I would like to restrict access to my /admin URL to internal IP addresses only. Anyone on the open Internet should not be able to login to my web site. Since I'm using Lighttpd my first thought was to use mod_rewrite to redirect any outside request for the /admin URL back to my home page, but I don't know much about Lighty and the docs don't say much about detecting a 192.168.0.0 IP range.
Try this:
$HTTP["remoteip"] == "192.168.0.0/16" {
/* your rules here */
}
Example from the docs:
# deny the access to www.example.org to all user which
# are not in the 10.0.0.0/8 network
$HTTP["host"] == "www.example.org" {
$HTTP["remoteip"] != "10.0.0.0/8" {
url.access-deny = ( "" )
}
}
This worked for me:
$HTTP["remoteip"] != "192.168.1.1/254" {
$HTTP["url"] =~ "^/intranet/" {
url.access-deny = ( "" )
}
}
!= worked over ==.
Related
I've recently activated ACLs in Consul and everything seems to be accessible except for the metrics end point (m/v1/agent/metrics)
I've tried all kind of combinations of rules in the policy I'm using to generate the token used in the curl request (see below) but none works except for the bootstrap token. However, I don't think is right to use that token for metrics as it has too much permissions.
curl -H 'X-Consul-Token: <redacted>' https://consul-url.com/v1/agent/metrics
Does anyone know which rules to use in the ACL policy so I can access metrics?
Just before pulling my last hair out I found a working solution. I couldn't find any explicit reference to it but I've tested it and it works, so I hope it helps someone. See below the rules to set in the policy used to create a token to get metrics:
acl = "read"
keyring = "read"
operator = "read"
query_prefix "" {
policy = "read"
}
service_prefix "" {
policy = "read"
}
session_prefix "" {
policy = "read"
}
agent_prefix "" {
policy = "read"
}
event_prefix "" {
policy = "read"
}
key_prefix "" {
policy = "read"
}
node_prefix "" {
policy = "read"
}
I'm running CentOs 7 with DirectAdmin. I have created some users with websites. This works fine on httpd. But after installing Varnish, I get the notification "Apache is functioning normally".
How can I configure varnish to send domainone.com to
/var/html/www/domainone.com/public_html and domaintwo.com to /var/html/www/domaintwo.com/public_html
I've already tried to add backend server to the right direction and port but the page stays redirected to the apache notification.
Any help is much appreciated.
Thanks in advance.
How is you apache configured?
The generic answer to you question would be something like:
sub vcl_recv {
if (req.http.host == "www.domainonecom") {
set req.url = "/var/html/www/domainone.com/public_html" + req.url;
} else if (req.http.host == "www.domaintwo.com") {
set req.url = "/var/html/www/domaintwo.com/public_html" + req.url;
} else {
return (synth(404));
}
}
but it doesn't seem right because varnish passes the host header along (by default), so if your apache works, varnish should change that. Have a look at varnishlog -d -q 'BereqURL' -g request and see what gets sent to the backend.
I am stuck with a specific server configuration.
I have a domain: www.domain.com.
I redirect mobiles users to m.domain.com
Until now, no problem.
I want to do not redirect mobile users to m.domain.com on a specific page.
This is what I have now:
if ($mobile_rewrite = perform) {
rewrite ^ http://m.domain.com redirect;
break;
}
I want something like (pseudo code):
if ($mobile_rewrite = perform && Location != /path/* ) {
rewrite ^ http://m.domain.com redirect;
break;
}
Thank you for your tips!
I actually found something using the $request var:
set $mobile_rewrite = [...] (perform or do_not_perferm)
if ($request ~* "path") {
set $mobile_rewrite do_not_perform;
}
if ($mobile_rewrite = perform) {
rewrite ^ http://m.domain.com redirect;
break;
}
Maybe not the best solution, but it works!
if ($request_uri !~ "^/blog/\w+$")
{
set $mobile_rewrite do_not_perform;
}
and i think this work.
I am writing a .pac file for use with iOS5 without jailbreak, but I feel trouble in matching the url starting with "https" (eg: https://test.com).
Here is my script:
function FindProxyForURL(url, host) {
if (shExpMatch(url, "https://*")) return "PROXY 123.123.123.123";
return 'DIRECT';
}
And if I matched "https://test.com", how can I return "https://123.123.123.123" to the URL?
Use this:
if (shExpMatch(url, "https:**"))
This should fix it.
I have a Play! framework Heroku project that has three deployments. One for running my dev machine, one for beta on Heroku, and one for production on Heroku. Their http and https urls are as follows:
DEV BETA PRODUCTION
HTTP URL | http://localhost:9000 http://domain-beta.herokuapps.com http://www.domain.com
HTTPS URL | https://localhost:9443 https://domain-beta.herokuapps.com https://secure.domain.com
HTTPS Type | My cert Piggyback (using Heroku's cert) Hostname-based SSL (using my cert)
I also have a class HttpsRequired that has methods for requiring HTTPS, and for redirecting back to HTTP (thanks to this post for the help).
public class HttpsRequired extends Controller {
/** Called before every request to ensure that HTTPS is used. */
#Before
public static void redirectToHttps() {
//if it's not secure, but Heroku has already done the SSL processing then it might actually be secure after all
if (!request.secure && request.headers.get("x-forwarded-proto") != null) {
request.secure = request.headers.get("x-forwarded-proto").values.contains("https");
}
//redirect if it's not secure
if (!request.secure) {
String url = redirectHostHttps() + request.url;
System.out.println("Redirecting to secure: " + url);
redirect(url);
}
}
/** Renames the host to be https://, handles both Heroku and local testing. */
#Util
public static String redirectHostHttps() {
if (Play.id.equals("dev")) {
String[] pieces = request.host.split(":");
String httpsPort = (String) Play.configuration.get("https.port");
return "https://" + pieces[0] + ":" + httpsPort;
} else {
if (request.host.endsWith("domain.com")) {
return "https://secure.domain.com";
} else {
return "https://" + request.host;
}
}
}
/** Renames the host to be https://, handles both Heroku and local testing. */
#Util
public static String redirectHostNotHttps() {
if (Play.id.equals("dev")) {
String[] pieces = request.host.split(":");
String httpPort = (String) Play.configuration.get("http.port");
return "http://" + pieces[0] + ":" + httpPort;
} else {
if (request.host.endsWith("domain.com")) {
return "http://www.domain.com";
} else {
return "http://" + request.host;
}
}
}
}
I modified Secure.login() to call HttpsRequired.redirectToHttps() before it runs, to ensure that all passwords are submitted encrypted. Then, in my Security.onAuthenticated(), I redirect to the homepage on standard HTTP.
This works great on my dev and beta deployments, but in production all of my HTTP requests are redirected to the HTTPS login page. I can still use the whole site in HTTPS, but I want regular HTTP to work too.
All of my pages are protected as members-only and require users to login, using the #With(Secure.class) annotation. I'm thinking that it must be related to the fact that the login happens at secure.domain.com instead of www.domain.com, and that they somehow generate different cookies.
Is there a way to change the login cookie created at secure.domain.com to make it work at www.domain.com?
Check out the documentation for the setting for default cookie domain.
http://www.playframework.org/documentation/1.2.4/configuration#application.defaultCookieDomain
It explains how you can set a cookie to work across all subdomains.
application.defaultCookieDomain
Enables session/cookie sharing between subdomains. For example, to
make cookies valid for all domains ending with ‘.example.com’, e.g.
foo.example.com and bar.example.com:
application.defaultCookieDomain=.example.com