My Problem is: I want to stop gmail access without blocking https. Yes in my squid proxy normal http://gmail.com is not accessible. But gmail recently started https service by which user can still get access to gmail. I DONT WANT TO STOP https CAUSE ITS BEING USING BY MY COMPANY GOOGLE MAIL PROGRAM.
View 2 RepliesMy Problem is: I want to stop gmail access without blocking https. Yes in my squid proxy normal [URL].. is not accessible. But gmail recently started https service by which user can still get access to gmail. I DONT WANT TO STOP https CAUSE ITS BEING USING BY OTHER PROGRAMS.
View 1 Replies View RelatedI want block https sites if suppose block the http it will opening in https.
View 9 Replies View RelatedI was wondering how to block attachments to gmail. I am running squid 2.7 stab9 with dansguardian 2.10, users authenticated from LDAP. I have configured the POST restrictions in Dansguardian which does block all attachments to hotmail/yahoo etc etc but attachments to gmail continue to upload.
View 1 Replies View Relatedhow to disable the gmail chat? My means to say that when we login to gmail , after that the chat will open, I want to disable that chat. am using Redhat 9 and squid stable 2.5 version. I have tried the things mentioned below, but chat is still working.
[Code]...
I have blocked both gtalk and gmail chatting for total network using both squid and iptables. I want to give access for gtalk and gmail chatting to some user. How I can do it.
View 3 Replies View RelatedWhat's the best way in centos to block a user from accessing mysql. I don't want him to be able to run the mysql command, so just putting passwords up in mysql is not good enough. Mysql is running ad user=mysql, and i added the user in a different group by he is able to access mysql by typing in the command.
How can i block this command being availible for this user.
I recently set up a web server at home, using a non-standard port, due to my ISP blocking 80. I just checked my log files, and I see a TON of entries indicating that a file was not found "proxy-1.php", "proxyheader.php", etc. I do not have these files, not intend to have them as part of my website. I did a whois looking by IP address for several of these, and they all seem to come from an ISP in China. Is there a way to BLOCK any IP address outside the US (that is somewhat simple to do?)
View 5 Replies View RelatedI'm about to create a CSR and was reading this page in the Ubuntu docs: [URL] A couple of things:
* There's no date on the article. The documentation needs DATES because this information gets out of date! Check MySQL docs, for instance -- they are organized by version.
* The instructions for generating a cert only specify 2048 bits. I believe that's kind of out of date? The verisign site has big red warnings saying you need 2048 if you want your cert to last past 2013 -- and that article is 4 years old!
* The instructions are confusing when discussing the passphrase. We enter a passphrase only to remove it immediately. We need some clarity here. Why do this?
How to understand the current best practices for generating an HTTPS cert for apache and/or mail access?
My college internet providers shifted to a different setting.. defined in the changing lan proxy settings on the user end. I.e.ip - 192.168.0.200 and port to 3000. This to reduce misuse of the net connection ..The thing is, since then, every other website is working, except GMail. It isnt blocked, the Nebero page shows up for blocked sites. When attempting to open gmail, the default internet page shows up for unavailability of page owing to no or slow response from the server, or the firewall or proxy settings not appropriately configured. I cannot open gmail, the connection on empathy im. I cant ping gmail either. No response. What can be the problem.
View 9 Replies View RelatedI have installed Dansguardian on my little brothers laptop (using Tinyproxy and Firehol too) and I have it mostly configured the way I like it. The only problem now is that I can't seem to block secure (https://www...) websites, and he knows a few proxies that use secure domains. I was wondering if anyone has been able to make Dansguardian block these websites or is it just not doable?
View 1 Replies View Relatedhow to install squid3.1.x to block https sites?
View 1 Replies View RelatedI managed to configure my W890i phone to get access to internet through an ubuntu-based computer. It's very easy to use the phone to give internet access to the computer, but the opposite is quite more tricky. For that I've done the following
----On the phone---
-Set the USB network option to "through computer", so that the phone uses the computer's internet connection and not the opposite.
-Decide and set "Shared Network" parameters: user, pasword and workgroup.
-In "conectivity-> internet connection" set "allow local network" to "yes"
----On Ubuntu 10.04---
-Install samba, samba-client, smbfs, smbclient, firestarter and dhcp3-server
-Configure Samba (System-> Administration-> Shared folders): same workgroup as in the phone, add new user (the phone), passwd this new user. In my case the user was called "w890i" and the password given was the same.
-Once the phone is connected to the computer through USB (then select "phone mode"), a new connection appears in NetworkManager: usb0.The aim is to create a shared network that gives internet access to this device. Edit the IPv4 parameters of this new connection, set them to Manual and give an IP adress (192.168.0.1) and a subnet mask (255.255.255.0); the rest of the fields are left empty.Connect this network.
-Set firestarter to use dhcp3: sudo ln -sf /etc/init.d/dhcp3-server /etc/init.d/dhcpd
-Launch firestarter and follow the wizard. Set "allow internet shared connection", choose the device for the primary internet access, and then the device for the shared network (usb0). Then change the settings for firestarter: activate DHCP for local network, set IP to the one we gave before (192.168.0.1).
-Open dhcp3-server config file sudo gedit /etc/default/dhcp3-server And set INTERFACES="usb0"
-Set the policies of firestarter: in incoming connections, allow connections from the IP adress given to the phone (192.168.0.1). Then add rules for the ports that need to be open for this connection. I opened HTTP, HTTPS, SMB, SMTP, POP3, IMAP, IMAPS, DHCP for all the connections in the local network.
-Apply policies and start the firewall.
------------
After all this, the phone can access the internet through the computer. Two problems appeared:
1. I couldn't get access to https sites, like webmails. The phone gave a "communication error". But then I tried with Opera instead of the browser built in the phone's firmware, and I could finally get to https sites.
2. I couldn't retrieve mail, neither POP nor IMAP nor IMAPS. I thought it was a firmware problem again, and I tried out several mobile phone email clients written in java, but none of them worked.
So this is at the moment the problem. If I connect from the phone to the internet directly through 3G, the email clients work for all my accounts. I don't think it's a firewall problem, because the ports are opened for this connection
What is the current status of HTTPS Everywhere add-on for FF? I understand it was previously compatible, but it is not now (I am running 3.6.11 on LL). This article on firesheep has me a bit freaked.
View 1 Replies View RelatedIs there a plugin or some other way to check to see if a website has https available, and use that instead? I know some sites, like Wikipedia have a different hostname for SSL support while others have the same hostname, just What I would really like to seesome kind of header in the http reply or the html that saysSecureAvailable= is there any system like this in place? There's too many issues with with unencrypted http to continue having that as the default.
View 3 Replies View RelatedI have just installed SSL certificate for my private domain (it runs on a private ip in a local network). I got the trial SSL from thawte. I have successfully installed the certificate.
View 1 Replies View RelatedI have tried to configure my iptables to allow only HTTPS connections to the internet. Unfortunately, I didn't get that to work. I configured it like this:
Quote:
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -t filter -p tcp --dport 53 -j ACCEPT
iptables -A OUTPUT -t filter -p udp --dport 53 -j ACCEPT
[Code]....
Of course I am only trying to access websites via HTTPS Still, I was wondering if HTTPS somehow under the hood requires the HTTP port to be open or if my rules are in some other way wrong.
ps: I got the rules from that website: [URL]
When connecting to an unknown unsecured wireless network, is it possible for someone to capture a header and resend it even if it's over https? For example I login on an ipod or on a computer and connect to a server through https and password auth. Although anyone monitoring the transmission could not get hold of my password since it's encrypted, could they just capture the header and resend it 5mins later to logon again without even knowing the password?
View 13 Replies View RelatedFreshly installed Ubuntu 10.10 amd64 on Asus K50IN laptop refuses to show secure HTTPS internet pages, while posting this here is OKay. It says connection timed out. I tried several browsers FireFox Arora Epiphany.
View 2 Replies View RelatedI am running Ubuntu 10.4 with Apache2, SVN and SSL. Both HTTP and HTTPS are working correctly with my website. Although the SVN setup I have is not working. This configuration gives me a 403 error.
Code:
<Location /svn>
DAV svn
SVNParentPath /srv/svn/repos
SVNListParentPath On
[Code]...
This issue is driving me up the walls. If there is any additional information, I will be more than happy to provide it.
I have an ssh tunnel with my ubuntu (vps) server. On my local computer I have proxifier, to redirect everything with socks5.
Everything works fine, I can browse websites and that. Email also works.
But when I want to visit a website that uses https it doesn't work. I do not get to see the website, or receive an internal server error.
I am working on a project to create a video conferencing environment. For this I use a default installation of BigBlueButton on ubuntu 10.04. One of the main problems here is that it's not safe enough to share classified documents trough this software. It's a simple webserver that uses nginx. What I want to do is make this connection secure.
One of the problems is that I don't only have a connection trough port 80 but it uses the following ports:
Port 80 (HTTP), 1935 (RTMP), 9123 (Desktop sharing).
I would like to use a proxy instead of some tunneling or vpn to do this. Would anyone happen to know anything about squid or another equivalent to do this?
I'm running a squid proxy in my ubuntu server, and I must have mess it up with the squid configuration. Users, cannot, access https pages. Can you tell me what to change in my squid.conf, so, to fix this?
Here is my squid.conf (witch is a friends conf, that i have change for my needs...)
Code:
http_port 8888
#http_port 3128
icp_port 3130
acl QUERY urlpath_regex cgi-bin ?
code....
This started yesterday. I haven't made any recent changes. I can't access any pages beginning with https. It's just my computer because my girlfriend's laptop doesn't have any issues. I'm using OpenDNS, but I have been for a long time and this is the first time this has ever happened. I'm not using a router, I connect straight to the modem, which I've already reset.
View 1 Replies View RelatedBasically, whenever I am on an unencrypted wireless hotspot, I open up an SSH tunnel to my home server to do all my browsing for the privacy and security it provides.But I got to thinking, and now I am curious, if I am visiting a site like gmail for instance that always uses SSL/TLS for it's connections, is there any added benefit to also using an encrypted tunnel? or is it perhaps superfluous to use both
View 3 Replies View RelatedHTTPS doesn't work. Im running firefox in ubuntu 10.10.
View 1 Replies View RelatedI'm on Ubuntu 11.04 and have wired internet connection.
Some sites (particularly https) take very long time to load . Sometimes I get "Page is taking a long time to load . Reload the page later" message.
Now , this is happening for some http webpages also.
This is not a problem with browser.
I have firefox , chrome , chromium and konqueror installed.
Also I can access all these sites properly from windows so it is not problem with my internet connection either.
The problem is here:When I was open gmail in my system Certificate Error is coming. The error details:
This Connection is Untrusted You have asked Firefox to connect securely to url, but we can't confirm that your connection is secure. Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.
What Should I Do? If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.
code....
I'm running sugarCRM with fedora 11.I want to make my sugarCRM send email to my gmail account . But I always get this error : imap.gmail.com: No such host. I'm sorry to bother this question here ,but I can't fine a good answer from SugarCRM forum .And I have struggled with this question for days .Here are some details:
Operating system type and version Fedora11
Sugar version and edition Sugar Community Edition Version 5.2.0j
Webserver type and version httpd-2.2.13-1
PHP version php-5.2.9-2.fc11.i586
MySQL server version mysql-5.1.37-1.fc11.i586
[Code]...
I have set up certain portions of my web site to be forced https:// How do I force, non https:// protocols. I know this sounds confusing, so let me give you an example.
[Code]...