Search Results

Search found 4786 results on 192 pages for 'traffic shaping'.

Page 123/192 | < Previous Page | 119 120 121 122 123 124 125 126 127 128 129 130  | Next Page >

• amazon ec2 pricing

  - by Pradyut Bhattacharya

  I m really confused. I was trying to buy hosting at amazon ec2. My site will not be having much of a traffic and i will be installing glassfish and mysql. Usage will be 1gb of ram and around less than 5gb of hardisk and same bandwidth. As mine is a startup, the number of hits per day would be less than 20hits per day, each hit having around 10mins time. How should i calculate the price on the ec2 calculator. Thanks

  Read the article

• Getting HAPROXY to redirect http to https in users browser session

  - by Jon

  We are currently using a Internet cloud provider to host our SaaS platform. The platform consists of a Firewall - Cloud Provider SLB - - Apache Web Server - HAPROXY SLB - Liferay Platform We have had to use HAPROXY because of an issue with the cloud providers SLB that meant we were unable to use it for load balancing the Liferay platform applications. I have implemented HAPROXY in our secure tier and that seems to do the trick of load balancing the requests quite adequately. However during testing we encountered a functional issue whereby selecting a sub-menu from the web portal resulted in the application hanging, using an http analyser we saw that the request being passed back to the users browser was in http, from discussing this with the software vendor it transpires that the Liferay application has some hard-coded http links, and that other customers have worked around this by using physical NLB's such as F5 and redirecting the http traffic to https. The entry in the HAPROXY logs reads: haproxy[2717]: haproxy[2717]: <Apache Web Agent>:37957 [11/Apr/2013:08:07:00.128] http-uapi uapi/<ServerName> 0/0/0/9/10 200 4912 - - ---- 4/2/1/2/0 0/0 "GET /servicedesk/controller?docommand=renderradform&!key=esd_sfb001_frm_feedback_forms_list&isportalintegratedmode=true&USR=joe.bloggs%40gmail.com&_dc=1365667773097&redirecturl=controller%3Fdocommand%3Drenderbody%26%21key%3DESD_SFB001_FRM_FEEDBACK_FORMS_LIST%26isportalintegratedmode%3Dtrue&sso_token=ALiYv2UqzLsAhSw1ZchRDlCHlq44Bhj9&ONERROR=%2Fweb%2Fjsp%2Fapps%2Fportal-integration-error.jsp&itype=login&slicetoken=NW51O%242aRo%2C_Zz%2476P_9DTtnFmz6%28bhk&AUTOFORWARDURL=controller%3Fdocommand%3Drenderbody%26%21key%3DESD_SFB001_FRM_FEEDBACK_FORMS_LIST%26isportalintegratedmode%3Dtrue&LOGINPAGE=https%3A%2F%2F<FQDN of Web Portal>%2Fweb%2F4732cf01-82c3-4bc5-b6c9-552253e672cf%2Fworkflow-tools&appid=1&!uid=1&!redownloadToken=7.0.3.1.1363611301.0&userlocale=en_US&!datechanged=2012-05-18%2015:05:31.38 HTTP/1.1" :37957 [11/Apr/2013:08:07:00.128] http-uapi uapi/<ServerName> 0/0/0/9/10 200 4912 - - ---- 4/2/1/2/0 0/0 "GET /servicedesk/controller?docommand=renderradform&!key=esd_sfb001_frm_feedback_forms_list&isportalintegratedmode=true&USR=joe.bloggs%40gmail.com&_dc=1365667773097&redirecturl=controller%3Fdocommand%3Drenderbody%26%21key%3DESD_SFB001_FRM_FEEDBACK_FORMS_LIST%26isportalintegratedmode%3Dtrue&sso_token=ALiYv2UqzLsAhSw1ZchRDlCHlq44Bhj9&ONERROR=%2Fweb%2Fjsp%2Fapps%2Fportal-integration-error.jsp&itype=login&slicetoken=NW51O%242aRo%2C_Zz%2476P_9DTtnFmz6%28bhk&AUTOFORWARDURL=controller%3Fdocommand%3Drenderbody%26%21key%3DESD_SFB001_FRM_FEEDBACK_FORMS_LIST%26isportalintegratedmode%3Dtrue&LOGINPAGE=https%3A%2F%2F<FQDN of Web Portal>%2Fweb%2F4732cf01-82c3-4bc5-b6c9-552253e672cf%2Fworkflow-tools&appid=1&!uid=1&!redownloadToken=7.0.3.1.1363611301.0&userlocale=en_US&!datechanged=2012-05-18%2015:05:31.38 HTTP/1.1" The corresponding HTTP browser entry shows: http://<FQDN of ServiceDesk>/servicedesk/controller?docommand=renderradform&!key=esd_org019_frm_contact_list&isportalintegratedmode=true&USR=joe.bloggs%40gmail.com&_dc=1365665987887&redirecturl=controller%3Fdocommand%3Drenderbody%26%21key%3DESD_ORG019_FRM_CONTACT_LIST%26isportalintegratedmode%3Dtrue&sso_token=3NxsXYORMPp32SwL8ftVUCMH2QdWLH82&ONERROR=%2Fweb%2Fjsp%2Fapps%2Fportal-integration-error.jsp&itype=login&slicetoken=NW51O%242aRo%2C_Zz%2476P_9DTtnFmz6%28bhk&AUTOFORWARDURL=controller%3Fdocommand%3Drenderbody%26%21key%3DESD_ORG019_FRM_CONTACT_LIST%26isportalintegratedmode%3Dtrue&LOGINPAGE=https%3A%2F%2F<FQDN of Web Portal>>%2Fweb%2F4732cf01-82c3-4bc5-b6c9-552253e672cf%2Fapplication-setup&appid=1&!uid=1&!redownloadToken=7.0.3.1.1363611301.0&userlocale=en_US&!datechanged=2012-10-26%2019:00:25.08 From reading through the forums and other sites it looks like we should be use to use HAPROXY to redirect the traffic to https, but try as I might I cant get it to work. This is our HAPROXY configuration: global log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon stats socket /var/lib/haproxy/stats defaults mode http log global option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000 frontend http-openfire bind *:7070 default_backend openfire backend openfire balance roundrobin server <serverName> <IPv4 Address>:7070 check server <serverName> <IPv4 Address>:7070 check frontend http-uapi bind *:7080 default_backend uapi backend uapi balance roundrobin server <serverName> <IPv4 Address>:7080 check server <serverName> <IPv4 Address>:7080 check frontend http-sec bind *:8080 default_backend sec backend sec balance roundrobin server <serverName> <IPv4 Address>:8080 check server <serverName> <IPv4 Address>:8080 check frontend http-wall bind *:9080 default_backend wall backend wall balance roundrobin server <serverName> <IPv4 Address>:9080 check server <serverName> <IPv4 Address>:9080 check frontend http-xmpp bind *:9090 default_backend xmpp backend xmpp balance roundrobin server <serverName> <IPv4 Address>:9090 check server <serverName> <IPv4 Address>:9090 check frontend http-aim bind *:10080 default_backend aim backend aim balance roundrobin server <serverName> <IPv4 Address>:10080 check server <serverName> <IPv4 Address>:10080 check frontend http-servicedesk bind *:8081 default_backend servicedesk backend servicedesk balance roundrobin server <serverName> <IPv4 Address>:8081 check server <serverName> <IPv4 Address>:8081 check listen stats :1936 mode http stats enable stats hide-version stats realm Haproxy\ Statistics stats uri / stats auth haproxy:<Password> I have tried following the articles listed posted on http://stackoverflow.com/questions/13227544/haproxy-redirecting-http-to-https-ssl and http://parsnips.net/haproxy-http-to-https-redirect/ but that hasn't made any difference. Am I on the right track with this or are we trying to achieve the impossible?, I'm hoping I'm just being an idiot and one of you good people can point me in the right direction.

  Read the article

• CentOS Failover Cluster - SIOCADDRT: No such process (when adding a loopback)

  - by Steve Rolfe

  I'm trying to configure two web servers for a load balancing server. The load balancing aspect works fine (it sees both server, kills 'em if it needs to, and seems to direct traffic fine). The only issue is with the servers looping: /etc/sysconfig/network-scripts/ifcfg-lo:0 DEVICE=lo:0 IPADDR=<Virtual IP> NETMASK=255.255.255.255 ONBOOT=yes NAME=loopback Everytime I try a "service network restart" I get a SIOCADDRT: No such process when loading the loopback interface. Anyone have an idea what's causing this?

  Read the article

• Changing the mac address in a libvirt xml config file breaks network connectivity for the guest

  - by foob

  I'm using Xen with libvirt and trying to set it up on a bridged interface. I am able to install an OS and everything works as I would expect. If I save the xml output from "virsh dumpxml guest", edit the mac address for the interface, and then define the domU with this new xml file I find that traffic is no longer forwarded from the vif0.0 interface to br0. The ifcfg-eth0 file on the guest was automatically updated to reflect the new mac address and the ifconfig output looks the same. Does anyone know why this is happening or how to properly change the mac address for a libvirt configuration?

  Read the article

• Linux box acting as wireless access point to share the internet connection

  - by Suresh

  A linux machine is connected to internet over two interfaces ppp0 and ppp1 using two modems. Also this machine acts as wireless access point through an interface say, eth0 with ip address 192.168.1.1 and acts as gateway for the connected devices through this network with subnet mask 255.255.255.0 Now is it possible to achieve the following: When any of the connected devices through wireless AP needs internet connection linux machine has to use ppp1 interface for internet. If any of the applications on the linux machine needs internet connection linux machine should use ppp0 interface for the internet. Can this be achieved by adding rules to chains in filter/nat tables? If the kernel routing table has a default rule to route the default traffic through interface ppp0, wil kernel completely ignore ppp1 for internet? PS: new to networking and routing concepts, If the question is not clear leave a comment, will try to give more information.

  Read the article

• NGINX + PHP FPM connect() failed (110: Connection timed out) while connecting to upstream

  - by Leonard Teo

  We're running a fairly large site using nginx and PHP-FPM and we're getting a lot of errors as the site load is quite high. We're getting "connect() failed (110: Connection timed out) while connecting to upstream"...upstream: "fastcgi://127.0.0.1:9000" Here's my config file for PHP-FPM. PHP-FPM: [www] listen = 127.0.0.1:9000 listen.allowed_clients = 127.0.0.1 user = nginx group = nginx pm = dynamic pm.max_children = 100 pm.start_servers = 20 pm.min_spare_servers = 5 pm.max_spare_servers = 35 pm.max_requests = 100 slowlog = /var/log/php-fpm/www-slow.log php_admin_value[error_log] = /var/log/php-fpm/www-error.log php_admin_flag[log_errors] = on What's the recommended config/number of servers/children for a high traffic site? We tried using Unix Sockets instead of TCP and got no noticeable improvements. Right now the errors are: connect() to unix:/var/run/php-fcgi.sock failed (11: Resource temporarily unavailable) while connecting to upstream...upstream: "fastcgi://unix:/var/run/php-fcgi.sock:"... Thanks, Leonard

  Read the article

• Proper network configuration for a KVM guest to be on the same networks at the host

  - by Steve Madsen

  I am running a Debian Linux server on Lenny. Within it, I am running another Lenny instance using KVM. Both servers are externally available, with public IPs, as well as a second interface with private IPs for the LAN. Everything works fine, except the VM sees all network traffic as originating from the host server. I suspect this might have something to do with the iptables-based firewall I'm running on the host. What I'd like to figure out is: how to I properly configure the host's networking such that all of these requirements are met? Both host and VMs have 2 network interfaces (public and private). Both host and VMs can be independently firewalled. Ideally, VM traffic does not have to traverse the host firewall. VMs see real remote IP addresses, not the host's. Currently, the host's network interfaces are configured as bridges. eth0 and eth1 do not have IP addresses assigned to them, but br0 and br1 do. /etc/network/interfaces on the host: # The primary network interface auto br1 iface br1 inet static address 24.123.138.34 netmask 255.255.255.248 network 24.123.138.32 broadcast 24.123.138.39 gateway 24.123.138.33 bridge_ports eth1 bridge_stp off auto br1:0 iface br1:0 inet static address 24.123.138.36 netmask 255.255.255.248 network 24.123.138.32 broadcast 24.123.138.39 # Internal network auto br0 iface br0 inet static address 192.168.1.1 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 bridge_ports eth0 bridge_stp off This is the libvirt/qemu configuration file for the VM: <domain type='kvm'> <name>apps</name> <uuid>636b6620-0949-bc88-3197-37153b88772e</uuid> <memory>393216</memory> <currentMemory>393216</currentMemory> <vcpu>1</vcpu> <os> <type arch='i686' machine='pc'>hvm</type> <boot dev='hd'/> </os> <features> <acpi/> <apic/> <pae/> </features> <clock offset='utc'/> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> <on_crash>restart</on_crash> <devices> <emulator>/usr/bin/kvm</emulator> <disk type='file' device='cdrom'> <target dev='hdc' bus='ide'/> <readonly/> </disk> <disk type='file' device='disk'> <source file='/raid/kvm-images/apps.qcow2'/> <target dev='vda' bus='virtio'/> </disk> <interface type='bridge'> <mac address='54:52:00:27:5e:02'/> <source bridge='br0'/> <model type='virtio'/> </interface> <interface type='bridge'> <mac address='54:52:00:40:cc:7f'/> <source bridge='br1'/> <model type='virtio'/> </interface> <serial type='pty'> <target port='0'/> </serial> <console type='pty'> <target port='0'/> </console> <input type='mouse' bus='ps2'/> <graphics type='vnc' port='-1' autoport='yes' keymap='en-us'/> </devices> </domain> Along with the rest of my firewall rules, the firewalling script includes this command to pass packets destined for a KVM guest: # Allow bridged packets to pass (for KVM guests). iptables -A FORWARD -m physdev --physdev-is-bridged -j ACCEPT (Not applicable to this question, but a side-effect of my bridging configuration appears to be that I can't ever shut down cleanly. The kernel eventually tells me "unregister_netdevice: waiting for br1 to become free" and I have to hard reset the system. Maybe a sign I've done something dumb?)

  Read the article

• Forcing logon to Air Watch server upon joining wifi

  - by DKNUCKLES

  I'm setting up a wireless controller that I would like to leave as unsecured. When a user connects to this network they need to be forwarded to a specific page where they can authenticate with the Air Watch system they have in place. Once authentication takes place, a profile will be downloaded to their device and we can administer the devices accordingly. I'm mulling over how I can force the page to the user when they log in. The methodology I'm thinking about working with is creating a NAT rule for that VSC that would forward all port 80 and 443 traffic to the airwatch server. Once they authenticate, a profile will be downloaded which will connect the devices to an Virtual Access Point who's SSID isn't broadcasted. Is this methodology correct or can someone think of an easier / more efficient way of accomplishing this? The controller is an HP MSM720 for what it's worth.

  Read the article

• ISP doesn't allow incoming connections (i.e., hosting a server) - anyway to get around this using a VPN?

  - by Josh1billion

  My ISP, like many today, doesn't allow incoming connections, so if I try to host server software on my home PC, then anyone (even myself) trying to connect to that server software via my public IP address is not able to establish a connection. This becomes a problem because hosting online games is impossible. I do have a VPS Linux box rented; is there any VPN software I could install on it that I could connect to from my home PC, and then anyone connecting to a specific port on that VPS will just have the traffic tunneled to my home PC, allowing me to host games that way? If so, what software do I need (on both my PC and on the VPS), and how do I configure it?

  Read the article

• Can't access VirtualBox host-only network from windows host

  - by Markus Orreilly

  I've got two vms running on a windows host, each with a host-only network and ips in the 192.168.56.XXX range. One of them is running apache and serving some content that I want to access from my windows host. However, the windows host can't access the apache server at all. The server is running on 192.168.56.103. ipconfig from windows says it's ip for the Virtual Box interface is 169.254.143.37. I tried route add to route 192.168.56.XX traffic, but everything I tried didn't work and I was probably using it wrong. Any ideas on how to make this work?

  Read the article

• Does anyone provide a Skype connection service?

  - by Runc

  Is there a way of offering Skype access to incoming calls while keeping all telephony traffic over our chosen business telephony provision? Is there a 3rd party who can route incoming Skype calls to our telephone system? The business has had requests from contacts wanting to call us via Skype, but we want to keep all telephony via our PBX and phone lines as our geographic location limits our available internet bandwidth. We also prevent installation of non-standard applications on desktops and do not want to add Skype to our build. I was wondering if there were any 3rd parties that provide a connection service that would allow our contacts to call via Skype and us receive the calls via our phone system.

  Read the article

• How to test web application performance from other continent?

  - by Thomas Einwaller

  We are hosting our web application http://timr.com on a server located in Germany. The server handles a high load of traffic very well and everything works as desired in terms of performance and load times. However we sometimes get complaints from our overseas users (US, South America) that the experience slow page loading times. What would be the best way to test the performance of a web application "as if you are on another continent"? I want to make sure that the distance between the server and the user is no problem?

  Read the article

• Are there any FIPS-140-2 certified solutions for Linux?

  - by Mark Renouf

  I'm not even 100% certain what this involves, but my current understanding is this: use of only approved cryptographic algorithms for network traffic (easy, we use SSL and lock down the algorithms to only the really strong ones). Some form of physical data protection, involving disk encryption and physical tamper evident packaging. Obviously we're on our own if we need a tamper-proof product. But what about software for encrpytion. My guess is just using LUKS (although secure) will not be certified because it's open source (gov't seems a bit biased towards proprietary solutions here). Guardian Edge was mentioned by someone, but that appears to be complete Windows-based. So we need something like it, certified FIPS-140 compliant we can use on Linux.

  Read the article

• accessing a web server from the LAN and WAN

  - by jessh

  My router does not support loopback. In order to view a webpage on my server, I either have to type in the local ip (192.168.1.201), or be on another network. What are my options for making this easier? Here are some possible things: Route all web traffic through an external proxy (seems to be overkill) Run my own DNS server (where to start?!) Buy a new router that supports loopback. Surely there is another way that I can use my laptop on the LAN and the WAN by typing in my domain more easily than these solutions.

  Read the article

• Munin Aggregated Graphs Configuration Error

  - by Sparsh Gupta

  I tried making some Munin Aggregated graphs but somehow I am unable to make the configuration work. I think I have followed the instructions but since its not working, I would love some assistance or guidance as to what I am doing wrong. I want to Aggregate (sum) the total number of requests / second all my nginx servers are doing combined together. The configuration looks like [TRAFFIC.AGGREGATED] update no requests.graph_title nGinx requests requests.graph_vlabel nGinx requests per second requests.draw LINE2 requests.graph_args --base 1000 requests.graph_category nginx requests.label req/sec requests.type DERIVE requests.min 0 requests.graph_order output requests.output.sum \ lb1.visualwebsiteoptimizer.com:nginx_request_lb1.visualwebsiteoptimizer.com_request.request \ lb3.visualwebsiteoptimizer.com:nginx_request_lb2.visualwebsiteoptimizer.com_request.request \ lb3.visualwebsiteoptimizer.com:nginx_request_lb3.visualwebsiteoptimizer.com_request.request The munin graph I want to aggregate is http://exchange.munin-monitoring.org/plugins/nginx_request/details Thanks Sparsh Gupta

  Read the article

• Run Logstalgia on Remote Global Apache Log On a WHM System

  - by macinjosh

  I work for a small web development shop. We have a dedicated Linux server running WHM. For fun we want to run Logstalgia on a machine in our office. We'd really like it to display information about all the traffic on our server. Logstalgia use Apache's access logs to generate its visuals, the problem I have is that by default WHM does not have an access log for all sites combined. How can I safely configure our server to output a combined/global Apache access log in a place accessible by a non-root SSH user? I am also concerned that this file could get quite large so I think I'd also need to know how to have it automatically shed old information. To make things more interesting I'm a programmer not a sys admin so not everything is immediately obvious to me.

  Read the article

• Stripping a spike from rrdtool when removespike.pl doesn't find any

  - by raccettura

  I know when rrdtool graphs (using rrdtool 1.4) network traffic and the host is restarted a spike is a pretty normal thing to see. In the past I've just run that removespike.pl script that is hosted by the author and it strips the spike and I'm good to go. The last few times I've rebooted removespike.pl finds no spikes, but it's obvious that there are spikes. So my question is, how can I easily remove these spikes and get my graphs usable again? Right now it's so skewed it's meaningless.

  Read the article

• What would be the total expenses of running an in-home web server?

  - by techaddict

  I have several hosting accounts with companies, and plan to keep them. However, I would like to try my hand at creating my own home web-server, both for fun and for the learning experience. I would like to know the expenses involved, including: electricity costs (greater than light bulb?) internet costs (will I have to upgrade my internet? Or is 3-5Mbps upload speed fine for a web server with medium amount of traffic? Would I have to get a separate internet connection?) other unknown expenses Consider that I will configure the web server myself, so that is not an expense. Also consider that I already have a computer (year-old Dell laptop, 15R) to use to be dedicated as the web server.

  Read the article

• Bridge virtual machines out WLAN interface

  - by Thomas

  It seems that my wlan card (intel 5100 AGN) firmware doesn't allow "spoofing" MAC addresses. This has the side effect of destroying the capability to bridge out my virtual machines on that interface. Apparently this is a common thing on wlan cards. I can see the incoming traffic just fine in my virtual machines, but their DHCP queries don't get bridged out of the WLAN card. It works perfectly well when using the wired ethernet port. Is there a workaround for this? MAC-NAT or something? I don't want to route my virtual machines out to the Internet because I don't want my host OS to even have an IP address. I'm using Linux and KVM for virtualization.

  Read the article

• Apache service hung and incoming requests not accepted

  - by Gnanam

  Hi, My production server is running Apache v2.2.4 with mod_mono v1.2.4 on CentOS release 5.2 (Final). Suddenly, Apache service hung during normal usage time (approx. 1 pm EDT). Traffic is not too high at this time. This is the first time we're noticing this kind of behaviour in our server. I noticed from access log that even subsequent requests are also not received, even though there were incoming requests. I then manually tried to invoke my application call from web browser, it never returned successfully but it was still loading. I found no unusual behaviour/activity in: 1) Apache access_log and error_log 2) No kernel level errors found in /var/log/messages I've no other option but ended up restarting Apache service. Any idea on what would cause Apache to hang and thereby not allowing subsequent incoming requests? How do I debug/diagnose when this happens next time? Experts advice/recommendation on this are highly appreciated.

  Read the article

• Rsyslog mail module not working

  - by Henry-Nicolas Tourneur

  I would like to email snort alerts from my Debian Lenny fw. Syslog is sending log messages from the firewalls to a central rsyslog. On my central rsyslog, I got something like : $ModLoad ommail $ActionMailSMTPServer server.company.local $ActionMailFrom [email protected] $ActionMailTo [email protected] $ActionExecOnlyOnceEveryInterval 1 $template mailSubject,"[SNORT] Alert from %hostname%" $template mailBody,"Snort message\r\nmsg='%msg%'" $ActionMailSubject mailSubject if $msg regexp 'snort[[0-9]]: [[0-9]:[0-9]:[0-9]].*' then ommail:;mailBody But I doesn't get any mails, I even can trigger snort with something like ping -s 1400, it logs things like following but still no mail ! 2010-01-08T09:25:58+00:00 Hostname snort[4429]: [1:499:4] ICMP Large ICMP Packet [Classification: Potentially Bad Traffic] [Priority: 2]: {ICMP} ip_dest - ip_src Any idea ?

  Read the article

• ISA Server Route Add Question

  - by Kip

  Hi All, I have a situation where I have and ISA 2006 server (on Win2k3) that has an internal and an externaly facing NIC's. All works fine but I need to add a couple of routes for the following reason: Our monitoring software is on a different network. Our Terminal server is on a different network. Currently, access to the internet, through this proxy server, from the terminal server fails. Also, monitoring of the ISA server via a remote monitor or the installed agent talking to the remote monitor (BMC) also fails. The default enterprise rule on ISA blocks the traffic as I beleive it doesn't trust / know about those networks. Here is my routing table: I need to add a couple of address, but this one being the main one: 192.168.245.137 / mask 255.255.255.192 / gateway 192.168.245.129 But I can't get it to work. Routing is not my strong point but at the moment have no one else available to help. Can you offer any assistance? Please ask if you need more info

  Read the article

• What advantages does mod_evasive have over mod_security2 in terms of DDOS protection?

  - by Martynas Sušinskas

  Good day, I'm running an Apache2 server in front of a Tomcat and I need to implement a DDOS protection mechanism on the Apache2 layer. I have two candidates: mod_evasive and mod_security2 with the OWASP core rule set. Mod_security is already installed for overall protection, but the question is: is it worth adding mod_evasive besides mod_security just for the DDOS (does it have any major advantages) or the OWASP crs rules in the /experimental_rules/ directory (modsecurity_crs_11_dos_protection.conf) provide the same protection? Or it's just a matter of preference? The sites are not very high traffic normally. Thank you for your answers, Martynas

  Read the article

• How do I configure OpenVPN for accessing the internet with one NIC?

  - by Lekensteyn

  I've been trying to get OpenVPN to work for three days. After reading many questions, the HOWTO, the FAQ and even parts of a guide to Linux networking, I cannot get my an Internet connection to the Internet. I'm trying to set up a OpenVPN server on a VPS, which will be used for: secure access to the Internet bypassing port restrictions (directadmin/2222 for example) an IPv6 connection (my client does only have IPv4 connectivity, while the VPS has both IPv4 and native IPv6 connectivity) (if possible) I can connect to my server and access the machine (HTTP), but Internet connectivity fails completely. I'm using ping 8.8.8.8 for testing whether my connection works or not. Using tcpdump and iptables -t nat -A POSTROUTING -j LOG, I can confirm that the packets reach my server. If I ping to 8.8.8.8 on the VPS, I get an echo-reply from 8.8.8.8 as expected. When pinging from the client, I do not get an echo-reply. The VPS has only one NIC: etho. It runs on Xen. Summary: I want to have a secure connection between my laptop and the Internet using OpenVPN. If that works, I want to have IPv6 connectivity as well. Network setup and software: Home laptop (eth0: 192.168.2.10) (tap0: 10.8.0.2) | | (running Kubuntu 10.10; OpenVPN 2.1.0-3ubuntu1) | wifi | router/gateway (gateway 192.168.2.1) | INTERNET | VPS (eth0:1.2.3.4) (gateway, tap0: 10.8.0.1) (running Debian 6; OpenVPN 2.1.3-2) wifi and my home router should not cause problems since all traffic goes encrypted over UDP port 1194. I've turned IP forwarding on: # echo 1 > /proc/sys/net/ipv4/ip_forward iptables has been configured to allow forwarding traffic as well: iptables -F FORWARD iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT iptables -A FORWARD -j DROP I've tried each of these rules separately without luck (flushing the chains before executing): iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to 1.2.3.4 iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE route -n before (server): 1.2.3.4 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 1.2.3.4 0.0.0.0 UG 0 0 0 eth0 route -n after (server): 1.2.3.4 0.0.0.0 255.255.255.0 U 0 0 0 eth0 10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0 0.0.0.0 1.2.3.4 0.0.0.0 UG 0 0 0 eth0 route -n before (client): 192.168.2.0 0.0.0.0 255.255.255.0 U 2 0 0 wlan0 169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 wlan0 0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 wlan0 route -n after (client): 1.2.3.4 192.168.2.1 255.255.255.255 UGH 0 0 0 wlan0 10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0 192.168.2.0 0.0.0.0 255.255.255.0 U 2 0 0 wlan0 169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 wlan0 0.0.0.0 10.8.0.1 128.0.0.0 UG 0 0 0 tap0 128.0.0.0 10.8.0.1 128.0.0.0 UG 0 0 0 tap0 0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 wlan0 SERVER config proto udp dev tap ca ca.crt cert server.crt key server.key dh dh1024.pem server 10.8.0.0 255.255.255.0 push "redirect-gateway def1" ifconfig-pool-persist ipp.txt keepalive 10 120 tls-auth ta.key 0 comp-lzo user nobody group nobody persist-key persist-tun log-append openvpn-log verb 3 mute 10 CLIENT config dev tap proto udp remote 1.2.3.4 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client.crt key client.key ns-cert-type server tls-auth ta.key 1 comp-lzo verb 3 mute 20 traceroute 8.8.8.8 works as expected (similar output without OpenVPN activated): 1 10.8.0.1 (10.8.0.1) 24.276 ms 26.891 ms 29.454 ms 2 gw03.sbp.directvps.nl (178.21.112.1) 31.161 ms 31.890 ms 34.458 ms 3 ge0-v0652.cr0.nik-ams.nl.as8312.net (195.210.57.105) 35.353 ms 36.874 ms 38.403 ms 4 ge0-v3900.cr0.nik-ams.nl.as8312.net (195.210.57.53) 41.311 ms 41.561 ms 43.006 ms 5 * * * 6 209.85.248.88 (209.85.248.88) 147.061 ms 36.931 ms 28.063 ms 7 216.239.49.36 (216.239.49.36) 31.109 ms 33.292 ms 216.239.49.28 (216.239.49.28) 64.723 ms 8 209.85.255.130 (209.85.255.130) 49.350 ms 209.85.255.126 (209.85.255.126) 49.619 ms 209.85.255.122 (209.85.255.122) 52.416 ms 9 google-public-dns-a.google.com (8.8.8.8) 41.266 ms 44.054 ms 44.730 ms If you have any suggestions, please comment or answer. Thanks in advance.

  Read the article

• Round-Robin DNS in mobile networks

  - by k7k0

  After reading load distribution alternatives and giving my limited skills on the area I'm biased toward round-robin DNS strategy. From what I understood, one key aspect of DNS Round-Robin is setting a low TTL value, avoiding caching. My main concern is that all my traffic comes from mobile networks, almost 30% of that comes from t-mobile 3G. Some questions: 1) Is there a chance that almost all clients on the same mobile network will be redirected to the same IP in the TTL frame? That would kill the distribution technique. 2) If I choose a really low TTL (zero or one). That impacts directly over client performance? It does a DNS miss every time or it's a setting that only impacts on DNS servers? Any help would be much appreciated. Thanks

  Read the article

< Previous Page | 119 120 121 122 123 124 125 126 127 128 129 130  | Next Page >