I'm looking after a bit of server hardening for PCI DSS and can remove the headers from IIS no problem for standard sites but my compliance scanner is reporting (correctly) that port 8172 for MS Web deployment of packages is announcing the IIS/10 server header and that's a PCI compliance fail.
I've tried manually adding a URL Rewrite rule in C:\Windows\System32\inetsrv\config\administrator.config but that hasn't worked.
There don't appear to be any settings for controlling the WMSvc, Management Service whatever you want to call it.
Just asking in case anyone else has found the magic setting.
I know I could disable webdeploy between uses, firewall it or even not use it but I'm sure there must be an answer given how trivial it is!
Thanks
Related
I do not trust anything, so I want to write my own firewall. I'm not satisfied with the application firewalls in Linux and Windows and the distro firewalls are not adequate for my purposes. I'm frustrated with distro firewalls, most of them like pfSense, OPN Sense, ipfire just seem to give illusion of firewall but all they do is packet filtering. I'm unable to block everything and only allow few websites with it, I have created a rule to block DNS requests, applied that rule and rebooted the firewall distro but it doesn't seem to have any effect. I either have to block everything or allow everything, both of which are undesirable. The sc*mbags seemed to have deliberately made the interface unintuitive to sell service, they claim their firewalls are free but made the interface obtuse, so that they can steal money by selling service.
I'm thinking of writing my own firewall, one of this will be an application which will run on the client system and the other would be standalone distro, both will run together to allow better management. The application on the client will create a special packet signed with the hash of the application, OS, etc and the intermediary firewall distro will check this hash and allow rules and policies to be created based on this hash. Does the TCP/IP protocol allow this?
I have searched the net for resources about network API on Linux, and there are three resources about writing my own firewall, two are questions here and one is netfilter. I don't know anything about TCP/IP protocol, so I don't know if I can use the packets made TCP/IP to achieve this or I have to creatively find a way to create a special packet.
I have a node.js website running on my Ubuntu VM. I can access it both from the host and the VM. But if I try http://192.168.10.120:80, from an external device connected to the same network over WiFi, it doesn't work.
What I need to do to make the web site accessible to external devices on the same local network?
I've been googling this for days, and still can't find an answer...
If the host is Windows, there's two things you'll have to do. One is setting up port forwarding in your VM settings. If you're using Virtual Box check this out. Also, depending on your internal networking setup, you may need to allow inbound connections to port 80 through Windows Firewall. Check out this article from Microsoft. The process hasn't really changed since Windows 7 so it should be the same on 8 or 10.
As a side note, security through obscurity sucks but I still wouldn't recommend using port 80.
I am working on a project and am attempting to run a FTP daemon on an azure vm running the Technical Preview 2. The Daemon reports that it is behind a NATed router, and as such I can not connect in via another means but the remote desktop connection. (I will be running other daemons on this server as well, and they also have this problem)
I need some way to access this router that my Azure server is behind to configure it to allow for the range of ports that i need to access.
The fine folks at MVA instructed me to ask here, so here I am.
I think you just need to open the port (endpoint setting in the portal) to the virtual machine, so check this article out.
Also, make sure the local firewall isn't blocking that ftp port... I'm pretty sure it's off by default.
I was setting up a Perforce server and only noticed options for localhosts and such. What I'm trying to do is setup up the server on a desktop machine at one household, and then be able to connect to it using the P4V Client to access the files over the internet form a another household. I no that I'll have to forward some ports and stuff but what set up files do I need to do this? I can only find info for servers that are all being run on the same network like at a business or something nothing that is over the internet. I've set up a team speak server like this where you go to connect and type in the ip address and port and then connect to the server but this dosn't have options like that, that I've seen anyway. This will be done all on Windows 7 64 bit machines. Server on desktop and clients will be on desktops and laptops. All help is appreciated and I'll be posting back with updates on what i'm doing so others can follow this as well if needed.
The server accepts TCP/IP connections, which can be from any client machine which has TCP/IP connectivity. The Perforce server configuration for telling it which IP address and port number to listen at is the P4PORT setting: http://www.perforce.com/perforce/r12.2/manuals/cmdref/env.P4PORT.html
Since you're on a Windows machine, your server will probably be run as a Windows Service, and hence its P4PORT setting will be held in the registry section for that service. You can edit the service's configuration using a registry editor such as RegEdit, or more simply you can use 'p4 set -S Perforce P4PORT=my-host-name:my-port-number' to specify the desired IP address and port.
Then restart your Perforce service from the Services Control Panel and you're good to go!
Am developing a firewall application that is suppose to restrict website/protocols/webs directories system wide that i choose
for example
restrict login.domain.com, but not domain.com
restrict domain.com/passport not domain.com
restrict .tld types e.g .org
pls give me some ideas?
[edit]
Am developing on the windows plat form , from win 2000 to win7, using any vb language vb6 upwards also i want to be able to block any protocol http ftp etc.
You probably want to investigate developing a SOCKS proxy, this is capable of filtering all protocols. Other avenues you could pursue include developing a Winsock LSP or writing your own routing software (like ISA Server).
You'll be hard pressed to do it in Visual Basic 6 or VB .NET however.