I have two groups of staff in our organization I would like one group to access internet from 6:00-22:00 and will be accessing all websites except certain ban sites and the other group will access the internet only from 11:45-13:00 and will ban as well from certain websites. I'm confuse on how to create two separate website ban list on dansguardian and also acl statement to do this task. However below is the acl statement i wrote for the two groups but it does not produce the result i'm after, i'm new to squid and dansguardian can someone help me out on this. My end goal is to have this two groups running through the proxsy server as per the time specified to access the internet and dansguardian will filter their separate list of ban websites accordingly.
acl
acl staff_access scr 192.168.1.0/24
acl manager_access scr 192.168.1.0/24
acl staffaccess_hrs time time S M T W H F A 11:45-13:00 16:00-22:00
acl manageraccess_hrs time S M T W H F A 6:00-22:00
http_access
http_access allow staff_access manager_acess staffaccess_hrs manageraccess_hrs
Squid port
http_port 3128
Below would be better approach.
http_access allow staffaccess_hrs staff_access
http_access allow manageraccess_hrs manager_access
http_access deny staff_access
http_access deny manager_access
Regards
Kias
Related
I'm looking to allow a specific device (in this case one particular iPad) access to XAMPP on a computer on the same LAN. I don't want any other devices besides this one and the server itself to be able to access localhost or anything else though. I'm able to find ways to enable LAN access online but to my understanding this could allow anyone on the same network to access XAMPP if they have the server's IP.
if you are talking about the apache server inside xampp, you can use this kind of solution: https://serverfault.com/questions/776252/allow-access-to-apache-server-from-only-one-ip-address
Similar solution can be found for the integrated tomcat, MySQL, etc...
If you are using Apache 2.4, make sure that you LOAD the authz_core module,
DELETE:
Order allow,deny
Deny from all
Allow from my.ip.add.res
and, in place of the deleted directives,
INSERT:
Require ip xxx.xxx.xxx.xxx
**If you are using Apache 2.2**, make sure that you LOAD the authz_host module,
DELETE:
Order allow,deny
Deny from all
Allow from my.ip.add.res
and, in place of the deleted directives,
INSERT:
Order Deny,Allow
Deny from all
Allow from xxx.xxx.xxx.xxx
It is slightly off-topic to what's being requested, but requesting credentials is a simple, effective way to restrict access without worrying about IP addresses or MAC addresses.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication
e.g. https://stackoverflow.com/a/44560458/3196753
This may not fulfill certain security requirements (e.g. HIPAA, PCI) but for simply keeping unauthorized people out, it is tremendously simple and effective.
I've searched for several days for a clear answer on this, hoping asking it my own way will lead to some clarity on this common feature.
we have one single group of users that we want to restrict to logging in only from a single specific host and no where else. So basically, restrict ssh access by group AND by IP. This user can only log in from hostA, they are denied when they try to log in from any where else.
I've read working with PAM, iptables, sshd deny groups / deny users / allow groups / allow users / match / using the "from" column in the authorized keys...
I'd prefer to of course just deal with sshd configs rather than try to do this with 3 other applications... I've tried editing the sshd configs (and after restarting) none of the "deny / allow / match" parameters seem to work to restrict a user from this group from logging onto the host.
### deny group deployment from everywhere except hostA
Match Address !12.34.56.78/32
DenyGroups deployment
Any advice greatly appreciated! thanks!
I also had a desire to do this - and the closest I could come to a solution is to use iptables with the cgroup extension.
man iptables-extensions
The command woupd look something like:
iptables -A INPUT -p tcp --sport 22 -m cgroup ! --cgroup $iprestrictedusergroup -j DROP
Good luck
this is my first question here so I apologize if don't comply with the best practices.
Recently I've been a victim of a POST HTTP slow DDoS attack using different IPs on similar and different ranges on my server.
I've managed to mitigate it using fail2ban by creating a personalized filter for my specific needs:
[Definition]
failregex = ^<HOST> .*POST .*xmlrpc\.php.*
^<HOST> .*HEAD .*m.y.i.p.:80.*
ignoreregex =
These two were the most recursive attempts at my server: 'POST xmlrpc.php' request and a 'HEAD http://m.y.i.p/{phpmyadmin|phpwhatevervariation|etc...}'.
I successfully managed to block them using my local jail as this
[nginx-xmlrpc]
enabled = true
filter = nginx-xmlrpc
action = route
logpath = /var/log/nginx/access.log
maxretry = 3
findtime = 10800
bantime = 86400
The problem is that I was keeping myself locked out every so often during development. So I decided to whitelist myself. Unfortunately, my ISP provides dynamic ips, so I had to associate a hostname to zonomi and use DDNS to update my subdomain with my new assigned IP addresses every so often. I then added my hostname to my ignoreip entry on the local jail as this:
# MISCELLANEOUS OPTIONS
#
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1/8 my.hostname.sub.domain
Today I was working on the webserver and I got blocked, so I checked my hostname and it hasn't updated my IP. I manually did it and after the DNS spread over and the hostname's ip changed, I tried to access my website/server with no success.
It appears to me that either: (1) once the ban was set I would have to restart fail2ban to flush the block on my IP (which I dislike due to the fact that all the other IP's blocked are forgotten, the real threats) or (2) somehow fail2ban wasn't able to update my hostname's associated IP.
My question is: If it's (1), is there a way to lift the block automatically without restarting fail2ban or, in case it's (2), is there a way to update my hostname's ip automatically?
Does fail2ban uses IPTABLES? Should I cron a chain flush with my hostname's IP on iptables every minute?
Kindly,
A.
Fail2Ban uses iptables. As per fail2ban's documentation, it allows whitelisting based on hostname or ip addresses:
http://www.fail2ban.org/wiki/index.php/Whitelist
You should use a Dynamic DNS service, set a small TTL for your hostname (like 600 which amounts for 10 minutes). You can go even with 300 (it's not complaint with the standard but it will the job). Then check and see. If your DDNS hostname was created with a default TTL which in most of the cases for A records is between 3600 and 14400 (1 hour - 4 hours) then that might be the reason.
We've been working on a collaborative project using AWS and in particular SimpleDB. Lately, our SDB cost have been going through the roof and we're trying to figure out what's going on. Is there any way to find out which IP addresses connect to it?
EDIT: If we can't find out which IPs are accessing SDB to get data from it, is it at least possible to determine how much each of our SDB domains get queried in terms of number of queries to a domain and/or the total amount of data getting pulled from a domain?
AWS IAM allows you to put condition on user's IP address using AWS IAM AWS-Wide Policy Keys. Here is the link - For Managing Users for Amazon SimpleDB using AWS IAM.
Here is the example to allow requests only if they come from certain IP address or range. source
Allow requests only if they come from a certain IP address or range
This policy is for an IAM group that all users in a company belong to. The policy denies access to all actions in the account unless the request comes from the IP range 192.0.2.0 to 192.0.2.255 or 203.0.113.0 to 203.0.113.255. (The policy assumes the IP addresses for the company are within the specified ranges.) A typical use is for Amazon VPC, where you might expect all your users' requests to originate from a particular IP address, and so you want to deny requests from any other address.
{
"Version": "2012-10-17",
"Statement":[{
"Effect":"Deny",
"Action":"*",
"Resource":"*",
"Condition":{
"NotIpAddress":{
"aws:SourceIp":["192.0.2.0/24", "203.0.113.0/24"]
}
}
}
]
}
I have 3 different websites hosted on the same server, but with different domain registrars. I realize I could use the server's nameservers for all 3 domains, but I was wondering if it would be possible to use the standard registrar's nameservers, but change the DNS' A record to point at my server's IP address.
Is there any advantage/disadvantage to doing it this way?
Thanks!
there is two ways to point domain to server
domainname.com to A Record
Domainname.com to nameservers (ns1.domainname.com & ns2.domainname.com)
if you update A record with registrar for the domain, you can manage DNS with Registrar
but if you update nameserver for the domain you have to manage dns with your own server
this is the main differents