Squid Proxy Server Admin Interface - linux

My client has Squid proxy server and it is working fine. But to see the access log and other changes, we have to go through only with Command prompt. Moreover I am new to the Squid server.
Client wants me to check for Administrative interface to see how many people are using Squid server? To get know the browser information they logging? And other data like Webalizer.
So my question is, is there any admin interface to install in Squid server?

Squid cache provides a basic web interface for stats via Cache Manager.
Presuming you have a default install start by checking for the following file which you will need to edit to allow yourself access to the interface by setting the allow from line;
/etc/httpd/conf.d/squid.conf
Once you have reloaded your web server config you should be able to navigate too; http://<your host>/cgi-bin/cachemgr.cgi
You should then be able to access a number of stats and counters.
If you prefer squid also supports snmp via the config file at; /etc/squid/squid.conf where in you should add the following section (Customising as required)
snmp_port 3401
acl snmppublic snmp_community public
snmp_access allow snmppublic
snmp_access deny all
snmp_incoming_address 0.0.0.0
snmp_outgoing_address 255.255.255.255
Information and the OID values can be found in the docs here.

Related

How do I put WSO2 Identity Server on my site? Remove localhost and make it public

I want to make my identity server public so that all users who visit it can access the identity server but right now only I can access it since it's hosted locally. How can I deploy this so that it runs on my IIS? Will copying and pasting the WSO2 IS folder into my inetpub\wwwroot folder work? (And after configuring the .xml files so that it shares my public domain)
I tried reading the WSO2 IS documentation but it's not very clear to me how I can make it public. I was hoping for a systematic tutorial/way to do this but it chains from one step to multiple.
https://docs.wso2.com/display/IS530/Deployment+Guidelines+in+Production
https://docs.wso2.com/display/IS550/Changing+the+hostname
I believe there are a few misconceptions (no, copying the installation into inetpub\wwwroot won't work, it's not php)
chains from one step to multiple
well - the documentation is related only to a product, it assumes some knowledge of the network and systems it runs on
1 - you should run the WSO2IS as a service ( so this is Windows guide may be helpful and this here is how to run the WSO2IS as as service for Linux)
2 - change the repository/conf/carbon.xml
(this step is optional, but increases security)
HostName - to the public hostname
MgtHostName - to internal hostname, so the administrative console is not accessible from internet
3 - The best practice to expose the WSO2IS would be a reverse proxy (depending you are using IIS, nginx or httpd) so you don't expose the default port 9443 to the outside directly (I assume you want to use your own SSL certificate on 443 and TLS termination in the web server)
For the default WSO2IS applications you need to create a reverse proxy from `HTTPS:443 -> HTTP:9763
update /repository/conf/tomcat/catalina-server.xml and on the Connector listening on 9763 add attribtue proxyPort="443"
(Note: now I am not sure if it will work, what will work for sure is TLS bridging HTTPS:443->HTTPS:9443, it means adding proxyPort="443" to the Connector for port 9443)
Every WSO2 product already has an application server shipped with a TomCat.
This way you do not need, nor should, place the fonts on another separate application server. Use what's in the product.
By its description it seems to me that you do not have much familiarity with infrastructure, servers and etc, I will try to help you and clarify some points.
As I mentioned above, you should use the TomCat that already comes with the product and put it in some VM (Server) that has Internet output, that is, it has ports 80, 443 and also ports 9443 and 8243 (which are the default product ports) released for access beyond the internal network (LAN).
If you get the Public IP of that VM where the WSO2 Identity Server product is running, and access it from outside your local area network (LAN), the service should work.
Making an analogy to a Web site is the same concept. When you want to put a Web Site publicly for the internet, as you said put the fonts inside apache's WWW folder or something, it's the same concept, so people outside of your local network can access this website, this Apache would have to be with a Public IP, It's the same concept, but WSO2 already has its "Apache" TomCat internally, just leave your Public IP.

Setting up Azure VM for Neo4j (or any local database) [duplicate]

I have installed a Neo4J instance on my server on port 7474. My domain is also using that server and I want webadmin to be used remotely with a username and a password like this:
example.com:7474
Is there a way to do that? I could not find any guideline in the Neo4J documentation.
Did you get a chance to go through Neo4j Server Configuration documentation? It says:
#allow any client to connect
org.neo4j.server.webserver.address=0.0.0.0
This line in conf/neo4j-server.properties is commented by default and limits access to port 7474 to localhost or 127.0.0.1 (which probably is the reason why things work for your domain using that server and accessing Neo4j over localhost). Uncomment that line and it should make port 7474 accessible to everyone i.e. 0.0.0.0.
In order to secure your Neo4j server with an Authorization layer, you might want to refer Securing access to the Neo4j Server documentation.
In my case on ubuntu the line to uncomment was
dbms.connector.http.address=0.0.0.0:7474
File location
Ubuntu: /etc/neo4j/neo4j.conf
Neo4j 3.0.6

Only one hostname (Like host.com) on a couchdb instalation access

I have a recent installation of CouchDB in my Debian VPS, all works fine, but can be accessed via IP, and via all of the domains in my server, and I want only one domain for this, for example, host.com:5984/_utils/index.html but not accessible in anotherhost.com:5984/_utils/index.html neither IP, How can I do this?
Thanks!
The patch that add such feature for 2.0 will land very soon.
As for now, you'll have to setup frontend proxy line nginx which will accept only requests with the Host header you allow. Certainly, in such case you'll need to serve CouchDB on localhost address to not let it be accessible freely from the world.

Why does web host recommend not to use phpmyadmin but instead use workbench (for "security" reasons)?

Do you think they are getting a kickback from Oracle (the makers of Workbench), or is there a valid reason to consider phpmyadmin to be less secure than (the paid) workbench application?
The main issue using phpmyadmin is related to MySQL users allowed ip's.
For example; Let assume that you have installed MySQL with default configuration and you set 123456 as a password (which is not good). As you know root login are only allowed when source ip is 127.0.0.1 ( default configuration ). In this scenario, your database server will be secure even if 3306 port can be accessible from internet. Because of client have to initiate connection from 127.0.0.1 which is localhost.
If you've installed phpMyAdmin on your server, this source ip protection will be useless. Because hackers will be able to initiate MySQL connection from localhost through PHP/Apache.
In order to keep your database server secure, use SSH Tunneling feature of workbench . Documentation for ssh tunneling can be found here; https://www.namecheap.com/support/knowledgebase/article.aspx/9330/2180/how-to-connect-to-database-using-workbench-mysql-client

Proxy over a proxy in linux

How to use two proxies with authentication in a linux terminal?
My college uses cyberroam with squid proxy server and it blocks all legitemate terminal requests such that basic commands like apt-get install libvirt kvm dont work.
So i was thinking of either running a vpn or a private proxy server on google app engine and connecting to it via the terminal but i need to go through the squid proxy to reach the internet.
Any ideas as to how to implement this.
PS: We already tried reasoning with the college authorities they say they cant help directly but we can always bypass it wihtout their knowing. And we really need this for our project so please help. Thank you
I'm not sure if NTLMAPS will work for you but it works for me on bypassing company proxy with the use of public proxy servers.
Another thing, my friend's company is using domain controller to authenticate internet users and he told me that NTLMAPS also works for him and able to access the net via linux terminal.
Good luck.
I setup the proxy in my ubuntu machine as below:
https://gopukrish.wordpress.com/2014/05/22/configure-proxy-in-ubuntu-14-04/
Following are the contents in-case the link becomes unusable in future.
Download and install cntlm package from : http://sourceforge.net/projects/cntlm/
Edit /etc/cntlm.conf
Give credentials in the below fields
username
domain
password
proxy IP:Port
Note down the Listen port… say it is 3128
save
Select Network options in Ubuntu and choose network proxy
Give 127.0.0.1 port 3128 for all the protocols
/etc/init.d/cntlm restart
This worked for me after the restart

Resources