I need to secure a Solr/Tomcat instance running on Windows 2008. All read/write clients are within the LAN, so I have followed the Tomcat instructions here and the Solr instructions here. I am unsure that is enough,
could you offer me any additional suggestions? or share how you go about securing Solr/Tomcat+Windows.
I also would appreciate suggestions on how you go about "white-hat" testing for vulnerabilities.
Thanks
I have no idea what you did specifically, so it's hard to answer the question. But if you configured Tomcat to require authentication, and set up your firewall so Tomcat is not reachable from the outside, then it should be good enough for most purposes.
Related
we're beating our heads a bit with this problem of ours. We have a company headquarters with our own network and an external cloud with another network. We want to create a script that when our on-site network does not work, it must automatically use the proxy we created with Squid, which is obviously on the Cloud with another network. Our virtual machine on the cloud with Squid can be reached internally via Firewall. We need an automatic system that uses the proxy when the internet fails in our office, can you help me? I was studying the Pac files, but I understand little of them. If I could also apply it via policy it would be perfect, but I just need to solve at least the first point.
Thanks
I've worked on my web app and now it's ready to go on production. For developmnent I used XAMPP on my local machine. I need to deploy the app on a Windows Server 2016 in which other people have access to.
So let's start with some question for you!
1:
I suppose that using XAMPP is not a good idea since it doesn't offer a good level of security.
I want to protect my database, my database storage folders and I want to avoid other people to access any part of my environment.
So I actually want to ask you any suggestion on how to deploy my web app avoiding security issues.
I also would like to ask you the better free local environment I can use for production (something like XAMPP but with improved security).
Keep in mind that my web app should only be visible to the local network.
2:
Is there a way I can set an hostname for my server in order to make everyone who is connected to the lan able to reach my server with that hostname? Writing the IP with the port isn't good for user experience. I know I can use the "name" of the computer itself, but setting a custom hostname would be better.
3:
How should I serve the application? Running the normal command "php artisan serve"? Anyway that way just closing the terminal would result in killing the process so the server will become unavailable.
ANY suggestion would be really appreciated. Is my first approach to deployment so I'm really sorry if my questions are stupid.
Thank you in advance!
I want to setup proxy server on our office. I have two proxy server's available i.e. (SQUID for Linux and WinProxy for Windows). I have following requirement.
All the rule's which I define in proxy server like block some specific sites etc. should likely to work.
The "Evolution Mail Client" for linux and "Outlook Express" for windows also should work.
So, can you tell me the guidelines how to achieve both the task especially no.-2 .
Thanks in advance.
Squid is a very good option for a caching proxy. It has a configuration file to block some specific sites, IPs, domains... and to tell him which files has to cache. Making a smart proxy is not easy. But you can find great configurations and tutorials in Google or in his wiki.
There are two ways for setting up a proxy:
Direct proxy: you have to manually configure every computer to use your proxy server.
This is the easiest option. I recommend you using this.
Please note, computers that don't use the proxy can access all pages (even if they're blocked).
Transparent proxy: this is the most secure, ideal option for most cases (including yours). You have to configurate your network and the proxy server to forward any requests to it. This is a hard option and very difficult to achieve in your case.
About your Evolution and Outlook problem, there can't be any problems related to the proxy, don't worry about that.
Sorry if this is kind of a noob question, but I'm just starting to use CruiseControl, and I'd like to allow access to the DashBoard from anywhere on the internet.
I can't find any documentation on how to do this. I'm running it off of a Windows machine, and I can start CC and view the DashBoard through http://localhost:8080/
Any ideas?
Update: I added a new Inbound rule for my machine on 8080, however http://canyouseeme.org/ says it's not open. Strange...
I don't think any special action is needed to allow external access, so I think your problem is more of a general web hosting problem than it is specific to CruiseControl. Here are a few things that might be worth looking at:
Make sure your firewall is not blocking access to the port.
Make sure your network's domain policy allows external access to your computer.
Are you starting CruiseControl from the command line or as a service? If starting from the command line, try starting it as a service and see if the results are different. How to do this depends on your system configuration, but usually, if you are using CruiseControl .NET, run the command net start "CruiseControl.Net Server". If you are using standard CruiseControl, run net start "CruiseControl Service".
I have a strange problem, I just installed my php web site on a shared hosting, all services were working fine. But after configuring my app I just could visit my web site only once, other attempts gives:
"The server is taking too long to respond.".
But from other IP i can access, but only once, it seems all ip addressess beeing blocked after first visit(even ftp and other services get down, no access at all from the IP), can anyone help to explore this problem ? I don't think that it's my app problem, the app works fine on my local PC.
Thanks.
First thing to try would be a traceroute to determine where your traffic is being blocked.
In a windows command prompt:
tracert www.yoursharedhostingserver.com
At the moment, trying to access this address gives this:
Fatal error: Class 'mainController'
not found in
/home/myicms/public_html/core/application/crApplication.class.php
on line 181
I have tried it multiple times and it didn't block me. It might be that You have already solved this problem.
As far as I know, the behavior described by You could only be explained by a badly configured intelligent firewall. It may have been misconfigured by Your host.
If You visit a site at a certain host and suddenly You cannot access an ftp on this host, then it's either a (really bad) firewall or a (very mean) site that explicitly adds a firewall rule to ignore that address.
Some things that You might look into:
It might be something with identd too. What was the service You have configured on Your host? Was it by any chance any kind of server-controll panel (that might have an ability to controll a firewall)?
Is the blockade permanent, or does it go off after 24h, or does it only go off after rebooting the server? Does restarting some services makes the blockade go off?
Did You install any software that "protects Your server from portscanning"? It might be a bit too aggressive.
I wish You good luck in finding a source of this problem!
Chances are that if you can access it once that its actually working. The problem is more than likely in the php code than in the server.