I have a proxy running squid and dansguardian on Ubuntu 9.10 server. It is joined to active directory and login succeeds. I've setup squid and dansguardian to use ntlm and it seems working. When I try to connect, it asks for password and when I provide my domain username and password, I can start browsing.
However, it may be annoying for some people when they start to use this proxy. Is it possible to not ask username and password at least on IE?
Proxy has currently 172.16.X.X ip on local net
Regards,
Burak
It's all about winbindd_privileged. I've added squid into winbindd_priv group and it worked.
Related
We host an angular app (e.g. render.our-app.com) hosted on now/zeit. This app allows a user to show a presentation. The presentationId needs to be included in the path e.g. https://render.our-app.com/. We are looking to be able use a custom domain owned by the user, to show a presentation we no redirects.
So for example, the user has a domain (website.mycompany.com) and we want to show the presentation under that custom domain but using our app.
website.mycompany.com => render.our-app.com/12345 (12345 = presentationId)
We are not sure how to do this properly. We tried to use a cname but we get an error saying:
404: NOT_FOUND
Code: DEPLOYMENT_NOT_FOUND
(The error is very now/zeit specific)
We thought that http://website.mycompany.com/12345 might work.
We are not sure how to do this :(
Thanks
The steps involved probably would be:
Set up a virtual host on your server for website.mycompany.com (or maybe use a ServerAlias directive if you are on Apache. This is where your app will be hosted.
Edit the host file of the computer that will be used for the presentation, in that host file you add an entry for website.mycompany.com, that points to the IP address of your server. By doing so, you bypass the normal DNS resolution process. Rather than connect to the 'true' address, the PC will connect to your demo server.
There is a gotcha: SSL. You can create a self-signed certificate on the server, and then you add it to the list trusted certificates on the client (demo PC). This can be done the first time you launch your browser and get an alert about the self-signed certificate.
I have my website available to public and there is Scrapyd running at port 6800 like http://website.com:6800/
I do not want anyone to see list of my crawlers. I know anyone can easily guess type up port 6800 and can see whats going on.
I have few questions, answer any of them will help me.
Is there way to password protect Scrapyd UI?
Can I password protect a specific Port on Linux? I know it can be done with IPTables to ONLY ALLOW PARTICULAR IPs but thats not a good solution
Should I make changes to Scrapyd's source-code?
Can I password protect a specific port only via .htaccess?
You should bind address of the machine that is going to make calls.
If its the localhost which is going to make calls to the endpoints just bind it to 127.0.0.1 and voila, the address doesn't work for external ips.
Use the latest version of scrapyd (1.2.1 when am wrting this). Scrapyd support Basic HTTP Auth. Inorder to enable it just add username and password to scrapyd.conf as below
pip install git+https://github.com/scrapy/scrapyd.git
[scrapyd]
eggs_dir = /var/lib/scrapyd/eggs
...
username = username_here
password = password_here
...
As of scrapyd version 1.2.0 the default bind address is 127.0.0.1
To add a password protection use this gist which uses nginx as a reverse proxy to add basic authentication to scrapyd.
You may also check scrapyd-authenticated repository.
I have a computer running XAMPP on 192.168.1.X:80 and that port forwarded, along with a domain I can set nameservers and/or zone records on.
Security risks aside, how do I set the domain so I can go to mydomain.com and see my XAMPP server?
Edit: I can verify that my port forwarding works, I just need to be able to access it through my domain, not the 12.345.678.90:1234 address.
Excuse my bad english.
One of the ways is:
Visit http://www.noip.com and Sign in. There you'll get your Domain. You'll have to get location on the file 'host', modify your hosts file using this link http://www.rackspace.com/knowledge_center/article/how-do-i-modify-my-hosts-file
One of customers have reported that they can see the password being transferred as clear text, they probably tried tool like a fiddler to capture the HTTP request/response. So my question is is it possible using fiddler or any other tool is it possible for someone to monitor the http traffic on that local computer at the moment the user entered the password and clicked to login ?
If the user is accessing the website without using SSL (i.e. by going to "http://" instead of "https://"), then it is possible to see all of the traffic between the website and the browser, and not only on the local computer but also on the network that the computer is connected to.
If the user is accessing the website via HTTPS, Fiddler is able to act as a proxy and decrypt the traffic between the browser and the server by using a special SSL certificate (thanks to #user18044 for clarification in the comments below).
In your case Fiddler is NOT accessing browser memory directly to get to the password in clear text.
I've setup dokuwiki in my workplace.
I'd like to set the authentication to LDAP but I don't manage to get it to work.
My company is using OpenLDAP.
I'm not sure if it's even possible since I probably don't have enough information about the LDAP settings.
On our FTP server we use .htaccess to for authentication
AuthType Basic
AuthName "Authentication"
AuthAuthoritative off
AuthLDAPURL "ldap://ldapref.domain.xx.xy/dc=domain,dc=xx,dc=xy?uid"
require valid-user
I always get the following error:
LDAP: couldn't connect to LDAP server
I was hoping I could somehow simply use the .htaccess settings in dokuwiki to authenticate through LDAP.
Is this possible?
Use the ldapsearch tool to verify that the host upon which the LDAP client is running can access the server, and further that the LDAP client can authenticate. Use something to the effect of:
ldapsearch -H ldap://ldapref.domain.xx.xy \
-b dc=domain,dc=xx,xy=at -s sub -x -LLL \
'(uid=<the-user-id-to-authenticate>)' 1.1
The above command assumes the legacy OpenLDAP search syntax since the question mentioned OpenLDAP.
If the search succeeds then the LDAP client should be able to connect and authenticate with the same parameters. Ideally, the ldapsearch tool should be executed upon the same system which will authenticate to the LDAP server.
see also
LDAP: using ldapsearch
The information you've got there should be enough to configure at least the logging in part of the authldap plugin. See https://www.dokuwiki.org/plugin:authldap
The group setup should probably be relatively straight forward too when you're using a relatively common OpenLDAP setup.
This setup might probably work for you:
<?php
/* OpenLDAP config */
$conf['plugin']['authldap']['server'] = 'ldapref.domain.xx.xy';
$conf['plugin']['authldap']['usertree'] = 'uid=%{user}, ou=People,dc=domain,dc=xx,dc=xy';
$conf['plugin']['authldap']['grouptree'] = 'ou=Groups,dc=domain,dc=xx,dc=xy';
$conf['plugin']['authldap']['groupfilter'] = '(&(objectClass=posixGroup)(|(memberUid=%{uid})(gidNumber=%{gid})))';