Search Results

Search found 5875 results on 235 pages for 'https'.

Page 130/235 | < Previous Page | 126 127 128 129 130 131 132 133 134 135 136 137  | Next Page >

• how to pass traffic for port 80 not through openvpn?

  - by moti

  Is there a way to configure OpenVPN clients to route traffic for HTTP port 80 and HTTPS port 443 directly (i.e. not through the VPN), but through the regular default gateway the clients have. All other traffic should go through the VPN. My client is running OpenVPN on Windows and my current configuration looks like this: client dev tun proto tcp remote my-server-2 1194 resolv-retry infinite nobind persist-key persist-tun ca ../keys/ca.crt cert ../keys/client1.crt key ../keys/client1.key ns-cert-type server verb 3 route-metric 1 show-net-up dhcp-renew dhcp-release route-delay 0 120 hand-window 180 management localhost 13010 management-hold management-query-passwords management-forget-disconnect management-signal auth-user-pass

  Read the article

• How to handle certificates on a Apache reverse-proxy

  - by Helder

  Ok, so I was able to assemble an Apache for reverse proxy a bunch of internal sites. However, those sites use SSL. For the moment, and for testing purposes, I'm using self-signed certificates from the Apache box. I'm proxying a couple of OWA sites, and 2 https management consoles for a couple of appliances. I'm using name-based vhosts, and it's working fine (using Apache 2.2.14). However, I want to use the original, correct certificates. I have the original "3rd-party" certificates for all the sites, in .cer and .p7b format, and my question is: can I convert the certificates into something Apache will accept? Or will I need to generate new certificates, from the Apache box? Thanks!

  Read the article

• What compatibility trade-offs do we need to make in order to use a hardened SSL config for Nginx?

  - by nathan.f77

  I found some hardened SSL settings in github.com/ioerror/duraconf. Here is the header from the config: This is an example of a high security, somewhat compatible SSLv3 and TLSv1 enabled HTTPS proxy server. The server only allows modes that provide perfect forward secrecy; no other modes are offered. Anonymous cipher modes are disabled. This configuation does not include the HSTS header to ensure that users do not accidentally connect to an insecure HTTP service after their first visit. It only supports strong ciphers in PFS mode: ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; # Only strong ciphers in PFS mode ssl_ciphers ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA; ssl_protocols SSLv3 TLSv1; If we were to use these settings on our website, what does "somewhat compatible" mean? For example, would IE6 still be able to connect?

  Read the article

• phpmyadmin on lighttpd gives me a "403 - Forbidden", need help.

  - by JamesM-SiteGen

  Whats the problem: When I goto //localhost/phpmyadmin I get what I would get if I did //localhost/, I'm using both http: and https:. What did I do, that changed it: I simply reinstalled lighttpd. What I have tried: Disabling and re-enabling 50-phpmyadmin.conf, Now I get a "403 - Forbidden" instead. When I goto /phpmyadmin/setup it asks me for a login, Not a clue what it is. Now I'm waiting for someone to help. :) Thanks to anyone with any answers. Latest Status: Not working, giving me a "403 - Forbidden".

  Read the article

• Launch Webkit Gtk+ on ubuntu 11.10

  - by qlinux

  I am using Webkit nightly build revision 110829 on Ubuntu 11.10. I successfully build it. Here is what I did: In the Webkit directory I run: Tools/Scripts/build-webkit --gtk Built succeeded. I tried running it by typing: Tools/Scripts/run-safari --gtk But nothing happens. I mean, the command just did not show anything. Anyone has any idea? For someone who vote down: Like I said, when I run Tools/Scripts/run-safari --gtk nothing happens. So if anyone has any idea how to run it properly please tell me. I followed this instruction: https://trac.webkit.org/wiki/BuildingGtk

  Read the article

• What program should I use for SSL stripping and re-encrypting

  - by Sparksis

  I'm trying to strip a HTTP over SSL connection down to SSL and then re-encrypt the channel (with a signed certificate(s) I can provide). Of course I want to be able to store captures of all the un-encrypted data. The purpose of this is to reverse engineer a HTTP handshake that is used by a SIP program on my machine. I've tried SSLstrip but it doesn't support what I need it too. Edit: I want something to this effect https://github.com/applidium/Cracking-Siri/blob/master/tcpProxy.rb only more generic and able to write to a pcap stream that wireshark will understand (I'm not sure if this does that). Edit2: upon further inspection this does not create pcap streams. I guess if need be I can write a compatible version but that is not the desired choice.

  Read the article

• Curl Certificate Error when Using RVM to install Ruby 1.9.2

  - by Will Dennis

  RVM is running into a certificate error when trying to download ruby 1.9.2. It looks like curl is having a certificate issue but I am not sure how to bypass it. NAy help would be great. Thanks so much, I have included the exact error info below. $ rvm install 1.9.2 Installing Ruby from source to: /Users/willdennis/.rvm/rubies/ruby-1.9.2-p180, this may take a while depending on your cpu(s)... ruby-1.9.2-p180 - #fetching ERROR: Error running 'bunzip2 '/Users/willdennis/.rvm/archives/ruby-1.9.2-p180.tar.bz2'', please read /Users/willdennis/.rvm/log/ruby-1.9.2-p180/extract.log ruby-1.9.2-p180 - #extracting ruby-1.9.2-p180 to /Users/willdennis/.rvm/src/ruby-1.9.2-p180 ruby-1.9.2-p180 - #extracted to /Users/willdennis/.rvm/src/ruby-1.9.2-p180 Fetching yaml-0.1.3.tar.gz to /Users/willdennis/.rvm/archives curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). The default bundle is named curl-ca-bundle.crt; you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. ERROR: There was an error, please check /Users/willdennis/.rvm/log/ruby-1.9.2-p180/*.log. Next we'll try to fetch via http. Trying http:// URL instead. curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). The default bundle is named curl-ca-bundle.crt; you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. ERROR: There was an error, please check /Users/willdennis/.rvm/log/ruby-1.9.2-p180/*.log Extracting yaml-0.1.3.tar.gz to /Users/willdennis/.rvm/src ERROR: Error running 'tar zxf /Users/willdennis/.rvm/archives/yaml-0.1.3.tar.gz -C /Users/willdennis/.rvm/src --no-same-owner', please read /Users/willdennis/.rvm/log/ruby-1.9.2-p180/yaml/extract.log /Users/willdennis/.rvm/scripts/functions/packages: line 55: cd: /Users/willdennis/.rvm/src/yaml-0.1.3: No such file or directory Configuring yaml in /Users/willdennis/.rvm/src/yaml-0.1.3. ERROR: Error running ' ./configure --prefix="/Users/willdennis/.rvm/usr" ', please read /Users/willdennis/.rvm/log/ruby-1.9.2-p180/yaml/configure.log Compiling yaml in /Users/willdennis/.rvm/src/yaml-0.1.3. ERROR: Error running '/usr/bin/make ', please read /Users/willdennis/.rvm/log/ruby-1.9.2-p180/yaml/make.log Installing yaml to /Users/willdennis/.rvm/usr ERROR: Error running '/usr/bin/make install', please read /Users/willdennis/.rvm/log/ruby-1.9.2-p180/yaml/make.install.log ruby-1.9.2-p180 - #configuring ERROR: Error running ' ./configure --prefix=/Users/willdennis/.rvm/rubies/ruby-1.9.2-p180 --enable-shared --disable-install-doc --with-libyaml-dir=/Users/willdennis/.rvm/usr ', please read /Users/willdennis/.rvm/log/ruby-1.9.2-p180/configure.log ERROR: There has been an error while running configure. Halting the installation. Will

  Read the article

• Configuring Nginx SSL alongside non-ssl

  - by user55145

  I'm trying to enable SSL on my current Nginx configuration, which works fine. However I'm wondering if it's possible to do this alongside HTTP, so that i do not need another server{} section which would just be a replication of the http section. I thought the following would work, however i get the below when accessing http:// 400 Bad Request The plain HTTP request was sent to HTTPS port Nginx Config: ssl_certificate /etc/nginx/ssl/domains.pem; ssl_certificate_key /etc/nginx/ssl/server.key; server { listen 80; listen 443; //other configuration }

  Read the article

• UEC - Can the Cluster Controller and Storage Controller be seperate systems?

  - by Jeremy Hajek

  My department is implementing an Ubuntu Enterprise Cloud. I have done the testing and am quite comfortable with the 4 pieces, CC/SC, CLC, WS, NC. Looking at various documents below it appears the the Storage Controller and Cluster Controller (eucalyptus-sc and eucalyptus-cc) are always installed on the same system. My question is this: can I install the storage controller and the cluster controller on separate systems? http://open.eucalyptus.com/wiki/EucalyptusAdvanced_v2.0 the picture indicates that cc and sc are two different machines http://www.canonical.com/sites/default/files/active/Whitepaper-UbuntuEnterpriseCloudArchitecture-v1.pdf P.10 1st paragraph uses the word "machine(s)" http://software.intel.com/file/31966 P. 8 indicates the same separate architecture BUT... https://help.ubuntu.com/community/UEC/PackageInstallSeparate indicates below that the SC and CC are to be on the same system.

  Read the article

• Fedora vs Ubuntu to host Subversion and Bugzilla over Apache

  - by Tone

  I'm not interested in a flame war of Ubuntu vs Fedora vs whatever. What I am interested in is whether or not I should move my current Ubuntu server to Fedora. I have been able to get Subversion setup and hosted via Apache over https and it works quite well (I'm a .NET guy so this was all new to me). I'm having trouble though with installing Bugszilla - have run into some issues getting all the perl scripts to run successfully so my questions are: 1) Will Bugszilla will install easier on Fedora? Can I just install a package instead of having to download the tar.gz file and untar it, run perl scripts, etc. 2) Is Fedora considered to be a better production server system? I have no desire for a GUI, just need it to host Subversion, Bugzilla over Apache2, and act as a file and print server for my home network.

  Read the article

• phpmyadmin on lighttpd gives me a 403 forbidden need help

  - by JamesM-SiteGen

  Whats the problem: When I goto //localhost/phpmyadmin I get what I would get if I did //localhost/, I'm using both http: and https:. What did I do, that changed it: I simply reinstalled lighttpd. What I have tried: Disabling and re-enabling 50-phpmyadmin.conf, Now I get a "403 - Forbidden" instead. When I goto /phpmyadmin/setup it asks me for a login, Not a clue what it is. Now I'm waiting for someone to help. :) Thanks to anyone with any answers. Latest Status: Not working, giving me a "403 - Forbidden".

  Read the article

• what firefall linux distro applicance could track internet usage per device in my home?

  - by GregH

  Hello, Anyone know of a community edition/open source/free firewall/gateway software product that I could install onto an old PC to act as my firewall/gateway/proxy etc, BUT for which it has the power to track internet usage per device in my home. So: a) Mandatory - Track internet usage for devices on my home network on a per device basis (e.g. various PCs/Xbox etc) b) Mandatory - Report/graph would would give a breakdown of internet usage, per device (e.g. IP address), per day. c) Desirable - as in b) above but per hour d) Desirable - realtime graph (e.g. 5 minute measurement intervals or something) that shows current internet usage per device e) Mandatory - Handles all internal<=internet requests for all protocols (e.g. HTTP, HTTPS, xbox etc) f) Mandatory - No explicit settings in clients required - i.e. Transparent Monitoring concept (for both HTTP and non-HTTP traffic like xbox, skype etc) g) Mandatory - easy "appliance" like installation onto a dedicated low spec PC thanks in advance

  Read the article

• what firefall linux distro applicance could track internet usage per device in my home?

  - by GregH

  Hello, Anyone know of a community edition/open source/free firewall/gateway software product that I could install onto an old PC to act as my firewall/gateway/proxy etc, BUT for which it has the power to track internet usage per device in my home. So: a) Mandatory - Track internet usage for devices on my home network on a per device basis (e.g. various PCs/Xbox etc) b) Mandatory - Report/graph would would give a breakdown of internet usage, per device (e.g. IP address), per day. c) Desirable - as in b) above but per hour d) Desirable - realtime graph (e.g. 5 minute measurement intervals or something) that shows current internet usage per device e) Mandatory - Handles all internal<=internet requests for all protocols (e.g. HTTP, HTTPS, xbox etc) f) Mandatory - No explicit settings in clients required - i.e. Transparent Monitoring concept (for both HTTP and non-HTTP traffic like xbox, skype etc) g) Mandatory - easy "appliance" like installation onto a dedicated low spec PC thanks in advance

  Read the article

• How to diagnose "Internet explorer cannot display the webpage"

  - by Colen

  Our web site is working great for 99.99% of our users, but a few people (all of whom use Internet Explorer) are running into an error. Most pages on the site load fine, but for one specific page (the same page for all affected users), all they get is: Internet explorer cannot display the webpage It doesn't matter whether the page is accessed over http or https - it fails to load either way. Every other page on the site, as far as I can tell, works fine for them. Not only that, the same users can load that specific page fine in Firefox. I've checked the web server logs and I can't find any smoking guns there. The site is running IIS on Windows Server 2003. Is there any way to get IE to give the user more information than just "cannot display the web page"? There's a "More information" button, but all it tells you is to make sure that your DNS servers are working, make sure you're not working offline, etc. :(

  Read the article

• Disabling weak ciphers on Windows 2003

  - by Kev

  For PCI-DSS compliance you have to disable weak ciphers. PCI-DSS permits a minimum cipher size of 128 bits. However for the highest score (0 I believe) you should only accept 168 bit ciphers but you can still be compliant if you permit 128 bit ciphers. The trouble is that when we disable all but 168 bit encryption it seems to disable both inbound and out bound secure channels. For example we'd like to lock down inbound IIS HTTPS to 168 bit ciphers but permit outbound 128 bit SSL connections to payment gateways/services from service applications running on the server (not all payment gateways support 168 bit only we just found out today). Is it possible to have cipher asymmetry on Windows 2003? I am told it is all or nothing.

  Read the article

• Apache Server access log shows another domain's request and got redirected

  - by user3162764

  I found my apache2 access log (debian) includes some entries not related to my domain and got '301' redirection: ,-,-,[19/Aug/2014:10:09:54 +0800],"GET /admin.php HTTP/1.0",301,493,,, ,-,-,[19/Aug/2014:10:09:55 +0800],"GET /administrator/index.php HTTP/1.0",301,521,,, ,-,-,[19/Aug/2014:10:09:55 +0800],"GET /wp-login.php HTTP/1.0",301,499,,, Obviously those requests are not to my domain, but from this source, debian will default deny all proxy request: https://wiki.apache.org/httpd/ClientDeniedByServerConfiguration Besides, I cannot find there is mod_proxy under /etc/apache2/mods-enabled. I am anxious about: 1. is the server acting as open proxy? 2. why http 301 is returned? Thx.

  Read the article

• Use Dynamic DNS to access Java servlet, still need port forward ?

  - by Frank

  If I use Dynamic DNS such as the free service at https://www.dyndns.com, do I still need to set up static IP and do port forward ? I have a DSL, most likely with dynamic IP address, and I run a Java servlet to get Paypal IPN messages on my notebook, in order for the messages to reach my notebook, I : [1] set up static IP and [2] did port forwarding. But I found each time the PC re-starts, it has a different external IP, so I was suggested to [3] get Dynamic DNS service like the free one mentioned above, but now I'm a bit confused, if I have step [3], do I still need to do [1] and [2], isn't step [3] supposed to do [1] and [2] for me ? But since I've already done [1],[2], now I wonder if they would cause trouble for step [3], do I need to undo them ? Or do I need all of them together ?

  Read the article

• Solaris Administration Web GUI?

  - by Robert C

  I recently installed Solaris 11 x86 text install (http://www.oracle.com/technetwork/server-storage/solaris11/downloads/index.html?ssSourceSiteId=ocomen) to be used as a file server running ZFS. I noticed that I'm given the bare minimum in terms of packages. Is there an official oracle web GUI for managing ZFS? I ran a netstat and it doesn't appear to have installed any webserver thats listening. I saw something from a couple years ago, but apparently it's not packaged or maintained anymore (https://blogs.oracle.com/talley/entry/manage_zfs_from_your_browser). I tried pkg install network-console, but it says that the package isn't available for my platform. Any ideas? I'd like to stick with Oracle Solaris instead of the open source alternatives, if possible.

  Read the article

• (Apache) Weird characters with Roundcube (PHP)

  - by thonixx

  Yes, i saw all the questions about the weird characters at the end of a PHP script. I will ask here because no solution from the internet and serverfault worked. At this page: https://webmail.pixelwolf.ch/test/ there are some mysterious characters. And that's the problem why my Roundcube does not work. What I already checked and tried: 1. added AddDefaultCharset UTF-8 2. changed to AddDefaultCharset to ISO xxx (dont know the string right now) 3. php5filter disabled 4. gzip checked (according to php returns junk characters at end of everything) but characters remain there For notice: on my local server there aren't any of those characters. On local it just works. So what can I check further?

  Read the article

• CNTLM issue with intranet (maybe DNS)

  - by htorque

  On my Linux box I need to use an ISA proxy that requires authentication to reach the internet. I therefore installed CNTLM and configured it to point to the proxy address and listen on port 4321. I then configured my GNOME distribution to use localhost:4321 as global proxy for HTTP and HTTPS. The result: I can connect to the internet. I can ping intranet IPs, I do receive name resolution for intranet sites, yet I cannot ping them or open any intranet site in a browser (configured to use the distributions proxy) unless I use the site's IP address. I tried blocking the intranet IP range in the CNTLM config file without luck.

  Read the article

• Shibboleth: found encrypted assertions, but no CredentialResolver was available

  - by HorusKol

  I've gotten a Shibboleth Server Provider (SP) up and running, and I'm using the TestShib Identity Provider (IdP) for testing. The configuration appears to be all correct, and when I requested my secured directory I was sent to the IdP where I logged in and then was sent back to https://example.org/Shibboleth.sso/SAML2/POST where I am getting a generic error message. Checking the logs, I am told: found encrypted assertions, but no CredentialResolver was available I have rechecked the configuration, and there I have: <CredentialResolver type="File" key="/etc/shibboleth/sp-key.pem" certificate="/etc/shibboleth/sp-cert.pem"/> Both of these files are present at those locations. I've restarted apache and retried, but still get the same error. I don't know if it makes a difference - but only a subdirectory of the site has been secured - the documentroot is publicly available.

  Read the article

• Where does Picasa store albums?

  - by Dan

  For people searching, the question might also be phrased: How do I restore Picasa albums from backup? When I reinstalled my computer and restored my photos from backup, some of my albums showed up, but many didn't. I've found the following info: Picasa on Windows stores (stored?) album info in these places: Vista: C:\Users\<myaccount>\AppData\Local\Google\Picasa2Albums\ XP: C:\Documents and Settings\<myaccount>\Local Settings\Application Data\google\Picasa2Albums\ I restored that folder and was still missing many of my albums. That folder also contained a folder of backups, but the most recent one was from a long time ago and I've created albums since then. According to https://support.google.com/picasa/bin/picasa.google.com/support/bin/static.py?hl=en&page=release_notes.cs, since the Dec 8, 2011 build, Picasa saves album info in .ini file(s). This probably explains the albums that I do see. http://katelharrison.blogspot.com/2012/01/how-to-restore-picasa-albums-mac.html has some great info on restoring albums on Macs, but the folder structure seems to be different there than on Windows.

  Read the article

• Which is the most independent and secure email service? [closed]

  - by Rafal

  I'm looking for a provider with a secure transfer protocol (like https) Secured (as much as it is possible) from being hacked or spied on. One that won't scan my email in order to display more accurate ads. One that won't sell my personal information. One that won't disclose my emails to some sort of government (it probably must be based outside of US or Chinese jurisdiction I reckon) Encrypted if possible. It can be simple and without huge storage. If you know/use any similar service I would be really grateful if you could point me there. Cheerz

  Read the article

• SSL Proxy: Forwarding without the encryption

  - by John

  I have a python application listening on port 9001 for HTTP traffic. I'm trying to configure Apache (or anything, really) to listen on port 443 for HTTPS connections, and then forward the connection, sans encryption, to port 9001 on the same machine. My application would then reply via the proxy, where the encryption would be reapplied, and returned to the client transparently. I'm not doing anything crazy with the site names and SSL certs, I have one public IP, one hostname, and one SSL cert. Stripping the encryption at the proxy doesn't seem to be a common requirement. Is what I'm asking for a normal requirement? Are there other concerns with this sort of configuration?

  Read the article

• Detecting man-in-the-middle attacks?

  - by Ilari Kajaste

  There seem to be many possible ways to create man-in-the-middle attacks on public access points, by stealing the access point's local IP address with ARP spoofing. The possible attacks range from forging password request fields, to changing HTTPS connections to HTTP, and even the recently discovered possibilit of injecting malicious headers in the beginning of secure TLS connections. However, it seems to be claimed that these attacks are not very common. It would be interesting to see for myself. What ways are there to detect if such an attack is being attempted by someone on the network? I guess getting served a plain HTTP login page would be an obvious clue, and of course you could run Wireshark and keep reading all the interesting ARP traffic... But an automated solution would be a tiny bit more handy. Something that analyzes stuff on the background and alerts if an attack is detected on the network. It would be interesting to see for myself if these attack are actually going on somewhere.

  Read the article

< Previous Page | 126 127 128 129 130 131 132 133 134 135 136 137  | Next Page >