I want to allow the following IP addresses in Nginx but I do not understand the format given by the CDN, how do I use these?
146.88.136.0/21
94.31.33.128/27
64.125.78.224/27
94.31.33.192/27
64.125.78.192/27
198.232.124.0/22
27.50.79.130/32
50.31.251.34/32
108.161.176.0/20
64.125.76.96/27
94.31.33.160/27
64.125.102.96/27
64.125.102.64/27
216.12.211.59/32
50.31.249.226/32
119.81.131.131
70.39.132.0/24
64.125.102.32/27
64.125.76.64/27
64.125.78.96/27
216.12.211.60/32
27.50.77.226/32
119.81.131.130
146.88.128.0/21
174.36.204.195
174.36.204.196
37.58.110.67
37.58.110.68
158.85.206.228
158.85.206.231
94.46.144.0/20
94.31.56.160/27
94.31.27.64/27
177.54.148.0/24
185.18.207.65/26
The list your CDN has given you is a list of CDIR formatted IP addresses which Nginx supports out of the box, you can simply state them as listed just prefix each with 'allow', ie:
allow 146.88.136.0/21;
allow 94.31.33.128/27;
allow 64.125.78.224/27;
allow 94.31.33.192/27;
Related
So I recently was looking for a way to add extra metadata to logs and found out that syslog got me covered. I can add custom metadata using SD-ID feature like this:
[meta#1234 project="project-name" version="1.0.0-RC5" environment="staging" user="somebody#example.com"]
The problem is that 1234 has to be a syslog private enterprise number.
I assume those are given to big companies like microsoft or apple, but not to indie developers.
So My question is, is there a reserved number for internal use that everyone could use without registration for internal purpose?
If you use RFC5424-formatted messages, you can (or could) create custom fields in the SDATA (Structured Data) part of the message.
The latter part of a custom field in the SDATA is, as you mentioned, the private enterprise number (or enterpiseId).
As per RFC5424 defined:
7.2.2. enterpriseId
The "enterpriseId" parameter MUST be a 'SMI Network Management Private Enterprise Code', maintained by IANA, whose prefix is iso.org.dod.internet.private.enterprise (1.3.6.1.4.1). The number that follows MUST be unique and MUST be registered with IANA as per RFC 2578 [RFC2578].
Of course it depends on what you're using it for, if it's only for local logs, you can use any enterpriseId or you can even use a predefined SDATA field with a reserved SD-ID and rewrite it's value. (See: syslog-ng Guide)
I want to search something for IP's coming from a specific set of subnets. Some query languages are smart enough to know a /24 is a subnet, but KQL is not. Is there an alternative to this? This is not what I'll be searching on, but for the sake of example let's say you want to search on SignIn logs but only from machines in the 192.168.1.0/24
Please check:
https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/ipv4-is-matchfunction
datatable (ip:string)
[
'192.168.1.64', // match
'192.168.2.11', // no match
]
| where ipv4_is_match(ip, '192.168.1.0/24')
I reach a limit in the number of requests I can get using the default httpClient that my API wrapper provides.
//I was getting something like this at the beginning
Head www.example.com:80/: lookup example.com: no such host
To solve this I want to change the MaxIdleConnsPerHost setting for the httpClient.Transport of my client. It looks much more like this:
However, the Transport my client uses is a RoundTripper and subsequently, it doesn't have a MaxIdleConnsPerHost param.
&oauth2.Transport{Source:(*oauth2.reuseTokenSource)(0xc2082ac0c0),
Base:http.RoundTripper(nil),
mu:sync.Mutex{state:0, sema:0x0},
modReq:map[*http.Request]*http.Request(nil)
}
The one I'm providing is mostly a default one and it lacks the proper configuration I suppose or simple what I want to do is not feasible.
&http.Transport{idleMu:sync.Mutex{state:0, sema:0x0},
idleConn:map[http.connectMethodKey][]*http.persistConn(nil),
idleConnCh:map[http.connectMethodKey]chan *http.persistConn(nil),
reqMu:sync.Mutex{state:0, sema:0x0},
reqCanceler:map[*http.Request]func()(nil),
altMu:sync.RWMutex{w:sync.Mutex{state:0, sema:0x0},
writerSem:0x0,
readerSem:0x0,
readerCount:0,
readerWait:0},
altProto:map[string]http.RoundTripper(nil),
Proxy:(func(*http.Request) (*url.URL, error))(nil),
Dial:(func(string, string) (net.Conn, error))(nil),
TLSClientConfig:(*tls.Config)(nil),
TLSHandshakeTimeout:0,
DisableKeepAlives:false,
DisableCompression:false,
MaxIdleConnsPerHost:200,
ResponseHeaderTimeout:0}
Can someone guide me on the right direction?
I've changed the IP on the global zone. Now I want to change the non-global zones.
I login with zlogin and use
ipadm delete-addr net0/?
There is a ? behind net0/
So I can't delete and set new.
Is there another way to change the IP of this zone?
From the global zone, you might check the output of:
$ dladm | grep <zone-name>
$ dladm show-linkprop <zone-name>/<iface>
zonename/aggr0 allowed-ips rw 10.2.42.142 10.2.42.142 -- --
Then, you should be able to change it using:
$ dladm set-linkprop -p allowed-ips=10.x.y.z zonename/aggr0
This might do the trick, I know if you have the link-protection to allow only listed IP address, this will update the list without the need for a reboot.
NOTE: I don't have a test zone available to actually verify this, but I know I already did this once in the past and it actually worked...
I'm testing (simulating receipt) of PO/850 on BizTalk 2010 by dropping an EDI in a file receive. I get two files output, one is a TA1 and one is the 850. (In the real world, I will send the 997 back to the party that sent me the 850.)
I have a Send Port defined to go to file system, with filter:
BTS.ReceivePortName == rp_partner_850. In the directory associated with that SendPort is where I see both the 850 and the TA1.
In the Party/Agreement in BTAdmin, on the Parter->MyCompany tab, then the "Acknowledgments" section, I have checked "997 expected" and not checked "TA1 Expected".
I'm also unclear why I need to select the "Send Ports" in the Party/Agreement tool. How does that interplay with filters on the Send Ports.
I tried setting up a second send port to a second disk directory, and on that one I set filter to this: BTS.MessageType == http://schemas.microsoft.com/Edi/X12#X12_997_Root, as per this question.
I made quite a few changes, so not sure exactly which one got it working. I followed videos 2-4 found here: https://msdn.microsoft.com/en-us/biztalk/gg153513
I'm still getting the TA1s, and will work on that next, but now I'm getting 997s in a separate SendPort.
I added new send port sp_997_Test with the filter as described in the question above, and specified that in the "MyCompany->Partner" tab of the agreement under Send Ports.
I also setup the "Local Host Settings" on the "Partner->MyCompany" and put "850-Purchase-Order..." in the ST1 column, and the Partner Value in the GS2 column.