 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -m limit --limit 50/second --limit-burst 50 -j ACCEPT -A INPUT -p tcp --dport 443 -j DROP # Allow SSH connections # The -dport number should be the same port number you set in sshd_config -A INPUT -p tcp -s <myip> --dport ssh -j ACCEPT -A INPUT -p tcp -s <myip> --dport 5984 -j ACCEPT -A INPUT -p tcp --dport ssh -j REJECT # Attempt to block portscans # Anyone who tried to portscan us is locked out for an entire day. -A INPUT -m recent --name portscan --rcheck --seconds 86400 -j DROP -A FORWARD -m recent --name portscan --rcheck --seconds 86400 -j DROP # Once the day has passed, remove them from the portscan list -A INPUT -m recent --name portscan --remove -A FORWARD -m recent --name portscan --remove # These rules add scanners to the portscan list, and log the attempt. -A INPUT -p tcp -m tcp --dport 139 -m recent --name portscan --set -j LOG --log-prefix "Portscan:" -A INPUT -p tcp -m tcp --dport 139 -m recent --name portscan --set -j DROP -A FORWARD -p tcp -m tcp --dport 139 -m recent --name portscan --set -j LOG --log-prefix "Portscan:" -A FORWARD -p tcp -m tcp --dport 139 -m recent --name portscan --set -j DROP # Stop smurf attacks -A INPUT -p icmp -m icmp --icmp-type address-mask-request -j DROP -A INPUT -p icmp -m icmp --icmp-type timestamp-request -j DROP -A INPUT -p icmp -m icmp -j DROP # Drop excessive RST packets to avoid smurf attacks -A INPUT -p tcp -m tcp --tcp-flags RST RST -m limit --limit 2/second --limit-burst 2 -j ACCEPT # Don't allow pings through -A INPUT -p icmp -m icmp --icmp-type 8 -j DROP # Log iptables denied calls -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 # Reject all other inbound - default deny unless explicitly allowed policy -A INPUT -j REJECT -A FORWARD -j REJECT COMMIT

    Read the article

  • IIS 7.5 Rewrite help needed

    - by Nolan Berry
    I am trying to do something extremely straightforward. I just need to force SSL and I am trying to use the URl Rewrite plugin. I am getting no results when I put the following rule into my conf. <rewrite> <rules> <rule name="Redirect to https" stopProcessing="true"> <match url="(.*)[^/])$" /> <conditions> <add input="{SERVER_PORT}" pattern="443" negate="true" /> </conditions> <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" /> </rule> </rules> </rewrite> Any thoughts on why this isn't catching?

    Read the article

  • How do I find out what a Spam Custom Rule is?

    - by SoaperGEM
    We use a Barracuda Spam Filter at work, and we also provide a mass emailing program to some of clients that send out newsletters. Lately one of them's been composing his latest company newsletter and has been trying to send preview messages to himself, but they've actually been quarantined by Barracuda as potential spam, even though they aren't. I can see the breakdown of the spam scoring headers in Barracuda, but I'm not sure what certain rules mean. Here's the breakdown: pts rule name description ---- ---------------------- -------------------------------------------------- 0.00 FUZZY_CPILL BODY: Attempt to obfuscate words in spam 2.21 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of words 0.00 HTML_MESSAGE BODY: HTML included in message 0.50 BSF_SC0_SA_TO_FROM_ADDR_MATCH Sender Address Matches Recipient Address 1.00 BSF_SC0_SA392f Custom Rule SA392f What is "Custom Rule SA392f"? Where do I find descriptions of these custom rules? And what does "images with 2000-2400 bytes of words" mean? Is that referring to the file size of the image, or something about the attributes on the <img> tag?

    Read the article

  • Need help with an .htaccess URL rewriter

    - by AlexV
    I'm trying to do another SEO system with PHP/.htaccess... I need the following rules to apply: Must catch all URLs that do not end with an extension (www.foo.com -- catch | www.foo.com/catch-me -- catch | www.foo.com/dont-catch.me -- don't catch). Must catch all URLs that end with .php* (.php, .php4...) (thwaw are the exceptions to rule #1). All rules must only apply in some directories and not in their subdirectories (/ and /framework so far). The htaccess must send the typed URL in a GET value so I can work with it in PHP. Any mod-rewrite wizard can help me?

    Read the article

< Previous Page | 63 64 65 66 67 68 69 70 71 72 73 74  | Next Page >