Search Results

Search found 6591 results on 264 pages for 'rules engines'.

Page 160/264 | < Previous Page | 156 157 158 159 160 161 162 163 164 165 166 167 | Next Page >

firehol (firewall) with bridge: how to filter

- by Leon

I have two interfaces: eth0 (public address) and lxcbr0 with 10.0.3.1. I have a LXC guest running with ip 10.0.3.10 This is my firehol config: version 5 trusted_ips=`/usr/local/bin/strip_comments /etc/firehol/trusted_ips` trusted_servers=`/usr/local/bin/strip_comments /etc/firehol/trusted_servers` blacklist full `/usr/local/bin/strip_comments /etc/firehol/blacklist` interface lxcbr0 virtual policy return server "dhcp dns" accept router virtual2internet inface lxcbr0 outface eth0 masquerade route all accept interface any world protection strong #Outgoing these protocols are allowed to everywhere client "smtp pop3 dns ntp mysql icmp" accept #These (incoming) services are available to everyone server "http https smtp ftp imap imaps pop3 pop3s passiveftp" accept #Outgoing, these protocols are only allowed to known servers client "http https webcache ftp ssh pyzor razor" accept dst "${trusted_servers}" On my host I can connect only to "trusted servers" on port 80. In my guest I can connect to port 80 on every host. I assumed that firehol would block that. Is there something I can add/change so that my guest(s) inherit the rules of the eth0 interface?

Read the article
ESXi 5.1 on Poweredge 510 freezes after base-esx update

- by goober

Background / Problem Just experienced an issue where an ESXi host was upgraded from 5.0 -- 5.1 perfectly fine. Then, I did a scan and remediated a patch (ESXi510-201210401-BG) Looking into the host on via the kvm switch, this appears to complete successfully. However, on reboot, the server hangs at the "Initializing Power Management" phase. I've read from various spots around the internet that this usually clears itself up again upon a cold boot, but given that our servers are in a different building with different access rules, the less I have to physically go there, the better. :) Question Is there anything I can do to avoid an ESXi host hanging at the "initialize power management" phase of boot after remediating the host to apply patches?

Read the article
Use Adblock to allow most ads on a site

- by jrob

I leave Adblock turned on for all sites by default. I allow ads on some sites. You can do this by adding an exception for a site that is allowed to show ads. This puts a site in the white list. However, I do not know how to allow most ads on a page, but block a specific ad. I am not even sure Adblock will do this. I believe it is all or none. If a site is in the white list, it appears that all other rules are ignored. Is there a way to allow most ads on a website, but still block specific ads?

Read the article
is a negative text-indent considered cloaking?

- by John Isaacks

I am using the negative-text-indent technique I learned to show a text-image to the user, while hiding the corresponding actual text. This way the user sees the fancy styled text while search engines can still index it. However I am started to think this sounds like cloaking since I am serving different content to the user vs the spider. However, I am not using this in a deceitful way. Plus it seems like this is a popular technique. So is it SEO-safe or is it cloaking? Thanks!

Read the article
Syncronizing multiple exchange servers 2007

- by Mustafa Ismail Mustafa

We're introducing a new exchange server for several reasons. After the introduction of the new server, and synchronizing it with the old one (mailboxes, contacts, rules, the whole shebang) we're going to be formatting the old machine, install XenServer 5.5 on it, and create a slices, one of which will have Exchange server, which again will need to be synchronized. Then, we'll have 2 different routes to the mail servers (mx1, mx2) so that if there is an outage on one, the other should be available. So now, I'm wondering how to synch? I can move a mailbox from one server to the other, and I'm sure that can be done in bulk, but that's not what I'm looking for. I'm looking to make both Servers equal, the first time so I can make a backup of the original, and the second time so that they can be made into peers. This is with Exchange 2007 on Windows 2008 R2 (x64) Suggestions? TIA

Read the article
How can I have APF block script kiddies that mod_security detects?

- by Gaia

In one of the vhosts' error_log I found thousands of lines like these, all from the same IP: [Mon Apr 19 08:15:59 2010] [error] [client 61.147.67.206] mod_security: Access denied with code 403. Pattern match "(chr|fwrite|fopen|system|e?chr|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo)\\\\(.*\\\\)\\\\;" at THE_REQUEST [id "330001"] [rev "1"] [msg "Generic PHP exploit pattern denied"] [severity "CRITICAL"] [hostname "x.x.x.x"] [uri "//webmail/config.inc.php?p=phpinfo();"] Given how obvious the situation is, how come mod_security isnt automatically adding at least that IP to deny rules? There is no way someone hasnt thought of this before...

Read the article
Pushing data once a URL is requested

- by Eli Grey

Given, when a user requests /foo on my server, I send the following HTTP response (not closing the connection): Content-Type: multipart/x-mixed-replace; boundary=----------------------- ----------------------- Content-Type: text/html <a href="/bar">foo</a> When the user clicks on foo (which will send 204 No Content so the view doesn't change), I want to send the following data in the initial response. ----------------------- Content-Type: text/html bar How would could I get the second request to trigger this from the initial response? I'm planning on possibly creating a fancy [engines that support multipart/x-mixed-replace (currently only Gecko)]-only email webapp that does server-push and Ajax effects without any JavaScript, just for fun.

Read the article
Dovecot not working pop3 with postfix

- by samer na

$ telnet localhost pop3 Trying ::1... Trying 127.0.0.1... telnet: Unable to connect to remote host: Connection refused $ netstat -l tcp 0 0 *:www : LISTEN tcp 0 0 localhost.localdoma:ipp : LISTEN tcp 0 0 *:smtp : LISTEN tcp 0 0 localhost.localdo:mysql : LISTEN and nothing about dovecot in mail.log or mail.err when I run this service dovecot start I got start: Rejected send message, 1 matched rules; type="method_call", sender=":1.553" (uid=1000 pid=26250 comm="start) interface="com.ubuntu.Upstart0_6.Job" member="Start" error name="(unset)" requested_reply=0 destination="com.ubuntu.Upstart" (uid=0 pid=1 comm="/sbin/init")) in dovecot.conf protocols = imap imaps pop3 pop3s disable_plaintext_auth = no log_timestamp = "%Y-%m-%d %H:%M:%S " mail_location = maildir:/var/spool/mail/%d/%n mail_access_groups = mail first_valid_uid = 106 first_valid_gid = 106 protocol imap { } protocol pop3 { listen=*:110 pop3_uidl_format = %08Xu%08Xv } protocol lda { postmaster_address = [email protected] mail_plugins = quota log_path = /var/log/dovecot-deliver.log info_log_path = /var/log/dovecot-deliver.log } auth default { mechanisms = digest-md5 plain passdb sql { args = /etc/dovecot/dovecot-mysql.conf } userdb sql { args = /etc/dovecot/dovecot-mysql.conf } user = root }

Read the article
Can I port forward to an established reverse ssh tunnel

- by Ben Holness

I have three computers, A, B and C A has initiated a reverse ssh tunnel to B: ssh -nTNx -p 443 -R 22222:localhost:22 [user]@[server] If I log in to B, I can use 'ssh -p 22222 localhost' and I get a login prompt for A. If I try 'ssh -p 22222 [public IP of B]', it doesn't work What I would like to be able to do is have C connect to A without needing to login to B. So from C I could 'ssh -p 22222 [public IP of B]' and I would get the login prompt for A. I am using debian and shorewall and I have a basic understanding of how things work. I have tried various combinations of REDIRECT and DNAT rules, but haven't had any luck. I have tried using the same port (22222) and a different port (forwarding 22223 from C to 22222 on localhost). Any ideas? Cheers, Ben

Read the article
Google Analytics Widget Tracking

- by Kevin Lamb

Hello, I have a form that is generated on a customer's website (lets say customer.com) with javascript that a user fills out and it sends to my site (app.com). I would like to be able to provide information to the customer such as how effective their AdWords campaign was and what search engines users used to end up filling out the form. I have started looking at the multiple domain linking option but I am not sure this is the right way. Is there a way to query what search engine and key words they used and pass this along with the form?

Read the article
Windows host MIA on network

- by andrewbadera

I've had a machine effectively disappear off my home office network. 192.168.1.100 - Windows 7 laptop (on domain) - problem machine 192.168.1.42 - Windows 2008 server (domain controller) 192.168.1.101 - Windows 7 laptop (guest; not on domain) For some reason I am unable to ping, tracert or remote desktop to 192.168.1.100 from .42 or .101. I can remote between .42 and .101 no problem however. .100 cannot ping nor remote desktop to .42 or .101. Remote Desktop access is enabled on .100. I've opened the firewall rules. I've disabled the firewall domain profile. I've turned the firewall service off entirely. No matter what I do, the .100 host is unreachable by any other host on the network. I'm at my wit's end. Thanks in advance for any debug advice!

Read the article
VirtuaWin shows Visual Studio 2010 in all Desktops

- by w0lf

I'm using VirtuaWin in Windows 7 to have virtual desktop functionality and I think this program is awesome. There's one small issue, though: on the computer at work, when moving to another desktop it hides all windows in the current desktop, except any windows of Visual Studio 2010. This means that VS 2010 shows up in all desktops, while for all other windows, VirtuaWin applies the correct behavior. The strange thing is that this issue happens on one computer only; on the others I have it works OK. I have checked the Window Rules section and nothing seems strange in there. Is anyone else experiencing this kind of problem? Any ideas on how to solve it?

Read the article
OpenVPN Bridge on pfsense: once LAN pings clients, connectivity breaks

- by Lucas Kauffman

So I'm using a pfsense openvpn to bridge my LAN segment so VPN users can access the servers. The problem I'm having now is that I can establish a connection, I can ping the LAN server from the VPN, but as soon as I ping the client from the LAN server, there is no connectivity anymore between both parties. So: connect from the VPN client to the LAN = works ping the LAN from the VPN client = works access server from the VPN (ssh, ftp,...) = works ping client from server = doesn't work ping LAN from the VPN client = doesn't work anymore My bridge has em1 and ovpns1 bridged. I noted with tcpdump that ICMP is reaching the bridge between LAN and the VPN segment. But it's not put onto the em1 interface for some reason. My pfsense is running on an ESXi host with th vSwitch port enabled in promiscious mode. Firewall rules allow in and outbound traffic regardless origin or destination.

Read the article
SPAN/Port mirroring on Linksys switch

- by Bastien974

Hi all, I'm trying to deploy a Snort box in my LAN. I have a Linksys SRW248G4 and trying to configure Port mirroring so that Snort can listen everything on the network in promiscuous mode. So in ADMIN / Port Mirroring, I have 3 things: Source Port (e1,...e48, g1...g4) Type (Rx, Tx, Both) Target (e1...e48, g1...g4) Last time I played with it, I killed all traffic on the switch, I had to reboot it several times... so now I'm asking question before: Do I need to configure each Source Port (from 1 to 48) to forward to the single promiscuous port ? 48 rules !? Is that correct ? Thanks !

Read the article
Ubuntu Server UFW NAT Issues

- by William Fleming

*nat :POSTROUTING ACCEPT [0:0] -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE -A ufw-before-input -i tun0 -j ACCEPT -A ufw-before-output -i tun0 -j ACCEPT -A ufw-before-forward -s 10.8.0.0/24 -j ACCEPT -A ufw-before-forward -d 10.8.0.0/24 -j ACCEPT This input into my before.rules file stops me being able to ping the outside world. Before its fine i can ping google.co.uk after cant get out. Is there something wrong in my syntax here or what is the issue...? Im just trying to NAT my VPN so i can get internet access. Any thoughts would be greatly appreciated. Thanks William

Read the article
Engine finish() causes segmentation fault

- by Becky

Hello All - I am using M2Crypto revision 723 from the repository. I am trying to clean up my engine. If I have the pkcs11.finish() line in my script, the script finishes but gets a segmentation fault at the end. Without the finish() line, no segmentation fault occurs. Is there something wrong with the way I'm using finish()? dynamic=Engine.load_dynamic_engine("pkcs11","/usr/local/ssl/lib/engines/engine_pkcs11.so") pkcs11 = Engine.Engine("pkcs11") pkcs11.ctrl_cmd_string("MODULE_PATH", "/usr/lib/libeTPkcs11.so") pkcs11.init() # next few steps which I deleted pass password and grab key & cert off token pkcs11.finish() Engine.cleanup() Thanks!

Read the article
WSUS works, but checkhealth logs events 13042 12002 12012 12032 12022 12042 12052

- by jobu1324

Our WSUS server stopped working until the patch related to .NET 4.0 was installed, at which point clients started downloading and updating again. However, the WSUS mmc console occasionally disconnects when performing various tasks, such as running automatic approval rules; also wsusutil checkhealth creates the following events: 13042: Self-update is not working. 12002: The Reporting Web Service is not working. 12012: The API Remoting Web Service is not working. 12032: The Server Synchronization Web Service is not working. 12022: The Client Web Service is not working. 12042: The SimpleAuth Web Service is not working. 12052: The DSS Authentication Web Service is not working. Apparently there are many possible causes for these events. I'm looking for a way to figure out what is wrong, so that I can fix it.

Read the article
plesk 9 spamassassin server wide blacklist via cron?

- by Kqk

hi, we're running ubuntu 8.04 LTS and plesk 9.2 our simple task is to set up a periodic black list for spamassassin, e.g. using this script .. #!/bin/sh #! Script by AJR to update local spamassassin rules cd /tmp wget -c http://www.stearns.org/sa-blacklist/sa-blacklist.current mv sa-blacklist.current local.cf -f mv local.cf /etc/mail/spamassassin -f rm local.cf -f /etc/init.d/psa-spamassassin restart now, this script runs fine, but plesk doesn't seem to recognize the blacklist in its GUI. which is annoying, especially because plesk itself writes to /etc/mail/spamassassin/local.cf. i wasn't able to find out the secret place, where plesk distinguishes between entries in local.cf added via GUI and command line. any help is appreciated! thanks.

Read the article
HAProxy NGInx SSL setup

- by Niclas

I've been looking around different setups for a server cluster supporting SSL and I would like to benchmark my idea with you. Requirements: All servers in the cluster should be under the same full domain name. (http and https) Routing to subsystems is done on URI matching in HA proxy. All URIs have support for SSL support. Wish: Centralizing routing rules ---<----http-----<-- | | Inet -->HA--+---https--->NGInx_SSL_1..N | | +---http---> Apache_1..M | +---http---> NodeJS Idea: Configure HA to route all SSL traffic (mode=tcp,algorithm=Source) to an NGInx cluster turning https traffic into http. Re-pass the http traffic from NGInx to the HA for normal load-balancing which performs load balancing based on HA config. My question is simply: Is this the best way to to configure based on requirements above?

Read the article
How to configure remote access to multiple subnets behind a SonicWALL NSA 2400

- by Kyle Noland

I have a client that uses a SonicWALL NSA 2400 as their firewall. I need to setup a second LAN subnet for a handful of PC. Management has decided that there should be a second subnet even though intend to allow access across the two subnets - I know... I'm having trouble getting communication across the 2 subnets. I can ping each gateway, but I cannot ping or seem to route traffic fron subnet A to subnet B. Here is my current setup: X0 Interface: LAN zone with IP addres 192.168.1.1 X1 Interface: WAN zone with WAN IP address X2 Interface: LAN zone with IP address 192.168.75.1 I have configured ARP and routes for the secondar subnet (X2) according to this SonicWALL KB article: http://www.sonicwall.com/downloads/supporting_multiple_firewalled_subnets_on_sonicos_enhanced.pdf using "Example 1". At this point I don't minding if I have to throw the SonicWALL GVC software VPN client into the mix to make it work. It feel like I have an Access Rule issue, but for testing I made LAN LAN, WAN LAN and VPN LAN rules wide open with the same results.

Read the article
Cannot see my wordpress website on google search

- by ion

Hi guys I recently uploaded a site made with wordpress. The site url is oakabeachvolley.gr I have set on the privacy settings of wordpress for the site to be visible by search engines. However after almost 45 days the site is invisible on google even when I'm searching using the url name and very specific keywords. Since I have made quite a few sites with wordpress I have never seen this behavior before. Sites will eventually be visible to google engine, sometimes even in the first day. However in this case the site does not show nowhere in the first 20 pages. Any help would be greatly appreciated.

Read the article
How do I keep Conditional Formatting formulas and ranges from automatically changing?

- by Iszi

I've found that Conditional Formatting formulas and ranges will automatically adjust when you copy, delete, or move data around in a spreadsheet. While this is a nice idea, it tends to break things for me in some rather weird ways. To avoid this, I tried writing rules that applied to the entire spreadsheet and keyed off of column headers to highlight the data I wanted to check. Example: =AND(A$1="Check This Column For Blanks),ISBLANK(A1)) applied to =$1:$1048576 However, even with the rule explicitly applied to the entire sheet, it was still automatically adjusting (and breaking in weird ways by doing so) as I worked in the sheet. How can I avoid this?

Read the article
Outlook collapses IMAP folders by default

- by Aron Rotteveel

I recently switched my mail account from POP3 to IMAP and created server-side rules to help me manage my mail better. I use Outlook 2007 as a mail client. For some reason, it seems then ever since I switched to IMAP, all my folders are collapsed by default. Since my folder tree goes down 4 levels, this is pretty annoying. I don't know any better than Outlook remembering my folder preferences, but it seems to forget them as soon as I close the program now. Is there any cause for this, and more importantly, is there a known fix for this problem?

Read the article
Set up SSL/HTTPS in zend application via .htaccess

- by davykiash

I have been battling with .htaccess rules to get my SSL setup working right for the past few days.I get a requested URL not found error whenever I try access any requests that does not do through the index controller. For example this URL would work fine if I enter the it manually https://www.example.com/index.php/auth/register However my application has been built in such a way that the url should be this https://www.example.com/auth/register and that gives the requested URL not found error My other URLs such as https://www.example.com/index/faq https://www.example.com/index/blog https://www.example.com/index/terms work just fine. What rule do I need to write in my htaccess to get the URL https://www.example.com/auth/register working? My htaccess file looks like this RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L] RewriteCond %{REQUEST_FILENAME} -s [OR] RewriteCond %{REQUEST_FILENAME} -l [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^.*$ - [NC,L] RewriteRule ^.*$ index.php [NC,L] I posted an almost similar question in stackoverflow

Read the article
Moving MS Exchange 2007 to another machine

- by Mustafa Ismail Mustafa

We have a machine that has been chugging along with the burden of both Exchange and DC and DNS all with SBS 2008. We have a better machine now and I'd like to move Exchange 2007 to that machine and take it off of this machine. In fact, I'm planning on formatting the old machine and get rid of SBS all together because it is making the machine SLOW. How would I go about making the move? I've read on previous versions of Exchange (2000), that all you do is install Exchange on the new machine and then start moving mailboxes one after the other. Well, what about all the different rules we have in place? How do those get moved? How do we de-commission the old exchange and set up the new exchange as the primary one? Come to think of it, how do we have both exchanges recognize each other on the same domain? TIA

Read the article

< Previous Page | 156 157 158 159 160 161 162 163 164 165 166 167 | Next Page >