Search Results

Search found 30728 results on 1230 pages for 'app pool'.

Page 451/1230 | < Previous Page | 447 448 449 450 451 452 453 454 455 456 457 458 | Next Page >

Automatically Applying Security Updates for AWS Elastic Beanstalk

- by Eric Anderson

I've been a fan of Heroku since it's earliest days. But I like the fact that AWS Elastic Beanstalk gives you more control over the characteristics of the instances. One thing I love about Heroku is the fact that I can deploy an app and not worry about managing it. I am assuming Heroku is ensuring all OS security updates are timely applied. I just need to make sure my app is secure. My initial research on Beanstalk shows that although it builds and configures the instances for you, after that it moves to a more manual management process. Security updates won't automatically be applied to the instances. It seems there are two areas of concerns: New AMI releases - As new AMI releases hit it seems we would want to run the latest (presumably most secure). But my research seems to indicate you need to manually launch a new setup to see the latest AMI version and then create a new environment to use that new version. Is there a better automated way of rotating your instances into new AMI releases? In between releases there will be security updates released for packages. Seems we want to upgrade those as well. My research seems to indicate people install commands to occasionally run a yum update. But since new instances are created/destroyed based on usage it seems that the new instances would not always have the updates (i.e. the time between the instance creation and the first yum update). So occasionally you will have instances that aren't patched. And you are also going to have instances constantly patching themselves until the new AMI release is applied. My other concern is that perhaps these security updates haven't gone through Amazon's own review (like the AMI releases do) and it might break my app to automatically update them. I know Dreamhost once had a 12 hour outage because they were applying debian updates completely automatically without any review. I want to make sure the same thing doesn't happen to me. So my question is does Amazon provide a way to offer fully managed PaaS like Heroku? Or is AWS Elastic Beanstalk really more of just a install script and after that you are on your own (other than the monitoring and deployment tools they provide)?

Read the article
Can you disable UNC paths in Windows?

- by Evan

We are trying to lock down a Terminal Server, and want to remove a commercial package's ability to accept UNC file paths, ie. paths in the app can then only be entered using the windows drive letters. Is there any way to do this in Windows? Can we disallow UNC paths for just the app? Can we disallow UNC paths for the entire Terminal Server session? The intention is to allow the application to only write to certain directories (as mapped in the Terminal Server session). The aim is to prevent the output of files to directories that the users have access to, but are not mapped in the Terminal Server session.

Read the article
Iptables config breaks Java + Elastic Search communication

- by Agustin Lopez

I am trying to set up a firewall for a server hosting a java app and ES. Both are on the same server and communicate to each other. The problem I am having is that my firewall configuration prevents java from connecting to ES. Not sure why really.... I have tried lot of stuff like opening the port range 9200:9400 to the server ip without any luck but from what I know all communication inside the server should be allowed with this configuration. The idea is that ES should not be accessible from outside but it should be accessible from this java app and ES uses the port range 9200:9400. This is my iptables script: echo -e Deleting rules for INPUT chain iptables -F INPUT echo -e Deleting rules for OUTPUT chain iptables -F OUTPUT echo -e Deleting rules for FORWARD chain iptables -F FORWARD echo -e Setting by default the drop policy on each chain iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -P FORWARD DROP echo -e Open all ports from/to localhost iptables -A INPUT -i lo -j ACCEPT echo -e Open SSH port 22 with brute force security iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name SSH --rsource iptables -A INPUT -p tcp -m tcp --dport 22 -m recent --rcheck --seconds 30 --hitcount 4 --rttl --name SSH --rsource -j REJECT --reject-with tcp-reset iptables -A INPUT -p tcp -m tcp --dport 22 -m recent --rcheck --seconds 30 --hitcount 3 --rttl --name SSH --rsource -j LOG --log-prefix "SSH brute force " iptables -A INPUT -p tcp -m tcp --dport 22 -m recent --update --seconds 30 --hitcount 3 --rttl --name SSH --rsource -j REJECT --reject-with tcp-reset iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT echo -e Open NGINX port 80 iptables -A INPUT -p tcp --dport 80 -j ACCEPT echo -e Open NGINX SSL port 443 iptables -A INPUT -p tcp --dport 443 -j ACCEPT echo -e Enable DNS iptables -A INPUT -p tcp -m tcp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -p udp -m udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT And I get this in the java app when this config is in place: org.elasticsearch.cluster.block.ClusterBlockException: blocked by: [SERVICE_UNAVAILABLE/1/state not recovered / initialized];[SERVICE_UNAVAILABLE/2/no master]; at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:292) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1185) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:537) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:475) at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:304) at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:228) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:300) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:195) at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:700) at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:760) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:482) at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:403) Do any of you see any problem with this configuration and ES? Thanks in advance

Read the article
signed software :: installer -- system software and package installer tool (Apple *.pkg)

- by fyodor78

Does anybody know a few details about signed software and /Applications/Utilities/Installer.app? I didn't find more at Wikipedia (https://secure.wikimedia.org/wikipedia/en/wiki/Installer_%28Mac_OS_X%29) and the UNIX-Manual (man 8 installer). I have here a valid signature from iLife 11 Installer.app (http://i.imgur.com/Y3raY.jpg). Does this mean I can be 100% sure that nothing is modified? It means I can trust this PKG because signed by Apple? Or did I get something wrong?

Read the article
Cleaning Up Unused Users and Groups (Ubuntu 10.10 Server)

- by PhpMyCoder

Hello experts, I'm very much a beginner when it comes to Ubuntu and I've been learning the ropes by diving in and writing a (backend-language independent) web app framework that relies on apache, some clever mod_rewrites, Ubuntu permissions, groups, and users. One thing that really annoys my inner clean-freak is that there are loads of users and groups that are created when Ubuntu is installed that are never used (Or so I think). Since I'm just running a simple web app server, I would like to know: What users/groups can I remove? Since you'll probably ask for it...here's a list of all the users on my box (excluding the ones I know that I need): root daemon bin sys sync man lp mail uucp proxy backup list irc gnats nobody libuuid syslog And a list of all of the groups: root daemon bin sys adm tty disk lp mail uucp man proxy kmem dialout fax voice cdrom floppy tape sudo audio dip backup operator list irc src gnats shadow utmp video sasl plugdev users nogroup libuuid crontab syslog fuse mlocate ssl-cert lpadmin sambashare admin

Read the article
Pfsense: Inbound Load Balancing https with sticky connection

- by Zeux

first of all I'm very sorry for my English... This is my scenario: Internet Firewall+LB: pfsense_1(Active) + pfsense_2(Passive) in CARP Pool servers: 3 x nginx(PHP5+HTTP+HTTPS) Pfsense 1 and 2 CARP configured with Virtual IP (pubblic). Nginx servers's ips are all private. I want to load balance inbound HTTP and HTTPS connections between the 3 nginx web servers. An importat thing is that the HTTPS connections must be "sticky connections": in HTTPS connections, after login by username and password, I setup a php session and therefore when a client starts a HTTPS connection it will be always redirected to the same nginx server, until it disconnects itself, it closes the page/browser or after a timeout (30minutes?) without activity. Is this possible whit the last release(2.0.1) of pfsense? thank you very much...

Read the article
File sync over LAN

- by Jack

At the moment, I'm using Dropbox on my computer and Dropsync on my Android phone (over WiFi) to one-way sync the files (such as photos/app backups) on my phone to the Dropbox servers which are then synced to my computer. I like the features of Dropsync which can be set to sync only when the phone is charging and the WiFi is on. So everytime I charge my phone, i know my files are being backed up. Now I'm wondering if there's a similar app/program combo or something that can do what I'm currently doing but remove the middle-man (Dropbox servers)?

Read the article
301 redirect Rule For Load Balance F5 BigIp

- by Kshah

I have a load balancer F5 Big ip for my website. Currently, I am having 302 redirect in place; however, I wanted to apply 301 but dont know how. For example: My website (abc.com) when typed 302 redirects to abc.com/index and when typed www.abc.com 302 redirects www.abc.com/index. I wanted to have a rule which will help me in abc.com - 301 redirect - www.abc.com/index abc.com/index - 301 redirect - www.abc.com/index www.abc.com - 301 redirect - www.abc.com/index Below is the code that my tech person is trying: Redirect to WWW when HTTP_REQUEST { if { [HTTP::host] equals "abc.com" or [HTTP::host] equals "abc.co.in" or [HTTP::host] equals "www.abc.co.in" } { if {!( [HTTP::path] equals "/")} { HTTP::respond 301 Location "http://www.abc.com[HTTP::path]" } } } Redirect POST when HTTP_REQUEST { if { [HTTP::method] equals "POST" } { persist source_addr pool shop_shop_vr4_http } } Redirect-VR4 HOMEPAGE when HTTP_REQUEST { if { [HTTP::path] equals "/" or [HTTP::path] starts_with "/target/" or [HTTP::path] starts_with "/logs/" or [HTTP::path] starts_with "/config/" } { HTTP::redirect "http://[HTTP::host]/index.jsp.vr" } }

Read the article
HAproxy - Redirect issue - Uri Variables ?

- by Justin

I'm using haproxy 1.5dev3 and I was wondering if there is any possible way to grab uri variables from a request to reappend the query on the end of a redirect url? What I'm trying to do is redirect from: http://www.domain.com/page/example.htm?id=1234567 to: http://www.domain.com/frame/newpage.cfm?id=1234567 redirect prefix doesn't work properly as it tries to append /page/example.htm to the end of the redirect url. Can I do some sort of rewrite to accomplish this? It would be awesome if you could use uri and queries as variables for redirection/pool selection like on F5. Please help...Thanks!

Read the article
Why aren't connections released by the tomcat AJP connector

- by Chris

I have here a jboss with a web application. The tomcat is configured to use the ajp connector. Incoming connections are tunneled via an apache reverse proxy to the connector. Now I recognized that under heavy load the connector keeps a bunch of connections in "keep alive" mode for eternity and doesn't release them any more. With the normal HTTP connector the app did well, but now with the ajp connector we have regular app stallments. Can someone give me some advice where to start to look to resolve this issue? Why does the connector not release the connection again after idling for 300 secs? thanks, chris

Read the article
What are the implications of expanding an internal subnet mask?

- by Philip

Our network is currently working on a 192.168.0.x subnet, all controlled through DHCP, except for the few main servers who have hard-configured IP address settings. What would I kill if I changed the DHCP-published subnet mask from 255.255.255.0 to 255.255.0.0? The reason for doing this is not because we have a huge sudden influx of machines, but because I'd like to start partitioning specific devices into specific IP ranges (to be neat and tidy). For what its worth, I don' plan on changing the allocated DHCP address range, but rather want to move some of the reserved and excluded DHCP addresses out of the address pool. e.g. printers will be 192.168.2.x I will obviously need to change the subnet mask manually on my manually configured devices.

Read the article
Http 400 'Bad Request' and win32status 1450 when larger messages are sended to a WCF service

- by Tim Mahy

Hi all, we sometimes receive Http 400 bad request resultcodes when posting a large file (10mb) to a WCF service hosted in IIS 6. We can reproduce this using SOAP UI and it seems that it is unpredictable when this happens. In our WCF log the call is not received, so we believe that the request does not reach the ASP.NET nor WCF runtime. This happens on multiple websites on the same machine each having their own application pool. All IIS settings are default, only in ASP.NET and WCF we allow bigger readerQuota's etc.... The win32status that is logged in the IIS log is 1450 which we think means "error no system resources". So now the question: a) how can we solve this b) (when a is not applicable :) ) which performance counters or logs are usefull to learn more about this problem? greetings, Tim

Read the article
NAS4Free disk encryption and ZFS error

- by MiNT

I have installed a NAS4Free on a VM, and as recommended, i installed it on a 1GB virtual disk, and assigned another disk 500GB to this VM for file storage. I have created the disk, encrypted it, created a ZFS virtual disk, and then a ZFS storage pool. Everything was working. On every restart of this VM i needed to go on and mount the encrypted drive. Recently i upgraded the host machine, and now i cant mount or make it work. I have tried removing everything and setting up from scratch everything, with the exception of formating the disk, i have used an encrypted one without formating it. Does anybody have any suggestion on how can i at least get back my data, can i mount somehow the encrypted drive even in another utility, just need to get back the data that were on it.

Read the article
I Can't Get Ruby on Rails + Passenger + Apache to Work

- by Luke Crowe

I'm sorry if this is a stupid question, but I can't get Ruby on Rails to work on my Apache server. I'm using Phusion Passenger (mod_rails, mod_rack) for app deployment. Here is my RoR-specific configuration code in my website's Apache configuration file: Alias /rails /var/www/syyborg.com/ruby/blog/public <Directory /var/www/syyborg.com/ruby/blog/public Options FollowSymLinks AllowOverride None Order Allow,Deny Allow from All </Directory RailsBaseURI /rails Again, I really have very little knowledge of this kind of thing; I have never set up a server from scratch before. Anyways, my rails app, as you can see, is located at /var/www/syyborg.com/ruby/blog/. I am trying to access it from http://[my domain, syyborg.com]/rails. However, when I try to load the site, I get a "403 Forbidden" error. Any help would be greatly appreciated, and I can provide further details if they are required. Thanks in advance!

Read the article
Nginx & Passenger - failed (11: Resource temporarily unavailable) while connecting to upstream

- by Toby Hede

I have an Nginx and Passenger setup that is proving problematic. At relatively low loads the server seems to get backed up and start churning results like this into the error.log: connect() to unix:/passenger_helper_server failed (11: Resource temporarily unavailable) while connecting to upstream My passenger setup is: passenger_min_instances 2; passenger_pool_idle_time 1200; passenger_max_pool_size 20; I have done some digging, and it looks like the CPU gets pegged. Memory usage seems fine passenger_memory_stats shows at most about 700MB being used, but CPU approaches 100%. is this enough to cause this type of error? Should i bring the pool size down? Are there other configuration settings I should be looking at? Any help appreciated Other pertinent information: Amazon EC2 Small Instance Ubuntu 10.10 Nginx (latest stable) Passenger (latest stable) Rails 3.0.4

Read the article
RemoteApp Security Warning

- by nairware

I have a Windows 2012 Standard x64 RemoteApps RDWeb portal where I can launch apps. We have one remote app in particular which is RDP (mstsc.exe). Whenever a user launches it, they receive three different prompts--the second one is this alert (shown below). How can I get rid of this alert? I have other RemoteApps launching as well, and they do not throw errors or alerts like this one. And they are applications with the .exe extension, so I do not understand what is so unique about the RDP RemoteApp that would cause this alert. One thing perhaps worth mentioning is this particular RDP remote app points directly to the mstsc.exe executable residing on a particular session host/terminal server (as shown in the "From" value of the warning). As such, a gateway server would not be used to load-balance and choose the RDP client launched from a session host at random. This RDP RemoteApp is explicitly associated with one particular terminal server.

Read the article
Getting ZFS per dataset IO statistics (or NFS per export IO statistics)

- by jkj

Where do I find statistics about how IO is divided between zfs datasets? (zpool iostat only tells me how much IO a pool is experiencing.) All the relevant datasets are used through NFS, so I'd be happy with per export NFS IO statistics also. We're currently running OpenIndiana [edit] It seems that operation and byte counter are available in kstat kstat -p unix:*:vopstats_??????? ... unix:0:vopstats_2d90002:nputpage 50 unix:0:vopstats_2d90002:nread 12390785 ... unix:0:vopstats_2d90002:read_bytes 22272845340 unix:0:vopstats_2d90002:readdir_bytes 477996168 ... ...but the strange hexadecimal ID numbers have to be resolved from /etc/mnttab (better ideas?) rpool/export/home/jkj /export/home/jkj zfs rw,...,dev=2d90002 1308471917 Now writing a munin plugin to use the data...

Read the article
Url rewriting stops working after changing default port on iis7

- by Somesh

I have migrated the IIS6 webserver 2003 websites to IIS7 webserver 2008 using msdeploy tool. Application pool setting are changed with "Enable 32-bit Applications=true", "Managed_Pipeline_Mode=Classic","Identity=NetworkService" Framework=v1.1/2.0. All the websites are working fine on default port along with url rewriting migrated from iis6. When I start the webserver on port other than default port by changing bindings, url rewriting stops workings and get 404 error in logs. I think I don't have to change the handler mapping cause I am running it in classic mode. How can I troubleshoot this?

Read the article
Configuring Backup Exec 2012 using USB hard drives as media

- by SydxPages

I have found some information on this but have not found the exact answers to these questions. Background I have installed backup exec 2012 (with agents for databases) I have configured a storage pool, with 2 USB drives (1TB) The backups are configured to backup to one of the 2 drives (depending on which one is connected) I have 2 questions: How do I get Backup Exec to tell me which disk to insert? I have used tapes before and it told me then which tape to use? I was hoping this was available for disks too. (Whilst there are only 2 at the moment, there will be more). And then how do I get Backup Exec to delete old backups when the disk if full.

Read the article
best practice? Consumer data in MySQL on Amazon EBS (Elastic block store)

- by jeff7091

This is a consumer app, so I will care about storage costs - I don't want to have 5x copies of data lying about. The app shards very well, so I can use MySQL and not have scaling issues. Amazon EBS has a nice baseline+snapshot backup capability that uses S3. This should have a light footprint (in terms of storage cost). BUT: the magnolia.com story scares the crap out of me: basically flawless block-level backup of a corrupt DB or filesystem. Is there anything that is nearly as storage efficient as EBS at the MySQL level?

Read the article
Windows Deployment Services

- by timbrigham

I have a slightly advanced Windows Deployment Services setup. My router hands out DHCP addresses, including the following config. ip dhcp pool Servers_100 network 192.168.100.0 255.255.255.0 bootfile boot\\x86\\pxelinux.0 next-server 192.168.100.50 default-router 192.168.100.1 dns-server 192.168.100.80 192.168.100.81 This works perfectly for other subnets - I have a couple screens in my pxelinux that allow me to select my various Linux installers or enter the windows preboot environment. For some reason I'm only receiving the default bootfile that opens to the windows preboot environment. Any idea why?

Read the article
Access to NTP via IP which doesn't change often

- by faulty

I'm trying to sync the clock of our production server located in a data center with pool.ntp.org. For security reason, our servers has no internet access unless we requested to open specific ip/port explicitly. I worked out a list of IPs based on 0.asia.ntp.org 1.asia.ntp.org 2.asia.ntp.org 3.asia.ntp.org Not realizing ntp.org is using round robin DNS and the servers being voluntary, they changes from time to time. In fact the IP I've got from 3.asia.ntp.org last month is no longer working now. I'm wondering if there's a publicly known NTP server that doesn't change as often or if there's a way to go around this without having to request an update to the firewall on a monthly basis. I believe many admin is facing the same issue here.

Read the article
Consolidate SQL Server Reporting Services

- by Eric C. Singer

I've been a big fan of consolidating as many DB's to a few SQL servers for a while and I've had great success with it. However, I've never had to deal with SQL reporting services. Has anyone migrated SSRS from a bunch of random SQL servers into a consolidated SQL server? I don't exactly know a whole lot about SSRS which is part of the problem. To my knowlege, it's one DB per SSRS instance, so it sounds like i'd need to find a way of exporting data and merging it. Basically the process used to look like: Move DB from SQL Express to shared SQL server Change point in APP to point at new SQL server With reporting services, how do I move the reporting service compenent of the DB as well? I realize I may need to tweak the app, but my question is on the SQL side.

Read the article
Secure PHP environments with PHP-FPM and SFTP

- by pdd

I'd like to set up secure environments for a small number of untrusted PHP websites on a Debian server. Right now everything runs on the same Apache2 with mod_php5 and vsftpd for administrative file access, so there is room for improvement. The idea is to use nginx instead of apache, SFTP through OpenSSH instead of vsftpd and chrooted (in sshd_config), individual users for each website with their own pool of PHP processes. All these users and nginx are part of the same group. Now in theory I can set 700 permissions on all PHP scripts and 750 on static files that nginx has to serve up. Theoretically, if a website is compromised all the other users' data is safe, right? Are there better solutions that require less setup time and memory per website? Cheers

Read the article
Using Komodo IDE as Text editor from the OS X terminal

- by lexu

According to this URL I should be able to start Komodo IDE from the command line when I want to edit a file. I set up the symbolic link using (on single line) ln -sf "/Applications/Komodo IDE.app/Contents/MacOS/komodo" /Users/lexu/bin/komodo but when I type afg-2:~ lexu$ komodo .bash_profile I get dyld: Library not loaded: /usr/lib/libsqlite3.dylib Referenced from: /System/Library/Frameworks/Security.framework/Versions/A/Security Reason: Incompatible library version: Security requires version 9.0.0 or later, but libsqlite3.dylib provides version 1.0.0 /Applications/Komodo IDE.app/Contents/MacOS/run-mozilla.sh: line 131: 4370 Trace/BPT trap "$prog" ${1+"$@"} and a dialog that says My guess is I need to somehow let Komodo know it needs to use different libraries? Does someone have this working?

Read the article

< Previous Page | 447 448 449 450 451 452 453 454 455 456 457 458 | Next Page >