Search Results

Search found 4538 results on 182 pages for 'rules'.

Page 93/182 | < Previous Page | 89 90 91 92 93 94 95 96 97 98 99 100 | Next Page >

Rewrite for robots.txt and favicon.ico [closed]

- by BHare

I have setup some rules in which subdomains (my users) will default to where I have located the robots.txt, favicon.ico, and crossdomain.xml therefore if a user creates a site say testing.mywebsite.com and they don't make their own favicon.ico at testing.mywebsite.com/favicon.ico, then it will use the favicon.ico I have in /misc/favicon.ico This works perfect, but it doesn't work for the main website. If you attempt to go to mywebsite.com/favicon.ico it will check if "/" exists, in which it does. And then never redirects to /misc/favicon.ico How can I get it so both instances redirect to /misc/favicon.ico ? # Set all crossdomain (openpalace file) favorite icons and robots.txt doesnt exist on their # side, then redirect to site's just to have something to go on. RewriteCond %{REQUEST_URI} crossdomain.xml$ RewriteCond ^(.+)crossdomain.xml !-f RewriteRule ^(.*)$ /misc/crossdomain.xml [L] RewriteCond %{REQUEST_URI} favicon.ico$ RewriteCond ^(.+)favicon.ico !-f RewriteRule ^(.*)$ /misc/favicon.ico [L] RewriteCond %{REQUEST_URI} robots.txt$ RewriteCond ^(.+)robots.txt !-f RewriteRule ^(.*)$ /misc/robots.txt [L]

Read the article
What's the situation that requires stateful firewall?

- by Eonil

I just know there is two kind of firewalls. Stateless and stateful. It's hard to determine what kind of firewall I have to use. Currently I have to run firewall within same machine runs services, Basically I want stateless because of its less resource consumption. However if it is not sufficient for security, it's meaningless. I'll run HTTP, SSH, NFS (only over SSH), and some custom made server on several TCP/UDP ports. Should I use stateful firewall? (edit) Maybe the question can be assumed as 'Should I use stateful rules?'.

Read the article
Using Apache Environment Variables to set custom ErrorDocument

- by Tad

I've got a set of RewriteCond rules that test for various mobile devices and then set environment variables like "env=device:.iphone" or "env=device:.smartphone" if the useragent matches an iPhone or Android device. I'm trying to now redirect the user to custom-styled 404/500 server error pages for each device, by way of the error pages. Ideally I'd like to be able to test for a variable being there, and then write in a custom ErrorDocument string. But an apache doesn't seem to work in this case. Any ideas how I can construct if/else tests in an apache conf file for environment vars?

Read the article
How can I debug Cisco Firewall ASA "Dispatch Unit" very high CPU utilisation from ASDM?

- by Andy

I have recently had my first firewall installed so I am very new to this whole situation. I am finding that Dispatch unit is becoming overloaded and it would appear to be the reason I get serious bouts of lag on my server. The firewall has had little configuration apart from me blocking all the ports in "Access Rules" and allowing only the ones the server needs and from where it needs them. I guess what I am after is assistance with locating the issues causing "Dispatch Unit" to take up all the CPU Regards --Edit-- With ASDM statistics I found that packets inbound (peak of 70-100k/sec from <1k/sec normal), traffic inbound (peak of 40-50kbits/sec from <1kbits/sec normal) and CPU all peak at the same time so I am pretty sure it is an attack of some sort but as a beginner with ASA I am not sure how to resolve

Read the article
Can't Allow Specific Port in Windows Firewall Advanced Security - Windows 2008

- by Jody

In the Outbound Rules, I set up a rule to allow outbound connection from port 26. But, it doesn't work. However, if I allow "all port" for this rule, this will work, but then all ports will be allowed too. What is the reason? Is there any conflicting rule? I need to fix this as soon as possible. -Edit to add : I'm trying to allow email access to mail server outside (port 26). The thing is, even if I telnet using port 26, it will not work, unless I allow "all ports". Specific port will not do.

Read the article
Steps to make sure network is not blacklisted...Again

- by msindle

I have an interesting issue. I have a client that just got blacklisted due to spam being sent out over the last 2 days. I have my firewall configured to only allow mail to go outbound on port 25 from our mail server (Exchange 2010) exclusively and I have verified that there are no open relay's on our transport rules. We are running Vipre Business and after running deep scans with updated definitions all computers come back clean. I ran a message tracking report on our Exchange server that shows all mail sent via the mail server over the last couple of weeks and didn't see anything malicious or out of the ordinary. I have also verified that there are no home devices or rouge computers on the network. For all practical purposes it appears that the network is clean, but we still wound up on 5 or 6 blacklists...Where should I start looking next? Is there a "best practices" guide that can help eradicate this issue? Thanks in advance! msindle

Read the article
Cisco ASA - NAT'ing VPN traffic

- by DrStalker

I have an IPsec VPN setup like this: [Remote users]-[Remote ASA] <-VPN-> [My ASA]-[Subnet A]-[Router 2]-[Subnet B] The VPN is set to handle traffic between [remote users] and [Subnet A]; it does not include [Subnet B]. Pretend the firewall rules for all routers are to permit everything. Now I want to redirect traffic that comes over the VPN to a specific IP on [subnet A] (192.168.1.102) to an IP on [Subnet B] (10.1.1.133) If I add a rule on [My ASA] to NAT traffic to original IP 192.168.1.102 to new IP 10.1.1.133, 1) Will this affect the connections coming in over the VPN? (ie: the VPN packets are unencrypted and then NAT is applied) 2) Will this work when the post-NAT target is on Subnet-B, which is not part of the VPN traffic selection?

Read the article
Any problems with using a 301 redirect to force https traffic in IIS?

- by Jess

Is there any problem with using a 301 redirect to force all traffic to go to a secure-only site? We originally had redirect rules, but enforcing SSL-only seemed more secure. Here is how we set it up: Site 1: https://example.com/ Require SSL set Bound to 443 only Site 2: http://example.com Bound to 80 only Empty folder - no actual html or other data 301 Redirects to https://example.com This seems to work beautifully, but are there any issues with doing this? Would any browsers not recognize the 301 redirect, or could there be security warnings during the redirect?

Read the article
Check a list of passwords strength

- by user144705

Is there any way to check a list of passwords whether they strong or not? I have a list of passwords, around 2000, and want to check them against this policy Password must contain a minimum of eight (8) characters Password must contain at least one letter Password must contain at least one number Password must contain at least one punctuation character And count how many compliant with that policy before we save them. Is there any tool, script or maybe rules in excel to do this instead of doing it manually? Could you please help me?

Read the article
How to design a data model that deals with (real) contracts?

- by Geoffrey

I was looking for some advice on designing a data model for contract administration. The general life cycle of a contract is thus: Contract is created and in a "draft" state. It is viewable internally and changes may be made. Contract goes out to vendor, status is set to "pending" Contract is rejected by vendor. At this state, nothing can be done to the contract. No statuses may be added to the collection. Contract is accepted by vendor. At this state, nothing can be done to the contract. No statuses may be added to the collection. I obviously want to avoid a situation where the contract is accepted and, say, the amount is changed. Here are my classes: [EnforceNoChangesAfterDraftState] public class VendorContract { public virtual Vendor Vendor { get; set; } public virtual decimal Amount { get; set; } public virtual VendorContact VendorContact { get; set; } public virtual string CreatedBy { get; set; } public virtual DateTime CreatedOn { get; set; } public virtual FileStore Contract { get; set; } public virtual IList<VendorContractStatus> ContractStatus { get; set; } } [EnforceCorrectWorkflow] public class VendorContractStatus { public virtual VendorContract VendorContract { get; set; } public virtual FileStore ExecutedDocument { get; set; } public virtual string Status { get; set; } public virtual string Reason { get; set; } public virtual string CreatedBy { get; set; } public virtual DateTime CreatedOn { get; set; } } I've omitted the filestore class, which is basically a key/value lookup to find the document based on its guid. The VendorContractStatus is mapped as a many-to-one in Nhibernate. I then use a custom validator as described here. If anything but draft is returned in the VendorContractStatus collection, no changes are allowed. Furthermore the VendorContractStatus must follow the correct workflow (you can add a rejected after a pending, but you can't add anything else to the collection if a reject or accepted exists, etc.). All sounds alright? Well a colleague has argued that we should simply add an "IsDraft" bool property to VendorContract and not accept updates if IsDraft is false. Then we should setup a method inside of VendorContractStatus for updating the status, if something gets added after a draft, it sets the IsDraft property of VendorContract to false. I do not like this as it feels like I'm dirtying up the POCOs and adding logic that should persist in the validation area, that no rules should really exist in these classes and they shouldn't be aware of their states. Any thoughts on this and what is the better practice from a DDD perspective? From my view, if in the future we want more complex rules, my way will be more maintainable over the long run. Say we have contracts over a certain amount to be approved by a manager. I would think it would be better to have a one-to-one mapping with a VendorContractApproval class, rather than adding IsApproved properties, but that's just speculation. This might be splitting hairs, but this is the first real gritty enterprise software project we've done. Any advice would be appreciated!

Read the article
Is the hosts file ignored in windows if DNS Client service is running?

- by Mnebuerquo

I've seen a number of articles about how to edit the hosts file in Windows 7, but it's all about how to open notepad as administrator, not the actual behavior of the dns lookups afterward. I've read that the hosts file is ignored in XP SP2 if DNS Client service is running. I have tried this on my XP machine and it seems to be true. I can see how it is a security danger to have a hosts file that user programs could modify. If it could write to hosts, then any malware could spoof dns locally with minimal difficulty. I'm trying to use the hosts file for testing stuff on my local network without it going to the live site on the internet. At the same time I want to be able to use dns on the normal internet. Mostly though I just want to understand the rules on the newer windows systems. Thanks!

Read the article
Is it possible to limit output bandwidth between eth0 and lo?

- by mmcbro

I'm trying to limit the bandwidth between my eth0 output (nginx proxy) to my loopback inteface (apache) by filtering on destination port. Incoming Packet -> Eth0 -> 0.0.0.0:80 Nginx -> tc qdisc class/iptable mangle 2525port -> 127.0.0.1:2525 Apache I don't know if it's even possible I'm just experimenting. My rules are the followings : tc qdisc add dev eth0 root handle 1:0 htb tc class add dev eth0 parent 1:0 classid 1:10 htb rate 2mbps ceil 2mbps prio 0 tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 10 fw flowid 1:10 iptables -A OUTPUT -t mangle -p tcp --dport 2525 -j MARK --set-mark 10 I also tried to with FORWARD chain but its still the same.

Read the article
Advanced merge directory tree with cp in Linux

- by mtt

I need to: Copy all of a tree's folders (with all files, including hidden) under /sourcefolder/* preserving user privileges to /destfolder/ If there is a conflict with a file (a file with the same name exists in destfolder), then rename file in destfolder with a standard rule, like add "old" prefix to filename (readme.txt will become oldreadme.txt) copy the conflicted file from source to destination Conflicts between folders should be transparent - if same directory exists in both sourcefolder and destfolder, then preserve it and recursively copy its content according to the above rules. I need also a .txt report that describes all files/folders added to destfolder and files that were renamed. How can I accomplish this?

Read the article
Setting up a externally facing server on Windows. How do i setup DNS/Nameservers?

- by Jason Miesionczek

So i have a domain name that i would like to host from my static ip internet connection. I have windows server 2008 r2 installed, and dns setup. The dns server is currently behind a firewall, and i have the appropriate rules to allow traffic to reach it. My question is, what entries do i need to create in the DNS so that i can have some nameservers to use at my domain registrar, so that the domain correctly points to the server? I know that most domains have nameservers like ns1.domain.com, ns2.domain.com, etc. What would i point those to in my DNS?

Read the article
Logfiles filling with iptables logging

- by Peter I

OS: Debian 6 Server Version I have different logfiles which are filling up: user@server:/var/log$ ls -lahS | head total 427G -rw-r--r-- 1 root root 267G Nov 2 17:29 bandwidth -rw-r----- 1 root adm 44G Nov 2 17:29 kern.log -rw-r----- 1 root adm 27G Nov 2 17:29 debug -rw-r----- 1 root adm 23G Oct 27 06:33 kern.log.1 -rw-r----- 1 root adm 17G Nov 2 17:29 messages -rw-r----- 1 root adm 14G Oct 27 06:33 debug.1 -rw-r----- 1 root adm 12G Nov 2 17:29 syslog -rw-r----- 1 root adm 12G Nov 1 06:26 syslog.1 -rw-r----- 1 root adm 9.0G Oct 27 06:33 messages.1 So I looked up the file /etc/iptables.up.rules which had those lines in it: -A FORWARD -o eth0 -j LOG --log-level 7 --log-prefix BANDWIDTH_OUT: -A FORWARD -i eth0 -j LOG --log-level 7 --log-prefix BANDWIDTH_IN: -A OUTPUT -o eth0 -j LOG --log-level 7 --log-prefix BANDWIDTH_OUT: -A INPUT -i eth0 -j LOG --log-level 7 --log-prefix BANDWIDTH_IN: So deleting those lines will solve my problem. But how would I edit those lines without losing their functionality?

Read the article
Messages going missing from Apple mailboxes

- by Ho Li Cow

A colleague has noticed random messages being deleted from her Apple Mailboxes. e.g. Message sent to client - client replies - original message nowhere to be found. Not in sent items/sent messages/junk/trash. No rules set up. Have tried rebuilding mailboxes but message doesn't show up. Quite worrying really as it was only noticed by chance so don't know how long/how widespread it is. Mail is controlled by Exchange 2003 server. Anyone come across this before or know what's happening? Many thanks MBP 2.53GHz OS X 10.5.8 Mail 3.6

Read the article
Limiting and redirect port access with useragent

- by linuxcore

I'm trying to write iptables string match rule To block http://domain.com:8888 and https://domain.com:8888 when it matches the supplied string in the rule. And another rule to redirect the ports also from 8888 to 7777 I tried following rules but unfortunately didn't work iptables -A INPUT -p tcp -s 0.0.0.0/0 -m string --string linuxcore --algo bm --sport 8888 -j DROP iptables -t raw -A PREROUTING -m string --algo bm --string linuxcore -p tcp -i eth0 --dport 8888 -j DROP iptables -t nat -A PREROUTING -p tcp --dport 8888 -m string --algo bm --string "linuxcore" -j REDIRECT --to-port 7777 iptables -A INPUT -t nat -p tcp --dport 8888 -m string --algo bm --string "linuxcore" -j DROP I want to do this from iptables not the webserver because the server may not have a webserver and those ports are working on internal proxy or something like ..etc

Read the article
/proc/pid/environ missing variables

- by Josh Arenberg

google is giving no love on this one today, so I turn to the experts... I'm currently hacking together a script that relies on the /proc/pid/environ feature in Linux (RHEL 4) to check for a particular environment variable. Trouble is, it seems certain environment variables aren't showing up in there for some reason. Example: create some test vars: $ export T_1=testval TEST_1=testval T=testval TESTING_LONGEST=testval open a subshell: $bash $ cat /proc/self/environ|tr "\0" "\n"|grep testval TESTVARIABLE_LONGEST=testval T=testval hmm... where did T_1 and TEST_1 go?? what rules govern this strange universe? Thanks in advance, Josh

Read the article
Lighttpd mod_rewrite conversion from .htaccess format

- by hoball

Hello, I am using lighttpd as webserver and is having an issue about mod_rewrite. Currently I have a set of Apache .htaccess rewrite rules from a PHP script: RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-l RewriteRule ^(.*)$ index.php [QSA,L] In my understanding, if the requested URI is not a file/directory/sym-link, append it to index.php eg. www.a.com/hello/world --> www.a.com/index.php/hello/world I attempted to convert to lighttpd specification: url.rewrite-if-not-file = ( "^(.*)$" = "index.php/$1" ) However, it doesn't work. I suspect that is due to misuse of $1. I tried to use $0/%0 or something else but they fail. Would you please provide me a hint on making the syntax work? Thank you!

Read the article
Remote Access Without Explicit Permission: Convenience or Liability?

- by routeNpingme

For outsourced professional IT remote support, one habit most new technicians get into is the "instead of getting the user to start up remote support each time, I'll go ahead and install LogMeIn / GoToMyPC / Remote Desktop / whatever so that if they call again, I can just jump on and help them". This of course opens up a potential liability because a client PC on a network that we don't own is being accessed without a user explicitly providing permission by clicking a "Yes, allow technician to control my PC" option. I realize the rules totally change when you're an IT admin over a network that you "own", but this is outsourced IT support. Just curious what others' policies are. Is this an acceptable practice for convenience and I'm turning into one of those "security is more important than anything" people, or is this really a liability?

Read the article
Block a machine from accessing the internet

- by Simon Rigby

After some confirmation that I have thinking right in this scenario. We have a number of wired and wireless machines which presently have direct internet access. I also have a Linux (Ubuntu) server which is used as a file server for the network. Essentially I would like to be able to turn internet access on and off for machines. My plan is to block these machines by MAC address at the router. I would then set up a proxy server on the Linux box (ie Squid) so that the machines I wish to restrict can access the internet via the proxy. As I can adjust access via ACLs in squid, I would be able to switch on or off a machines access to the internet without having to further adjust the router's MAC rules. And of course I could go further and create a few scripts to assist with this admin task. Does this seem sound and have I over looked anything? Any help greatly appreciated. Simon.

Read the article
Rejecting new HTTP requests when server reaches a certain throughput

- by Sam

I have a requirement to run an HTTP server that rejects new HTTP requests (with a 503, or similar) when the global transfer rate of current HTTP responses exceeds a certain level. For example, if the web server is transferring at 98Mbps, and a new HTTP request arrives, we would want to reject this (as we couldn't guarantee a good speed). I've had a look at mod_cband for Apache, limit_req for nginx, and lighttpd's rate limiting features, but none of them seem to handle my (rather contrived, granted) use case. I should add that I'm open to using pretty much any web server, and am open to implementing this in iptables rules if someone can craft such a rule! (Refusing the TCP connection is fine, it doesn't have to respond with an HTTP 503). Any suggestions?

Read the article
Taking stock of an existing ASA Firewall

- by Nate

Imagine you are given an existing network using an ASA firewall. The network works, but you aren't sure of anything else. The firewall may be completely improperly configured, with "outside" actually being inside and "inside" actually being outside, for all you know. My question is this: what are the commands to take stock of an existing ASA firewall setup? With only CLI access, how do I figure out: What interfaces are available The names of the interfaces The security levels attached to the interfaces The access-lists attached to the interfaces, including rules and directions I know how to set these things (interface, nameif, security-level, and access-list/access-group), but I don't know how to figure them out given an existing system. On a related note, is there anything else that I should worry about checking to make sure that the network isn't wide open? Thanks!

Read the article
Outlook 2007 Script that sends new form email when a message is dragged and dropped into a folder

- by Mark

Is it possible to write a script that will allow Outlook to automatically send out a new email to a distribution list when you drag and drop and previously opened email into a specified folder? The rules only let you apply them to received and sent messages. They do not allow you to apply it to anything that is dragged and dropped after being opened. It baffles me that Novell Groupwise had this functionality but Outlook 2007 does not. If someone can assist me in writing a script/macro to provided this functionality, it would be greatly appreciated. Thank you.

Read the article
Nginx proxy to Apache - resolve HTTP ORIGIN

- by Fratyr

I have a server setup with nginx serving static content and proxy all PHP/dynamic requests to apache on 127.0.0.1 I'm building an API for my databases, and I need to allow clients by their origin (domain name), rather than just IP. Based on CORS rules. So when I send an HTTP header header("Access-Control-Allow-Origin: www.client-requesting.myapi.com"); from my API server, I have to tell it which origin I allow, otherwise client side requests won't work to my API due to same-origin policy. The question is how can I know which domain name (if any) called my API? What should be the nginx and apache configuration to pass the origin parameter? I tried to google, and all I found is some possible solution with mod_rpaf, but I wanted to be sure. Thanks!

Read the article

< Previous Page | 89 90 91 92 93 94 95 96 97 98 99 100 | Next Page >