WatchGuard WebBlocker - Can't visit any website - firewall

When I try to load any website i get this error message from the WatchGuard:
And i can see in FireWare web UI, that the webblocker feature key is expired.
Is this connected? Will that solve my problem to renew that license?

The service may not actually be disabled (by you) and is still trying to reach the watchguard servers to check links. I would say you need to either renew the subscription or enable the license bypass setting. The bypass setting on my XTM Device' Web UI is located at Subscription Services -> WebBlocker -> Advanced and in there you should see "License Bypass". If you cannot do it from there, load up Policy Manager and navigate through to your subscription services, webblocker, configure and you should see the license bypass feature, you need to change it from "Deny" to "Allowed" and that should fix your issues.

Related

403 error when opening new browser tab in Azure Portal

In the Azure Portal, in certain scenarios when it prompts me to open a URL in a new tab, I get a 403 error.
"Error 403 - This web app is stopped"
I have followed the help link on that page (https://blogs.msdn.microsoft.com/waws/2016/01/05/azure-web-apps-error-403-this-web-app-is-stopped/), but none of these issues (see footnote for issues) apply to me.
Specific examples of when I get this message:
In an app service > App Service Diagnostics > Collect Memory Dump: the report is available to view in a pop-out URL. When I click on the link, it opens a new browser tab and I can see from the url that it's attempting an oauth sign-in, which eventually displays the 403 page.
In an app service > App Service Editor (Preview), when I click on the "Go" link, as before, it opens a new browser tab and I can see from the url that it's attempting an oauth sign-in, which eventually displays the 403 page.
In both cases, it redirects to a https://****.sso.azurewebsites.net url which displays the 403 message.
Any suggestions?
Footnote: According to that url, there are 3 conditions that can cause this error to be presented.
The site has reached a billing limit and your site has been disabled.
The Website has been stopped in the portal.
The Azure Website has reached a resource quota limit that applies to either Free or Shared scale modes.
Based on Ivan's comment, I checked my role settings. I was a Contributor for this Azure subscription. Since I changed it to an Owner (via Access control IAM > Role Assignments), it now works as expected.
It's frustrating that this is not made obvious in the Azure Portal.
In my case, There were network IP restrictions applied to the site. So I was getting the same error above from my home network. You can check the rules by going to the properties tab. To modify, go to Networking->Configure access restrictions.
If you are only getting the error when you open a new tab, it could be a problem with the maximum number of connections.
Are you running in debug mode? For Basic and below the maximum number of debug connections is 1.

Multiple domains for single Azure B2C Application

We have an application that we want to host only once but allow 2 different domains to direct to the one instance then we change the branding based on the incoming host. For instance https://app.abc.com points the same instance as https://app.def.com.
So they are not subdomains but rather independent domains. This would mean they also share the same Azure registered application but different return url's https://app.abc.com/auth/openid/return and https://app.def.com/auth/openid/return.
The Azure portal, however, gives the error
"You may not use more than 1 external domain(s)"
.
Is there any way around this without having to host 2 instances of the same application, each with the own Azure application/client id?
As Wayne mentioned, it is not currently possible to reply to multiple domains.
However, one workaround is to build a proxy in one of the websites. You always redirect to this proxy, which then redirects to the proper site. You could use the state parameter to store which "site" the user clicked "sign in" from, and then based on that redirect properly. You would have to be careful in making sure the token is passed through securely.
Unfortunately, you cannot achieve this.
Reply URLs must all belong to the same domain. And Redirect URIs must all belong to the same domain .This is a limitation for AAD B2C application Registration.
You can also see this note in Azure portal:
Is there any way around this without having to host 2 instances of the
same application, each with the own Azure application/client id?
For Web API or Web App, as I known, there is no way to achieve this for now.
I suggest you can upvote this idea in this Uservoice Page, AAD B2C Team will review it.
Hope this helps!
In case anyone stumbles across this issue as I did today, I found a workaround for this.
Caution: This method is not officially supported by MS according to a warning from MS in the Azure portal (see the second screenshot)
1) In your B2C tenant, navigate "All services --> search for "App registrations" --> click "App Registrations"
All services --> App registrations screenshot
2) Find your application in the application list and click on it. Note the warning from MS (see screenshot)
App registration list screenshot
3) Click on "Authentication" and add your Redirect URIs to the list. This is the same UI as non-B2C tenants.
Redirect URI list screenshot
It allowed me to enter redirect URIs with different domains. It doesn't appear to have the limitation as the "Azure AD B2C" blade. I had to wait a minute for the change to propagate, but it worked for me. I'm not going live with this anytime soon, so I'm ok with doing this for now. When I do decide to go live I'll probably find some other way of doing what I want if MS still hasn't green-lit this method.
Again, MS warns against using this at the moment, but hopefully they'll officially support it soon.

Cannot find Incoming Webhook connector in Microsoft Teams

I had configured an Incoming Webhook on one of our Microsoft Teams channels, but noticed it stopped working recently, and also I am no longer able to find the Incoming Webhook in the list of connectors:
What command would I need to have our Administrators run or what configuration would I need to apply to get this to work again?
As #wajeed-msft notes, this is happening because your administrator turned off access to external applications.
Assuming "Allow sideloading of external apps" is also turned off you'll get the list on the page you found above. If you scroll through that list, you will see "Incoming webhook" listed.
I had the same problem and I didn't remember that I (as a Tenant admin) disabled anything in the portal. "Unfortunatly" the screenshot is from the older portal, in the new Teams Admin check the following:
All available connectors were somehow blocked, so I removed everything from the "blocked apps" list:
Then I needed to sign out ("Quit" didn't refresh those settings) and sign in again and now I have access to all connectors.
For webhook connector, you can use the incoming webhook connector in MS teams app sections.
For more information please refer this link

Protect a web site against hackers

I've suffering from hacker attack for one of my client website.
Each and ever time anonymous user adding unwanted code and hyperlink on my website home page(default.aspx).
Following code he added recently:
a href="http://www.ebk8.com/amdc/">symbolic code</a>
a href="http://www.ebk8.com/qxws/">symbolic code</a>
a href="http://www.ebk8.com/zqbf/">symbolic code</a>
a href="http://www.b2b110.com/bca/ ">symbolic code</a>
a href="http://www.b2b110.com/bcb/ ">symbolic code</a>
a href="http://www.b2b110.com/bcc/ ">symbolic code</a>
symbolic code=different-different chinese or japanese language code.
These hyperlinks he or she added bottom of my default.aspx page with symbolic code as hyperlink text.Due to above code web page getting compilation error.Every day I am removing these unwanted code from the webpage on webserver.
My web site is running Medium trusted on shared hosting web server.
It has following permission for following user:
Permission attributes
--Full control
--Modified
--Read & Execute
--List Folder Content
--Read
--Write
Groups or User Names
*Administrators
--All permissions check
*System
--All permissions check
*FTP accounts (ftp_subaccounts) [No permission for this user]
--Full control uncheck
--Modified uncheck
--Read & Execute uncheck
--List Folder Content uncheck
--Read uncheck
--Write uncheck
*Plesk IIS Anonymous Account (IUSR_sadgutn8)
--All permissions check
*Plesk IIS Worker Process Identity Account (IWPD_2677(sadgutn8))
--All permissions check
Plesk FTP subaccount (sadguru)
--Permission for "List Folder Contents" check
Plesk Domain user (sadgutn8)
--All permissions check
Earlier it has permission for Everyone (full control) but I've removed that; also I've change all C panel and FTP account password.But still hacker continuously attack.
Can anyone please suggest me how can I prevent my website from these attacks.
There are several ways to protect your site.
1- You should proper check your codes for open loops, like SQL connections or public js functions.
2- Use extra security checks for your URL, I suggest you to use CloudFlare.com:
A. Cloudflare’s Basic Security Level is based on IP reputations and will challenge IPs that have shown problematic activity online recently. The Basic Security Level is a free feature offered to all customers, but it is not as robust as using the Web Application Firewall at stopping sophisticated attackers (the Basic Security Level only throws up a challenge/captcha page, which is largely only going to help with automated hacking attempts).
B. Cloudflare’s Web Application Firewall (WAF) will stop many hack attempts on your site. The Web Application Firewall (WAF) is a paid feature on Cloudflare, and site owners can adjust the WAF security level settings and rule sets in the WAF management console.

Custom domain is "not planned" for Single Sign-On in Azure Active Directory

We have Single Sign-on working for a test application in Azure, using Azure Active Directory and the on-premise server running DirSync to synchronise the user details.
I have added a Custom Domain and verified it, by adding TXT records to the DNS entries at my registrar's website. In order to do this, I followed advice (from stackoverflow questions) that I needed to untick the option that said "I plan to configure this domain for single sign-on with my local Active Directory", in order to gain access to the additional information that allows me to prove ownership of the domain.
As a result, the domain has been verified and Azure recognises this, allowing me to see the domain as being 'verified', but the Single Sign-On value for this custom domain is set to 'Not Planned'.
The problem is now, I want to be able to re-tick that check box, and enable this domain to be used with the single sign-on, as I don't want to have to tell my users to use their log-in email addresses as 'username#something.onmicrosoft.com' as they'll never get it and will pester me to change it.
So, my question is: Is there a way to re-tick this box, and change the status of this field away from that of 'Not Planned', and (hopefully) to allow my users to sign in using their username#domain.com instead?
I have tried to remove the domain and re-add it, but Azure stops me from deleting it, as it's probably already well utilised in the rest of the processes. Also, I have no ability (or at least that's how it seems!) to go back into this custom domain within Azure and modify it.
UPDATE: I have tried to Deactivate the Directory Integration directory sync - this allows me to adjust the sync'd user's email addresses, but they're reverted back to .onmicrosoft.com once the sync is Activated again.
UPDATE 2: I have tried to install PowerShell to remotely administer the custom domain to becoming active, but I just cannot connect, despite several hours of trying.
If you added (and verified) a domain without ticking the checkbox, your domain is considered "standard", or "managed". You can convert this domain to a "federated" domain with the Convert-MsolDomainToFederated cmdlet from the Azure Active Directory PowerShell module:
Convert-MsolDomainToFederated -DomainName "contoso.com"
Tip for next time: After you add the domain with the single sign-on tick, you can run the following to get the DNS records to verify the domain:
Get-MsolDomainVerificationDns -DomainName "contoso.com"

Resources