Latest Server related questions

It is obvious that local /etc/hosts file is ignored when using a proxy while browsing. How can I use hosts file when using a proxy? I've access to the proxy server. I changed /etc/hosts file on the proxy server itself, it did work when I use a browser from the the proxy itself, although it didn't work at all for all the clients connecting through it. It is totally ignored.

from the proxy server (runnin ...

I'd like to use Basic Auth only when HTTPS is used. Having a .htaccess like this the user must enter password twice

RewriteEngine On
RewriteOptions Inherit

# Rewrite to HTTPS (except for let's encrypt)
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/.*$
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

<RequireAny>
    AuthType Basic
    AuthName ...

When publishing and AMI on the Marketplace or sharing an AMI with another account, how would one go about protecting the executables from being copied out?

I've looked into the documentation (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/building-shared-amis.html#public-amis-protect-yourself ), but is seems to only exclude paths from being part of the AMI in the first place. Could not find anythin ...

How to redirect tailscale traffic (TPC+UDP) through shadowsocks proxy on Linux? I've tried ss-redirect with no success.

I am trying to understand the following observation.

We have two domain names, domain1.example and domain2.example. At a DNS level, there's an A record to an anycast address. Both domains resolve to the same address.

When the same user makes an HTTPS Web request to domain1.example and domain2.example, the user's IP address (per access log) is not consistent across the two domains but is consistent fo ...

I'm thinking of creating a website for a friend. This includes registering a domain name and setting up a couple email addresses ([email protected], etc.)

If the friend doesn't maintain the domain registration, and the domain falls into the hands of a nefarious actor, how can I protect my friends email addresses?

If I'm not mistaken, it is a common tactic to register a defunct domain name and im ...

I've been working on this for a while, without much luck.

I'm using port forwarding to expose the ssh port on internal virtual machine to the outside world (port 8000 on the host). The host machine is Ubuntu 18.04LTS, 132 GB ram, AMD Epic 16/4 cores. The VM is Debian 11.

I am using ufw for general protection of the host. Connections can only be made from the campus network, and outside users have to ...

I have postfix/dovecot running with spamassassin on Centos.

PROBLEM:

• The VPS acts as a mail server
• Spamassassin edits the email subject and adds [SPAM}
• Ms. Outlook on Windows moves those emails to the Junk folder
• The above happens ONLY if an email is sent from the VPS to another address on the same VPS machine
• The above problems does NOT happen if I send emails from this VPS to another email account  ...

Currently my OpenVPN client successfully connects to my OpenVPN Ubuntu server, and from my server's browser is accessible as 10.1.0.25. How to make it so that the client can be accessed on every computer in the server's local network under the IP 10.1.0.25?

So I followed the Microsoft documentation to get this setup --> https://docs.microsoft.com/en-us/microsoft-365/compliance/set-up-an-archive-and-deletion-policy-for-mailboxes?view=o365-worldwide. Specifically I'm looking to take any Exchange items more than 2 years old and move them over into the users' Online Archive.

After implementing this I now see that the item age is being determined as creat ...

OS FreeBSD-13.0p3

We have a gateway router (G) with three physical Ethernet interfaces. One (W1) is the WAN gateway. The other two (L1,L2) are connected to the same wire. L1 belongs to the 192.168.0.0/16 network. L2 belongs to our public routable network 123.123.123.0/25.

All single-homed internal hosts belong to one or the other networks exclusively. Some dual-homed hosts have one nic on L1 an ...

I'd like to set a header on all page request except for one. I've tried the following:

location ~ ^\/(?!allow-iframes) { 
  add_header 'X-Frame-Options' 'DENY';
}

This has some unexpected behavior. It causes a 301 redirect on all pages except /allow-iframes.

I came across this but I can't use map since it only works inside http and not inside the server context.

I am facing one issue in contiv vpp cni

1. Create k8s cluster with one master and one worker node using contiv vpp as k8s cni plugin.
2. Launch any pod like ngnix.
3. Join new worker node in the cluster.
4. Contiv-vswitch pod getting restarted in master and old worker node. How to avoid it ? Can anyone please help ?