Search Results

Search found 7669 results on 307 pages for 'dealing with clients'.

Page 159/307 | < Previous Page | 155 156 157 158 159 160 161 162 163 164 165 166  | Next Page >

• how to connect public web server to internal LAN

  - by DefSol

  I have a VPS which is my public web server for all my clients. It's running server 2008 and I would like to have it connect via secure connection to my internal LAN. I would like this to be a route so access is bi-derectional. Have read about Server & Domain isolation, but am concerned this may prevent public views to the webs sites on the server. I currently have a PPTP tunnel, but I'm wanting better security (IPSec or SSL etc) and it's not given my bi derectional access. (In fact my backups aren't copying accross but this could be an acl issue) The goal is to provide easy/automated backups of data & sql db's to my internal LAN, as well as a means to provision new sites & db's from a workflow occuring internally. Internal lan is windows based with ISA 2006 at the perimeter. Thanks

  Read the article

• ANTLR, optional ';' in JavaScript

  - by vava

  I'm just playing with ANTLR and decided to try parsing JavaScript with it. But I hit the wall in dealing with optional ';' in it, where statement end is marked by newline instead. Can it be done in some straightforward way? Just a simple grammar example that doesn't work grammar optional_newline; def : statements ; statements : statement (statement)* ; statement : expression (';' | '\n') ; expression : ID | INT | 'var' ID '=' INT ; ID : ('a'..'z'|'A'..'Z'|'_') ('a'..'z'|'A'..'Z'|'0'..'9'|'_')* ; INT : '0'..'9'+ ; WS : ( ' ' | '\t' | '\r' | '\n') {$channel=HIDDEN;} ; and I want to be able to parse this (which can be parsed by JavaScript parsers) var i = 10 10; PS: I don't want to put WS in parser rules, I would be much happier if lexer just get rid of those.

  Read the article

• Should I upgrade Exchange 2003 or just upgrade the hardware?

  - by JohnyD

  My organization currently has a 4 y/o Exchange 2003 email server (32-bit, Intel Pentium D @ 3GHz, 3GB RAM). It's run very well over the past 4 years but it is time to upgrade its hardware. This server would handle email for approximately 30 clients, a few OWA users with iPhones. My (somewhat ambiguous) question is, when I receive the new hardware should I build out a new Exchange 2003 deployment or should I look at Exchange 2007 / 2010? I've heard that Exchange 2010 requires Sharepoint 2010 (which I am currently not running). Are there benefits that a small-medium sized business can or can't do without? Am I making a horrible mistake staying with antiquated software? Other details: Exchange 2003 (v6.5 + SP2) single front-end server All opinions and thoughts are very much appreciated.

  Read the article

• When to best implement a I2C driver module in Linux

  - by stefangachter

  I am currently dealing with two devices connected to the I2C bus within an embedded system running Linux. I am using an exisiting driver for the first device, a camera. For the second device, I have successfully implemented a userspace program with which I can communicate with the second device. So far, both devices seem to coexist happily. However, almost all I2C devices have their own driver module. Thus, I am wondering what the advantages of a driver module are. I had a look at the following thread... http://stackoverflow.com/questions/149032/when-should-i-write-a-linux-kernel-module ... but without conclusion. Thus, what would be the advantage of writing a I2C driver module over a userspace implementation? Regards, Stefan

  Read the article

• Normalize Accept-Encoding via HAProxy for optimized Squid hit rate

  - by Matt Beckman

  Our website infrastructure uses HAProxy for load balancing, a Squid cluster for caching, and application data is on an IIS cluster. We load balance HAProxy by URI to optimize the Squid hit-rate, but we know that Squid is holding different copies of each page based on the Accept-Encoding header passed to it by the browser, and so IE (gzip, deflate) will have a different copy of a cached page than Firefox (gzip,deflate) or Chrome (gzip,deflate,sdch). We want to normalize the Accept-Encoding headers and I think the best place to do so would be in HAProxy. I'd appreciate it if someone could offer some ideas on how to accomplish this without breaking support for clients without gzip or deflate support.

  Read the article

• File permissions issue with an NFSv4 share, uploaded from a Mac Lion

  - by POP.sicle

  I have an NFSv4 share that was working fine, with Macs using Snow Leopard, to share files across the network. The NFS share has one cloned user/group that all clients autoconnect as. However, when I use a Lion Mac to copy a file from their user directory to the NFS, no other computer (mac SL/mac Lion/Win7) can edit/delete/write to the file that was uploaded - despite having the correct read/write/ex permissions visible on the NFS and through terminal. Attempting to edit the file permissions through Finder completely locks the file. I suspect this has something to do with Lion's ACLs (or maybe its version control) conflicting with NFSv4. Is there a way to disable or ignore extended ACLs or extended file permissions on the NFSv4 side, that would allow users to not run into this conflict? The work around currently is to use NFS Manager and set automounts to ignore ownership but installing NFS manager and configuring automounts for all of the computers seems more troubling than attempting to reconfigure the NFS settings. Advice?

  Read the article

• OpenVPN and PPTP on XEN VPS

  - by amiv

  I have Debian based system (Ubuntu 11.10) on XEN VPS. I've installed OpenVPN and works great. I need to install PPTP too, so did it and clients can connect, but they have no internet on client side. If I connect to VPN over PPTP I can ping and access to only my VPS by its IP, but ony that. There's no "internet" on client side. It looks it's not DNS problems (I'm using 8.8.8.8) because I can't ping known IPs. I bet the solution is simple, but don't have any idea. Any guess? /etc/pptpd.conf option /etc/ppp/pptpd-options logwtmp localip 46.38.xx.xx remoteip 10.1.0.1-10 /etc/ppp/pptpd-options name pptpd refuse-pap refuse-chap refuse-mschap require-mschap-v2 require-mppe-128 ms-dns 8.8.8.8 ms-dns 8.8.4.4 proxyarp nodefaultroute lock nobsdcomp /etc/ppp/ip-up [...] ifconfig ppp0 mtu 1400 /etc/sysctl.conf [...] net.ipv4.ip_forward=1 Command which I run: iptables -t nat -A POSTROUTING -j SNAT --to-source 46.38.xx.xx (IP of my VPS) The client can connect, first one gets IP 10.1.0.1 and DNS from Google. I bet it's iptables problem, am I right? I'm iptables noob and I don't have idea what's wrong. And here's the ifconfig and route command before client connect via PPTP: root@vps3780:~# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default xx.xx.tel.ru 0.0.0.0 UG 100 0 0 eth0 10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0 10.8.0.2 * 255.255.255.255 UH 0 0 0 tun0 46.38.xx.0 * 255.255.255.0 U 0 0 0 eth0 root@vps3780:~# ifconfig eth0 Link encap:Ethernet HWaddr 00:16:3e:56:xx:xx inet addr:46.38.xx.xx Bcast:0.0.0.0 Mask:255.255.255.0 inet6 addr: fe80::216:xx:xx:dfb6/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:22671 errors:0 dropped:81 overruns:0 frame:0 TX packets:2266 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1813358 (1.8 MB) TX bytes:667626 (667.6 KB) Interrupt:24 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:100 errors:0 dropped:0 overruns:0 frame:0 TX packets:100 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:10778 (10.7 KB) TX bytes:10778 (10.7 KB) tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:602 errors:0 dropped:0 overruns:0 frame:0 TX packets:612 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:90850 (90.8 KB) TX bytes:418904 (418.9 KB) And here's the ifconfig and route command after client connect via PPTP: root@vps3780:~# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default xx.xx.tel.ru 0.0.0.0 UG 100 0 0 eth0 10.1.0.1 * 255.255.255.255 UH 0 0 0 ppp0 10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0 10.8.0.2 * 255.255.255.255 UH 0 0 0 tun0 46.38.xx.0 * 255.255.255.0 U 0 0 0 eth0 root@vps3780:~# ifconfig eth0 Link encap:Ethernet HWaddr 00:16:3e:56:xx:xx inet addr:46.38.xx.xx Bcast:0.0.0.0 Mask:255.255.255.0 inet6 addr: fe80::216:xx:xx:dfb6/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:22989 errors:0 dropped:82 overruns:0 frame:0 TX packets:2352 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1841310 (1.8 MB) TX bytes:678456 (678.4 KB) Interrupt:24 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:112 errors:0 dropped:0 overruns:0 frame:0 TX packets:112 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:12102 (12.1 KB) TX bytes:12102 (12.1 KB) ppp0 Link encap:Point-to-Point Protocol inet addr:46.38.xx.xx P-t-P:10.1.0.1 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1 RX packets:66 errors:0 dropped:0 overruns:0 frame:0 TX packets:15 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:10028 (10.0 KB) TX bytes:660 (660.0 B) tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:602 errors:0 dropped:0 overruns:0 frame:0 TX packets:612 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:90850 (90.8 KB) TX bytes:418904 (418.9 KB) And ugly iptables --list output: root@vps3780:~# iptables --list Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- 10.8.0.0/24 anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable ACCEPT all -- 10.1.0.0/24 anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- 10.1.0.0/24 anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- 10.8.0.0/24 anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable And ugly iptables -t nat -L output: root@vps3780:~# iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination SNAT all -- 10.8.0.0/24 anywhere to:46.38.xx.xx MASQUERADE all -- 10.1.0.0/24 anywhere SNAT all -- 10.1.0.0/24 anywhere to:46.38.xx.xx SNAT all -- 10.8.0.0/24 anywhere to:46.38.xx.xx SNAT all -- 10.1.0.0/24 anywhere to:46.38.xx.xx MASQUERADE all -- anywhere anywhere SNAT all -- anywhere anywhere to:46.38.xx.xx SNAT all -- 10.8.0.0/24 anywhere to:46.38.xx.xx MASQUERADE all -- anywhere anywhere MASQUERADE all -- 10.1.0.0/24 anywhere MASQUERADE all -- anywhere anywhere MASQUERADE all -- 10.1.0.0/24 anywhere As I said - OpenVPN works very good. 10.8.0.0/24 for OpenVPN (on tun0). PPTP won't work. 10.1.0.0/24 for PPTP (on ppp0). Clients can connect, but they haven't "internet". Any suggestions will be appreciated. Second whole day fighting with no results. EDIT: iptables -t filter -F - it resolved my problem :-)

  Read the article

• weird characters in HTML email

  - by sims

  Hi stackers! I'm reading email from a maildir and some emails have weird sets of characters in them: =3D =09 I think =3D is = and =09 is a space. There are some others, but I'm not sure: =E2 =80 =93 Does anyone know what these are and what encoding issues I'm dealing with here? BTW, I tried fetching these email via POP3 and it's the same thing. The reason I'm posting this on SO is not because I'm using a regular mail client to read the data. I'm reading via PHP out of maildir files. Perhaps a regular email client would detect what encoding this is and deal with it. Thanks!

  Read the article

• Virus blocking incoming connections ?

  - by Benoît

  Hello, on my windows 2003 server, all incoming connections are dropped. I can see them getting in using Wireshark, but even a single ping from another computer fails. All locally initiated connection work fine (i'm asking from the server). This server is the DC/DHCP/DNS/File server, so computer clients are in the dark. I've run varius antivirus and removal tools without any luck. The Windows Firewall is disabled. I'm wild-guessing at some virus/worm. How can i check why these incoming ICMP/TCP SYN/etc are dropped ? Anyone has any knowledge about such situations ? Thanks.

  Read the article

• Displaying untrusted HTML using PHP

  - by esryl

  I have a read a number of excellent questions and answers today about dealing with user input. I am now using htmlspecialchars() to display user data in the create/edit forms (but accepting the raw input via prepared PDO statements into my database). The main question I know have is, what do you do when you are allowing the user to submit HTML which will then be displayed to the public. Obviously htmlspecialchars() is no longer suitable as it just encodes the tags and renders the content useless for purpose. My application is currently accepting HTML from an admin for product descriptions. This would allow a malicious admin to inject potentially unsafe data into public facing pages. How do people cope with this?

  Read the article

• .htaccess https redirect best method

  - by Douglas Cottrell

  I have searched through all the redirects posted buy others and cant quite find the answer to my problem. I have a website with over 3000 pages and we are getting duplication issues within google. We want to keep everything in the parent directory to be http except our contact.php and login.php page. We then have 3 folders that must be secured. admin, clients, customers I have tried using the following code in seperate .htaccess files for each folder, but I keep getting a conflict when I try and I am still trying to find a good solution for the home directory. RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteCond %{REQUEST_URI} admin RewriteRule ^(.*)$ https://www.website.com/$1 [R,L] Any help would be greatly appreciated.

  Read the article

• FTP error 424 failed to establish connection

  - by cKK

  Getting "ftp error 425 failed to establish connection" when trying to connect to ftp server. Tried 2 ftp clients on 3 machines on same network and none work. However FTP works from home / mobile broadband. No ip blocks on ftp sever. Other ftp servers(differrent ip/hosts) work okay. firewall setup correct, no ports blocked. Is it possible to use a proxy for ftp a i think it's something with the ISP but taking too long to fix?

  Read the article

• prevent search engines indexing depending on domain

  - by Javier

  We have a dedicated server with a hosting company with a couple of dozens of webs in it. It happens that the nameservers (EG: ns1.domain.com, ns2.domain.com) ip's are coincident with some client webs, let's say webclient1.com and webclient2.com Problem is that for a certain searches in google, some results are showing up like ns1.domain.com/result instead of webclient1.com/result which is pretty wrong and annoying for our clients. Actually if you type in the browser ns1.domain.com or ns2.domain.com it will load some pageclients instead. Is there any way to prevent google to track those results only in case the robots are coming to check ns domains? It may be not correct to ask this as well, but why is it happening? is it a result of a bad server configuration? I'm pretty new on these matters, so thank you in advance for any help!

  Read the article

• FTP transfer timeouts while uploading small files

  - by Hamed Momeni

  I have this problem that when I need to transfer some files (mostly small files < 100KB) the connections time out. Well actually it uploads one file and it fails on the next until my client reconnects to the server and the same thing happens over and over again. I googled the problem and some said that switching from passive mode to active mode could solve the it but it didn't work for me. Even continuously pinging the server to keep the connection alive was to no avail. P.S. I have root access to the server. Update: I'm running ProFTPD on a CentOS vps. I tried a few clients (FireFTP, FileZilla) all having the same problem.

  Read the article

• Zend Framework PartialLoop - questions

  - by Ian Warner

  Hi Ok dealing with Partial Loops I want to do several things Perhaps pass in extra variables - seen it done like this echo $this-partialLoop('Loop.phtml', array('data' = $data, 'var1' = foo)); But this does not seem to work - I can not extra the data using $this-var $this-data-var or $data-var not sure how to access the data in the loop Sutotals for columns - need a way of resetting variables or passing in a default value - linked to the above I suppose ie $subtotal += rowTotal; In the view that calls the partial I would like to get access to the subtotal values generated so I can display these in another table below. Any help appreciated the docs on partialLoop seems incomplete. Ian

  Read the article

• In search of opinions on web based version control systems

  - by tom smith

  Hi. Researching various open source, web-based document management/version control systems. I've checked google/questions here, etc... I'm looking for a lightweight web-based (apache) document mgmt/version control app that runs on top of SVN. I need to have the ability to: have multiple users checkin/checkout have a workflow (when userA checks the file in, and finishes the app passes it to the next person, etc... the app needs to allow me to have a structure where the files can be moved as a group. the files will be changed on a monthly basis app needs to have a access/premission control system. some people can see certain files, and perform certain actions on the files I imagine that I'm going to have 40-50 people dealing with the different files. I imagine that I'm going to have 2000-3000 files that have to be massaged. I'd prefer that the app be php based if possible, as opposed to a straight java app. Thanks

  Read the article

• Simple NNTP client for Ubuntu

  - by Alexander Gladysh

  I need to download a particular NNTP group. I do not need to setup any crons, put group contents in /opt and other stuff. Just run <fetch-nntp> <server> <group-name> <output-dir> and be done with it without putting a lot of garbage in the system. If that <fetch-nntp> would not fetch the same messages on the second run — fine. But I can live without it. All NNTP clients that I've looked at are trying to be a NNTP server as well. Is there something simpler that is suitable for my needs?

  Read the article

• Can I configure mod_proxy to use different parameters based on HTTP Method?

  - by Graham Lea

  I'm using mod_proxy as a failover proxy with two balance members. While mod_proxy marks dead nodes as dead, it still routes one request per minute to each dead node and, if it's still dead, will either return 503 to the client (if maxattempts=0) or retry on another node (if it's 0). The backends are serving a REST web service. Currently I have set maxattempts=0 because I don't want to retry POSTs and DELETEs. This means that when one node is dead, each minute a random client will receive a 503. Unfortunately, most of our clients are interpreting codes like 503 as "everything is dead" rather than "that didnt work but please try that again". In order to program some kind of automatic retry for safe requests at the proxy layer, I'd like to configure mod_proxy to use maxattempts=1 for GET and HEAD requests and maxattempts=0 for all other HTTP Methods. Is this possible? (And how? :)

  Read the article

• When getting substring in .Net, does the new string reference the same original string data or does

  - by Elan

  Assuming I have the following strings: string str1 = "Hello World!"; string str2 = str1.SubString(6, 5); // "World" I am hoping that in the above example str2 does not copy "World", but simply ends up being a new string that points to the same memory space only that it starts with an offset of 6 and a length of 5. In actuality I am dealing with some potentially very long strings and am interested in how this works behind the scenes for performance reasons. I am not familiar enaugh with IL to look into this.

  Read the article

• Vista laptop won't connect to airport extreme

  - by Hutch

  Our previous router died, and to replace it I procured an apple airport extreme. My mac, my wrt54gs (with ddwrt acting as a bridge) and a linux machine have had no problem connecting to the wireless. None of the wired clients are having a problem obviously. The problem is one of my roommates can not connect. That's not strictly true. He can connect to the network, and will, infact, get a dhcp lease. However he cannot get any packets out. Can't ping the router, can't access any web sites, nothing. However he's fine if we switch to an unsecured network. Which is obviously not acceptable. The airport only allows for 'wpa/wpa2 personal' and 'wpa2 personal' (and of course the enterprise versions there of) I keep reading about this problem in multiple spots on the web, but never see any actual answers... Anyway the laptop: hp/compaq cq50-215nr vista home premium wireess card: atheros 5007 airport is simultaneos dualband II

  Read the article

• OpenBSD ftp-proxy behind NAT itself

  - by Manuel Faux

  Is it possible to change the PASV IP ftp-proxy of OpenBSD sends to clients, without changing the listen address of redirection control (-b <address>)? I have the following setup: FTP client --> 1:1 NAT router --> OpenBSD router --> FTP server The 1:1 NAT router has a NAT rule to forward everything to the OpenBSD router, the OpenBSD router runs the ftp-proxy -R <FTP server IP>. When the FTP client sends the PASV command, the proxy answers with the Entering Passive Mode (227) message with his own source IP on the interface to the 1:1 NAT router (obviously). Since the 1:1 NAT router is not protocol aware, it forwards this message and the client receives the message with the PASV IP of the OpenBSD router, which it does not have a route to. Is there a way, that I can tell ftp-proxy to send the Entering Passive Mode message with a different source IP?

  Read the article

• Socket : can an asynchronous Receive returns without reading all the bytes I asked for?

  - by NorthWind

  Hi; I was reading an article on Vadym Stetsiak's blog about how to transfer variable length messages with async sockets (url: http://vadmyst.blogspot.com/2008/03/part-2-how-to-transfer-fixed-sized-data.html). He says : What to expect when multiple messages arrive at the server? While dealing with multiple messages one has to remember that receive operation can return arbitrary number of bytes being read from the net. Typically that size is from 0 to specified buffer length in the Receive or BeginReceive methods. So, even if I tell BeginReceive to read 100 bytes, it may read less than that and returns??? I am developing a network-enabled software (TCP/IP), and I always receive the same exact number of bytes I asked for. I don't even understand the logic : why would Receive completes asynchronously if it didn't get every byte I asked for ... just keep waiting. Maybe it has something to do with IP vs TCP? Thank you for your help.

  Read the article

• Securing RDP access to Windows Server 2008 R2: is Network Level Authentication enough?

  - by jamesfm

  I am a dev with little admin expertise, administering a single dedicated web server remotely. A recent independent security audit of our site recommended that "RDP is not exposed to the Internet and that a robust management solution such as a VPN is considered for remote access. When used, RDP should be configured for Server Authentication to ensure that clients cannot be subjected to man-in-the-middle attacks." Having read around a bit, it seems like Network Level Authentication is a Good Thing so I have enabled the "Allow connections only from Remote Desktop with NLA" option on the server today. Is this acion enough to mitigate the risk of a Man-in-the-Middle attack? Or are there other essential steps I should be taking? If VPN is essential, how do I go about it?

  Read the article

• How to cache streaming video and silverlight with squid windows reverse proxy

  - by V. Romanov

  We have an intranet web server running a silverlight application (ACTUS media monitor if anyone cares to know). The server is used to record video and stream it to clients through a CDN solution. We want to put a reverse proxy in between the server and CDN provider in order to remove the office network bottleneck that's currently strangling us. I've set up SQUID for windows on a separate machine outside the network using squid BasicAccelerator configuration setting. It seems to work as far as the reverse proxy is concerned, requests are forwarded and the application is working but it doesn't seem to cache anything (no space is used on the drive where squid is installed). I found to explicit setting to turn caching on in squid, so i assume it's on by default. Perhaps I need some other trick to make the video and/or silverlight cacheable? Any help will be appreciated. Any info you need to help me will be provided at once. Thanks in advance!

  Read the article

• Why does mod_security require an ACCEPT HTTP header field?

  - by ripper234

  After some debugging, I found that the core ruleset of mod_security blocks requests that don't have the (optional!) ACCEPT header field. This is what I find in the logs: ModSecurity: Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required. [file "/etc/apache2/conf.d/modsecurity/modsecurity_crs_21_protocol_anomalies.conf"] [line "41"] [id "960015"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [hostname "example.com"] [uri "/"] [unique_id "T4F5@H8AAQEAAFU6aPEAAAAL"] ModSecurity: Access denied with code 400 (phase 2). Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required. [file "/etc/apache2/conf.d/modsecurity/optional_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "41"] [id "960015"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [hostname "example.com"] [uri "/"] [unique_id "T4F5@H8AAQEAAFU6aPEAAAAL"] Why is this header required? I understand that "most" clients send these, but why is their absence considered a security threat?

  Read the article

< Previous Page | 155 156 157 158 159 160 161 162 163 164 165 166  | Next Page >