Proxy rule for CE

I have one CE configured as a transporent proxy for the clients. The DNS is located in SP. There is one intranet-web-site that requires special proxy. The DNS does not know anything about this site.
I created proxy-rule in CE, but does not work. I sniffed the traffic and I see that CE still tries 1st of all resolve the ip address with DNS, instead of redirect this traffic to different proxy.
The rule looks as:
rule enable
rule action use-proxy 168.192.1.17 8080 pattern-list 10 protocol all
rule pattern-list 10 url-regex \http://home.intranet.client.com/
Does somebody has suggestions what to do?

Natalia,
Have you verified the requests actually go to the server instead of the proxy, or only that the CE is doing a DNS lookup. Below is what the documentation states for rules, so it might be important to see what the proxy request looks like.
Michael Voight
CSE
If a rule is configured with a fully qualified domain name (FQDN) and a request is received with the partial domain name in transparent mode, the rule fails to be executed, because the FQDN is not in the request URL. In transparent mode, if a request is destined for a particular domain (for which a domain rule is configured) and does not contain the Host header, the rule pattern match fails.

Similar Messages

  • Apache Reverse rule for BSP applicaiton to run in Portal

    Dear Expert,
    In my portal lanscape we are using reverse proxy and have written some re-write rule in conf file.
    All my application other than BSP's are working fine..i am not able to figure it out as what went wrong in my reverse proxy rule
    for BSP applicaiton...can any one help me please..?
    My reverse proxy rule is as follows -
    <VirtualHost XX.XX.XX.XX:443>
        ServerAdmin webmaster@MDCLINUXHYPERV
        ServerName etenderqua.harmony.co.in
        DocumentRoot /var/www/html/ssl/irj
        ProxyRequests Off
        ProxyPreserveHost On
        ProxyVia on
        ProxyTimeout 900
        RequestHeader set ClientProtocol https
        RewriteEngine On
        RewriteLogLevel 9
    Portal Rewrite Rules -
        RewriteRule ^/(irj\(.*) http://mdcqa7.hardev.com:50000/irj/$1 [P,L]
        RewriteRule ^/(webdynpro\(.*) http://mdcqa7.hardev.com:50000/webdynpro/$1 [P,L]
        RewriteRule ^/(logon\(.*) http://mdcqa7.hardev.com:50000/logon/$1 [P,L]
        RewriteRule ^/(rtmfCommunicator\(.*) http://mdcqa7.hardev.com:50000/rtmfCommunicator/$1 [P,L]
    SRM Rewrite Rules -
        RewriteRule ^/(cfol1\(.*) http://mdcqa3.hardev.com:8000/cfol1/$1 [P,L]
        RewriteRule ^/(sap\(.*) http://mdcqa3.hardev.com:8000/sap/$1 [P,L]
        RewriteRule ^/(webdynpro\(.*) http://mdcqa3.hardev.com:8000/webdynpro/$1 [P,L]
        RewriteRule ^/(rtmfCommunicator\(.*) http://mdcqa3.hardev.com:8000/rtmfCommunicator/$1 [P,L]
      RewriteRule ^/(srm7\(.*) http://mdcqa3.hardev.com:8000/srm7/$1 [P,L]
      RewriteRule ^/(zbidder\(.*) http://mdcqa3.hardev.com:8000/zbidder/$1 [P,L]
    ECC Rewrite Rules -
        RewriteRule ^/(ecc\(.*) http://mdcqa1.hardev.com:8000/ecc/$1 [P,L]
        RewriteRule ^/(sap\(.*) http://mdcqa1.hardev.com:8000/sap/$1 [P,L]
        RewriteRule ^/(webdynpro\(.*) http://mdcqa1.hardev.com:8000/webdynpro/$1 [P,L]
        RewriteRule ^/(rtmfCommunicator\(.*) http://mdcqa1.hardev.com:8000/rtmfCommunicator/$1 [P,L]
    BI Rewrite Rules -
        RewriteRule ^/(bi\(.*) http://mdcqa5.hardev.com:8000/bi/$1 [P,L]
        RewriteRule ^/(sap\(.*) http://mdcqa5.hardev.com:8000/sap/$1 [P,L]
        RewriteRule ^/(webdynpro\(.*) http://mdcqa5.hardev.com:8000/webdynpro/$1 [P,L]
        RewriteRule ^/(rtmfCommunicator\(.*) http://mdcqa5.hardev.com:8000/rtmfCommunicator/$1 [P,L]
    SSL Configuration -
        SSLEngine on
        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4RSA:HIGH:MEDIUM:LOW:SSLv2:EXP:+eNULL
        SSLCertificateFile /etc/pki/tls/certs/etender.crt
        SSLCertificateKeyFile /etc/pki/tls/certs/etender.key
    Portal Proxy Pass Rules -
    ProxyPass /irj http://mdcqa7.hardev.com:50000/irj
        ProxyPassReverse /irj http://mdcqa7.hardev.com:50000/irj
        ProxyPass /webdynpro http://mdcqa7.hardev.com:50000/webdynpro
        ProxyPassReverse /webdynpro http://mdcqa7.hardev.com:50000/webdynpro
        ProxyPass /logon http://mdcqa7.hardev.com:50000/logon
        ProxyPassReverse /logon http://mdcqa7.hardev.com:50000/logon
        ProxyPass /rtmfCommunicator http://mdcqa7.hardev.com:50000/rtmfCommunicator
        ProxyPassReverse /rtmfCommunicator http://mdcqa7.hardev.com:50000/rtmfCommunicator
    SRM Proxy Pass Rules -
        ProxyPass /sap http://mdcqa3.hardev.com:8000/sap
        ProxyPassReverse /sap http://mdcqa3.hardev.com:8000/sap
        ProxyPass /cfol1 http://mdcqa3.hardev.com:8000/cfol1
        ProxyPassReverse /cfol1 http://mdcqa3.hardev.com:8000/cfol1
       ProxyPass /srm7 http://mdcqa3.hardev.com:8000/srm7
       ProxyPassReverse /srm7 http://mdcqa3.hardev.com:8000/srm7
       ProxyPass /zbidder http://mdcqa3.hardev.com:8000/zbidder
       ProxyPassReverse /zbidder http://mdcqa3.hardev.com:8000/zbidder
        ProxyPass /webdynpro http://mdcqa3.hardev.com:8000/webdynpro
        ProxyPassReverse /webdynpro http://mdcqa3.hardev.com:8000/webdynpro
        ProxyPass /rtmfCommunicator http://mdcqa3.hardev.com:8000/rtmfCommunicator
        ProxyPassReverse /rtmfCommunicator http://mdcqa3.hardev.com:8000/rtmfCommunicator
    ECC Proxy Pass Rules -
        ProxyPass /ecc http://mdcqa1.hardev.com:8000/ecc
        ProxyPassReverse /ecc http://mdcqa1.hardev.com:8000/ecc
        ProxyPass /sap http://mdcqa1.hardev.com:8000/sap
        ProxyPassReverse /sap http://mdcqa1.hardev.com:8000/sap
        ProxyPass /webdynpro http://mdcqa1.hardev.com:8000/webdynpro
        ProxyPassReverse /webdynpro http://mdcqa1.hardev.com:8000/webdynpro
        ProxyPass /rtmfCommunicator http://mdcqa1.hardev.com:8000/rtmfCommunicator
        ProxyPassReverse /rtmfCommunicator http://mdcqa1.hardev.com:8000/rtmfCommunicator
    BI Proxy Pass Rules -
        ProxyPass /bi http://mdcqa5.hardev.com:8000/bi
        ProxyPassReverse /bi http://mdcqa5.hardev.com:8000/bi
        ProxyPass /sap http://mdcqa5.hardev.com:8000/sap
        ProxyPassReverse /sap http://mdcqa5.hardev.com:8000/sap
        ProxyPass /webdynpro http://mdcqa5.hardev.com:8000/webdynpro
        ProxyPassReverse /webdynpro http://mdcqa5.hardev.com:8000/webdynpro
        ProxyPass /rtmfCommunicator http://mdcqa5.hardev.com:8000/rtmfCommunicator
        ProxyPassReverse /rtmfCommunicator http://mdcqa5.hardev.com:8000/rtmfCommunicator
    Error Logs -
        ErrorLog logs/qua.portal.domain.com-error_log
        CustomLog logs/qua.portal.domain.com-access_log common
        RewriteLog logs/qua.portal.domain_unsecured_rewrite.log
    </VirtualHost>

    Dear Keseli,
    Now..i am facing one more issue...
    My rules are as follows : -
    SRM Rewrite rule -
    RewriteRule ^/(sap\(.*) http://mdcqa5.hardev.com:8000/sap/$1 P,L
    ProxyPass /sap http://mdcqa5.hardev.com:8000/sap
    ProxyPassReverse /sap http://mdcqa5.hardev.com:8000/sap
    BI Rewrite Rule -
    RewriteRule ^/(sap\(.*) http://mdcqa7.hardev.com:8000/sap/$1 P,L
    ProxyPass /sap http://mdcqa7.hardev.com:8000/sap
    ProxyPassReverse /sap http://mdcqa7.hardev.com:8000/sap
    these rules are written under the same Virtual Host, we are using only one virtual host .From our analysis we knew that the reverse proxy read this file from the starting as as soon as it find the pattern at the left side of the rule it simply directs the request to URL right hand side.
    My issue is, since we have created BSP services in SRM and BI...it always directs the request to the matching pattern given in the first occrences.
    In the above example it always directs the call to the SRM bsp..never reaches to BI.
    Can you suggest us any way out..?

  • Strange info in "Bypass Proxy Settings for These Hosts and Domains"

    For my Mac Mini my Network IP Address always has a self-assigned 169.254 number that I cannot change. Strangely, this same IP number is similar to info that is in the Proxies section (of Network Settings) under "Bypass Proxy Settings for These Hosts and Domains".
    No matter what I do, this info (*,local, 169.254/16) appears in my Network Settings in the Proxies section under "Bypass Proxy Settings for These Hosts and Domains". (I tried removing the info and it would cause the "Configure Proxies" selection to default to "Always Use PAC File". Had to go back and retrash all the plist files to have Proxies go back to "Configure Proxies-Manually". Still, the info (*,local, 169.254/16) continues to appear in the "Bypass Proxy Settings for These Hosts and Domains" section and my IP address is always a 169.254 number.)
    Comcast cable modem via direct hardwired Ethernet works fine with my other computer, so not the modem. Also, other computer does not have any info in the "Bypass Proxy Settings for These Hosts and Domains" section.
    Installed a fresh copy of OS X 11.5 on a new hard drive. Still the same problem.
    I posted this issue before but only got one responder and the problem still exists. Any clues? Somebody must know about this stuff. Help please.
    Thanks

    When your Mac wakes up, it does not yet have an IP Addresss. It wants to send a request to a Router for an apprpriste IP address to use now. But it needs to have an IP address (like a return address) to receive any messages. So, ... wait for it,
    ... it (your Mac) makes one up. There are rules that ensure it is a random address, but they always start with 169.254. It is on the same subnet with any low-order 16 bits This is the "self-assigned" range of IP Addresses. This address is only good for talking on a local network segment, for things like asking for a valid IP Address from a DHCP-enabled Router.
    In most cases, on most networks, the 169.254 self-assigned IP Address is replaced by a valid Local IP Address such as 192.168.xxx yyy or 10.0.xxx.yyy so quickly that you never even see the 169.254 Address.
    If you do see the 169.254 Address, it can be read as "Nobody will talk to me" or "Nobody will give me an IP Address". When you have this IP Address for more than an instant, you should suspect bad cables for Ethernet connections, bad signal strength or interference for wireless, Router configuration problems, or Mac configuration problems.
    Mac configuration problems are often solved by using the "Assist Me" button is System Preferences > Network  and choosing to set up again.
    Another diagnostic is to try using Network Utility and the Ping function, and Ping-ing the address of your Airport base Station, often 192.168.0.1 or 10.0.0.1 or similar. This will tell you if the Router is reachable, or there are cabling/wirelss signal problems.
    In this case, proxies are not an issue, and are simply a distraction from the real problems.

  • ASA - cut through proxy authentication for RDP?

    I know how to set this up on a router (dynamic access-list - lock and key)... But, I'm having trouble understanding how to setup OUTSIDE to INSIDE cut through proxy authentication for RDP.
    OUTSIDE to INSIDE RDP is currently working.
    I have 2 servers I want RDP open for..
    [*]OUTSIDE 1.1.1.1 to INSIDE 10.10.70.100
    [*]OUTSIDE 1.1.1.2 to INSIDE 10.10.50.200
    What's required for OUTSIDE users  to authenticate on the ASA before allowing port 3389 opens? I was hoping for is a way to SSH into this ASA, login with a special user, then have the ASA add a dynamic ACE on the OUTSISE interface to open 3389 for a designated time limit. Is this possible?
    Here is my current config.
    [code]
    ASA Version 8.2(5)
    hostname ASA5505
    names
    name 10.10.0.0 LANTraffic
    name 10.10.30.0 SALES
    name 10.10.40.0 FoodServices
    name 10.10.99.0 Management
    name 10.10.20.0 Office
    name 10.10.80.0 Printshop
    name 10.10.60.0 Regional
    name 10.10.70.0 Servers
    name 10.10.50.0 ShoreTel
    name 10.10.100.0 Surveillance
    name 10.10.90.0 Wireless
    interface Ethernet0/0
    description TO INTERNET
    switchport access vlan 11
    interface Ethernet0/1
    description TO INSIDE 3560X
    switchport access vlan 10
    interface Ethernet0/2
    shutdown
    interface Ethernet0/3
    shutdown
    interface Ethernet0/4
    shutdown
    interface Ethernet0/5
    shutdown
    interface Ethernet0/6
    shutdown
    interface Ethernet0/7
    shutdown
    interface Vlan1
    no nameif
    security-level 50
    no ip address
    interface Vlan10
    description Cisco 3560x
    nameif INSIDE
    security-level 100
    ip address 10.10.1.1 255.255.255.252
    interface Vlan11
    description Internet Interface
    nameif OUTSIDE
    security-level 0
    ip address 1.1.1.1 255.255.255.224
    ftp mode passive
    clock timezone PST -8
    clock summer-time PDT recurring
    dns domain-lookup OUTSIDE
    dns server-group DefaultDNS
    name-server 8.8.8.8
    name-server 4.2.2.2
    domain-name test.local
    access-list RDP-INBOUND extended permit tcp any host 1.1.1.1 eq 3389
    access-list RDP-INBOUND extended permit tcp any host 1.1.1.2 eq 3389
    pager lines 24
    logging enable
    logging timestamp
    logging trap warnings
    logging device-id hostname
    logging host INSIDE 10.10.70.100
    mtu INSIDE 1500
    mtu OUTSIDE 1500
    ip verify reverse-path interface OUTSIDE
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-645.bin
    no asdm history enable
    arp timeout 14400
    global (OUTSIDE) 1 interface
    nat (INSIDE) 1 LANTraffic 255.255.0.0
    static (INSIDE,OUTSIDE) tcp interface 3389 10.10.70.100 3389 netmask 255.255.255.255
    static (INSIDE,OUTSIDE) tcp 1.1.1.2 3389 10.10.50.200 3389 netmask 255.255.255.255
    access-group RDP-INBOUND in interface OUTSIDE
    route OUTSIDE 0.0.0.0 0.0.0.0 1.1.1.1 1
    route INSIDE LANTraffic 255.255.0.0 10.10.1.2 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    aaa authentication ssh console LOCAL
    aaa authentication http console LOCAL
    http server enable
    http Management 255.255.255.0 INSIDE
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    telnet timeout 5
    ssh 10.10.70.100 255.255.255.255 INSIDE
    ssh Management 255.255.255.0 INSIDE
    ssh 0.0.0.0 0.0.0.0 OUTSIDE
    ssh timeout 5
    ssh version 2
    console timeout 0
    threat-detection basic-threat
    threat-detection scanning-threat shun
    threat-detection statistics access-list
    threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
    webvpn
    username scott password CNjeKgq88PLZXETE encrypted privilege 15
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect ip-options
      inspect netbios
      inspect rsh
      inspect rtsp
      inspect skinny
      inspect esmtp
      inspect sqlnet
      inspect sunrpc
      inspect tftp
      inspect sip
      inspect xdmcp
    service-policy global_policy global
    prompt hostname context
    no call-home reporting anonymous
    call-home
    profile CiscoTAC-1
      no active
      destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
      destination address email [email protected]
      destination transport-method http
      subscribe-to-alert-group diagnostic
      subscribe-to-alert-group environment
      subscribe-to-alert-group inventory periodic monthly
      subscribe-to-alert-group configuration periodic monthly
      subscribe-to-alert-group telemetry periodic daily
    Cryptochecksum:1e9d278ce656f22829809f4c46b04a07
    : end
    [/code]

    You're running ASA 8.2(5). In 8.4(2) Cisco added support for what they call Identity Firewall rules. That is, you can make access-lists entries specific to users (or object groups containing users).
    There's an overview document on this posted here. It's a bit dated but I believe the only change is that Cisco is now preferring use of the more current Context Directory Agent (CDA) - a free VM they provide - vs. the deprecated AD agent (software service that runs on your DC).

  • Privacy Enhancing Filtering Proxy Chain for OS X

    A privacy enhanced web proxy is a nearly essential tool on the modern web: it blocks ads, malicious scripts, and conceals information used to track you around the web. I've provided a quick setup below in case it's useful to others. This will build a privatizing squid:privoxy proxy chain that works with any browser, and can be used by anyone on your LAN, including and especially secure VPN logins and ssh tunnels. In my experience, this setup is a lot more capable and effective than using a simple adblocking Firefox Add-On. There's a world of difference between reading ad-filled web pages with and without a filtering proxy server. I've also included information for a polipo proxy that can be used with Tor for full anonymity, as well as a script for ssh tunnelling
    Install Xcode and Macports
    Install squid, privoxy, and polipo:
    $ sudo port selfupdate
    $ sudo port install squid privoxy polipo
    $ sudo port load squid privoxy polipo
    Configure the squid/privoxy/polipo config files shown below, then relaunch the proxies and test to make sure they're up:
    $ sudo launchctl unload -w /Library/LaunchDaemons/org.macports.Squid.plist
    $ sudo launchctl load -w /Library/LaunchDaemons/org.macports.Squid.plist
    $ sudo launchctl unload -w /Library/LaunchDaemons/org.macports.Privoxy.plist
    $ sudo launchctl load -w /Library/LaunchDaemons/org.macports.Privoxy.plist
    $ sudo launchctl unload -w /Library/LaunchDaemons/org.macports.Polipo.plist
    $ sudo launchctl load -w /Library/LaunchDaemons/org.macports.Polipo.plist
    $ nmap -p 3128,8118,8123 localhost
    Starting Nmap 5.51 ( http://nmap.org ) at 2012-02-07 11:47 EST
    Nmap scan report for localhost (127.0.0.1)
    Host is up (0.00013s latency).
    PORT     STATE SERVICE
    3128/tcp open  squid-http
    8118/tcp open  privoxy
    8123/tcp open  polipo
    Now web applications can use your filtering web proxy chain. If you use the config files below, websites will not know where you came from (HTTP_REFERER header is forged), and will not know your User Agent (also forged), and read access is block to several HTTP header fields. Ads are filtered. Your connection looks like this:
    Application  <--port 3128-->  Squid  <--port 8118--> Privoxy  <----> Internet
    Configure your network to add an option to route your web traffic through this proxy. System Preferences>Network>Wi-Fi/Ethernet/...>Locations:>Edit Locations...> Gear icon, Duplicate Location, Advanced...>Proxies> Check boxes for HTTP and HTTPS web proxies with proxy server localhost:3128.
    While you're at it, configure your OS and browsers to block Adobe flash cookies. Read this WSJ article series to understand how this impacts your privacy.
    System Preferences>Flash Player>Block all sites from storing information, using your camera and microphone, and networking with peers. Also Delete all data and go to this Adobe Flash Player Settings web page and block all sites from storing information, using your camera and microphone, and networking with peers.
    Firefox/Safari>DO NOT ALLOW third party cookies, request not to be tracked
    Firefox Add-Ons: NoScript (blocks/manages JavaScript), Beef TACO (blocks/manages flash cookies), BetterPrivacy (blocks/manages flash cookies), and the EFFs HTTPS Everywhere.
    You can also download the Tor anonymous proxy chain for both OS X and iOS devices. This will run a little polipo proxy natively on mobile devices.
    Here are the config file settings. Search through the config file too see the appropriate location for these settings. Turn off http_access and icp_access (squid), permit-access (privoxy), and allowedClients (polipo) if you do not want everyone on your LAN to be able to use the proxy. Double check that you're not running an open web proxy on the internet.
    $ sudo vi /opt/local/etc/squid/squid.conf
    # See http://www.privoxy.org/user-manual/config.html
    # Define Privoxy as parent proxy (without ICP)
    cache_peer 127.0.0.1 parent 8118 7 no-query
    http_access allow localnet
    icp_access allow localnet
    via off
    # old 'http_anonymizer standard'
    header_access From deny all
    # forge Referer in Privoxy
    # header_access Referer deny all
    header_access Server deny all
    # forge User-Agent in Privoxy
    # header_access User-Agent deny all
    header_access WWW-Authenticate deny all
    header_access Link deny all
    # more privacy
    header_access Cache-Control deny all
    header_access Proxy-Connection deny all
    header_access X-Cache deny all
    header_access X-Cache-Lookup deny all
    header_access Via deny all
    header_access Forwarded-For deny all
    header_access X-Forwarded-For deny all
    header_access Pragma deny all
    header_access Keep-Alive deny all
    shutdown_lifetime 10 seconds
    # See http://www.privoxy.org/user-manual/config.html
    # Define ACL for protocol FTP
    acl ftp proto FTP
    # Do not forward FTP requests to Privoxy
    always_direct allow ftp
    # See http://www.privoxy.org/user-manual/config.html
    # Forward all the rest to Privoxy
    never_direct allow all
    dns_nameservers 10.0.1.2 10.0.1.1
    forwarded_for off
    $ sudo vi /opt/local/etc/privoxy/config
    forward  /      .
    $ sudo vi /opt/local/etc/privoxy/match-all.action
    +change-x-forwarded-for{block} \
    +deanimate-gifs{last} \
    +filter{refresh-tags} \
    +filter{img-reorder} \
    +filter{banners-by-size} \
    +filter{webbugs} \
    +filter{jumping-windows} \
    +filter{ie-exploits} \
    +hide-from-header{block} \
    +hide-referrer{conditional-block} \
    +session-cookies-only \
    +set-image-blocker{pattern} \
    / # Match all URLs
    # See http://www.christianschenk.org/blog/enhancing-your-privacy-using-squid-and-privo xy/
    +hide-referrer{conditional-forge} \
    +hide-user-agent{Mozilla/5.0} \
    / # Match all URLs
    $ sudo vi /opt/local/etc/privoxy/user.action
    # fix bing's travel site, others
    { -block }
    ads1.msn.com/
    .bing.com/travel/jsxc\.vjs\?
    .onecause.com
    .apple.com
    .go.com
    # sourceforge
    { -block -filter -deanimate-gifs}
    .sourceforge.net
    .dell.com
    # expedia
    { -hide-user-agent }
    .expedia.com
    # don't filter downloads
    {-filter -deanimate-gifs}
    /.*\.iso(\?|$)
    /.*\.mp3(\?|$)
    /.*\.mp4(\?|$)
    /.*\.mov(\?|$)
    /.*\.mpg(\?|$)
    /.*\.ogg(\?|$)
    /.*\.aac(\?|$)
    /.*\.zip(\?|$)
    /.*\.pdf(\?|$)
    /.*\.dmg(\?|$)
    /.*\.tar(\?|$)
    /.*\.gz(\?|$)
    /.*\.dat(\?|$)
    $ sudo vi /opt/local/etc/privoxy/config
    proxyAddress = "0.0.0.0"    # IPv4 only
    allowedClients = 127.0.0.1, 10.0.1.0/16

    This configuration looks great and I was try to apply for my laptop. Unfortunatly I'm not an expert, and I have problem with config file settings for squid.config.
    I was installing squid (at first 2.7 version but later 3.1, because being able to use the GUI squidMan)), Privoxy and polipo with sucess with MacPorts. Using also MacPort to get nmap.and proxies look to be up :
    Starting Nmap 6.01 ( http://nmap.org ) at 2012-08-23 21:59 PHT
    Nmap scan report for localhost (127.0.0.1)
    Host is up (0.00046s latency).
    PORT     STATE SERVICE
    3128/tcp open  squid-http
    8118/tcp open  privoxy
    8123/tcp open  polipo
    Configure the network was not a problem (just an interrogation about FTP proxy ?)
    To edit and add lines and save  match-all.action,user.action
    was fine also. I don't know why the command sudo vi /opt/local/etc/privoxy/config is repeat twice one to add forward  / and later 
    proxyAddress = "0.0.0.0"    # IPv4 only
    allowedClients = 127.0.0.1, 10.0.1.0/16
    I was add these 3 lines anyway, the main problem being I guess to put properly configurations  for squid.conf
    Here below the template gave by SquidMan,(easier for me getting the main lines!) I just have modified Privoxy as parent proxy but I was not able to manage properly where adding these settings.( getting error about localhost ie).
    Could you kindly past them in this template ? I guess it will fix my configuration ! thank you in advance.
    Sincerly,
    Franck
    # WARNING - do not edit this template unless you know what you are doing
    # the parent cache
    cache_peer 127.0.0.1 parent 8118 7 no-query no-digest no-netdb-exchange default
    # disk and memory cache settings
    cache_dir ufs %CACHEDIR% %CACHESIZE% 16 256
    maximum_object_size %MAXOBJECTSIZE%
    # store coredumps in the first cache dir
    coredump_dir %CACHEDIR%
    # the hostname squid displays in error messages
    visible_hostname %VISIBLEHOSTNAME%
    # log & process ID file details
    cache_access_log %ACCESSLOG%
    cache_log %CACHELOG%
    cache_store_log %STORELOG%
    pid_filename %PIDFILE%
    # Squid listening port
    http_port %PORT%
    # Access Control lists
    acl localhost src 127.0.0.1/32
    acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
    acl manager proto cache_object
    acl SSL_ports port 443
    acl Safe_ports port 80                    # http
    acl Safe_ports port 21                    # ftp
    acl Safe_ports port 443                    # https
    acl Safe_ports port 70                    # gopher
    acl Safe_ports port 210                    # wais
    acl Safe_ports port 1025-65535          # unregistered ports
    acl Safe_ports port 280                    # http-mgmt
    acl Safe_ports port 488                    # gss-http
    acl Safe_ports port 591                    # filemaker
    acl Safe_ports port 777                    # multiling http
    acl CONNECT method CONNECT
    %ALLOWEDHOSTS%
    %DIRECTHOSTS%
    # Only allow cachemgr access from localhost
    http_access allow manager localhost
    http_access deny manager
    # Deny requests to certain unsafe ports
    http_access deny !Safe_ports
    # Deny CONNECT to other than secure SSL ports
    http_access deny CONNECT !SSL_ports
    # protect web apps running on the proxy host from external users
    http_access deny to_localhost
    # rules for client access go here
    http_access allow localhost
    %HTTPACCESSALLOWED%
    # after allowed hosts, deny all other access to this proxy
    # don't list any other access settings below this point
    http_access deny all
    # specify which hosts have direct access (bypassing the parent proxy)
    %ALWAYSDIRECT%
    always_direct deny all
    # hierarchy stop list (squid-recommended)
    hierarchy_stoplist cgi-bin ?
    # refresh patterns (squid-recommended)
    refresh_pattern ^ftp:                    1440          20%          10080
    refresh_pattern ^gopher:          1440          0%          1440
    refresh_pattern -i (/cgi-bin/|\?) 0          0%          0
    refresh_pattern .                    0          20%          4320

  • Advance Rules for routing in Oracle BPM Human Task

    Hi,
    I am working on SOA 11.1.1.5.0. I have created a sample SOA application with a Human Task.
    following are the Assignment details for my Human Task.
    1. Created a stage1
    2. Created a participant with following details
    Type = Single
    Build a list of participant using : ApproverGroup
    Specify attribute using : Rule-Based
    List Ruleset : SampleRuleset
    I have created some Advance Rules for routing as specified at http://www.orastudy.com/oradoc/selfstu/fusion/integration.1111/e10224/bp_hwfmodel.htm#BABGJGBD .Routing is perfectly working in my application.
    But when I login into WorklitApplication via weblogic user and accessed Administration link, under Task Configuration > Data Driven tab these Routing Rules are not appearing, however I can see this SampleRuleset there.
    I want to know whether these Routing Rules will be appeared in the WorklistApplication or not?
    regards,

    Hi,
    Concerning your first question the answer is yes, you can share the same UI with various Human Tasks. Assuming that your discriminator flag is the human task type, then you can create for example a taskflow parameter, pass this value and based on this value hide and show fields. You will have to bundle your UI project as an ADF shared library and attach it to each Human Task project that you would like to use it, drag and dropping the taskflow as a region (please have in mind that your taskflow pages definition should be set to fragments).
    For you second question, again the answer is yes. This is an out-of-the-box functionality provided by the auto-generated human task. There is a section called history that holds and displays all this information.
    For the third point, again the answer is yes. What you can do is that you can enable the OnTaskCompleted event so that whenever a participant complete their task to generate an event. Then you can have a mediator or a BPEL process that can subscribe to this event and process the notification.
    For question 4 i don't think that is possible (out of the box). You will have to write like a proxy service that will fetch this additional information from your LDAP server and map it to your participants list.
    Question 5, the organizational chart allows you to define the structure and hierarchy of your organization (users, groups, application roles) which can be used in your business processes to define your various approval types.
    For you last question, the shared flag is used for to define whether your logical roles (also called application roles) should be specific to a process or can be shared across processes.
    Regards
    Antonis

  • [SOLVED] how to use diffrent iptables rules for different ppp account?

    x86 plantform run arch linux system , have two network interface etn1 eth0 .eth1 connect to internet. eth0 connect to other terminals through switch. want use different iptables rules for different pppoe account .also want to know how to forbidden more than one terminals established pppoe link use same account at the same time .
    Last edited by linuxsir (2013-09-26 06:48:01)

    (You establish PPPoE sessions over the local network to the Arch machine? Which then routes the traffic?)
    first question ,yes that is exactly what i am done. second question i also have a small  scripts on windows pc to solve routes traffic problem
    route -p delete 0.0.0.0
    route -p add 192.168.9.0 mask 255.255.255.0 192.168.9.1
    route -p add 0.0.0.0 mask 0.0.0.0 192.168.22.0
    but after a while i found scripts is not necessary because windows always attempt to use PPPoE sessions as default internet connection local connection is also ok
    and use  -i pppX in my iptables rules dose not  solve my problem , because same account start PPPoE session could be marked as ppp0 or ppp1. it is hard to identified which account start session.

  • Data not coming from DOE to Mobile After defining Rule for device attribute

    Hi All,
    I have created a DO and rule for it.In case of Bulk Rule for all definition when i triggere extract from Portal then all the data comes to outbound queue but when i define rule for Device attribute then no data comes to my Outboun queue.Here is the scenario what i am doing :
    1. I have order header in my backend which has a field named "Work_Center" and this will be criteria field.
    2. In CDS table i have all the records for all the work center.
    3. Now in RMM under customized , i have added an attribute named "Work_center".
    4. Now i defined a rule with Device attribute mapping and activated the rule.
    5. Now on Portal i assigned this data object and in the device attribute tab i assigned the value(this value exist in CDS table for few orders) of a   Work center to the attribute "Work_Center" .
    6. Then i triggrere extract but its Outbound queue is empty, what could be the reason.
    Is my approach is correct
    Regards,
    Abhishek

    Hi Abhishek,
    You can check one ore thing, after you have performed all the steps till step 5, i.e. just before triggering
    extract. Check if the AT table for ur DO has entries based on the criteria specified by you...
    1. In the workbench click on the Data Object, and then right click and select "View Metadata".
    2. Select Distribution Model tab.
    3. Now select your DO's Association table.
    4. For the input field DEVICE ID specify your corresponing device id,and also for status field specify it 
        as "I"  and execute
    If there are any entries now in the AT table, and on triggering extract if they are not coming to the
    outbound Q there is some EXTRACT Q blocked. And is there were no entries in the AT then the rule
    specified is not  the satifying.
    Thanks,
    Swarna
    Now if you have entries w

  • Leave Quota generation with diifferent rules for different countries

    Hi,
    I have the following requirement need help in achieving this.
    Employers must grant 10 days paid leave to employees that worked for six consecutive months from the time of hiring and who worked on not less than 80 per cent of all schedule work days. This paid leave may be taken consecutively or separately. Where an employee's application to take paid leave will hinder the normal business operations, the employer may require the employee to take such paid leave at a different time.
    The number of days of paid leave available to employees increases in proportion to employees' length of service as set forth in the below table.
    Years of Service  0.5  1.5  2.5  3.5   4.5   5.5   6.5+
    Paid Holidays         10    11  12   14    16    18    20
    The right to annual paid leave expires after two years. In other words, annual paid leave left over from one year may be carried over and taken the next year only. For example, if an employee is awarded 10 days paid leave after their first 6 months of employment; those paid holidays will become invalid after 2.5 years of employment. Use them or lose them.
    Simply put, holidays from one year can be carried over to the next year, but not to the third year. So, if you don't take your leave from one particular year within 12 months of that year ending, you will lose that first year's allowance.
    Employee can take leave encashment of holiday leave only when leaving their employer. It is not legal for companies to buy up the holiday leave of those still working for the firm.
    In my organization one PSG grouping has been used for all countries, it wont be possible to change the grouping now. In such a case how can we provide different rule for different country without customizing the Leave module.
    Do we have to use any PCR for this, if yes which??
    Regards,
    Jailakshmi
    Edited by: Jailakshmi on Aug 3, 2011 7:16 AM

    Hi,
    Use QUOMO Feature to give different entitilement to employees.
    Leave entitlement as per seniority can be configured in base entitlement.
    Keep validity and deduction period for 2 years by using :Relative postion" option in validity and deduction period table.
    Rgds,
    Lata
    Rgds,

  • I am using a work laptop and have the same problem. When I try to change the "configure proxy", they only available option is "use this proxy server for all protocols". Could it be that my system administrator blocked me from changing it since they don'

    I am using a work laptop and have the same problem. When I try to change the "configure proxy", they only available option is "use this proxy server for all protocols". Could it be that my system administrator blocked me from changing it since they don't want us to use Firefox.
    == User Agent ==
    Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.4; FNGP_SYS)

    Start Firefox in [[Safe Mode]] to check if one of your add-ons is causing your problem (switch to the DEFAULT theme: Tools > Add-ons > Themes).
    See [[Troubleshooting extensions and themes]] and [[Troubleshooting plugins]]
    If it does work in Safe-mode then disable all your extensions and then try to find which is causing it by enabling one at a time until the problem reappears.
    You can use "Disable all add-ons" on the ''Safe mode'' start window.
    You have to close and restart Firefox after each change via "File > Exit" (on Mac: "Firefox > Quit")

  • Problem with nat / access rule for webserver in inside network asa 5505 7.2

    Hello,
    i have trouble setting up nat and access rule for webserver located in inside network.
    I have asa 5505 version 7.2 and it has to active interfaces, inside 192.168.123.0 and outside x.x.x.213
    Webserver has ip 192.168.123.11 and it needs to be accessed from outside, ip x.x.x.213.
    I have created an static nat rule with pat (as an appendix) and access rules from outside network to inside interface ip 192.168.123.11 (tcp 80) but no luck.
    What am i doing wrong?

    Command:
    packet-tracer input outside tcp 188.x.x.213 www 192.168.123.11 www detailed
    Phase: 1
    Type: FLOW-LOOKUP
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    Found no matching flow, creating a new flow
    Phase: 2
    Type: ROUTE-LOOKUP
    Subtype: input
    Result: ALLOW
    Config:
    Additional Information:
    in   192.168.123.0   255.255.255.0   inside
    Phase: 3
    Type: ACCESS-LIST
    Subtype:
    Result: DROP
    Config:
    Implicit Rule
    Additional Information:
    Forward Flow based lookup yields rule:
    in  id=0x35418d8, priority=500, domain=permit, deny=true
        hits=1, user_data=0x6, cs_id=0x0, reverse, flags=0x0, protocol=0
        src ip=188.x.x.213, mask=255.255.255.255, port=0
        dst ip=0.0.0.0, mask=0.0.0.0, port=0
    Result:
    input-interface: outside
    input-status: up
    input-line-status: up
    output-interface: inside
    output-status: up
    output-line-status: up
    Action: drop
    Drop-reason: (acl-drop) Flow is denied by configured rule

  • Report on settlement profile/rule for the Process Orders ?

    Is there any report which will display settlement profile for process order or settlement rule for process order.

    Hi,
    Did you try this one: KOSRLIST_OR - Settlement Rules?
    Regards,
    Eli

  • Any report to check vacation rule for users?

    any report to check vacation rule for users?

    Hello Anand,
    there is no report but you may use the production order info system with list "components" and create a layout contaning the issued quantity and/or the final issue indicator. With a correct sorting, the list should show all orders with non-issued components at the top.
    Regards, Andreas

  • Error when activating update rules for R/3 training and event management

    hi all,
    when iam trying to activate update rules for training and event management cube it is giving fallowing error."IC=0PE_C01 IS=0HR_PE_1 error when checking the update rules
    Message no. RSAU461".
    please guide me how to solve this issue.
    thanks & regards
    Vamshi D Krishna

    Hi Vamsi,
    Have you followed the following document to implement HR ?
    https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/a0780530-bf03-2b10-d5ad-e9e8a53def23

  • How can I activate the transfer rules for the ODS updating a data target.

    We are on BW 3.5 and I'm loading data into the 0FIGL_O10 ODS  and then uploading the data into the cube 0FIGL_C10. The data loads just fine to the ODS but when I try to <u><b>'update the data target'</b></u> I get a date & time stamp' error on the info-package transfer rules.
    I then Replicate the datasource 80FIGL_O01.
    I must then <u><b>'activate' the transfer rules</b></u>.
    However I cannot get the transfer rules for 80FIGL_O10 in CHANGE MODE to activate them.
    How can I activate the transfer rules for the ODS updating a data target.
    The error text is as follows:
    DataSource 80FIGL_O10 has to be replicated (time stamp, see long text)
    Message no. R3016
    Diagnosis
    DataSource 80FIGL_O10 does not have the same status as the source system in the Business Information Warehouse.
    The time stamp in the source system is 02/15/2007 10:42:33.
    The time stamp in the BW system is 11/07/2006 13:11:54.
    System response
    The load process has been terminated.
    <b>Procedure
    Copy the DataSource again and then activate the transfer rules that belong to it. You have to activate the transfer rules in every case, even if they are still active after the DataSource has been copied.</b>
    Thanks for your assistance.
    Denny

    Hi Dennis,
           Try, using Business Content to activate your data source
           hope this will help you
    How activate business content?
    http://help.sap.com/saphelp_nw04/helpdata/en/80/1a66d5e07211d2acb80000e829fbfe/frameset.htm

Maybe you are looking for