Search Results

Search found 4538 results on 182 pages for 'rules'.

Page 88/182 | < Previous Page | 84 85 86 87 88 89 90 91 92 93 94 95  | Next Page >

  • How to test if SYN and FIN are both dropped at the same time in hping3?

    - by snow
    One of the rules to prevent unexpected attack is to prevent SYN & FIN being used together. SYN and FIN are both set $IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP How do I use hping to test if this iptable rule works? hping3 192.168.7.0 --keep -S -F??? Is this complete? When just type iptables -L, it shows: Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN WHY do I need to put the "SYN,FIN" twice before drop? Is it because one for source and one for destination?

    Read the article

  • Unable to log into Ubuntu

    - by Rodnower
    I have Ubuntu 12.04.1. Last time I did nothing especial, but suddenly some problem appear: I have a login screen (using lightdm), when I attempt a login, I get a console session and returned to the login screen. I see that it is a known issue, so I tried everything from following steps: To removed .XAuthority Configure to use gdm Reinstall lightdm To include my user to nopasswdlogin group But nothing help... So, these are errors from /var/log/auth.log: Oct 3 01:11:48 alphabet-2 lightdm: pam_unix(lightdm:session): session opened for user lightdm by (uid=0) Oct 3 01:11:48 alphabet-2 lightdm: pam_ck_connector(lightdm:session): nox11 mode, ignoring PAM_TTY :0 Oct 3 01:11:48 alphabet-2 lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "andrey" Oct 3 01:11:48 alphabet-2 dbus[704]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.35" (uid=104 pid=1709 comm="/usr/lib/indicator-datetime/indicator-datetime-ser") interface="org.freedesktop.DBus.Properties" member="GetAll" error name="(unset)" requested_reply="0" destination=":1.14" (uid=0 pid=1169 comm="/usr/sbin/console-kit-daemon --no-daemon ") Any ideas?

    Read the article

  • Gre tunnel Linux Cisco

    - by mezgani
    I've created a GRE tunnel between LAN A and LAN B. LAN A is behind a router, and LAN B is behind a Linux box and this box has a pppoe interface. When i do tcpdump on Linux box i see that the traffic is routerd to Linux box (tunnel end), so my need is routing the tunnel traffic to internet. I've added these rules to my iptables script, and i stay unable to connect to internet from LAN A Permitting Linux to act as router (necessary to forward packets) echo "1" /proc/sys/net/ipv4/ip_forward iptables -A INPUT -p 47 -j ACCEPT iptables -A FORWARD -i ppp0 -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -t nat -A POSTROUTING -o gre0 -j MASEQUARADE What i've forgot to set in this case?

    Read the article

  • What advantages does mod_evasive have over mod_security2 in terms of DDOS protection?

    - by Martynas Sušinskas
    Good day, I'm running an Apache2 server in front of a Tomcat and I need to implement a DDOS protection mechanism on the Apache2 layer. I have two candidates: mod_evasive and mod_security2 with the OWASP core rule set. Mod_security is already installed for overall protection, but the question is: is it worth adding mod_evasive besides mod_security just for the DDOS (does it have any major advantages) or the OWASP crs rules in the /experimental_rules/ directory (modsecurity_crs_11_dos_protection.conf) provide the same protection? Or it's just a matter of preference? The sites are not very high traffic normally. Thank you for your answers, Martynas

    Read the article

  • Cant logon to domain over site-to-site vpn

    - by 3molo
    Tied together branch office with main office over two Cisco ASAs. The (internal) networks on either side can communicate with the other. I can ping, use the DC's DNS service and even join a domain on a new client. I can't however logon, I get the "domain controller is not available" error message on client. I find nothing peculiar in DC's event logs. Sicne it's site-to-site (with ping), it's always up so it should work. No firewall rules (except allow any any) between the two networks (of either side). Main site internal net: 10.10.10.0/24 Branch office net: 10.180.3.0/24 Am I overlooking something here? Where should I start investigating this?d

    Read the article

  • Is it possible to disable the retry mechanism in Exim

    - by Tony Meyer
    I have a very simple Exim configuration that's just forwarding all mail to a set of destination addresses. When immediate delivery to an address fails, the message is added to the queue (and then processed by the retry rules). I want to change this so that if immediately delivery fails, the message is :blackhole:d. (It's ok if a bounce is generated instead, as I'll just redirect the bounce to the :blackhole:). This needs to occur for temporary failures (i.e. 4xx) as well as permanent (i.e. 5xx) ones. I understand that this means that if delivery can't be done immediately the message will be permanently and irretrievably lost. In this particular context, that isn't a problem. Reading over this, it sounds suspiciously like "how can I improve my spamming Exim server". That really isn't what this is for, and if you can figure out a way I can prove that, I'm happy to do so!

    Read the article

  • SSL and mod_rewrite error

    - by wnoveno
    Hi, I have https on my site. Pages with rewritten URL in my site are inaccessible while direct urls (folders). here's the htaccess ## 2009-12-17 16:52 JGC [START] ## Enable http compression for this site <IfModule mod_deflate.c> SetOutputFilter DEFLATE ## Directive "DeflateCompressionLevel" not allowed in .htaccess, only valid in server config and virtual hosts # DeflateCompressionLevel 9 # file-types indicated will not be compressed SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary SetEnvIfNoCase Request_URI \.(?:swf|flv|pdf)$ no-gzip dont-vary SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|gz2|sit|rar)$ no-gzip dont-vary <IfModule mod_headers.c> Header append Vary User-Agent </IfModule> </IfModule> ## 2009-12-17 16:52 JGC [END] ## 2010-03-05 16:05 JGC [START] #<IfModule mod_alias.c> #RedirectMatch 301 ^(/)$ /online-casino-poker-register.html #RedirectMatch 301 ^(/en)$ /en/online-casino-poker-register.html #RedirectMatch 301 ^(/en/)$ /en/online-casino-poker-register.html #RedirectMatch 301 ^(/en\.html)$ /en/online-casino-poker-register.html #RedirectMatch 301 ^(/sc)$ /sc/online-casino-poker-register.html #RedirectMatch 301 ^(/sc/)$ /sc/online-casino-poker-register.html #RedirectMatch 301 ^(/sc\.html)$ /sc/online-casino-poker-register.html #RedirectMatch 301 ^(/ch)$ /ch/online-casino-poker-register.html #RedirectMatch 301 ^(/ch/)$ /ch/online-casino-poker-register.html #RedirectMatch 301 ^(/ch\.html)$ /ch/online-casino-poker-register.html #</IfModule> ## 2010-03-05 16:05 JGC [END] ## # @version $Id: htaccess.txt 10492 2008-07-02 06:38:28Z ircmaxell $ # @package Joomla # @copyright Copyright (C) 2005 - 2008 Open Source Matters. All rights reserved. # @license http://www.gnu.org/copyleft/gpl.html GNU/GPL # Joomla! is Free Software ## ##################################################### # READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE # # The line just below this section: 'Options +FollowSymLinks' may cause problems # with some server configurations. It is required for use of mod_rewrite, but may already # be set by your server administrator in a way that dissallows changing it in # your .htaccess file. If using it causes your server to error out, comment it out (add # to # beginning of line), reload your site in your browser and test your sef url's. If they work, # it has been set by your server administrator and you do not need it set here. # ##################################################### ## Can be commented out if causes errors, see notes above. Options +FollowSymLinks # # mod_rewrite in use RewriteEngine On #RewriteLog "/var/www/html/dafa888/rewrite.log" #RewriteLogLevel 3 RewriteCond %{HTTP_COOKIE} !jfcookie\[lang\] [NC] RewriteCond %{HTTP:Accept-Language} ^zh-cn [NC] RewriteRule ^$ /sc/ [L,R=301] RewriteCond %{HTTP_COOKIE} !jfcookie\[lang\] [NC] RewriteCond %{HTTP:Accept-Language} ^zh-tw [NC] RewriteRule ^$ /ch/ [L,R=301] #RewriteCond %{HTTP_COOKIE} !jfcookie[lang] [NC] #RewriteCond %{HTTP_COOKIE} jfcookie\[lang\] [NC] #RewriteCond %{HTTP_COOKIE} jfcookie\[lang\]=([^;]+) [NC] #RewriteRule ^(.*)$ /%1/$1 [NC,QSA] ########## Begin - Rewrite rules to block out some common exploits ## If you experience problems on your site block out the operations listed below ## This attempts to block the most common type of exploit `attempts` to Joomla! # # Block out any script trying to set a mosConfig value through the URL RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR] # Block out any script trying to base64_encode crap to send via URL RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR] # Block out any script that includes a <script> tag in URL RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] # Block out any script trying to set a PHP GLOBALS variable via URL RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] # Block out any script trying to modify a _REQUEST variable via URL RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) # Send all blocked request to homepage with 403 Forbidden error! RewriteRule ^(.*)$ index.php [F,L] # ########## End - Rewrite rules to block out some common exploits # Uncomment following line if your webserver's URL # is not directly related to physical file paths. # Update Your Joomla! Directory (just / for root) RewriteBase / #RewriteCond %{HTTP_HOST} ^(.*)$ [NC] #RewriteRule ^(.*)$ http://www.%1/$1 [R=301] ########## Begin - Joomla! core SEF Section # RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} !^/index.php RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|/[^.]*)$ [NC] RewriteRule (.*) index.php RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] # ########## End - Joomla! core SEF Section

    Read the article

  • How much traffic a linux-based shaper would be able to chew

    - by facha
    Hi, everyone I have a linux based traffic shaper (iptables + tc htb policy). It works in bridge mode. Shapes traffic based on IPs and ports (there are about 100 rules in the "mangle" chain of iptables). Right now its throughoutput is about 100 mb/s (I don't remember pps, there are about 800 users in the network). Just was wondering - when I will hit the limit. How much traffic could a linux-based shaper possibly get throuhg it. If you have one under heavy load, please could you write what machine you use and what load there is. Or if you have any other info about the subj, please write as well. Thanks in advance.

    Read the article

  • Why is my firewall preventing me from accessing some websites

    - by nosx
    I have an old Belkin router and when I enable the firewall I cannot access certain websites. For example: http://www.avisynth.org With Firewall Enabled: Main page loads and begins to do a meta refresh which never finishes. With Firewall Disabled: Main page loads and the meta refresh completes as normal and I am taken to the wiki page. I have not setup any rules in my firewall that would prevent this site from loading, yet it refuses to load unless I have the firewall disabled completely. My router has a hidden page with advanced settings on it for the firewall which I was able to acccess and take a screenshot of, but I did not want to mess with these values unless I absolutely have to do so: What might be causing this problem and how would I go about fixing it?

    Read the article

  • Run one virtual machine on a Linux server + standard Linux functions

    - by fistameeny
    Hi, I am looking for a method to setup a Linux server (running Ubuntu Server) that uses Samba for file sharing, as well as hosting a Windows virtual machine (in this case, Windows Small Business Server 2003, which in turn hosts SQL Server Express - Exchange won't be used on this). I would like to have the Linux server serving the files over Samba, and hosting the Virtual Machine. This obviously rules ESXi out as it couldn't do Samba at the same time. What would be the next best solution to give reasonable speed? Vmware Server 2.0, VirtualBox, Xen? There will be 10-15 users accessing the Samba shares and the SQL Express virtual machine. Matt

    Read the article

  • Custom Filter in cPanel to Auto-Delete Emails with Russian Characters

    - by John Conde
    I get a lot of spam to my email account from Russia. The emails themselves (name, subject, body) are in Russian and I was hoping to create a custom filter in cPanel (not in SpamAssassin but in cPanel itself) to catch these emails and delete them before they hit my inbox. I've tried setting up rules to flag emails with these characters but they still are getting through. This leads me to believe that there is an encoding issue at play here. Unfortunately I do not know how to overcome this. Ideas?

    Read the article

  • Getting back the old alt-tab windows switching behavior in Windows 7?

    - by Carlos A. Ibarra
    When you run more than 6 applications on Windows 7 and you press alt-TAB, icons representing the first 6 applications and the desktop appear on the first row of the grid and you can cycle with alt-TAB-TAB... through the 6 most recently used windows the usual way, but the 7th and other less recently used windows don't follow the same rules. Instead they get grouped together according to their application but disregarding whether they were recently used or not. This new behavior is mentioned here. I am very used to the old way of cycling and the new system is driving me crazy. I tend to have 20 or so windows open at one time and I frequently need to alt-tab to the 7th or 8th window on the stack but it doesn't work the same anymore. Does anyone know how to put back the old behavior, so that alt-tab-tab-tab... goes through the whole list in most-recent to least-recent order?

    Read the article

  • windows firewall and network location switch after establishing a vpn connection

    - by Konrads
    Hello, I am looking for a reasonable solution for network location switching after VPN connection is established for Windows 7. The scenario is as follows: For location public (employee plugging in his laptop in hotel, public wi-fi,etc) all inbound connections are restricted, only outbound VPN + www is enabled. Employee then initiates a VPN connection, VPN pushes routes to 10.0.0.0/8 subnet Now I would like to have lax security rules for traffic from/to 10.0.0.0/8 that comes through the VPN interface, while still protecting the laptop from traffic that comes via uplink interface as if it was private. How to achieve this switching and duality? One option I see is switching to IPSec...

    Read the article

  • OpenVPN server behind firewall issues

    - by Gabriel
    I'm trying to setup an OpenVPN but I do have some problems doing it. This is my scenario: INTERNET --- HOME ROUTER (10.1.0.0/28) --- FIREWALL SERVER (DEFAULT GATEWAY FOR MY INTERNAL LAN 10.1.0.2) --- OpenVPN Server (10.1.0.9 LAN | 10.2.0.1 VPN) single nic / bridge iface I can connect to my VPN server successfully (it gets the 10.2.0.5 address). Though, I'm not able to ping anything, neither my VPN server, nor my lan clients. I guess the problem is on the firewall. I'm not really an expert on iptables, I tried adding plenty of different rules without success. I would appreciate a lot if someone could explain me how to get to work the VPN server in this scenario. After connecting through VPN, when I try to ping the server, I'm not really sure about how the ping message gets to the server and how the response should go back to the client. Thanks a lot Gabriel

    Read the article

  • IPSec policies on Mac OSX

    - by Helder
    Is there a way to configure IPSec policies on a Mac OSX, in a similar way to what you can do in Windows, with "Connection Security Rules"? I need to implement a service that will use an IPSec tunnel, and I might have to provide it to Macs as well. As I don't have access to a Mac, I've done some reading, and it seems that there is something called "racoon" that handles IPSec. Can anyone confirm this? Further, we will need to use certificates for authenticating the IPsec tunnel as well (as opposed to pre-shared keys). Can anyone confirm that this is also possible from a Mac OSX? Thank you!

    Read the article

  • Firewall software that can block access to certain applications on certain internet connections

    - by webmasters
    I have two internet connections, a LAN and a 3G modem on a Windows 7 machine. The LAN is connected to a Edimax router which is conneted to the ISP (with their own modem). Now, the Edimax router is set to auto assign IP adresses in the range: 168.192.2.100 and 192.168.2.200 I wanted to block internet explorer to access the LAN. I entered my AVG firewall, selected iexplorer and added a "block" rule which blocked all ports, TCP and UDP protocols for the above IP range. The problem is it did not work, not matter what rules I have tried. Can you recommend a firewall that can easily accomplish this? Ty

    Read the article

  • Adding many IP addresses to Windows Firewall using CLI fails partially

    - by Thomas
    I have a PowerShell script which adds IP addresses to Windows Firewall using the "netsh advfirewall" command. (As described in this question: How to append netsh firewall rules, not just replace). The problem is that when adding a lot of IP addresses (currently over 700) the string of IP addresses seems to be 'cut off' at some point. Only an X amount of the total amount of IP addresses are actually added to the firewall, the rest... not. The script is very simple, and looks something like this: $ip = "123.123.123.123,124.124.124.124,125.125.125.125 and so on" netsh advfirewall firewall set rule name="*" new remoteip="$ip" I tried to echo the string to see if it's cut off; echo $ip But the complete string is correctly echo'ed. Is there some kind of string length limit for the netsh command? Or anything else that could be causing this issue?

    Read the article

  • max length of url 257 characters for mod_rewrite?

    - by Daniel
    My url scheme is /foo/var1-var2-var3.../bar I am using these mod_rewrite rules: RewriteBase /foo/ RewriteEngine on RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^ index.php [PT,L] If the length of the string 'var1-var2...' is greater than 257 characters then an error 403 Forbidden and a 404 are returned. However, if the length of the 'var1-var2...' string is 257 characters or less and subsequently followed by a slash the length of the remaining url may be any length. How does one overcome this limit?

    Read the article

  • Assigning resources to MS Project 2007

    - by adam
    Hi, I'm planning a redesign of a site in Project 2007. I have three developers to hand, all with the same skills. There are about 80 templates to be rendered as part of the redesign, and each template has been added as a project task. Each of these tasks can be done by any of the 3 devs, and each will take a day (with a few exceptions). There is no order in which the tasks must be completed, so there are no predecessor rules. I'd like to be able to assign tasks to a 'Developer' resource group, and for Project to see that three tasks can be done at once (as the group has three resources members) and queue the tasks as such. Googling leads me to Team Assignment, but that appears to be part of Project Server. Surely I can do this in standalone Project? Thanks, Adam

    Read the article

  • Forward the Wan IP to another Wan IP without changing the source address

    - by user195410
    I have tried this case by using the NAT function in iptables but fail example. PC A IP is 1.1.1.1 (Win7) My Server IP is 2.2.2.2 (CentOS 6.2) target Server B is 3.3.3.3 (Windows server 2003) Flow: PC A WanIP -- My Server A -- Server B (WanIP) My iptables rules: 1. iptables -t nat -A PREROUTING -d 2.2.2.2 -p tcp --dport 80 -j DNAT --to-destination 3.3.3.3:80 2. iptables -t nat -A POSTROUTING -d 2.2.2.2 -j MASQUERADE finally, i can access server B website by enter 2.2.2.2:80 but when i checked the access log at Server B i found it's source address had been changed to src:2.2.2.2 dst:3.3.3.3 please help me to do how to get the real address is src:1.1.1.1 dst:3.3.3.3

    Read the article

  • nginx regex locations w/ different roots not working as expected

    - by Wells Oliver
    I have the following two rules: location / { root /var/www/default; } location ~* /myapp(.*)$ { root /home/me/myapp/www; try_files $uri $uri/ /handle.php?url=$uri&$args; } When I browse to myapp/foo it works- kind of, the error is logged as a 404: *3 open() "/var/www/default/handle.php" failed (2: No such file or directory) - so its handling the regex match but just not using the right document root-- why is this? For the record, I am trying to get /myapp/* requests handled by the second location, and everything else the first.

    Read the article

  • UNIX-Security Advise

    - by Phoibe
    Hello, I want to build a quite secure UNIX-Server. Mechanisms I already implemented: SNORT + fwsnort for banning psad to block network-scanning attempts Portknocking to start+open SSH (key-based login - no password) hourly update of IP-Tables-Rules from a Security-Subscription Fail2Ban ClamAV & Rootkithunter + Logwatch What service-independent security mechanism would you add to this? What mechanism are you using? The server will run Apache&Postfix. For Apache hiding the server-information ofc. and nothing I can think of for Postfix. Thanks

    Read the article

  • Can I find which script outputs which error?

    - by ibrahim
    There is a script which calls other scripts and they call others... I don't know exactly which scripts are called and how many of them. I only know that some of them are adding iptables rules and I get this error when I call root script. iptables: No chain/target/match by that name. iptables: No chain/target/match by that name. My problem is that I can not find which script outputs this errors. Is there any way or tool to learn that?

    Read the article

  • Getting VSFTP running on Fedora 14

    - by Louis W
    Having troubles getting VSFTPD running on Fedora 14. Here is what I have done so far, please let me know if I am missing something. When I try to connect through FTP it says connection time out. Installed VSFTP with yum yum install vsftpd Edited config file vi /etc/vsftpd/vsftpd.conf Started service and made sure it would always start up service vsftpd start chkconfig vsftpd on Added and configured a new user /usr/sbin/useradd upload /usr/bin/passwd upload usermod -c "This user cannot login to a shell" -s /sbin/nologin upload Added firewall rules iptables -A INPUT -p tcp --dport 21 -j ACCEPT iptables -A OUTPUT -p tcp --sport 20 -j ACCEPT service iptables save service iptables restart Checked netstat (In reply to comment below) tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 23752/vsftpd

    Read the article

  • modsecurity apache mod-security.conf missing

    - by TechMedicNYC
    Greetings Serverfaultians. I'm not a server guy as you can see from my noob score of 1 point. But maybe those more versed can help me. I'm using Ubuntu v13.10 32-bit Server and Apache2 v2.4.6 and I'm trying to set up and configure modsecurity and modevasive on an internet-exposed production/test server. I am trying to follow this tutorial: http://www.thefanclub.co.za/how-to/how-install-apache2-modsecurity-and-modevasive-ubuntu-1204-lts-server. But at step 3: Now add these rules to Apache2. Open a terminal window and enter: sudo vi /etc/apache2/mods-available/mod-security.conf This file does not exist. Any suggestions?

    Read the article

< Previous Page | 84 85 86 87 88 89 90 91 92 93 94 95  | Next Page >