I love Fiddler, and it is a mainstay for my web debugging. It is working fine for all my browser based activities. But right now, I am having a login issue with CouchDB. I am using a desktop software called SAFE FME, which provides login and bulk upload to the CouchDB server. From the browser I can login to the CouchDB, so that did not seem the problem.
All I want to do is see the traffic going between the FME and the CouchDB server.
CouchDB is running on http://localhost:5984/
computer is windows 7, 64 bit. Both Couchdb and FME are local to the computer
I have Fiddler setup for:
Capture Traffic true
Any Process
Any idea why I am not capturing the data
You're probably not capturing the data because SAFE FME doesn't use the system proxy setting.
Open FME Workbench. From the menu select Tools|FME Options then select Network and check Use Proxy. Ref: https://knowledge.safe.com/articles/How_To/Configure-FME-Desktop-to-connect-through-your-proxy-server
The Fiddler proxy runs on 127.0.0.1 port 8888.
Related
I am using longhorn for my k3s cluster. My cluster is in a completely different environment than my local computer. The setup for accessing the dashboard looks like this.
Local PC (env1) <-> Reverse Proxy (env1, IIS6) <-> Reverse Proxy (env2, IIS8) <-> K3s Cluster (env2 nginx ingress) <-> Longhorn dashboard (env2)
This setup works fine for most of my apps. Like Kubernetes dashboard, graylog, some self developed stuff etc.
But longhorn is reloading stuff so many times, that all ephemeral windows ports on the first Reverse Proxy are getting occupied. And then, no other connection to the server is possible anymore. Also closing all ports needs a restart of IIS. Also then, getting all connections closed needs some time. So it is creating a high pressure on the server.
My question is, is there something wrong with my IIS configuration? I am using ARR on IIS 6. It is a default configuration, nothing special. Done on the user interface with the URL Rewrite module.
Or is there a setting for longhorn, where i can disable the relaod of the page?
Here is a screenshot of my browser. As you can see, many requests are sent to the server:
This has taken me about a year to understand and get to, but I am the limit of my capability so reaching out to a StackOverflow guru please...
I would like to, if possible, secure my network model. The model is as shown in the diagram. To explain:-
All the aspects I have control of, is within the green shaded area. I cannot change anything outside this.
I run a simple application web server which is the VPN IPsec/L2tpd client. Static IP.
My router is ISP provided. It receives a DHCP Dynamic IP from the ISP.
My Digital Ocean Virtual Private Server has a static IP. It runs an NGINX reverse proxy that channels traffic through the VPN tunnel. It also runs the IPsec/L2tpd server.
A IPsec/L2TPD VPN tunnel is established and working.
A working VPN tunnel.
A cellphone that runs an app that communicates with my application server app. My cellphone receives a dynamic IP from my Network Operator.
I have three IP camera feeds served by my application server. Not a great speed but watchable in real-time.
I cannot change my ISP, or bandwidth/download/upload speed.
I cannot install VPN clients on the cellphone and I may want to access my app server through another cellphone provided by work so cannot install apps on it but does have unfettered web access through a browser.
Everything is now working, can't believe I've done it !
Anyway, my question is:-
Is there any way to secure the network so that only traffic from my mobile reaches - or rather is accepted - by my application server.
I accept IPsec/L2tpd is not great, but it is fast and I use this because I have tried OpenVPN, SoftEther and key based OpenSwan. These are waaaay to slow. The camera feeds are unwatchable and update one frame about every 5 seconds.
So with the limitations above, what can I do, what is possible? Please may I respectfully ask that you refrain from suggestions and concerns requiring a change to that which I cannot control, i accept all critique but that is not what I need here. I am asking for advice on how to secure , that which I can influence. Thank you
I cannot install VPN clients on the cellphone and I may want to access
my app server through another cellphone provided by work so cannot
install apps on it but does have unfettered web access through a
browser.
Due to the limitation that at the end, even a phone where you are not allowed to change anything but use the web, i suggest to configure proxy authentication on the nginx reverse proxy. I don't have experience with setting this up with nginx in particular but that's what should do the trick according to the network architecture and description you provided.
An example configuration on how to configure nginx for basic / client certificate auth can be found at: https://www.cloudsavvyit.com/1355/how-to-setup-basic-http-authentication-on-nginx/
I am totally new to couchdb,
How can i expose the service into a local development remote server ? (after in a future step expose it public)
I try to install on a remote development server besides i am not using Digital Ocean server i am using this tutorial : https://www.digitalocean.com/community/tutorials/how-to-install-couchdb-and-futon-on-ubuntu-14-04
I could not access with a web browser after install and start couchdb service with
couchdb -b
Wich return the default message : Apache CouchDB has started, time to relax.
Also from comand line i could:
curl http://127.0.0.1:5984/
And receive the correct message.
How can i access via web browser this development server ?
I can't know for sure, since I don't know your setup, but I'm guessing that you're trying to access the database from a different machine then the one it's running on. And I assume you know what IP to use to get to your remote, and that leads me to believe that your problem is that the port is not open (or not forwarded correctly) to your couchDB server.
A standard couchDB installation should be accessible, from a web-browser.
I'm trying to get a deeper understanding of the architecture and design of Openstack noVNC security. I found this document. It makes sense but missing details. Can somebody confirm my understanding is right, or correct me if I'm wrong.
0) noVNC allows VNC clients in web browsers, good for clients without java or vnc client installed.
1) VNC server is provided by the hypervisor, Every VM has its own VNC server, at port 59xx, not accessible from outside.
2) Websocket proxy bridges to VNC server and provide service for noVNC client (javascript in browser), say at port 6080.
3) Simple security: Security could alternatively be guaranteed by VNC password, but it's not convenient to type every time and not easy to change. Every VM on the same hypervisor has to share the same password. Different compute nodes may use different VNC passwords.
4) To provide better access control, consoleauth is introduced. We can now use Openstack authentication for VNC. When a new request for remote console comes, a dynamic access URL (with a token) is generated, cached/registered, and sent back to client. Later, only previously registered connections are accepted.
I would like to know more about whether/how dynamic firewall rules are created, and whether/when the tokens are invalidated. I know the best way is to read the source code, but a high level description is also valuable. Thanks.
I have a web application which is also displayed in a web browser control of a winforms application. MS Word and Excel are installed on Citrix server.
But I want to open a word/excel document on client's machine instead of Citrix server when I click a link on the website (which is displaying in web browser control)
Is it possible?
Citrix supports a mechanism called Content Redirection which can redirect specified filetypes either to server or to client.
See this Server-to-client Content Redirection Explained for an explanation.
In order to communicate with the client computer, you will need to have software running on the client computer to accept and interpret commands from the hosted application.
We had something similar here. Clients needed a way to print to a special printer (for whatever reason the printer was not compatible with citrix). We had to create a "listening" app for the client computer and modified the hosted app to send commands via winsock\tcpip. So when a print job was requested, the hosted app sent command data to the listening app on the client and the client actually started the print job.