Search Results

Search found 46419 results on 1857 pages for 'web traffic'.

Page 796/1857 | < Previous Page | 792 793 794 795 796 797 798 799 800 801 802 803 | Next Page >

nginx config to serve as external secure proxy

- by realworldcoder

I'm setting up an external nginx server to proxy all outgoing traffic in order to simplify outbound firewall rules. What I'd like is: https://service1.com.example.com -- https://service1.com:443 https://www.service2.com.example.com -- https://www.service2.com:443 https://service3.com.example.com -- http://service3.com:8080 (everything else denied) (There will be 30-40 different hosts here, so I'm looking for something relatively easy to maintain.) Is this possible with Nginx? Or is there some other proxy software that is better suited for this problem?

Read the article
routing based on source IP

- by user1977050

I am trying to do source-based routing, following the question http://unix.stackexchange.com/questions/131527/routing-based-on-source-ip. The source IP floating one and assigned to a cluster (consists from 2 servers). Let's say that the physical IP on server1 is 192.0.2.1, on server2 192.0.2.2, and the virtual IP is 192.0.2.3 (and this should be the source IP for outgoing traffic). How can I configure static source IP routing for this in RHEL?

Read the article
Cisco VPN Client Behind ASA 5505

- by fdf33

I'm trying to get connected to another ASA via Cisco VPN Client. I am behind an ASA 5505 myself and I am tryihng to VPN to a 5510. I get the message: Secure VPN Connection terminated locally by the Client. Reason 412: The remote peer is no longer responding. I can connect to the other ASA if I use a normal cheap Linksys. Here's the version of my ASA: Result of the command: "sh ver" Cisco Adaptive Security Appliance Software Version 8.4(1) Any help would be great. Thanks running-config : Saved : Written by enable_15 at 23:12:32.378 UTC Fri Jul 1 2011 ! ASA Version 8.4(1) ! hostname aaaasa domain-name aaa.local enable password xxxxxxxxxxxxxxx encrypted passwd xxxxxxxxxxxxxxxxxxxx encrypted names ! interface Vlan1 nameif inside security-level 100 ip address 192.168.1.254 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address xxx.xxx.xxx.xxx 255.255.254.0 ! interface Vlan5 no nameif security-level 50 ip address 172.16.0.254 255.255.255.0 ! interface Vlan500 no nameif security-level 100 ip address 10.10.10.1 255.255.255.0 ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! boot system disk0:/asa841-k8.bin ftp mode passive dns domain-lookup inside dns domain-lookup outside dns server-group DefaultDNS name-server 4.2.2.2 domain-name aaa.local same-security-traffic permit inter-interface same-security-traffic permit intra-interface object network obj_any subnet 0.0.0.0 0.0.0.0 object network A_93.97.168.1 host 93.97.168.1 object network rdp host 192.168.1.2 object network NETWORK_OBJ_192.168.1.0_24 subnet 192.168.1.0 255.255.255.0 access-list 101 extended permit tcp any host 192.168.1.2 eq 3389 access-list 101 extended permit icmp any any echo-reply access-list 101 extended permit icmp any any source-quench access-list 101 extended permit icmp any any time-exceeded access-list 101 extended permit icmp any any unreachable access-list 102 extended permit ip any any pager lines 24 logging enable logging asdm informational mtu inside 1500 mtu outside 1492 ip local pool VPNPool 192.168.2.200-192.168.2.210 mask 255.255.255.0 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-641.bin no asdm history enable arp timeout 14400 ! object network rdp nat (inside,outside) static interface service tcp 3389 3389 ! nat (inside,outside) after-auto source dynamic any interface access-group 101 in interface outside access-group 102 out interface outside ! router ospf 1 network 192.168.1.0 255.255.255.0 area 0 log-adj-changes ! route outside 0.0.0.0 0.0.0.0 93.97.168.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 dynamic-access-policy-record DfltAccessPolicy http server enable http 192.168.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec ikev2 ipsec-proposal DES protocol esp encryption des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal 3DES protocol esp encryption 3des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES protocol esp encryption aes protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES192 protocol esp encryption aes-192 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES256 protocol esp encryption aes-256 protocol esp integrity sha-1 md5 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map outside_map interface outside crypto ca trustpoint ASDM_TrustPoint0 enrollment self subject-name CN=ciscoasa proxy-ldc-issuer crl configure crypto ca certificate chain ASDM_TrustPoint0 certificate 8877d64d 30820248 308201b1 a0030201 02020488 77d64d30 0d06092a 864886f7 0d010105 05003036 3111300f 06035504 03130863 6973636f 61736131 21301f06 092a8648 86f70d01 09021612 63697363 6f617361 2e6e6a64 2e6c6f63 616c301e 170d3131 30353231 30383533 34325a17 0d323130 35313830 38353334 325a3036 3111300f 06035504 03130863 6973636f 61736131 21301f06 092a8648 86f70d01 09021612 63697363 6f617361 2e6e6a64 2e6c6f63 616c3081 9f300d06 092a8648 86f70d01 01010500 03818d00 30818902 818100ea 1aa95141 480e616c efee6816 a96d6511 313b6776 cd3dd57b cd84b4d2 5e108aee 7c980086 4d92e2eb b6c7bf66 4585af0a ccbf153a db9270be c6f5c67b db9dd8d1 2f78d033 3348b056 df4be0da 70e08953 53adf294 9db6c020 597d250f bf448b43 b90179c8 ff0b15d8 744632d9 31c1945f 0b11e258 b4c1d224 692efff4 7b2f5102 03010001 a3633061 300f0603 551d1301 01ff0405 30030101 ff300e06 03551d0f 0101ff04 04030201 86301f06 03551d23 04183016 8014493c 19db183a ab1af9e9 b1e44ad4 2a408b3c 89d1301d 0603551d 0e041604 14493c19 db183aab 1af9e9b1 e44ad42a 408b3c89 d1300d06 092a8648 86f70d01 01050500 03818100 1dd1760a fdd15941 4803fb9a cd6f44a7 2e275854 a1c0fbe1 d19f2cc9 182d43ef a547f854 8df96d15 3ea79c62 cf3fcb1c 5820360b c607dbfc 4de8bb16 19f727e9 b928a085 665816d8 138e4a35 ed610950 7910dd4a 0b1a9dd9 0e26f1c8 b78bc0cc cbf19eb2 4c4c3931 45199ea5 249e3266 661e44fd 7a00d376 dcfc6e4e d43f10b8 quit crypto isakmp nat-traversal 30 crypto ikev2 policy 1 encryption aes-256 integrity sha group 5 prf sha lifetime seconds 86400 crypto ikev2 policy 10 encryption aes-192 integrity sha group 5 prf sha lifetime seconds 86400 crypto ikev2 policy 20 encryption aes integrity sha group 5 prf sha lifetime seconds 86400 crypto ikev2 policy 30 encryption 3des integrity sha group 5 prf sha lifetime seconds 86400 crypto ikev2 policy 40 encryption des integrity sha group 5 prf sha lifetime seconds 86400 crypto ikev2 enable outside client-services port 443 crypto ikev2 remote-access trustpoint ASDM_TrustPoint0 telnet timeout 5 ssh 192.168.1.0 255.255.255.0 inside ssh timeout 5 console timeout 0 dhcpd auto_config outside ! dhcpd address 192.168.1.5-192.168.1.36 inside dhcpd dns 4.2.2.2 interface inside dhcpd enable inside ! threat-detection basic-threat threat-detection statistics host number-of-rate 3 threat-detection statistics port threat-detection statistics protocol threat-detection statistics access-list threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200 ntp server 82.219.4.31 source outside prefer ssl trust-point ASDM_TrustPoint0 outside webvpn enable outside anyconnect image disk0:/anyconnect-win-2.4.1012-k9.pkg 1 anyconnect profiles AnyConnectVPN_client_profile disk0:/AnyConnectVPN_client_profile.xml anyconnect profiles SSLAnyConnectVPN_client_profile disk0:/SSLAnyConnectVPN_client_profile.xml anyconnect enable tunnel-group-list enable group-policy GroupPolicy_AnyConnectVPN internal group-policy GroupPolicy_AnyConnectVPN attributes wins-server none dns-server value 4.2.2.2 vpn-tunnel-protocol ikev2 ssl-client ssl-clientless default-domain value aaa.local webvpn url-list none anyconnect profiles value AnyConnectVPN_client_profile type user group-policy GroupPolicy_SSLAnyConnectVPN internal group-policy GroupPolicy_SSLAnyConnectVPN attributes wins-server none dns-server value 4.2.2.2 vpn-tunnel-protocol ikev2 ssl-client default-domain value aaa.local webvpn anyconnect profiles value SSLAnyConnectVPN_client_profile type user username testuser password xxxxxxxxxxxxxxxxx encrypted privilege 0 username testuser attributes vpn-group-policy GroupPolicy_AnyConnectVPN tunnel-group SSLPOL type remote-access tunnel-group SSLPOL general-attributes default-group-policy GroupPolicy_AnyConnectVPN tunnel-group SSLAnyConnectVPN type remote-access tunnel-group SSLAnyConnectVPN general-attributes address-pool VPNPool default-group-policy GroupPolicy_SSLAnyConnectVPN tunnel-group SSLAnyConnectVPN webvpn-attributes group-alias SSLAnyConnectVPN enable ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect esmtp inspect ftp inspect h323 h225 inspect h323 ras inspect ip-options inspect netbios inspect rsh inspect rtsp inspect sip inspect skinny inspect sqlnet inspect sunrpc inspect tftp inspect xdmcp ! service-policy global_policy global prompt hostname context call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email [email protected] destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily Cryptochecksum:94a65341aa27d3929d5e92a32ba22120 : end

Read the article
IPv4 forward on windows?

- by silverbandit91

Is there anything that can forward/redirect all incoming traffic to another ip. Basically I'm looking the windows equivalent of ip forwarding in linux. echo "1" > /proc/sys/net/ipv4/ip_foward

Read the article
Need help making site available externally

- by White Island

I'm trying to open a hole in the firewall (ASA 5505, v8.2) to allow external access to a Web application. Via ASDM (6.3?), I've added the server as a Public Server, which creates a static NAT entry [I'm using the public IP that is assigned to 'dynamic NAT--outgoing' for the LAN, after confirming on the Cisco forums that it wouldn't bring everyone's access crashing down] and an incoming rule "any... public_ip... https... allow" but traffic is still not getting through. When I look at the log viewer, it says it's denied by access-group outside_access_in, implicit rule, which is "any any ip deny" I haven't had much experience with Cisco management. I can't see what I'm missing to allow this connection through, and I'm wondering if there's anything else special I have to add. I tried adding a rule (several variations) within that access-group to allow https to the server, but it never made a difference. Maybe I haven't found the right combination? :P I also made sure the Windows firewall is open on port 443, although I'm pretty sure the current problem is Cisco, because of the logs. :) Any ideas? If you need more information, please let me know. Thanks Edit: First of all, I had this backward. (Sorry) Traffic is being blocked by access-group "inside_access_out" which is what confused me in the first place. I guess I confused myself again in the midst of typing the question. Here, I believe, is the pertinent information. Please let me know what you see wrong. access-list acl_in extended permit tcp any host PUBLIC_IP eq https access-list acl_in extended permit icmp CS_WAN_IPs 255.255.255.240 any access-list acl_in remark Allow Vendor connections to LAN access-list acl_in extended permit tcp host Vendor any object-group RemoteDesktop access-list acl_in remark NetworkScanner scan-to-email incoming (from smtp.mail.microsoftonline.com to PCs) access-list acl_in extended permit object-group TCPUDP any object-group Scan-to-email host NetworkScanner object-group Scan-to-email access-list acl_out extended permit icmp any any access-list acl_out extended permit tcp any any access-list acl_out extended permit udp any any access-list SSLVPNSplitTunnel standard permit LAN_Subnet 255.255.255.0 access-list nonat extended permit ip VPN_Subnet 255.255.255.0 LAN_Subnet 255.255.255.0 access-list nonat extended permit ip LAN_Subnet 255.255.255.0 VPN_Subnet 255.255.255.0 access-list inside_access_out remark NetworkScanner Scan-to-email outgoing (from scanner to Internet) access-list inside_access_out extended permit object-group TCPUDP host NetworkScanner object-group Scan-to-email any object-group Scan-to-email access-list inside_access_out extended permit tcp any interface outside eq https static (inside,outside) PUBLIC_IP LOCAL_IP[server object] netmask 255.255.255.255 I wasn't sure if I needed to reverse that "static" entry, since I got my question mixed up... and also with that last access-list entry, I tried interface inside and outside - neither proved successful... and I wasn't sure about whether it should be www, since the site is running on https. I assumed it should only be https.

Read the article
dd-wrt and squid proxy

- by Soe Naung Win

I am now using linksys router with dd-wrt firmware & squid proxy from off-site (VPN) for anonymity. The problem is i have to configure proxy setting in my browser to access that proxy. What i would like to do is to get all my traffic pass through the router via squid proxy without configuring any setting in browser. I can't use openvpn due to port blockage in my country. My current squid proxy listen to port 443.

Read the article
dd-wrt and squid proxy

- by Soe Naung Win

I am now using linksys router with dd-wrt firmware & squid proxy from off-site (VPN) for anonymity. The problem is i have to configure proxy setting in my browser to access that proxy. What i would like to do is to get all my traffic pass through the router via squid proxy without configuring any setting in browser. I can't use openvpn due to port blockage in my country. My current squid proxy listen to port 443.

Read the article
How memory hungry is Jetty?

- by Sanoj

I am planning to use Jetty + MySQL on a small VPS with just 256 or 512MB memory, for serving a few websites. I haven't used Jetty before, only PHP on shared hosting. Is 256 or 512MB too limited for a Jetty server? or should I go with nginx + php + php-fpm setup instead? The websites will not have much traffic, they are just small sites.

Read the article
nginx: how do I track down a random 500 from nginx (not my application). Potentially has something to do with load?

- by kaleidomedallion

We recently had some 500's from nginx itself that somehow were not logged (we have screenshots, but nothing in the logs). That is weird in itself, because usually errors show up there. Regardless, I am wondering if there is something like a connection pool size that if maxed out would result in a 500? We have correlated it potentially to a recent spike in traffic, but it is not conclusive. Anyone have any ideas of how to begin to approach such an issue?

Read the article
Configuring Windows 2003 As A Router

- by Sean M

I am trying to configure a Windows 2003 server to act as a router, so that the two subnetworks that I'm dealing with can communicate with one another without NAT. I am mostly sure that I have configured Windows 2003 incorrectly, and I'm finding it very difficult to drill down through Google results to something helpful. I have a 192.168.1.0/24 network that is my "production" network (in the sense that I'm in trouble if I screw it up) and a 10.0.0.0/8 network that is my test network. The 192.168.1.0 network is ruled by a gateway whose routing table looks like this (my address redacted): The Windows 2003 server, "prime," is multihomed. Its network adapters are at 192.168.1.122, (as seen above), 10.0.0.1, and 10.0.0.2. I added the Routing and Remote Access role to it, and enabled LAN routing. I do not have it using RIP or other routing protocols. Its current routing table is shown below. To me, it looks like all of the right routes are there for traffic to pass between the 192.168.1.0 network and the 10.0.0.0 network. However, traffic does not pass. The 10.0.0.11 and .12 clients cannot be contacted from the 192.168.1.0 network. When I use traceroute to try to get to them, the trace gets to the Windows 2003 server's 192.168.1.122 address, then produces nothing but "* * *" timeouts. When I try to traceroute to 192.168.1.1 from a 10.0.0.0-network client, I get "destination host unreachable." However, I know that the routing is working at least a little, because from the 192.168.1.0 network, I can connect to the Windows server just fine by referring to it as 10.0.0.1. What static routes would allow me to contact 10.0.0.11 and .12 from the 192.168.1.0 network? Is it possible to tell the Windows server "since you are a DHCP/DNS server, you already know routes to get to machines that are getting IP addresses from you, please add those to your routing table" ? Will using RIP or OSPF on the Windows server actually be helpful in this situation?

Read the article
How to relax firewall for UDP connections/ports for a specific IP address?

- by Gnanam

Hi, My server is Red Hat Enterprise Linux Server release 5. iptables version is v1.3.5. I want to allow all UDP connections / port for the IP address 192.168.0.200. This IP address is configured in my eth0. So basically I want to set it up the same as my local loopback (127.0.0.1) UDP traffic. What is the iptable command to allow all UDP connections / ports for IP 192.168.0.200?

Read the article
How do you enable L2TP in a Cisco Firewall?

- by johnny

I am trying to find out how to allow L2TP traffic through a PIX 515e firewall. Windows 2003 is already configured. Thank you.

Read the article
Selecting which IP address to use for outgoing requests from behind a NAT

- by iamrohitbanga

Our organization has several external IP addresses. I am behind 2 layers of NAT and the servers choose which IP address to route my traffic to. Can I specify which IP address to use when finally leaving the organizations network. I know that source routing can be done in IPv4 by adding some options in the header. But can I configure my PC to add these options automatically. I have both a Windows and a Linux Machine.

Read the article
how to block https sites on netgear router?

- by Karthick88it

I am using NETGEAR Wireless-N-300 Router Model among couple of peoples to sahre internet connectivity. I have a problem, on my company i blocked facebook.com, but the users are access on protocol https, i blocked some ip´s of facebook but they haves a lot ip, please, how to block facebook on https protocol...?? Can anybody help me for creating the block HTTPS traffic rule. Like I need to block: https://www.facebook.com/ many thanks Karthick

Read the article
Why can't I get Apache2 mod_dumpio working under Lucid Lynx Ubuntu?

- by bland328

I'm trying to capture all of the traffic to and from an Apache2 web server for troubleshooting purposes, so I did the following to try to set mod_dumpio up properly: Used a2enmod to enable mod_dumpio Changed LogLevel to "debug" in apache2.config Added "DumpIOInput On", "DumpIOOutput On" and "DumpIOLogLevel debug" to apache2.config Issued "/etc/init.d/apache2 restart" to restart Apache Issued "apache2ctl -t -D DUMP_MODULES" to make sure mod_dumpio was loaded I'm watching /var/log/apache2/error.log, but not seeing much there, and certainly not a dump of all input and output. Can anyone help?

Read the article
best tomcat hosting servrice provider for jsp

- by akshay

I want to host my website build using jsp/java.I am looking for a good host which offer following features. unlimited bandwidth (to support large traffic.I dont want to run slowely) low price` good customer care suport that can help me in deploying in case of any problems I am running tight on budget.As i am a university passout. `

Read the article
Debugger for Iptables

- by chris_l

Hi, I'm looking for an easy way to follow a packet through the iptables rules. This is not so much about logging, because I don't want to log all traffic (and I only want to have LOG targets for very few rules). Something like Wireshark for Iptables. Or maybe even something similar to a debugger for a programming language. Thanks Chris

Read the article
How do I get squid peers to talk SSL to each other?

- by Marcelo Cantos

How would I set up a pair of squid proxies so that one uses the other as a parent and all traffic between them is encrypted using SSL? I've read the cache_peer documentation, but it's all very fuzzy to me which certs I need to create (and how), which server uses which cert, and so on. Is there a straightforward HOW-TO for this somewhere? Just to be clear, I don't want to know how to setup squid to proxy https requests, or as a reverse proxy for a web server that uses https.

Read the article
Avoid corporate blocked URL's when on Cisco VPN

- by Marcus

When I'm on my home PC and on my company VPN I can't get to sites that my company blocks. Is there a way to get around this? Why do my requests to facebook.com go through the VPN? Can you configure your system to, for instance, not go through the VPN for HTTP traffic? Update: We are using Cisco VPN v 5, I'm running on XP

Read the article
How-To define an Alias-Name for a given Fileserver?

- by Ice

Hi, I'm building a testsystem and want to use the servernames like in the productive environment. For tcp-traffic i made an entry in the hosts-file but that seems not to work for fileservers (smb). How may i define an Alias-Name like (\Filer) for my fileserver with IP:192.168.1.2 and Name \testshare in our test-domain? Peace Ice

Read the article
Tor and blacklisting

- by Likso

I'm studying Tor and its capability to provide anonymity and bypass censorship, especially when used by people of repressive countries. I'm wondering about one thing. The nodes that are part of the "Onion Network" are limited and they're public. So, in an oppressive regime, couldn't be possible that someone with a blacklist just put a firewall blocking in this way TOR traffic? (and tracking down who's using it?)

Read the article
Blank graph for some munin plugins

- by jack

I have a munin-master and munin-node installed on same server (Ubuntu 9.10 server). Most pre-installed plugins work well but the following plugins are with blank graph: Memcached bytes used Memcached connections Memcached cache hits and misses Memcached cached items Memcached requests Memcached network traffic MySQL Queries Cache Size I run the following 3 script in terminal and results were ok. /etc/munin/plugins/memcached_bytes /etc/munin/plugins/memcached_counters /etc/munin/plugins/memcached_rates But when I tried the command below after "telnet localhost 4949" fetch memcached_bytes # Unknown service etch memcached_bytes_ # timeout pid 28009 - killing...done Does anyone know the reason?

Read the article
Setting up a VPN server that uses a proxy server

- by Mehdi

My PC(Windows 7) is connected to internet through a proxy server configured in internet options. I have set up a VPN server in my PC. But the clients that connect to my VPN server don't have access to internet. I know that if I set the proxy setting in client they can connect to internet. But is there a way that my VPN server pass traffic through the proxy server? What about using another vpn server instead of proxy server?

Read the article
How does NMap decide to print a progress line?

- by Andrew Bolster

Checking a larger subnet than I normally do; mapping out a cluster suite in a university for a traffic mapping project (permission attained), and I was wondering something. NMap usually prints its progress periodically, but I'm unclear to what that 'periodically' is, because the cirrent scan printed a line for basically every 100th of a percent up to 1% done, then one at 1.5%, and has said nothing since. I suspect that it changes at different 'levels' but does anyone have an actual answer?

Read the article
kerio load balance

- by Azzam

I use kerio winroute 6.5 , for week ago, i got a second adsl link (2 mbps), i tried to configue the load balancing in kerio , but always , kerio directs the traffic to one route without the other , i enabled NAT for firewall and change the rate between 2 links but always kerio takes the system route to one link , is there a solution for that ?

Read the article

< Previous Page | 792 793 794 795 796 797 798 799 800 801 802 803 | Next Page >