Search Results

Search found 43800 results on 1752 pages for 'drupal domain access'.

Page 513/1752 | < Previous Page | 509 510 511 512 513 514 515 516 517 518 519 520  | Next Page >

• Windows 2003 GPO Software Restrictions

  - by joeqwerty

  We're running a Terminal Server farm in a Windows 2003 Domain, and I found a problem with the Software Restrictions GPO settings that are being applied to our TS servers. Here are the details of our configuration and the problem: All of our servers (Domain Controllers and Terminal Servers) are running Windows Server 2003 SP2 and both the domain and forest are at Windows 2003 level. Our TS servers are in an OU where we have specific GPO's linked and have inheritance blocked, so only the TS specific GPO's are applied to these TS servers. Our users are all remote and do not have workstations joined to our domain, so we don't use loopback policy processing. We take a "whitelist" approach to allowing users to run applications, so only applications that we approve and add as path or hash rules are able to run. We have the Security Level in Software Restrictions set to Disallowed and Enforcement is set to "All software files except libraries". What I've found is that if I give a user a shortcut to an application, they're able to launch the application even if it's not in the Additional Rules list of "whitelisted" applications. If I give a user a copy of the main executable for the application and they attempt to launch it, they get the expected "this program has been restricted..." message. It appears that the Software Restrictions are indeed working, except for when the user launches an application using a shortcut as opposed to launching the application from the main executable itself, which seems to contradict the purpose of using Software Restrictions. My questions are: Has anyone else seen this behavior? Can anyone else reproduce this behavior? Am I missing something in my understanding of Software Restrictions? Is it likely that I have something misconfigured in Software Restrictions? EDIT To clarify the problem a little bit: No higher level GPO's are being enforced. Running gpresults shows that in fact, only the TS level GPO's are being applied and I can indeed see my Software Restictions being applied. No path wildcards are in use. I'm testing with an application that is at "C:\Program Files\Application\executable.exe" and the application executable is not in any path or hash rule. If the user launches the main application executable directly from the application's folder, the Software Restrictions are enforced. If I give the user a shortcut that points to the application executable at "C:\Program Files\Application\executable.exe" then they are able to launch the program. EDIT Also, LNK files are listed in the Designated File Types, so they should be treated as executable, which should mean that they are bound by the same Software Restrictions settings and rules.

  Read the article

• Sendmail ignoring parameters

  - by André

  We're sending ~60k emails to non-local addresses with sendmail and I manually set the -f flag to [email protected]. This all works fine and dandy when I limit my PHP script to 5000 addresses. If I remove the limitation, sendmail ingnores the parameters and sends all emails with a reply-to and return-path of [email protected]. I'm sleeping in between each email for 500ms, that should not be the problem.

  Read the article

• Set HTTP condition for redirect rule

  - by Török Gábor

  A have a redirect rule in my .htaccess that forwards agent from A.html to B.html using the following pattern: Redirect 301 /A.html http://mysite.com/B.html Since the Redirect directive requires to set the target host, is it possible to let this rule prevail only on a specific host? I have both a test and deploy domain, and only want it on the deploy domain. I can set HTTP conditions for Rewrite rules, but how can I for HTTP Redirects?

  Read the article

• problems with ASA 8.4 Nat Rules for a Web Server

  - by Marko

  Having problems with the NAT RULES and Access Rules changes on my ASA5505. Want to straight replace a 5505 with a newer 5505 and unfortunately this means dealing with old version 7.2 and the newer 8.4 configurations. my old NAT RULE: static (inside,outside) WebOutside WebInside netmask 255.255.255.255 and an Access Rule of: access-list outside_access_in extended permit tcp any host WebOutside eq www these dont work in 8.4 I understand there are some changed but I can find little information that makes any sense on how to configure these. Any pointers welcomed.

  Read the article

• What is the proper position for the loopback address in a DNS server selection list?

  - by Bigbio2002

  Best practices indicate that one should list 127.0.0.1 in the DNS list for the network adapter configuration for a Domain Controller, but not as the first one. With that said, what is the best place to put it in a list with more than two DNS servers listed? Second, last, or it doesn't matter? Also helpful would be an explanation as to why. Related question: What should the order of DNS servers be for the network adapter of a domain controller?

  Read the article

• Is there a Chrome extension to swap out CSS?

  - by fredley

  I'm trying to completely replace the CSS for a domain with different CSS (i.e. swap out the CSS at gaming.SE for that of Stack Overflow). I'd ideally like an extension that lets me do this. I've used Personalized Web, which allows loading in CSS for a given domain, but it still loads the original CSS (you can specify CSS to ignore, but you have to do this rule by rule! Does anyone know of a way of doing this?

  Read the article

• Hybrid gmail MX + postfix for local accounts

  - by krunk

  Here's the setup: We have a domain, mydomain.com. Everything is on our own server, except general email accounts which are through gmail. Currently gmail is set as the MX record. The server also has various email aliases it needs to support for bug trackers and such. e.g. [email protected] |/path/to/issuetracker.script I'm struggling with a setup that allows the following, both locally and from user's email clients. guser1 - has a gmail account and a local account guser2 - only has a gmail account bugs - has a pipe alias in /etc/aliases for issue tracker Scenarios mail to [email protected] from local host (crons and such) needs to go to gmail account mail to [email protected] from local host mail to [email protected] needs to be piped to the local issue tracker script So, the first stab was creating a transport map. In this scenario, the our server would be set as teh MX and guser* destined emails are sent to gmail. Put the gmail users in a map like so: [email protected] smtp:gmailsmtp:25 [email protected] smtp:gmailsmtp:25 Problems: Ignores extensions such as [email protected] Only works if append_at_myorigin = no (if set to yes, gmail refuses to connect with: E4C7E3E09BA3: to=, relay=none, delay=0.05, delays=0.02/0.01/0.02/0, dsn=4.4.1, status=deferred (connect to gmail-smtp-in.l.google.com[209.85.222.57]:25: Connection refused)) since append_at_myorigin is set to no, all received emails have (unknown sender) The second stab was to set explicit localhost aliases in /etc/aliases and do a domain wide forward on mydomain. This too requires setting the local server as the MX: root: root@localhost # transport mydomain.com smtp:gmailsmtp:25 Problems: * If I create a transport map for a domain that matches "$myhostname", the aliases file is never parsed. So when a local user (or daemon) sends an email like: mail -s "testing" root < text.txt Postfix ignores the /etc/alias entry and maps to [email protected] and attempts to send it to the gmail transport mapping. Third stab: Create a subdomain for the bugs, something like bugs.mydomain.com. Set the MX for this domain to local server and leave the MX for mydomain.com to the Gmail server. Problems: * Does not solve the issue with local accounts. So when the bug tracker responds to an email from [email protected], it uses a local transport and the user never receives the email. % postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_at_myorigin = no append_dot_mydomain = no biff = no config_directory = /etc/postfix inet_interfaces = all mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 mydestination = $myhostname, localhost.$myhostname, localhost myhostname = mydomain.com mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 myorigin = /etc/mailname readme_directory = no recipient_delimiter = + relayhost = smtp_tls_cert_file = /etc/ssl/certs/kspace.pem smtp_tls_enforce_peername = no smtp_tls_key_file = /etc/ssl/certs/kspace.pem smtp_tls_note_starttls_offer = yes smtp_tls_scert_verifydepth = 5 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_use_tls = yes smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) smtpd_recipient_restrictions = permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_destination smtpd_tls_ask_ccert = yes smtpd_tls_req_ccert = no smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/transport

  Read the article

• Limit copssh users to home directory Windows 7

  - by Siriss

  Hello all- I have found these two sites below: CopSSH SFTP -- limit users access to their home directory only and http://blogs.windowsnetworking.com/wnadmin/2006/11/07/copssh-restricting-users-access/ as well as the Copssh website, but upon completion they do not seem to work. I have copssh installed and I have a separate Windows account "sftpuser" created that is used to connect. The connection works just fine, but I want to limit that user to just their home directory and sub folders. I have 3 hard drives, the C:, a W: and an S: and I want the FTP account to only be able to access the W: drive and its contents (the root of the W: drive is the FTP home directory). Right now "sftpuser" can access all folders, including jump drives to C:, and S:. The linked tutorials do not seem to work, because it seems when I create a group "ftpusersgroup" and add "sftpuser" to the group, and then deny "ftpusersgroup" access to the C: drive, the service breaks and I can no longer login. I have undone everything and am ready to start fresh. Does anyone know how to do this, or is there a better tutorial that someone has or has found? I hope this makes sense. Thank you very much for any help!

  Read the article

• Ubuntu 12.04 open port 80 inside WLAN

  - by Eduard

  I have an nginx server running on ubuntu 12.04 that serves http through port 80 and https through port 443. Everything works fine if I access it from the same computer via localhost, 127.0.0.1 or the local IP 192.168.0.11. If I try to access the server from another computer in the same VLAN it does not work for http; it works for https. I have changed my nginx configuration to also listen to port 8000 for http; I can then access http from the other computer in the same VLAN via "http://192.168.0.11:8000". I also have a web server running on port 80 on a windows machine and can access it from another device in the same VLAN, therefore the router is not blocking incoming http traffic. The nginx process is run by root. I have used tcpdump and I see that packets are arriving to Ubuntu: 192.168.0.16.49735 192.168.0.11.80 and that some response is being given 192.168.0.11.80 192.168.0.16.49735 (I do not know what the response is though). There is no request arriving at the nginx web server (I have checked the access log). I have iptables empty. I have unsuccessfully tried to find a solution for a long time to this, it has now become a matter of happiness or bitterness :).

  Read the article

• Requesting better explanation for etag/expiration of favicon.ico

  - by syn4k

  Following this article: Configuring favicon with expires header in htaccess Using YSlow, I keep getting: (no expires) http://devwww.someplace.com/favicon.ico Also, YSlow indicates: Grade C on Configure entity tags (ETags) for the same file. My relevant config (.htaccess): # Configure ETags FileETag MTime Size <IfModule mod_expires.c> # Enable Expires Headers for this directory and sub directories that don't override it ExpiresActive on # Set default expiration for all files ExpiresDefault "access plus 24 hours" # Add Proper MIME-Type for Favicon AddType image/x-icon .ico # Set specific expriation by file type ExpiresByType image/x-icon "access plus 1 month" ExpiresByType image/ico "access plus 1 month" ExpiresByType image/icon "access plus 1 month" </IfModule> As you can see, I am setting both, etags and expiration however, both seem to be ignored. Yes, mod_expires is being loaded by my Apache configuration.

  Read the article

• Mac Leopard Server Apache Permission Denied

  - by dallasclark

  I've setup the web server successfully on Mac Leopard Server and sites work fine within the DocumentRoot directory. I have mounted a volume which has restricted access to users within a group. I would like to point the web server to directories within this volume. Can I add the user the web service is using to the group that has access to this Volume, if so: how do I find out what the user is? I can confirm the web server is pointing to the right directory as log files show the full directory path. When you access the site's URL, it shows Access Forbidden.

  Read the article

• Setup IIS 7 as FTP Server that is connectable outside of my local network

  - by Usta

  I was able to setup an FTP site that I was able to access via ftp://127.0.0.1/ or my local(static) ip. To do this I followed these instructions (with the exception that I did not bind to 127.0.0.1 as suggested) http://learn.iis.net/page.aspx/301/creating-a-new-ftp-site-in-iis-7/ I have created a firewall exception for port 20 and 21, and setup port-forwarding on my wireless router. But I can only access the site via local-host, and I need to have a friend have read access to it. So how do I enable remote access to it? (I'd rather not purchase a domain-name) My setup: IIS 7.5 Windows 7 Professional Wireless Network Norton Internet Security 2012 An Internal Static IP Address

  Read the article

• How can I change exim's DKIM and SPF for emails sent?

  - by 0pt1m1z3

  I've now spent 2 hours trying to figure out this issue and I am about to give up and go to bed. I've been having issues with Gmail rejecting emails from my VPS server because of false spam alerts (probably caused by lfd sending too many emails). So I changed my Exim config to send emails from a different IP (my VPS comes with 3) and that fixed the issue. I also enabled DKIM and SPF on my domains for added measure. But now, all my emails appear as ("From: Sender Name via server.domain1.com") where server.domain1.com is my VPS hostname. I previously had the same issue in Outlook and turning off "Set SMTP Sender: headers" solved that problem. But I believe adding the DKIM and SPF now makes Gmail add "via server.domain1.com" to my messages. How do I fix this? This is a typical header for a message (as it appears at gmail): Delivered-To: [email protected] Received: by 10.60.44.163 with SMTP id f3csp248622oem; Thu, 29 Mar 2012 21:23:18 -0700 (PDT) Received: by 10.50.106.200 with SMTP id gw8mr452788igb.10.1333081398523; Thu, 29 Mar 2012 21:23:18 -0700 (PDT) Return-Path: <[email protected]> Received: from domain2.com ([X.X.X.X]) by mx.google.com with ESMTPS id y1si810998igb.3.2012.03.29.21.23.18 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 29 Mar 2012 21:23:18 -0700 (PDT) Received-SPF: pass (google.com: domain of [email protected] designates X.X.X.X as permitted sender) client-ip=X.X.X.X; Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates X.X.X.X as permitted sender) [email protected]; dkim=pass [email protected] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=server.domain1.com; s=default; h=Date:Message-Id:From:Content-type:MIME-Version:Subject:To; bh=wF8bBRgh01EYg4t5DAeVPv1Ps906UVIeRnQCb/HvSYw=; b=k/Pg7lnrO+Ud/z1mOTv+O/3DiJzzQgyBhfIizIaFHM8tF/eNJt5P2k+9yQB224sxYstZIWwVRBJmiqvcM1QhARv1HWqWma0crppZ3JOn+LRHANan634OBi+58SIRA+gu; Received: (Exim 4.77) id 1SDTVE-0005HA-9Y for [email protected]; Fri, 30 Mar 2012 00:31:56 -0400 To: [email protected] Subject: Password Reset Request MIME-Version: 1.0 Content-type: text/html; charset=iso-8859-1 From: Sender Name <[email protected]> Message-Id: <[email protected]> Date: Fri, 30 Mar 2012 00:31:56 -0400 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - server.domain1.com X-AntiAbuse: Original Domain - domain2.com X-AntiAbuse: Originator/Caller UID/GID - [507 504] / [47 12] X-AntiAbuse: Sender Address Domain - server.domain1.com

  Read the article

• Configuring IP-aliasing on a CentOS Apache server

  - by Saif Bechan

  I am trying out a method to implement IP-aliasing on an Apache server. Host multiple SSL sites on a single network card with IP aliasing I have followed all the steps, but when I browse to my second domain I always end up in my primary domain. Have anyone tried this method and is this even possible?

  Read the article

• Can you add a normal SSL certificate to the base of a wildcard certificate?

  - by ae

  I have a wildcard SSL certificate setup on *.domain.com and its working fine. I now want to add a single ssl certificate to domain.com. Is this likely to cause me problems? I assume not, but I thought it would be good to check that someone else has done it.

  Read the article

• What is the ideal way to set up multiple FTP enabled web accounts on Fedora?

  - by Nicholas Flynt

  I'm setting up a test server for use as a web development platform, and I'd like to mimic as closely as I can a typical shared hosting setup. That is, I'd like my server to have multple user FTP accounts, each of which links to a directory containing the webroot of the site, and I'd like apache to be able to easily see and manupulate these files. I'll admit: I'm not as familiar with Fedora as I'd like, I run Ubuntu on my home box and SElinux is giving me some grief. My initial plan was to have each user FTP into their home directory, and put the web directory there as well, but SElinux throws a hissy fit when apache tries to access anything outside of its web directory, so that plan was a no go. Would it be wise to continue this route, and perhaps mount web directories in user home folders so that FTP could still be used to access them, even though apache saw them in var/www like it expects? Would it make more sense to set up custom FTP accounts and use a single FTP user on the server box? What's the general course of action on something like this? I'm using vsftpd right now to host web directories, which is why I'm liking the home directory approach (it's simple and secure) but of course there's bound to be a better way to go about it. Thanks. (I'll leave other things, like restricted DB access and such, to another post. I'm interested right now with just getting FTP and apache to play nice in a multi-user environment.) PS: For the record, an issue I ran into when doing all of this was that if apache isn't running as the same user as the FTP account is saving as, there are permissions errors when FTP creates files, requiring the remote user to chmod the files to fix it. A logical fix would be to run apache in a special group, put all web users in this group, and have FTP access default to giving this group read/write access to everything like apache would expect, but I never could figure out how to accomplish this. Bonus points and cake if you know a solution.

  Read the article

• Encryption of external HDD -- accessible from windows without installation

  - by Rainer

  I would like to use encryption on my external HDD but I would like to be able to access the encrypted data from Windows as well. As suggested in other questions, TrueCrypt is one option here, or I am using momentarily encfs, which is not available for Windows. But my question goes further: I would like to be able to access the encrypted partition from Windows without installation as I will be using it from different Windows machines for which I have no administrator access. My main OS is Linux and I have full root access to that computer. Is there a full disk or file based encryption which I can use cross platform and which does not require installation under Windows? ADDITION: It seems that TrueCrypt provides a portable mode which fulfills my requirements partly: http://www.truecrypt.org/docs/?s=truecrypt-portable, but still the TrueCrypt driver needs to be installed by an administrator... pitty Thanks

  Read the article

• hyperv machine guest loads slow

  - by Dani Avni

  this is by far one of the strangest things I have seen. I have a win 2008R2 cluster with a CSV. the CSV itself is on an iSCSI storage (hitachi HUS 110) basic config of the two hosts in the cluster is Dell R610 Win 2008 R2 with all patches 64GB 1 NIC for host access 2 NICs for guest access 2 NICs for iSCSI these machine work great and I can load a 2008R2 test guest machine on them in less than 90 seconds after the above config is running for over a year, I now need to add a new host. now the host is Dell R620 (Still intel but different CPU) Win 2008 R2 with all patches 64GB 1 NIC for host access 2 NICs for guest access 2 NICs for iSCSI I added this new host to the domain and to the cluster, I gave it access to the CSV and I tried loading the same guest machine that loads in 90 seconds in the other hosts. the machine loads in about 6 minutes. no matter how many times I try this the old hosts load the machine in about 90 seconds and this new host in around 6 minutes to eliminate any problems with the iSCSI connection, I added a new LUN and directly accessed it from the new host and I was working at around 300MB/s so no problem there. I also tested the connection between the other hosts and the new one and network is working fine there too. to eliminate problems in HyperV, I copied the machine to the local disk of the new host and it loaded in less than 20 seconds. now is the point were things get a lot stranger: in my tests I tried installing a fresh windows guest machine to the CSV from the new host. I noticed that while the fresh windows was installing, my test guest was loading in less than 90 seconds even on the new host (I repeated this a few times). If I paused the fresh install guest and tried loading the test guest again it loaded in 6 minutes. and again after I resumed the guest installation the test guest loaded fast. after the fresh windows was also loaded, I ran tests loading the fresh window and my test machine. each one of them loaded in about 5 minutes when I tried loading them separately. however when I started both of them in the same time they both loaded in around 2.5 minutes it seems that the iSCSI disk access is only working if it is under some load (although I never got to above 10% utilization according to the task manager) does anyone have any idea what could be the problem?

  Read the article

• pam auth via winbind, howto map primary group for users?

  - by dr gonzo

  I have unix users authenticating to an PDC (via winbind) and want to have the primary group of those users a local unix group (e.g. www-data). users have the group "domain users" with gid 10006 (as the gid winbind mapping) idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum groups = yes winbind enum users = yes winbind use default domain = yes winbind nested groups = yes but want that the primary group is 33 for all users (www-data) how to achieve that?

  Read the article

• Setting Up My Home Network

  - by Skizz

  I currently have five PCs at home, three running WinXP and two running Ubuntu. They are set up like this: ISP ----- Modem ---- Switch ---- Ubuntu1 -- B&W Printer | |--WinXP1 | |--WinXP2 Wireless |--Colour Printer | |---------Ubuntu2 |---------WinXP3 (laptop) The Ubuntu1 machine is set up as a PDC using Samba and runs fetchmail, procmail, dovecot to get my e-mail and allow me to access the e-mail via imap so I can read the e-mail on any PC. I'd like to set up the network like this: ISP ----- Modem ---- Ubuntu1 ---- Switch ------WinXP1 | | |--WinXP2 B&W Printer Wireless |--Colour Printer | |---------Ubuntu2 |---------WinXP3 (laptop) My questions are: How to configure Ubuntu1 to act as a firewall. How to configure Ubuntu1 to provide a consistant user authentication across the network, at the moment Samba provides roaming profiles for the XP machines but the Ubuntu2 machine has it's own user lists. I'd like to have a single authentication for both XP machines and linux machines so that users added to the server list will propagate to all PCs (i.e. new users can log on using any PC without modifying any of the client PCs). How to configure a linux client (Ubuntu2 above) to access files on the server (Ubuntu1), some of which are in user specific folders, effectively sharing /home/{user} per user (read and write access) and stuff like /home/media/photos with read access for everyone and limited write access. How to configure the XP machines (if it is different from a the Samba method). How to set up e-mail filtering. I'd like to have a whitelist/blacklist system for incoming e-mails for some of the e-mail accounts (mainly, my kids' accounts) with filtered e-mails being put into quaranteen until a sysadmin either adds the sender to a blacklist or whitelist. OK, that's a lot of stuff. For now, I don't want config files*, rather, what services / applications to use and how they interact. For example, LDAP could be used for authentication but what else would be useful to make the administration of the LDAP easier. Once I have a general idea for the overall configuration, I can ask other questions about the specifics. Skizz I have looked around for information, but most answers are usually in the form of abstract config files and lists of packages to install.

  Read the article

• What's the best platform to publish documentation to internal users?

  - by serialhobbyist

  My team has a need to publish documentation internally. At the moment, it's spread all over the place and this means we often have to search everywhere to find something. We'd like to publish everything in one place. The main thing that stops us is access control - the wikis in place don't belong to us and we can't do it. What is the best tool for publishing docs, ideally fitting these requirements: web front end - readers access docs using browser single place to put docs access control by individual doc or by sets of docs (folders, branch of 'site', ...) if you don't have access to a doc, you don't see the link to that page/doc/folder. either built-in editor or something my users are familiar with (e.g. Word) built-in version control would be nice Also, can you think of other criteria I should've specified?

  Read the article

• setting upload/space limit for FTP client

  - by tombull89

  As part of my web hosting plan i've also got a few domain hosted for family and friends. I have my own FTP account with full access and I would like to give FTP to a web designer and a user. Is there a way for restricing uploads larger than a certian size, or setting a size limit on the folder that the FTP access has access to? I'd rather not let them upload files ridiciously big. Thanks.

  Read the article

• How to host many websites using same public IP address but different domains.

  - by Roberto Sebestyen

  I know how to configure one IIS instance to run many websites using the same public ip address, but different domain names (As long as I have control over the domains). But how can you configure many IIS servers running on different virtual machines in the same network, to host websites using the same public IP addres, but different domain names? Normailly in IIS under the website you can set the headers to which the website will respond to. but what if that website is on a different machine?

  Read the article

• Nginx Proxying to Multiple IP Addresses for CMS' Website Preview

  - by Matthew Borgman

  First-time poster, so bear with me. I'm relatively new to Nginx, but have managed to figure out what I've needed... until now. Nginx v1.0.15 is proxying to PHP-FPM v.5.3.10, which is listening at http://127.0.0.1:9000. [Knock on wood] everything has been running smoothly in terms of hosting our CMS and many websites. Now, we've developed our CMS and configured Nginx such that each supported website has a preview URL (e.g. http://[WebsiteID].ourcms.com/) where the site can be, you guessed it, previewed in those situations where DNS doesn't yet resolve to our server, etc. Specifically, we use Nginx's Map module (http://wiki.nginx.org/HttpMapModule) and a regular expression in the server_name of the CMS' server{ } block to 1) lookup a website's primary domain name from its preview URL and then 2) forward the request to the "matched" primary domain. The corresponding Nginx configuration: map $host $h { 123.ourcms.com www.example1.com; 456.ourcms.com www.example2.com; 789.ourcms.com www.example3.com; } and server { listen [OurCMSIPAddress]:80; listen [OurCMSIPAddress]:443 ssl; root /var/www/ourcms.com; server_name ~^(.*)\.ourcms\.com$; ssl_certificate /etc/nginx/conf.d/ourcms.com.chained.crt; ssl_certificate_key /etc/nginx/conf.d/ourcms.com.key; location / { proxy_pass http://127.0.0.1/; proxy_set_header Host $h; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } (Note: I do realize that the regex in the server_name should be "tighter" for security reasons and match only the format of the website ID (i.e. a UUID in our case).) This configuration works for 99% of our sites... except those that have a dedicated IP address for an installed SSL certificate. A "502 Bad Gateway" is returned for these and I'm unsure as to why. This is how I think the current configuration works for any requests that match the regex (e.g. http://123.ourcms.com/): Nginx looks up the website's primary domain from the mapping, and as a result of the proxy_pass http://127.0.0.1 directive, passes the request back to Nginx itself, which since the proxied request has a hostname corresponding to the website's primary domain name, via the proxy_set_header Host $h directive, Nginx handles the request as if it was as direct request for that hostname. Please correct me if I'm wrong in this understanding. Should I be proxying to those website's dedicated IP addresses? I tried this, but it didn't seem to work? Is there a setting in the Proxy module that I'm missing? Thanks for the help. MB

  Read the article

• icacls batch file multiple directories with wildcards help needed

  - by user153521

  I have written the following batch file that does a great job combing through all folders beginning with the number 3 and applying folder permissions to any 2010 subfolder. Example of the batch filesis below: for /D %%f in (D:\Data\3*) do icacls "%%f\2010" /inheritance:r /grant:r "Domain Admins":(OI)(CI)F Question : How can I improve this script to allow for me to apply the permissions to a specific folder below ANY folder within the folders beginning with 3? here is an example of my failed attempt: for /D %%f in (D:\Data\3*) do icacls "%%f*\specificfolder" /inheritance:r /grant:r "Domain Admins":(OI)(CI)F

  Read the article

< Previous Page | 509 510 511 512 513 514 515 516 517 518 519 520  | Next Page >