Search Results

Search found 5589 results on 224 pages for 'rules and constraints'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 123/224 | < Previous Page | 119 120 121 122 123 124 125 126 127 128 129 130  | Next Page >

  • Logfiles filling with iptables logging

    - by Peter I
    OS: Debian 6 Server Version I have different logfiles which are filling up: user@server:/var/log$ ls -lahS | head total 427G -rw-r--r-- 1 root root 267G Nov 2 17:29 bandwidth -rw-r----- 1 root adm 44G Nov 2 17:29 kern.log -rw-r----- 1 root adm 27G Nov 2 17:29 debug -rw-r----- 1 root adm 23G Oct 27 06:33 kern.log.1 -rw-r----- 1 root adm 17G Nov 2 17:29 messages -rw-r----- 1 root adm 14G Oct 27 06:33 debug.1 -rw-r----- 1 root adm 12G Nov 2 17:29 syslog -rw-r----- 1 root adm 12G Nov 1 06:26 syslog.1 -rw-r----- 1 root adm 9.0G Oct 27 06:33 messages.1 So I looked up the file /etc/iptables.up.rules which had those lines in it: -A FORWARD -o eth0 -j LOG --log-level 7 --log-prefix BANDWIDTH_OUT: -A FORWARD -i eth0 -j LOG --log-level 7 --log-prefix BANDWIDTH_IN: -A OUTPUT -o eth0 -j LOG --log-level 7 --log-prefix BANDWIDTH_OUT: -A INPUT -i eth0 -j LOG --log-level 7 --log-prefix BANDWIDTH_IN: So deleting those lines will solve my problem. But how would I edit those lines without losing their functionality?

    Read the article

  • Using Apache Environment Variables to set custom ErrorDocument

    - by Tad
    I've got a set of RewriteCond rules that test for various mobile devices and then set environment variables like "env=device:.iphone" or "env=device:.smartphone" if the useragent matches an iPhone or Android device. I'm trying to now redirect the user to custom-styled 404/500 server error pages for each device, by way of the error pages. Ideally I'd like to be able to test for a variable being there, and then write in a custom ErrorDocument string. But an apache doesn't seem to work in this case. Any ideas how I can construct if/else tests in an apache conf file for environment vars?

    Read the article

  • Creating multiple SFTP users for one account

    - by Tom Marthenal
    I'm in the process of migrating an aging shared-hosting system to more modern technologies. Right now, plain old insecure FTP is the only way for customers to access their files. I plan on replacing this with SFTP, but I need a way to create multiple SFTP users that correspond to one UNIX account. A customer has one account on the machine (e.g. customer) with a home directory like /home/customer/. Our clients are used to being able to create an arbitrary number of FTP accounts for their domains (to give out to different people). We need the same capability with SFTP. My first thought is to use SSH keys and just add each new "user" to authorized_keys, but this is confusing for our customers, many of whom are not technically-inclined and would prefer to stick with passwords. SSH is not an issue, only SFTP is available. How can we create multiple SFTP accounts (customer, customer_developer1, customer_developer2, etc.) that all function as equivalents and don't interfere with file permissions (ideally, all files should retain customer as their owner)? My initial thought was some kind of PAM module, but I don't have a clear idea of how to accomplish this within our constraints. We are open to using an alternative SSH daemon if OpenSSH isn't suitable for our situation; again, it needs to support only SFTP and not SSH. Currently our SSH configuration has this appended to it in order to jail the users in their own directories: # all customers have group 'customer' Match group customer ChrootDirectory /home/%u # jail in home directories AllowTcpForwarding no X11Forwarding no ForceCommand internal-sftp # force SFTP PasswordAuthentication yes # for non-customer accounts we use keys instead Our servers are running Ubuntu 12.04 LTS.

    Read the article

  • Firewall GPO not applying despite being enumerated by gpresult

    - by jshin47
    I have a need to open up the admin$ share on all of my domain's client PC's and I am trying to do so using group policy. I defined computer policy for Windows Firewall with Advanced Security in a policy object linked to the appropriate container and added the appropriate rules. However, they are not being applied! I feel like I have tried all of the obvious steps: I've checked gpresult and the resulting set of policy is the way that I would expect it to look. I've gpupdate /force and gpupdate /sync on a few client computers, but no matter what I do they don't seem to respond to my changes. I know that other computer policies in the GPO are being applied so it is strange that these are not. I have also disabled exceptions on clients in the firewall GPO, but that doesn't seem to be applying either. Here is a screenshot of the firewall.cpl from a client: Basically, although other options in the same GPO ARE applied for computer policy, the firewall settings seem to be ignored.

    Read the article

  • Can't Allow Specific Port in Windows Firewall Advanced Security - Windows 2008

    - by Jody
    In the Outbound Rules, I set up a rule to allow outbound connection from port 26. But, it doesn't work. However, if I allow "all port" for this rule, this will work, but then all ports will be allowed too. What is the reason? Is there any conflicting rule? I need to fix this as soon as possible. -Edit to add : I'm trying to allow email access to mail server outside (port 26). The thing is, even if I telnet using port 26, it will not work, unless I allow "all ports". Specific port will not do.

    Read the article

  • Is it possible to limit output bandwidth between eth0 and lo?

    - by mmcbro
    I'm trying to limit the bandwidth between my eth0 output (nginx proxy) to my loopback inteface (apache) by filtering on destination port. Incoming Packet -> Eth0 -> 0.0.0.0:80 Nginx -> tc qdisc class/iptable mangle 2525port -> 127.0.0.1:2525 Apache I don't know if it's even possible I'm just experimenting. My rules are the followings : tc qdisc add dev eth0 root handle 1:0 htb tc class add dev eth0 parent 1:0 classid 1:10 htb rate 2mbps ceil 2mbps prio 0 tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 10 fw flowid 1:10 iptables -A OUTPUT -t mangle -p tcp --dport 2525 -j MARK --set-mark 10 I also tried to with FORWARD chain but its still the same.

    Read the article

  • htaccess order Deny,Allow rule

    - by aspiringCodeArtisan
    I'd like to dynamically add IPs to a block list via htaccess. I was hoping someone could tell me if the following will work in my case (I'm unsure how to test via localhost). My .htaccess file will have the following by default: order allow,deny allow from all IPs will be dynamically appended: Order Deny,Allow Allow from all Deny from 192.168.30.1 The way I understand this is that it is by default allow all with the optional list of deny rules. If I'm not mistaken Order Deny,Allow will look at the Deny list first, is this correct? And does the Allow from all rule need to be at the end?

    Read the article

  • Can't reach custom C# forms application remotely.

    - by gnucom
    Hello, I'm working in Windows Server 2008. I have a very basic C# forms application (not a service) that is listening on a port, say 56112. When using telnet I can connect from the localhost and send and receive data. For some reason I cannot remotely connect to the application. I know I have a connection because I can telnet to 23 on the remotely fine. I've opened this port on the firewall, created rules in/out in advanced firewall, disabled the firewall completely, and more. Any suggestions would be great! This is the telnet output: Microsoft Telnet> open server.cc 56112 Connecting server.cc...Could not open connection to the host, on port 56112: Connect failed

    Read the article

  • Two hosts on same subnet can't see each other

    - by Joey Hewitt
    I've got two routers with two separate public IP addresses on the same subnet, but I can't get them to talk to each other. Both are connected to the internet (ISP-provided gateway) via Ethernet ports provided by the landlord, but I don't have access to or knowledge of how those are physically connected or the protocols used to get back to the ISP. I can ping either from the outside, but they can't ping each other. Traceroutes in and out look the same, and they receive the same gateway over DHCP. I can ping other IPs on the subnet, so I assume this is not any sort of intentional isolation for security/privacy. Since I'm in a setup where my landlord provides internet and we don't have contact with the ISP, I can't really ask the ISP for help (doubt the landlord would know much either.) The situation is similar to the diagram at this question, but instead of the two servers, there's another router coming off the (presumed) switch, and I don't have access to the switch. I've tried giving them static routes to each other with the ISP internet gateway as the gateway, but that's not working. One is a Linksys WRT54GL running DD-WRT, the other is a Netgear WGR614v7, although I could get something more capable if necessary. I'd like to keep them each connected directly to the ISP on their WAN ports, but I can have an ethernet cable between them if necessary - I'm wondering if there's a way without that, and if there isn't, I'd appreciate advice on how to get that working. Sorry this is so nitpicky; there are reasons for all the constraints, but they don't apply to the real question, so I left them out. ;) Thank you!

    Read the article

  • Advanced merge directory tree with cp in Linux

    - by mtt
    I need to: Copy all of a tree's folders (with all files, including hidden) under /sourcefolder/* preserving user privileges to /destfolder/ If there is a conflict with a file (a file with the same name exists in destfolder), then rename file in destfolder with a standard rule, like add "old" prefix to filename (readme.txt will become oldreadme.txt) copy the conflicted file from source to destination Conflicts between folders should be transparent - if same directory exists in both sourcefolder and destfolder, then preserve it and recursively copy its content according to the above rules. I need also a .txt report that describes all files/folders added to destfolder and files that were renamed. How can I accomplish this?

    Read the article

  • How can I debug Cisco Firewall ASA "Dispatch Unit" very high CPU utilisation from ASDM?

    - by Andy
    I have recently had my first firewall installed so I am very new to this whole situation. I am finding that Dispatch unit is becoming overloaded and it would appear to be the reason I get serious bouts of lag on my server. The firewall has had little configuration apart from me blocking all the ports in "Access Rules" and allowing only the ones the server needs and from where it needs them. I guess what I am after is assistance with locating the issues causing "Dispatch Unit" to take up all the CPU Regards --Edit-- With ASDM statistics I found that packets inbound (peak of 70-100k/sec from <1k/sec normal), traffic inbound (peak of 40-50kbits/sec from <1kbits/sec normal) and CPU all peak at the same time so I am pretty sure it is an attack of some sort but as a beginner with ASA I am not sure how to resolve

    Read the article

  • Check a list of passwords strength

    - by user144705
    Is there any way to check a list of passwords whether they strong or not? I have a list of passwords, around 2000, and want to check them against this policy Password must contain a minimum of eight (8) characters Password must contain at least one letter Password must contain at least one number Password must contain at least one punctuation character And count how many compliant with that policy before we save them. Is there any tool, script or maybe rules in excel to do this instead of doing it manually? Could you please help me?

    Read the article

  • What's the situation that requires stateful firewall?

    - by Eonil
    I just know there is two kind of firewalls. Stateless and stateful. It's hard to determine what kind of firewall I have to use. Currently I have to run firewall within same machine runs services, Basically I want stateless because of its less resource consumption. However if it is not sufficient for security, it's meaningless. I'll run HTTP, SSH, NFS (only over SSH), and some custom made server on several TCP/UDP ports. Should I use stateful firewall? (edit) Maybe the question can be assumed as 'Should I use stateful rules?'.

    Read the article

  • Is reliability reputation of mechanical keyboards overblown?

    - by Rarst
    A while back I worked up to finally buying mechanical keyboard (~$100 range, "black" switches) and was initially quite content with purchase. However just outside first year (read it - as soon as warranty expired) it started to develop repeat issues (press once, get chain of letter repeated) on multiple keys. It doesn't react to generic cleaning (up to compressed air) and searching Internet shows noticeable amount of people with similar-to-identical issues, spanning years. This makes me severely hesitant to buy another mechanical keyboard, considering: every other keyboard I ever owned, including ultra-cheap crap managed to last longer than that typing experience is nice, but not lifechanging-fan-forever nice for me my choice of mechanical keyboards is severely limited not many brands represented in local market and primarily crazy looking gamer models russian (not to mention russian and ukrainian if possible) layout excludes international ordering price tag for a meek year of use I got our of it is plain demoralizing It is obvious mechanical keyboards have their fans, but shopping around for "best fit" or getting into multiple hundreds price tags is probably not something I am highly interested in. Considering my constraints and bad experience with reliability, is it practical for me to sink more money into buying mechanical keyboard(s) again? In other words - manufacturers are beaming about how crazy reliable mechanical keyboards are. Are active long time users of such keyboards confidently of same opinion?

    Read the article

  • Cisco ASA - NAT'ing VPN traffic

    - by DrStalker
    I have an IPsec VPN setup like this: [Remote users]-[Remote ASA] <-VPN-> [My ASA]-[Subnet A]-[Router 2]-[Subnet B] The VPN is set to handle traffic between [remote users] and [Subnet A]; it does not include [Subnet B]. Pretend the firewall rules for all routers are to permit everything. Now I want to redirect traffic that comes over the VPN to a specific IP on [subnet A] (192.168.1.102) to an IP on [Subnet B] (10.1.1.133) If I add a rule on [My ASA] to NAT traffic to original IP 192.168.1.102 to new IP 10.1.1.133, 1) Will this affect the connections coming in over the VPN? (ie: the VPN packets are unencrypted and then NAT is applied) 2) Will this work when the post-NAT target is on Subnet-B, which is not part of the VPN traffic selection?

    Read the article

  • Lighttpd mod_rewrite conversion from .htaccess format

    - by hoball
    Hello, I am using lighttpd as webserver and is having an issue about mod_rewrite. Currently I have a set of Apache .htaccess rewrite rules from a PHP script: RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-l RewriteRule ^(.*)$ index.php [QSA,L] In my understanding, if the requested URI is not a file/directory/sym-link, append it to index.php eg. www.a.com/hello/world --> www.a.com/index.php/hello/world I attempted to convert to lighttpd specification: url.rewrite-if-not-file = ( "^(.*)$" = "index.php/$1" ) However, it doesn't work. I suspect that is due to misuse of $1. I tried to use $0/%0 or something else but they fail. Would you please provide me a hint on making the syntax work? Thank you!

    Read the article

  • Rewrite for robots.txt and favicon.ico [closed]

    - by BHare
    I have setup some rules in which subdomains (my users) will default to where I have located the robots.txt, favicon.ico, and crossdomain.xml therefore if a user creates a site say testing.mywebsite.com and they don't make their own favicon.ico at testing.mywebsite.com/favicon.ico, then it will use the favicon.ico I have in /misc/favicon.ico This works perfect, but it doesn't work for the main website. If you attempt to go to mywebsite.com/favicon.ico it will check if "/" exists, in which it does. And then never redirects to /misc/favicon.ico How can I get it so both instances redirect to /misc/favicon.ico ? # Set all crossdomain (openpalace file) favorite icons and robots.txt doesnt exist on their # side, then redirect to site's just to have something to go on. RewriteCond %{REQUEST_URI} crossdomain.xml$ RewriteCond ^(.+)crossdomain.xml !-f RewriteRule ^(.*)$ /misc/crossdomain.xml [L] RewriteCond %{REQUEST_URI} favicon.ico$ RewriteCond ^(.+)favicon.ico !-f RewriteRule ^(.*)$ /misc/favicon.ico [L] RewriteCond %{REQUEST_URI} robots.txt$ RewriteCond ^(.+)robots.txt !-f RewriteRule ^(.*)$ /misc/robots.txt [L]

    Read the article

  • Why can't my networks reach each other?

    - by HOLOGRAPHICpizza
    We have two Buffalo WZR-HP-G300NH2 routers, with the default firmware, DD-WRT v24SP2-MULTI (10/31/11) std - build 17798. Each has a separate cable internet connection with a public static IP address. They are both in the 24.123.68.0/24 space. Both of them can contact pretty much the whole internet, and they can both be accessed out on the internet with no problem, but for some reason they can't talk to each other! When I try to ping one from the other I always get "Destination Host Unreachable". There are no strange routing or firewall rules in place. And they are both set to respond to pings, I can ping them from outside. Our main IT guy is going to call our ISP on Monday, but I'm impatient, so does anyone have any ideas?

    Read the article

  • Remote Access Without Explicit Permission: Convenience or Liability?

    - by routeNpingme
    For outsourced professional IT remote support, one habit most new technicians get into is the "instead of getting the user to start up remote support each time, I'll go ahead and install LogMeIn / GoToMyPC / Remote Desktop / whatever so that if they call again, I can just jump on and help them". This of course opens up a potential liability because a client PC on a network that we don't own is being accessed without a user explicitly providing permission by clicking a "Yes, allow technician to control my PC" option. I realize the rules totally change when you're an IT admin over a network that you "own", but this is outsourced IT support. Just curious what others' policies are. Is this an acceptable practice for convenience and I'm turning into one of those "security is more important than anything" people, or is this really a liability?

    Read the article

  • What is fastest way to backup a disk image over LAN?

    - by David Balažic
    Sometimes I boot sysrescd or a similar live linux on a PC to backup the hardrive over local network to my server. I noticed many times, that the transfer speed is not optimal (slower than HDD and network speed). Any rules of thumb what to do and what to avoid? What I typically do is something like: dd bs=16M if=/dev/sda | nc ... # on client nc ... | dd bs=16M of=/destination/disk/backup1 # on server I also "throw" in lzop (other are way too slow) and sometimes on the fly md5sum calculation (both of uncompressed and compress source). I try to add (m)buffer (or other alternatives) to improve throughput (and get a progress indicator). I noticed that even with enough free CPU, adding commands to the pipeline slows things down. Typically the destination is on a NTFS volume (accessed via ntfs-3g, with the _big_writes_ option).

    Read the article

  • Nginx proxy to Apache - resolve HTTP ORIGIN

    - by Fratyr
    I have a server setup with nginx serving static content and proxy all PHP/dynamic requests to apache on 127.0.0.1 I'm building an API for my databases, and I need to allow clients by their origin (domain name), rather than just IP. Based on CORS rules. So when I send an HTTP header header("Access-Control-Allow-Origin: www.client-requesting.myapi.com"); from my API server, I have to tell it which origin I allow, otherwise client side requests won't work to my API due to same-origin policy. The question is how can I know which domain name (if any) called my API? What should be the nginx and apache configuration to pass the origin parameter? I tried to google, and all I found is some possible solution with mod_rpaf, but I wanted to be sure. Thanks!

    Read the article

  • Permission to see the expandable list of ISA Server 2006

    - by Hossein Mobasher
    I am working on ISA Server 2006 in Windows Server. I want to add some policy rules to my server, I followed this link. But It points to In the Microsoft Internet Security and Acceleration Server 2006 management console, expand the array name, and then click the Firewall Policy node. When I open the ISA Server 2006 Management Console, I can not show the expand list, how can I force ISA to show the expandable tree to start Firewall Policy? Could any one please help me to do this ? Note : I have administrator permission for my account. Thanks in advance :)

    Read the article

  • Setting up a externally facing server on Windows. How do i setup DNS/Nameservers?

    - by Jason Miesionczek
    So i have a domain name that i would like to host from my static ip internet connection. I have windows server 2008 r2 installed, and dns setup. The dns server is currently behind a firewall, and i have the appropriate rules to allow traffic to reach it. My question is, what entries do i need to create in the DNS so that i can have some nameservers to use at my domain registrar, so that the domain correctly points to the server? I know that most domains have nameservers like ns1.domain.com, ns2.domain.com, etc. What would i point those to in my DNS?

    Read the article

  • Is the hosts file ignored in windows if DNS Client service is running?

    - by Mnebuerquo
    I've seen a number of articles about how to edit the hosts file in Windows 7, but it's all about how to open notepad as administrator, not the actual behavior of the dns lookups afterward. I've read that the hosts file is ignored in XP SP2 if DNS Client service is running. I have tried this on my XP machine and it seems to be true. I can see how it is a security danger to have a hosts file that user programs could modify. If it could write to hosts, then any malware could spoof dns locally with minimal difficulty. I'm trying to use the hosts file for testing stuff on my local network without it going to the live site on the internet. At the same time I want to be able to use dns on the normal internet. Mostly though I just want to understand the rules on the newer windows systems. Thanks!

    Read the article

  • /proc/pid/environ missing variables

    - by Josh Arenberg
    google is giving no love on this one today, so I turn to the experts... I'm currently hacking together a script that relies on the /proc/pid/environ feature in Linux (RHEL 4) to check for a particular environment variable. Trouble is, it seems certain environment variables aren't showing up in there for some reason. Example: create some test vars: $ export T_1=testval TEST_1=testval T=testval TESTING_LONGEST=testval open a subshell: $bash $ cat /proc/self/environ|tr "\0" "\n"|grep testval TESTVARIABLE_LONGEST=testval T=testval hmm... where did T_1 and TEST_1 go?? what rules govern this strange universe? Thanks in advance, Josh

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 119 120 121 122 123 124 125 126 127 128 129 130  | Next Page >