Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG, Page 573 of 808  Not logged in ELOG logo
 Find |  Login |  Help 
 Full | Summary | Threaded | Collapse | Expand  Show only new entries    6457 Entries 
Goto page Previous  1, 2, 3 ... 572, 573, 574 ... 806, 807, 808   Next  
icon5.gif   drop-down list not working, posted by Sara Vanini on Mon Nov 13 12:58:41 2017 

Hi,

after ubuntu 16 system upgrade, elog version (3.1.1-1-1) on firefox version 56.0+build6-0ubuntu0.16.04.2 , the drop-down menus (Styles, Font, Size, etc) don't work anymore.

How can I fix it?

Many thanks!

Sara

icon5.gif   hosts allow, posted by Susan James on Fri Nov 17 18:58:52 2017 

I'm trying to wrap our elog instance to our company domain which is lbl.gov

I add this entry below (without quotes) to elogd.cfg and it's not working.  the world can see our logbooks

" Hosts Allow = *.lbl.gov ".

can someone help?

 

 

    icon2.gif   Re: hosts allow, posted by Andreas Luedeke on Sat Nov 18 19:36:57 2017 

Hi Susan,

according to the documentation you need to add "Hosts deny = All" in addition to the "Hosts allow" command.
Here is the relevant excerpt from the documentation (https://midas.psi.ch/elog/config.html#access).
Cheers
Andreas
  • Hosts allow = <list>
  • Hosts deny = <list>

These two settings can be used to restrict the access to the logbook to certain computers. It is similar to the UNIX hosts.allow and hosts.deny files. The list can consist of individual host names or IP numbers, subnet masks like 123.213. (note the trailing '.') or .mit.edu, or the word All. The following rules are applied:

  • Access will be granted when a host matches a pattern in "hosts allow".
  • Otherwise, access will be denied when a host matches a pattern in "hosts deny".
  • Otherwise, access will be granted.

These rules are applied before any password is checked. To debug problems, start elogd with the "-v" flag, in which case the rule checking is printed on the screen.

 

Susan James wrote:

I'm trying to wrap our elog instance to our company domain which is lbl.gov

I add this entry below (without quotes) to elogd.cfg and it's not working.  the world can see our logbooks

" Hosts Allow = *.lbl.gov ".

can someone help?

 

 

 

    icon2.gif   Re: hosts allow, posted by Susan James on Tue Nov 21 01:27:06 2017 

thanks for your quick reply.

the configuration is still not working.  See my entry below which denies everyone.

I've tried many different combinations of 'hosts allow and hosts deny'

we want to restrict all our logbooks to only domain lbl.gov

[ below denies ALL ]

Hosts allow = .lbl.gov
Hosts deny = ALL

[ below denies ALL ]

Hosts deny = ALL

Hosts allow = .lbl.gov
 

Can you help?

 

Andreas Luedeke wrote:

Hi Susan,

according to the documentation you need to add "Hosts deny = All" in addition to the "Hosts allow" command.
Here is the relevant excerpt from the documentation (https://midas.psi.ch/elog/config.html#access).
Cheers
Andreas
  • Hosts allow = <list>
  • Hosts deny = <list>

These two settings can be used to restrict the access to the logbook to certain computers. It is similar to the UNIX hosts.allow and hosts.deny files. The list can consist of individual host names or IP numbers, subnet masks like 123.213. (note the trailing '.') or .mit.edu, or the word All. The following rules are applied:

  • Access will be granted when a host matches a pattern in "hosts allow".
  • Otherwise, access will be denied when a host matches a pattern in "hosts deny".
  • Otherwise, access will be granted.

These rules are applied before any password is checked. To debug problems, start elogd with the "-v" flag, in which case the rule checking is printed on the screen.

 

Susan James wrote:

I'm trying to wrap our elog instance to our company domain which is lbl.gov

I add this entry below (without quotes) to elogd.cfg and it's not working.  the world can see our logbooks

" Hosts Allow = *.lbl.gov ".

can someone help?

 

 

 

 

icon4.gif   possible DOS vulnerability with negative Content-Length field, posted by Christian Herzog on Tue Dec 5 15:30:43 2017 

Hi,

 

a routine scan revealed a possible DOS attack vector: sending an invalid POST HTTP request with a negative Content-Length field crashes our elog instance, leading to service unavailability.

 

thanks,

-Christian

 

 

-- 
Dr. Christian Herzog <herzog@phys.ethz.ch>  support: +41 44 633 26 68
IT Services Group, HPT H 8                    voice: +41 44 633 39 50
Department of Physics, ETH Zurich           
8093 Zurich, Switzerland                     http://nic.phys.ethz.ch/

 

    icon2.gif   Re: possible DOS vulnerability with negative Content-Length field, posted by Stefan Ritt on Wed Dec 6 13:34:56 2017 

I have fixed this issue in the current develop branch of elog.

Stefan

Christian Herzog wrote:

Hi,

 

a routine scan revealed a possible DOS attack vector: sending an invalid POST HTTP request with a negative Content-Length field crashes our elog instance, leading to service unavailability.

 

thanks,

-Christian

 

 

-- 
Dr. Christian Herzog <herzog@phys.ethz.ch>  support: +41 44 633 26 68
IT Services Group, HPT H 8                    voice: +41 44 633 39 50
Department of Physics, ETH Zurich           
8093 Zurich, Switzerland                     http://nic.phys.ethz.ch/

 

 

    icon2.gif   Re: hosts allow, posted by Susan James on Thu Dec 7 21:54:58 2017 

Hi All,

We're still having trouble with hosts.allow and hosts.deny.

We're trying to allow all of our domain  lbl.gov to the access list

for our logbooks.  But the combination below is not working.

==========================

[ below denies ALL ]

Hosts allow = .lbl.gov
Hosts deny = ALL

[ below denies ALL ]

Hosts deny = ALL

Hosts allow = .lbl.gov

========================
Can someone help?

Susan James wrote:

thanks for your quick reply.

the configuration is still not working.  See my entry below which denies everyone.

I've tried many different combinations of 'hosts allow and hosts deny'

we want to restrict all our logbooks to only domain lbl.gov

[ below denies ALL ]

Hosts allow = .lbl.gov
Hosts deny = ALL

[ below denies ALL ]

Hosts deny = ALL

Hosts allow = .lbl.gov
 

Can you help?

 

Andreas Luedeke wrote:

Hi Susan,

according to the documentation you need to add "Hosts deny = All" in addition to the "Hosts allow" command.
Here is the relevant excerpt from the documentation (https://midas.psi.ch/elog/config.html#access).
Cheers
Andreas
  • Hosts allow = <list>
  • Hosts deny = <list>

These two settings can be used to restrict the access to the logbook to certain computers. It is similar to the UNIX hosts.allow and hosts.deny files. The list can consist of individual host names or IP numbers, subnet masks like 123.213. (note the trailing '.') or .mit.edu, or the word All. The following rules are applied:

  • Access will be granted when a host matches a pattern in "hosts allow".
  • Otherwise, access will be denied when a host matches a pattern in "hosts deny".
  • Otherwise, access will be granted.

These rules are applied before any password is checked. To debug problems, start elogd with the "-v" flag, in which case the rule checking is printed on the screen.

 

Susan James wrote:

I'm trying to wrap our elog instance to our company domain which is lbl.gov

I add this entry below (without quotes) to elogd.cfg and it's not working.  the world can see our logbooks

" Hosts Allow = *.lbl.gov ".

can someone help?

 

 

 

 

 

    icon2.gif   Re: hosts allow, posted by Andreas Luedeke on Fri Dec 8 19:47:04 2017 
Hi Susan,
the documentation states that you should start elogd with the -v option from the command line and look at the output. Did you try this?
You might post the output here to get further help.
Cheers
Andreas
Susan James wrote:

Hi All,

We're still having trouble with hosts.allow and hosts.deny.

We're trying to allow all of our domain  lbl.gov to the access list

for our logbooks.  But the combination below is not working.

==========================

[ below denies ALL ]

Hosts allow = .lbl.gov
Hosts deny = ALL

[ below denies ALL ]

Hosts deny = ALL

Hosts allow = .lbl.gov

========================
Can someone help?

Susan James wrote:

thanks for your quick reply.

the configuration is still not working.  See my entry below which denies everyone.

I've tried many different combinations of 'hosts allow and hosts deny'

we want to restrict all our logbooks to only domain lbl.gov

[ below denies ALL ]

Hosts allow = .lbl.gov
Hosts deny = ALL

[ below denies ALL ]

Hosts deny = ALL

Hosts allow = .lbl.gov
 

Can you help?

 

Andreas Luedeke wrote:

Hi Susan,

according to the documentation you need to add "Hosts deny = All" in addition to the "Hosts allow" command.
Here is the relevant excerpt from the documentation (https://midas.psi.ch/elog/config.html#access).
Cheers
Andreas
  • Hosts allow = <list>
  • Hosts deny = <list>

These two settings can be used to restrict the access to the logbook to certain computers. It is similar to the UNIX hosts.allow and hosts.deny files. The list can consist of individual host names or IP numbers, subnet masks like 123.213. (note the trailing '.') or .mit.edu, or the word All. The following rules are applied:

  • Access will be granted when a host matches a pattern in "hosts allow".
  • Otherwise, access will be denied when a host matches a pattern in "hosts deny".
  • Otherwise, access will be granted.

These rules are applied before any password is checked. To debug problems, start elogd with the "-v" flag, in which case the rule checking is printed on the screen.

 

Susan James wrote:

I'm trying to wrap our elog instance to our company domain which is lbl.gov

I add this entry below (without quotes) to elogd.cfg and it's not working.  the world can see our logbooks

" Hosts Allow = *.lbl.gov ".

can someone help?

 

 

 

 

 

 

Goto page Previous  1, 2, 3 ... 572, 573, 574 ... 806, 807, 808   Next  
ELOG V3.1.5-3fb85fa6