BM 3.9 Block source and proxy.cfg

Hi All,
With BM 3.8 I used to block some internal computers from browsing by adding a deny access rule. I am trying to get the same rule put in using Imanager on bm 3.9 and it doesn't work. Is anyone else doing this. I add an access rule that has 2 conditions(I want to add one with just one condition for computer name but it won't let me), the first is the source hostname starts with and I put in the computer/dns name I then have to put in a codition for origin server port and I list port 80(I have tried 443 and 8080 also) I select deny access and the computer can still connect.
I can easily block urls and I figured it would be just as easy to block internal computers from going out, does anyone know of an easier way to block computers, I don't use filters at the moment.
Also I was going to use the proxy.cfg file from Craig Johnson but I am not sure if those settings are applicable to bm 3.9
Thanks for any help, has anyone found bm 3.9 to be better than the other versions?
Mike

In article <469B4EB3.2D81.003B.0@nospam_cancercare.mb.ca>, Mike Gerolami wrote:
> can easily block urls and I figured it would be just as easy to block internal computers from going out,
does anyone know of an easier way to block computers, I don't use filters at the moment.
>
Can you block dest=any url, source=pc IP address?
> Also I was going to use the proxy.cfg file from Craig Johnson but I am not sure if those settings are
applicable to bm 3.9
Yes, they are.
>
> Thanks for any help, has anyone found bm 3.9 to be better than the other versions?
Aside from bug fixes to come, and some new VPN features, there is not a great deal of difference in how BMgr
works. Most of the change was in getting rid of NWADMN32, so you can administer BMgr without needing
windows, or client32. There is one useful bug fix in there now, for sure: proxy unloads reliably now.
Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com ***

Similar Messages

  • HTTP Basic Auth and Proxy Auth

    Hi,
    i have a problem with the authentication against a proxy server and against a content provider. At first I have to authenticate against the proxy to get "free internet". The next step is to authenticate against the content provider to get a html or xml file.
    The following source code runs very good in Eclipse, i.e. as JUnitTest. But If I execute the same code within a weblogic server, I will get an error (not authenticated). I believe I get this message from the content provider and not from the proxy because If I test this code within the weblogic server and with no authentication (i.e. google needs no authentication), I will get a valide xml/html file.
    StringBuffer sb = new StringBuffer();
              SimpleAuthenticator simple = new SimpleAuthenticator("joeuser","a.b.C.D"); //from openbook
              Authenticator.setDefault(simple);
              String strUrl = "http://www.rahul.net/joeuser/";
              URL url = null;
              try {
                   url = new URL(strUrl);
              } catch (MalformedURLException e) {
                   // TODO Auto-generated catch block
                   e.printStackTrace();
              URLConnection conn = null;
              InetSocketAddress addr = new InetSocketAddress("proxy.domain",8080);
              Proxy proxy = new Proxy(Proxy.Type.HTTP, addr);
              try {
                   conn = url.openConnection(proxy);
              } catch (IOException e) {
                   // TODO Auto-generated catch block
                   e.printStackTrace();
              String proxyStr = "username" + ":" + "passwordl";
              String encoded = new String(Base64.encodeBase64(proxyStr.getBytes()));
              conn.setRequestProperty("Proxy-Authorization", "Basic " + encoded);
              // get http status code which is located in header field 0
              String status = conn.getHeaderField(0);
              if (status.contains("200")) {
                   BufferedReader in = null;
                   try {
                        in = new BufferedReader(new InputStreamReader(conn.getInputStream(),
                                  "ISO-8859-1"));
                        String inputLine;
                        while ((inputLine = in.readLine()) != null) {
                             sb.append(inputLine);
                        in.close();
                   } catch (UnsupportedEncodingException e) {
                        // TODO Auto-generated catch block
                        e.printStackTrace();
                   } catch (IOException e) {
                        // TODO Auto-generated catch block
                        e.printStackTrace();
              else {
                   System.out.println("Error");
              System.out.println(sb.toString());
    public class SimpleAuthenticator
    extends Authenticator
         private String username,
         password;
         public SimpleAuthenticator(String username,String password)
              this.username = username;
              this.password = password;
         protected PasswordAuthentication getPasswordAuthentication()
              return new PasswordAuthentication(
                        username,password.toCharArray());
    Does somebody know a solution? I need the authentication against proxy and content provider in "one application".
    Thank you very much,
    André

    I typically have used Apache Commons HttpClient for anything but trivial URL connections, and especially when combining both basic auth and proxy auth. When you use it, be aware of the "preemptive authentication" flag. One server I worked with didn't send the correct parameters back on particular requests, so I had to turn on this flag to get it to work.

  • Weblogic & JNDI Data Source with proxy user.

    We're trying to use Oracle proxy user authentication on a data source configured in WebLogic 10.3.6, however, we want to approach it in a programatic way. So we want to obtain the DataSource, and set the proxy related properties inside the application.
    We came up with the following snippet:
    Hashtable<String, Object> env = new Hashtable<String, Object>();
    env.put(Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory");
    env.put(Context.PROVIDER_URL, "t3://10.1.1.10:7003");
    env.put(Context.SECURITY_PRINCIPAL, "weblogic");
    env.put(Context.SECURITY_CREDENTIALS, "weblogic");
    Context context = new InitialContext(env);
    javax.sql.DataSource ds = (javax.sql.DataSource) context.lookup("ds_puser");
    OracleConnection oconn = (OracleConnection) ds.getConnection();
    The problem comes up when we try to cast the connection to OracleConnection, the thing is that the returned type is actually a 1036_WLStub.
    How can we avoid that type or cast to it to something useful? I found this reference on Oracle forums and he's being able to cast it directly:
    Re: My problem in using weblogic Datasource and proxy user
    Can someone help us out?
    Thanks a lot in advance!
    Edited by: 990800 on 27-feb-2013 13:26

    A DataSource is an Interface. What the code gets from the jndi tree is some concrete object that
    the code doesn't need to know the name of, or anything specific about it, as long as it implements
    the DataSource Interface, which it successfully casts to, to allow calling the methods defined in the
    DataSource Interface. If you call for a plumber, you don't need to know his name as long as you
    can get a plumber, and can call the "Fix this leak" method, defined in the Plumber Interface.

  • Access List (ACL) to Block Russian and Chinese Nets From Routers

    I see people asking if there are premade ACL's to block Chinese and Russian nets from their edge routers. Since I spent so much time creating entries for them based on information received from http://www.ipdeny.com/ipblocks/ i decided to share them. They are in the attached Word Docs.
    There are alot of entires but since it is in a standard ACL it should not tax your routers too greatly.
    Sean Odom
    Sybex/Wiley Cisco Author

    Well, I'd rather not tax the IPS even further for something that the edge router should be capable taking care of. Especially since the source of the traffic should be denied at the closest managed point.
    If you do not want this traffic coming inbound, closest for some would be the edge router. Others may only have their firewall as the closest manageable point.
    Suggestion to those that do not manage their edge router would be to compile a list such as the one listed above. Then send it to your provider requesting they place it on this router. Of course this may become a double edge sword in a sense. If there is legit traffic from one of these source IP addresses that you identify down the road, it might be a hassle to get the block resolved.
    Or, you can also apply these right there on your firewall as well.
    Thank you for providing this list!

  • Assertion failed: poll() is a blocking call and cannot be called on the Service thread

    Hi
    We are getting a strange issue, the application successfully joins the cluster but after start failing with following exception.
    The cluster have three nodes storage disabled web-logic and two standalone coherence JVM's, we are using distributed cache with Local scheme
    <Error> (thread=DistributedCache, member=4): Assertion failed: poll() is a blocking call and cannot be called on the Service thread
    at com.tangosol.coherence.component.util.daemon.queueProcessor.service.Grid.poll(Grid.CDB:5)
    at com.tangosol.coherence.component.util.daemon.queueProcessor.service.Grid.poll(Grid.CDB:11)
    at com.tangosol.coherence.component.util.daemon.queueProcessor.service.grid.partitionedService.PartitionedCache$BinaryMap.get(PartitionedCache.CDB:26)
    at com.tangosol.util.ConverterCollections$ConverterMap.get(ConverterCollections.java:1655)
    at com.tangosol.coherence.component.util.daemon.queueProcessor.service.grid.partitionedService.PartitionedCache$ViewMap.get(PartitionedCache.CDB:1)
    at com.tangosol.coherence.component.util.SafeNamedCache.get(SafeNamedCache.CDB:1)
    at com.thehartford.pi.core.referencedata.dao.cachedaoimpl.ReferenceCacheDAOImpl.getReferenceData(Unknown Source)
    at com.thehartford.pi.core.caching.cachestore.ReferenceCacheStore.load(Unknown Source)
    at com.tangosol.net.cache.ReadWriteBackingMap$CacheLoaderCacheStore.load(ReadWriteBackingMap.java:6132)
    at com.tangosol.net.cache.ReadWriteBackingMap$CacheStoreWrapper.loadInternal(ReadWriteBackingMap.java:5616)
    at com.tangosol.net.cache.ReadWriteBackingMap$StoreWrapper.load(ReadWriteBackingMap.java:4698)
    at com.tangosol.net.cache.ReadWriteBackingMap.get(ReadWriteBackingMap.java:717)
    at com.tangosol.coherence.component.util.daemon.queueProcessor.service.grid.partitionedService.PartitionedCache$Storage.get(PartitionedCache.CDB:10)
    at com.tangosol.coherence.component.util.daemon.queueProcessor.service.grid.partitionedService.PartitionedCache.onGetRequest(PartitionedCache.CDB:23)
    at com.tangosol.coherence.component.util.daemon.queueProcessor.service.grid.partitionedService.PartitionedCache$GetRequest.run(PartitionedCache.CDB:1)
    at com.tangosol.coherence.component.net.message.requestMessage.DistributedCacheKeyRequest.onReceived(DistributedCacheKeyRequest.CDB:12)
    at com.tangosol.coherence.component.util.daemon.queueProcessor.service.Grid.onMessage(Grid.CDB:34)
    at com.tangosol.coherence.component.util.daemon.queueProcessor.service.Grid.onNotify(Grid.CDB:33)
    at com.tangosol.coherence.component.util.daemon.queueProcessor.service.grid.PartitionedService.onNotify(PartitionedService.CDB:3)
    at com.tangosol.coherence.component.util.daemon.queueProcessor.service.grid.partitionedService.PartitionedCache.onNotify(PartitionedCache.CDB:3)
    at com.tangosol.coherence.component.util.Daemon.run(Daemon.CDB:42)
    at java.lang.Thread.run(Thread.java:722)
    ERROR 2013-09-20 09:06:42,515    :  [2013-09-20 09:06:42.515/8740.228 Oracle Coherence GE 3.7.1.0 <Error> (thread=DistributedCache, member=4): Assertion failed: poll() is a blocking call and cannot be called on the Service thread
    at com.tangosol.coherence.component.util.daemon.queueProcessor.service.Grid.poll(Grid.CDB:5)
    at com.tangosol.coherence.component.util.daemon.queueProcessor.service.Grid.poll(Grid.CDB:11)
    at com.tangosol.coherence.component.util.daemon.queueProcessor.service.grid.partitionedService.PartitionedCache$BinaryMap.get(PartitionedCache.CDB:26)
    at com.tangosol.util.ConverterCollections$ConverterMap.get(ConverterCollections.java:1655)
    at com.tangosol.coherence.component.util.daemon.queueProcessor.service.grid.partitionedService.PartitionedCache$ViewMap.get(PartitionedCache.CDB:1)
    at com.tangosol.coherence.component.util.SafeNamedCache.get(SafeNamedCache.CDB:1)
    at com.thehartford.pi.core.referencedata.dao.cachedaoimpl.ReferenceCacheDAOImpl.getReferenceData(Unknown Source)
    at com.thehartford.pi.core.caching.cachestore.ReferenceCacheStore.load(Unknown Source)
    at com.tangosol.net.cache.ReadWriteBackingMap$CacheLoaderCacheStore.load(ReadWriteBackingMap.java:6132)
    at com.tangosol.net.cache.ReadWriteBackingMap$CacheStoreWrapper.loadInternal(ReadWriteBackingMap.java:5616)
    at com.tangosol.net.cache.ReadWriteBackingMap$StoreWrapper.load(ReadWriteBackingMap.java:4698)
    at com.tangosol.net.cache.ReadWriteBackingMap.get(ReadWriteBackingMap.java:717)
    at com.tangosol.coherence.component.util.daemon.queueProcessor.service.grid.partitionedService.PartitionedCache$Storage.get(PartitionedCache.CDB:10)
    at com.tangosol.coherence.component.util.daemon.queueProcessor.service.grid.partitionedService.PartitionedCache.onGetRequest(PartitionedCache.CDB:23)
    at com.tangosol.coherence.component.util.daemon.queueProcessor.service.grid.partitionedService.PartitionedCache$GetRequest.run(PartitionedCache.CDB:1)
    at com.tangosol.coherence.component.net.message.requestMessage.DistributedCacheKeyRequest.onReceived(DistributedCacheKeyRequest.CDB:12)
    at com.tangosol.coherence.component.util.daemon.queueProcessor.service.Grid.onMessage(Grid.CDB:34)
    at com.tangosol.coherence.component.util.daemon.queueProcessor.service.Grid.onNotify(Grid.CDB:33)
    at com.tangosol.coherence.component.util.daemon.queueProcessor.service.grid.PartitionedService.onNotify(PartitionedService.CDB:3)
    at com.tangosol.coherence.component.util.daemon.queueProcessor.service.grid.partitionedService.PartitionedCache.onNotify(PartitionedCache.CDB:3)
              at com.tangosol.coherence.component.util.Daemon.run(Daemon.CDB:42)

    Hi
    The problem is that you are making a re-entrant call back into a cache service from the service thread or worker thread of a cache service. This is a bad thing to do as you risk deadlocking your cluster by consuming all of the threads in the service. From the stack trace it looks like you are doing a get on a cache which is calling through to a cache store which is then doing a get on another cache.
    For example, you have done a "get" on a cache, that has now consumed a worker thread (call it Thread-1), that thread is calling the cache store which is doing a get on another cache in the same cache service so will now consume another thread (call it Thread-2) so you now have two threads in use, Thread-1 will not return until Thread-2 completes. Now say you had 2 worker threads on your cache service and two "get" calls came in at the same time, Get-1 and Get-2. Both worker threads are now in use so when Get-1 calls the cache store to do a get on the other cache then it has to wait for a worker thread to become free to process the get. The same applies to Get-2, it is calling the cache store and waiting for a thread to become free. The problem is no threads will become free as they are all waiting. Hopefully that is a clear enough explanation of why you get the warning.
    Read this Constraints on Re-entrant Calls - 12c (12.1.2) This is for 12.1.2 but the same applies for any Coherence version.
    JK

  • How to block MacKeeper and other browser ads

    how to
    block MacKeeper and other browser ads

    There is no need to download anything to solve this problem. You may have installed a variant of the "VSearch" ad-injection malware. Follow Apple Support's instructions to remove it.
    If you have trouble following those instructions, see below.
    Malware is always changing to get around the defenses against it. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.
    The VSearch malware tries to hide itself by varying the names of the files it installs. To remove it, you must first identify the naming pattern.
    Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination  command-C:
    /Library/LaunchDaemons
    In the Finder, select
              Go ▹ Go to Folder...
    from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.
    A folder named "LaunchDaemons" may open. Look inside it for two files with names of the form
              com.something.daemon.plist
    and
               com.something.helper.plist
    Here something is a variable string of characters, which can be different in each case. So far it has always been a string of letters without punctuation, such as "cloud," "dot," "highway," "submarine," or "trusteddownloads." Sometimes it's a meaningless string such as "e8dec5ae7fc75c28" rather than a word. Sometimes the string is "apple," and then you must be especially careful not to delete the wrong files, because many built-in OS X files have similar names.
    If you find these files, leave the LaunchDaemons folder open, and open the following folder in the same way:
    /Library/LaunchAgents
    In this folder, there may be a file named
              com.something.agent.plist
    where the string something is the same as before.
    If you feel confident that you've identified the above files, back up all data, then drag just those three files—nothing else—to the Trash. You may be prompted for your administrator login password. Close the Finder windows and restart the computer.
    Don't delete the "LaunchAgents" or "LaunchDaemons" folder or anything else inside either one.
    The malware is now permanently inactivated, as long as you never reinstall it. You can stop here if you like, or you can remove two remaining components for the sake of completeness.
    Open this folder:
    /Library/Application Support
    If it has a subfolder named just
               something
    where something is the same string you saw before, drag that subfolder to the Trash and close the window.
    Don't delete the "Application Support" folder or anything else inside it.
    Finally, in this folder:
    /System/Library/Frameworks
    there may an item named exactly
                v.framework
    It's actually a folder, though it has a different icon than usual. This item always has the above name; it doesn't vary. Drag it to the Trash and close the window.
    Don't delete the "Frameworks" folder or anything else inside it.
    If you didn't find the files or you're not sure about the identification, post what you found.
    If in doubt, or if you have no backups, change nothing at all.
    The trouble may have started when you downloaded and ran an application called "MPlayerX." That's the name of a legitimate free movie player, but the name is also used fraudulently to distribute VSearch. If there is an item with that name in the Applications folder, delete it, and if you wish, replace it with the genuine article from mplayerx.org.
    This trojan is often found on illegal websites that traffic in pirated content such as movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect more of the same, and worse, to follow. Never install any software that you downloaded from a bittorrent, or that was downloaded by someone else from an unknown source.
    In the Security & Privacy pane of System Preferences, select the General tab. The radio button marked Anywhere  should not be selected. If it is, click the lock icon to unlock the settings, then select one of the other buttons. After that, don't ignore a warning that you are about to run or install an application from an unknown developer.
    Then, still in System Preferences, open the App Store or Software Update pane and check the box marked
              Install system data files and security updates (OS X 10.10 or later)
    or
              Download updates automatically (OS X 10.9 or earlier)
    if it's not already checked.

  • Keithley source and measure code

    Hi all,
    I an trying a code in Labview on Keithley 2400 instrument.
    here my requirement is on my block diagram i want to write a program for source and measure and that can list out the any  error in that instrument once i run the code. it will list the errors like error1,error2,.......like that.
    In the out put window i want to see the instrument serial number.
    GPIB address
    set volt, set current and limit.
    display the error.
    please suggest me how to do this.

    The driver should have an error query on the utility menu. Modify it for the extra functionality and save it with a new name.

  • Does anyone know how or if even possible to block stations and limit content on iTunes Radio?

    Does anyone know how or if even possible to block stations and limit content on iTunes Radio?  I have younger children listening to inappropriate music.  I have the iPad locked down but that doesn't seem to help.

    Thank you for your response! I just don't want to spend more time on beautifying the libsyn page via hours of dumpster diving for code hence reaching out on here about iWeb (even if it's sadly been put out to pasture). This was the response that I got from Libsyn about this:
    Hello,
    Thanks for contacting us. Just to clarify, our system's blog page templates are basic 'starting points' -- we're working now to improve our basic blog page templates to make more options available to Libsyn users.
    You might be able to use your Libsyn show's RSS feed to generate content on an iWeb page. You could do a Google search for 'convert RSS to HTML' to learn more. Here's a link for more info about generating HTML content from an RSS feed source:
    http://www.blogtips.org/free-rss-tools/
    We appreciate your feedback and suggestions. Please let us know if you have any questions. 
    Any thoughts? Btw, if it possible to 'view source code' for an iWeb page that's created or to take html code and plaster it into an iWeb page? If that's possible then I might be able to use iWeb for Libsyn.

  • Proxy.cfg [Object Cache] section

    In the [Object Cache] section of Proxy.cfg I have questions on two parameters:
    cut thru no CLH length - The default is 51200 (Proxy Console #63) but Craig's Proxy.cfg sets it to 0. TID 10063926 talks about this but I wonder if this problem isn't fixed in NBM 3.9 SP1 and therefore doesn't need to be set to 0 now? Other TID's (10075563, 10069305 for instance) talk about setting it to 5120. What should be the correct setting for 3.9 SP1?
    disk management factor - the default is 400 (Proxy Console #63) but Craig's Proxy.cfg sets it to 4000. Can someone tell me what this does and why it should be set to 4000 instead of 400?
    thanks,
    dan

    Originally Posted by Craig Johnson
    In article <[email protected]>, Dchunt wrote:
    > [Object Cache]
    > dirsBasedOnVolumeSize = 0
    > cacheVolumeOnTradiitonal = 1
    > purgeVolumeAgressiveMode = 0
    > CacheNormalUsage = 85
    > CacheNormalUsageValue = -1
    > CacheHighUsage = 92
    > CacheHighUsageValue = -1
    > number of cache directories = 256
    > cut thru no CLH length = 51200
    > disk management factor = 400
    > max hot unreferenced time = 1800
    > nax hot nodes = 7000
    > size cahce hash table = 262144
    >
    > I mis-spoke when I said that you had the 'disk management factor' set
    > to 4000 in your proxy.cfg. It is not in there.
    OK - this is not something that is in proxy.cfg at all. These are
    settings in NWADMN32/iManager. For instance, the max hot nodes @ 7000
    is a default value that is too low for busy servers. (Recommended is
    50000). This sounds like you have not configured the server per the
    proxy tuning tid, or my BMgr books.
    > It is another
    > Proxy.cfg from one of our servers I was looking at. I was hoping to
    > find out what its use was, not to mention what the use was for the
    > other parameters in this section.
    Find the parameters in NWADMN32 (or iMan in BM 3.9) and check the help
    there. Also see the proxy tuning tid.
    >
    > Also, doesn't seem strange that the default for "cut thru no CLH
    > length" is 51200 but in TID 3988333 it is set to 0? That's a pretty
    > big differernce! This is also mentioned in TID 10063926, FWIW.
    >
    It seems odd at the moment - I've not really looked into it. I know
    that when the proxy.cfg setting came out, it fixed a lot of problem
    sites at the time. I've left it at the setting which worked for the
    time.
    Craig Johnson
    Novell Support Connection SysOp
    *** For a current patch list, tips, handy files and books on
    BorderManager, go to Craig Johnson Consulting - BorderManager, NetWare, and More ***
    Got it, Craig. I did forget to update some of the settings for the Proxy Cache in iManager. I'll leave the cut thru no CLH length at 0 for now.
    Dan

  • Proxy.CFG file

    The the revision 30 PROXY.CFG file from Craig Johnson, there appears to
    be a duplicate entery for the "enableCacheInVersionDowngrade" switch.
    Is this correct, or should one be deleted?
    ;New parameter from BM3.9SP1. Set this option to allow caching in
    proxy ;when browser is set to http 1.1 and web server responds with
    http 1.1
    enableCacheInVersionDowngrade=1
    ;New parameter (from BM38SP5_IR1.ZIP) to allow
    enableCacheInVersionDowngrade=1

    In article <Gh1Km.1589$[email protected]>, Chris Premo
    wrote:
    > The the revision 30 PROXY.CFG file from Craig Johnson, there appears to
    > be a duplicate entery for the "enableCacheInVersionDowngrade" switch.
    > Is this correct, or should one be deleted?
    >
    Typo I missed. You can delete one of them, but it won't hurt to have it
    in there twice. I'll try to correct it for rev 31!
    Craig Johnson
    Novell Support Connection SysOp
    *** For a current patch list, tips, handy files and books on
    BorderManager, go to http://www.craigjconsulting.com ***

  • Proxy.cfg - Correct setting for ResolveProxyIPAddress

    According to TID 3988333 the description of this parameter is "Default behaviour is to send an SSL authentication redirect to a host name instead of a IP address. 0 to disable the same. Requires PXY023 or later."
    Also, the default setting in Proxy.nlm is 1. However, in Craig's Proxy.cfg he has it set to 0. I would think you would want this to be set to 1, no?
    Dan

    OK, I had no idea that that is what this parameter pertained to. Now I see what you are talking about with the BorderManager SSL login as an alternative to Client Trust. We don't use that so that is why I didn't understand.
    To me this again proves that we need more documentation on what these parameters are and why you would use them. I would agree with you after hearing more background that it should be set to 0.
    FYI, the default for 3.9 SP1 proxy is 1! I wonder why Gonzalo thinks this is preferred?
    Dan
    Originally Posted by Craig Johnson
    In article <[email protected]>, Dchunt wrote:
    > Also, the default setting in Proxy.nlm is 1. However, in Craig's
    > Proxy.cfg he has it set to 0. I would think you would want this to be
    > set to 1, no?
    >
    If that's what I think it is, no. I think that has to do with how the
    SSL login page shows up on the browser. Default would have it show up
    with the server name as a URL. Unfortunately, that also means you need
    a DNS entry for the server name. The IP address has always worked,
    which is why I set that to 0. (It may be that the problems I've seen
    with SSL login failing with server name are related to incorrect host
    file entries, but I think it was more widespread than that).
    I definitely want the ssl logins redirected to IP address by default. I
    might go to a URL if I had purchased a 3rd party certificate,
    particularly if using authentication with reverse proxy. But I would be
    ironing out DNS issues as well.
    Craig Johnson
    Novell Support Connection SysOp
    *** For a current patch list, tips, handy files and books on
    BorderManager, go to Craig Johnson Consulting - BorderManager, NetWare, and More ***

  • Proxy.cfg IgnoreContent length vs IgnoreContentLengthCheck

    In Craig's Proxy.cfg he has both 'IgnoreContentLength' and 'IgnoreContentLengthCheck'. In TID 3988333 and in the default Proxy.cfg settings from Proxy Console Screen 63 it only shows 'IgnoreContentLengthCheck'.
    Apparently 'IgnoreContentLength' was used in BM 3.6 (bm36c02 TID 10072012). Are these both the same parameter but only 'IgnoreContentLengthCheck' applies to BM 3.9 SP1?
    If not, then what is the difference between the two?
    Dan

    Maybe that does make sense as 3.9 is significantly different than 3.8 and below. I was just trying to clean things up for my own proxy.cfg so that I knew what the various parameters were for. That is when I came across some of these anomalies. I understand what you were trying to do in terms of making a 'universal' proxy.cfg.
    Dan
    Originally Posted by Craig Johnson
    In article <[email protected]>, Dchunt wrote:
    > Apparently 'IgnoreContentLength' was used in BM 3.6 (bm36c02 TID
    > 10072012). Are these both the same parameter but only
    > 'IgnoreContentLengthCheck' applies to BM 3.9 SP1?
    >
    Very likely. Which makes it worriesome to remove entries that appear
    not to be needed in 3.9, if the proxy.cfg is to be used in other
    versions.
    I'm starting to think about creating a new version, for BM 3.9 only...
    Leave the old one as-is for 3.8 and earlier, and just put in new stuff
    for 3.9, with unnecessary settings removed. Should be the best of
    both worlds.
    Craig Johnson
    Novell Support Connection SysOp
    *** For a current patch list, tips, handy files and books on
    BorderManager, go to Craig Johnson Consulting - BorderManager, NetWare, and More ***

  • Proxy.cfg skipAuthForViaHeader parameter

    TID 3988333 says:
    skipAuthForViaHeader=1 (0 to disable)(Default=0)
    // Authentication to proxy bypassed when coming through another proxy.This setting must be configured in the proxy.cfg file to enable proxy to skip the authentication when the request is coming through another proxy.By default, proxy will request for authentication.
    This means to me that if I don't want authentication skipped if the NBM proxy is accessed by another proxy, then I would want this set to 0.
    Craig, in his Proxy.cfg says:
    ; New parameter from BM3.9SP1
    ; =1 prevents authentication from being bypassed when proxy accessed
    ; from another proxy. (Schools, take note!)
    skipAuthForViaHeader=1
    I read Craig's note as meaning that if I don't want authentication skipped if the NBM proxy is accessed by another proxy, then I would want this set to 1.
    Which is correct?
    Dan

    Luckily I don't have to deal with those in this environment; just adults that are not too savvy. However, It might be good to include as well just in case.
    Thanks, Craig. This is the kind of supporting information that might be useful to administrators so they can see 'why' you want to use the switch; not just what the states of the switch are. Of course I think I am 'preaching to the choir' as you have by far written the most on NBM and provided supporting documentation. Maybe a white paper on Proxy.cfg settings, when they are best used, whether they apply to just the forward proxy or reverse proxy or both, etc would be useful.
    I just found out the other day from Gonzalo that the Virus Definition patterns only apply to the reverse proxy. Therefore if I am not using a reverse proxy, I don't want to turn on that switch so I don't incur the additional overhead.
    Dan
    Originally Posted by Craig Johnson
    In article <[email protected]>, Dchunt wrote:
    > BTW, this parameter only comes into play if you have a proxy hierarchy,
    > right? IE, if you have a large organization and one part of it is using
    > a squid proxy then the output of that goes to an NBM proxy then the
    > output of that goes to the Internet, right? It doesn't come into play
    > if you have a single NBM proxy between you and the Internet, even if
    > you are going through the Internet to a site with a reverse proxy at
    > the far end, right?
    >
    I'll tell you when it comes into play... When you have some smart-*ssed
    teenager who finds out that without that switch he can run his own proxy
    (perhaps off a thumb drive) in a cache hierarchy, and completely bypass
    BMgr access rules.
    Craig Johnson
    Novell Support Connection SysOp
    *** For a current patch list, tips, handy files and books on
    BorderManager, go to Craig Johnson Consulting - BorderManager, NetWare, and More ***

  • Default proxy.cfg

    I may have a potential problem at a customer site, the customer running
    BM3.9 with proxy enabled. They also have Citrix servers which using
    proxy authentication. We used Craig's proxy.cfg and modified it to fit
    the customers enviroment and it has been running fine since then.
    The other day I was going through the customer enviroment and found
    that the proxy.cfg only contained about 20 rows (default one perhaps).
    When checking at the server console there were still configuration
    settings for terminal servers. So my question is does the server save
    the configuration settings and load them if proxy.cfg should be
    "zeroed"?
    Today the server was rebooted and still all seems to be working witout
    the settings in proxy.cfg.
    My next question is if it's possible to make a new proxy.cfg from the
    actual settings on the running server?
    //FCA68

    In article <DSRZk.5386$[email protected]>, Fca68 wrote:
    > So my question is does the server save
    > the configuration settings and load them if proxy.cfg should be
    > "zeroed"?
    >
    If you have no proxy.cfg and load BMgr, I think it does create a raw
    .cfg file with a few settings in it.
    > Today the server was rebooted and still all seems to be working witout
    > the settings in proxy.cfg.
    A BMgr server will run without all the extra settings in proxy.cfg.
    (Late version BMgrs with patches probably have many of those settings as
    defaults now, but not all). But there are definitely some non-default
    settings in the proxy.cfg from my web site, and I still recommend using
    it.
    >
    > My next question is if it's possible to make a new proxy.cfg from the
    > actual settings on the running server?
    >
    Well, yes I think it will create a bare minimum one if there is no
    proxy.cfg at all, but that does you no particular good. You can only
    change those settings by putting entries into the proxy.cfg file, so
    saving the proxy would normally only get you just what you started with
    when you loaded proxy.
    Craig Johnson
    Novell Support Connection SysOp
    *** For a current patch list, tips, handy files and books on
    BorderManager, go to http://www.craigjconsulting.com ***

  • Block ads and mackeeper ads

    How do I block Mackeeper adverts and random pop up adverts from popping up every time  I click on a new tab another ad pops up, and it is getting very annoying. I've tried clicking Safari>security and block ads, and deselected plug ins but they still come up.

    There is no need to download anything to solve this problem. You may have installed a variant of the "VSearch" ad-injection malware. Follow Apple Support's instructions to remove it.
    If you have trouble following those instructions, see below.
    Malware is always changing to get around the defenses against it. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.
    The VSearch malware tries to hide itself by varying the names of the files it installs. To remove it, you must first identify the naming pattern.
    Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination  command-C:
    /Library/LaunchDaemons
    In the Finder, select
              Go ▹ Go to Folder...
    from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.
    A folder named "LaunchDaemons" may open. Look inside it for two files with names of the form
              com.something.daemon.plist
    and
               com.something.helper.plist
    Here something is a variable string of characters, which can be different in each case. So far it has always been a string of letters without punctuation, such as "cloud," "dot," "highway," "submarine," or "trusteddownloads." Sometimes it's a meaningless string such as "e8dec5ae7fc75c28" rather than a word. Sometimes the string is "apple," and then you must be especially careful not to delete the wrong files, because many built-in OS X files have similar names.
    If you find these files, leave the LaunchDaemons folder open, and open the following folder in the same way:
    /Library/LaunchAgents
    In this folder, there may be a file named
              com.something.agent.plist
    where the string something is the same as before.
    If you feel confident that you've identified the above files, back up all data, then drag just those three files—nothing else—to the Trash. You may be prompted for your administrator login password. Close the Finder windows and restart the computer.
    Don't delete the "LaunchAgents" or "LaunchDaemons" folder or anything else inside either one.
    The malware is now permanently inactivated, as long as you never reinstall it. You can stop here if you like, or you can remove two remaining components for the sake of completeness.
    Open this folder:
    /Library/Application Support
    If it has a subfolder named just
               something
    where something is the same string you saw before, drag that subfolder to the Trash and close the window.
    Don't delete the "Application Support" folder or anything else inside it.
    Finally, in this folder:
    /System/Library/Frameworks
    there may an item named exactly
                v.framework
    It's actually a folder, though it has a different icon than usual. This item always has the above name; it doesn't vary. Drag it to the Trash and close the window.
    Don't delete the "Frameworks" folder or anything else inside it.
    If you didn't find the files or you're not sure about the identification, post what you found.
    If in doubt, or if you have no backups, change nothing at all.
    The trouble may have started when you downloaded and ran an application called "MPlayerX." That's the name of a legitimate free movie player, but the name is also used fraudulently to distribute VSearch. If there is an item with that name in the Applications folder, delete it, and if you wish, replace it with the genuine article from mplayerx.org.
    This trojan is often found on illegal websites that traffic in pirated content such as movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect more of the same, and worse, to follow. Never install any software that you downloaded from a bittorrent, or that was downloaded by someone else from an unknown source.
    In the Security & Privacy pane of System Preferences, select the General tab. The radio button marked Anywhere  should not be selected. If it is, click the lock icon to unlock the settings, then select one of the other buttons. After that, don't ignore a warning that you are about to run or install an application from an unknown developer.
    Then, still in System Preferences, open the App Store or Software Update pane and check the box marked
              Install system data files and security updates (OS X 10.10 or later)
    or
              Download updates automatically (OS X 10.9 or earlier)
    if it's not already checked.

Maybe you are looking for

  • From MacBook To External And Back

    Hi, I followed everything on here: http://docs.info.apple.com/article.html?artnum=301748 to bring all of my music onto an external whilst retaining the play count information and ratings and everything (I think) but how can I bring this music from th

  • OS Lion Server to OS Mavericks Server Upgrade Advice Needed

    a) Has anyone successfully done this on a corporate, AD bound, production, 10.7.5 Lion Server server with active Profile Manager accounts, 3rd party certificates, file sharing etc?  I'd like to assess probabilities of getting this done without having

  • N82 Sound Recorder Application?

    This has been a handy tool on pretty much every phone I can remember owning in this century, but I can't seem to find such a feature on my new N82 Am I missing something? Or does one not exist? If so, are there third party applications available for

  • ITunes 12 sidebar missing

    This complaint is a bit of a 3-part complaint... 1.  The iTunes 12 sidebar is gone.  I've read numerous other complaints on the site about this issue, and have seen the resolution given, which returns a limited, non-complete version of the sidebar. 

  • Jdk 1.1.8 instalation

    After setting my paths i get the error message "JAVA EXE files path does not exist. does anyone have a solution, i have homewrok to be in for Monday cheers