Latest Server related questions

I was reading this:

https://www.giac.org/paper/gsec/693/comparison-packet-filtering-vs-application-level-firewall-technology/101569

Within the context of setting up a server (non public facing), the gist is that you have PF firewalls and Application firewalls. Application firewalls are more secure since they see more of the packet etc etc but they are consequently slower.

If an application firewall is mo ...

I am deploying a Cloudfunction with VPC network as follows:

gcloud beta functions deploy my-function
      --trigger-http
      --region europe-west1
      --memory 128MB
      --runtime nodejs16
      --entry-point entrypoint
      --allow-unauthenticated
      # needed to access compute instances
      # https://console.cloud.google.com/networking/connectors/list
      --vpc-connector cloud-funct ...

Does anyone know how to redirect a url that contains a parent category of a product? Basically I want to redirect a ton of products to a simple landing page that I created, so instead of making redirects for each product, I want to target the parent category (manufacturer) and redirect it to my one landing page.

So like these:

https://example.com/product/baader/baader-600/baader-600-belts/belt-rubber/ ...

I have Windows Server 2016 RDS farm which contains 16 servers. All these servers are configured for High Availability and use same database on SQL cluster.

If this database would be lost for some reason - how do I recreate database from scratch? I do not care about recreation of all collections and remote apps.

I tried to uninstall all RDS roles, including Connection Broker role. But then - if I try ...

I tried to mount and the OS responded that I needed to run xfs_repair. Not knowing that the RAID1 was now seen as RAID0, I kicked it off and it's been running all day. That seemed weird as I had cleanly shut down before removing the disks. Anyway, I did some digging and discovered that it thinks it's the wrong RAID type, which might explain its confusion. It isn't completely clear to me how to convince  ...

So I have two different domain controllers on the same domain that reside on their own subnets. Domain controller A is the PDC with all the FSMO roles and Domain Controller B is on the other subnet (setup for its own DNS and GC). All policies are saved in the Certificate Store for the domain to ensure policies are enforced.

Sites and services is setup for a site and subnet for each. The idea f ...

We have our own mail server running using iRedMail on Apache. It's been working for us for a number of years and there haven't been any issues with the SSL until now. One of our clients is trying to connect their smtp credentials to their Zendesk account and Zendesk is rejecting the connection because it doesn't fully trust the SSL. Zendesk support sent us to https://www.sslshopper.com/ssl-chec ...

I need a way to redirect clients when no existing path is defined. When I put a return 301 config in, nginx seems to ignore any location configs. It redirects everything.

The hostname in the redirection needs to be dynamic (come from the client). These servers are actually containers and are deployed to Dev/Prod environments. So the client url changes from something like dev.example.com to exampl ...

Given a Bash Shell say in a Docker container running on Gitlab, for example, how would I get the password to get passed in?

When I login with this:

 $ vault login -method=ldap username=myusername

It asks me for a password.

How do I get the prompt to not stop and for the password to be passed in as a variable?

I plan on using Gitlab Variables to pass in my password.

After activating a plugin I received an email that I had never recived before. What kind of miscellaneous code it might be? it's a coincidence? I received an email to my account Gmail that I never used on my VPS (not sure) and I am sure that I never used it on the website where I activated a plugin. But I activated the plugin exactly at 1:03 and I received SPAM (with pdf and link inside pdf) exactly at  ...

We have this EC2 instance: T2.medium, running apache, with 4 virtual hosts (4 sites). Sometimes, out of nowhere, the CPU reaches very high levels, maybe an attack.

I've seen some of our wordpress files have been modified.

How could i check who has been writing in those files? How could i check the logs of the CPU to see what process has been affecting it? Are there any cloudwatch metrics i could use ...

Ubuntu 20.04 LTS.
There is a simple bash script to add a new user via command line in interactive mode:

#!/bin/bash
# Script to add a user to Linux system
if [ "$(id -u)" -eq 0 ]; then
    read -p "Enter username : " username
    read -s -p "Enter password : " password
    egrep "^$username" /etc/passwd >/dev/null
    if [ $? -eq 0 ]; then
        echo "$username exists!"
        exit 1
    else
      ...

I have a domain (let's say example.com), and I currently have a Let's Encrypt certificate set up and properly working for example.com and www.example.com for Apache on an Amazon Linux 2 AMI EC2 instance, and I'm trying to reconfigure the certificate to set it up for a wildcard domain (i.e., *.example.com).

I SSH'ed into the EC2 instance and ran the following command in an attempt to do this (with the rea ...

After i changed one of my database tables into InoDB from myisam i started to get "client denied by server configuration:" in my error log. After finding out mod_evasive was the problem i added the following to the apache config file. After an apache restart still get the errors so i disabled "DOSHashTableSize" and no more errors came in the log after a restart of apache and 10 minutes waiting.

exa ...

I am attempting to direct client traffic to a kubernetes cluster NodePort listening on 192.168.1.100.30000.

Client's needs to make a request to 192.168.1.100.8000 so I added the following REDIRECT rule in iptables:

iptables -t nat -I PREROUTING -p tcp --dst 192.168.1.100 --dport 8000 -j REDIRECT --to-port 30000

I then issue a curl to 192.168.1.100:8000 however, in tcpdump i see a different port: ...