Questions tagged [restrictions]
The restrictions tag has no usage guidance.
75
questions
41
votes
2
answers
12k
views
Is it possible to restrict the use of a root certificate to a domain
My customer uses a self signed certificate for an application to work. To be able to work, I have to install the root certificate they used to sign the certificate.
Is it possible to configure a root ...
- 545
5
votes
1
answer
9k
views
How to block IP address on Apache when it comes from proxy
I have the URL I need to restrict access for specific IP (10.0.0.5).
When I do it for direct access in the next way it works perfect:
<Location /incoming>
Order Allow,Deny
Deny from 10....
- 59
4
votes
3
answers
240
views
What setting in XP stops executables being run unless you're an administrator?
If I go to a workstation in a certain large organisation and try to run an executable from a USB drive it doesn't let me.
What setting is this in Group Policy or wherever else that does this?
- 653
4
votes
3
answers
5k
views
Restrict a port to a single app
I'd like to restrict a range of udp ports to a single application (or a user). What I'd like to achieve is not simply blocking a bind() from other uids, but also remove the range from a pool that can ...
- 1,296
4
votes
1
answer
3k
views
rewrite / restrict specific domain name in apache
We have https://example1.com/login and example2.com/login being hosted from the same apache server (2.2.22). I want to restrict /login on example1.com.
example1.com/login --> 404 (preferably) or 403
...
- 53
3
votes
1
answer
1k
views
Postfix changes to main.cf are not loaded
Ubuntu 10.04 LTS
root@vm1613:/etc/postfix# vim /etc/postfix/main.cf
[...]
# default restrictions
smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, ...
- 179
3
votes
2
answers
7k
views
How Can I prevent a specific application from being run on a specific machine using Group Policy?
I know this is possible to do and I am working on it with limited success. I believe the Group Policy I want is "Do Not Run Specified Windows Applications" - I can enable this and add the .exe I want ...
- 67
3
votes
1
answer
837
views
Restrict I/O Write usage using cgroups
I am trying to restrict I/O write usage on my server using cgroups.
Here is my partition table info:
major minor #blocks name
8 0 10485760 sda
8 1 9437184 sda1
8 ...
- 31
3
votes
0
answers
674
views
Securing my NTP configuration
Need some assistance configuring my ntp.conf file for my primary NTP server.
Does my configuration accomplish the following:
Prevent the servers being polled from changing my configuration?
Allow my ...
- 31
2
votes
2
answers
285
views
Does any SATA drive work in any SATA port?
I was under the assumption (apart from restrictions due to old operating systems not being able to read large drives) that as long as a hard drive was of the same type as what is available for the ...
- 689
2
votes
3
answers
14k
views
postfix permit_sasl_authenticated in smtpd_client_restrictions for submission on 587
First let me explain my setup. I'm using postfix 2.9.6 on Debian Wheezy. I do not allow AUTH on port 25, and force MUAs to use a submission service on port 587 instead. Debian comes with the following ...
- 31
2
votes
2
answers
1k
views
smtpd_recipient_restrictions works but not always
I have POSTFIX set up to filter certain email addresses. The main.cf file contains:
smtpd_recipient_restrictions =
check_recipient_access hash:/etc/postfix/blacklist,
permit_mynetworks,
...
- 199
2
votes
1
answer
487
views
Restricting access to \\127.0.0.1\c$ on Windows
In an enterprise environment, you usually have several locked down Windows servers (either Windows servers/Terminal server directly, or through Citrix) where the user is logged in directly into a full ...
- 135
2
votes
1
answer
860
views
Postfix does not reject wrong client and HELO name
I have a postfix server configured with reject_unknown_client_hostname and reject_unknown_helo_hostname. Regardless the server accepts non sasl_authenticated connections from clients and HELO names ...
- 194
2
votes
1
answer
3k
views
Postfix check_policy_service - only checking incoming mail, ignoring internal and outgoing
I'm trying to set up a policyd server on Centos x64 (selinux disabled), which will allow me for limiting numer of messages incoming from different servers and (more important) outgoing from different ...
- 61
2
votes
2
answers
898
views
Searching For a Desktop Security Software to harden Windows machines, anybody?
I'm a network administrator of a small/medium network.
I'm looking for a software (Free or Not) which can harden Windows Computers (XP And Win7) for the propose of hardening standalone desktop ...
- 21
2
votes
0
answers
232
views
IIS 7 IP and Domain Restrictions not working (set to deny by default)
I have a website on IIS and I am trying to block access to one particular folder from anywhere but our LAN. To experiment, I have added both an explicit deny rule for one particular machine on the ...
- 331
2
votes
0
answers
105
views
Debian Postfix distribution list accessible only for few adresses
Actually I'm working with Postfix server and trying to implement distribution list with simple restrictions.
My assumptions:
I created alias:
[email protected] -> [email protected], manager2@...
- 21
2
votes
1
answer
295
views
Is there any restriction of new incoming/outgoing TCP connections/seconds in Windows?
Is there any restriction of number of new incoming/outgoing TCP connections/seconds in Windows? If so, are there any differences between Windows versions?
Keller Zoltam
2
votes
2
answers
834
views
Postfix reject unknown local recipients
I have a problem with backscatter. Spammers send emails to non existent username @ existent domain hosted on my server. I am trying to abort the session instead of sending bounce messages back to ...
- 21
1
vote
2
answers
640
views
GPO Software Restriction Policy
Just a quick little question here, i am trying to block exe's and such from running from users home drives but running into problems. Sure I can add a hash rule for all the exe's but this is tedious ...
- 157
1
vote
2
answers
8k
views
Restricted Groups not working
I have several GPOs set up on our domain at work, in one GPO I have the group set to be Local Administrators via the Restricted Groups feature. However, when one of the users in this group logs in to ...
- 121
1
vote
1
answer
2k
views
Add restrictions for files and folders naming on Windows
Is it possible, with Windows Seven pro, to add restrictions on the naming for files and folders?
Let me explain:
My users can't refrain from using characters like é, ô, or string like l'agence ++.
...
- 133
1
vote
1
answer
141
views
Allow only selected address to connect to openssh
I need to restrict connections to an openssh server to only three or four IP addresses. I know I can, on the CentOS 7 and Oracle Linux boxes, use firewalld or TCP wrappers. However, some of the ...
- 51
1
vote
1
answer
2k
views
OLE error code 0x800704ec: This program is blocked by group policy. Using COM in VFP9
System outline: Server 2008 SP2 x86 running terminal services in a Windows domain.
I've recently moved my working environment to a new server. I'm coding in Visual Fox Pro 9 on the system described ...
- 518
1
vote
1
answer
498
views
Impact of enforcing software restriction policies via GPO 2008r2
We are trying to prevent the execution of certain system related executables by regular users on our network (mmc, cmd, ldp, etc.). I have suggested the use of software hashing rules but I am ...
- 363
1
vote
1
answer
646
views
Restrict other Azure AD users from logging into Intune devices
I want to make sure that a user in our domain [email protected] does not login to a device that has been assigned to [email protected]. I have created a configuration profile but not sure what the ...
- 11
1
vote
1
answer
2k
views
How does Apache mod_rewrite work to restrict by IP
I would like to accept only certain IP(s) for a few weeks.
Only accepted IP could load this -> www.example.com/login not the others.
Apache 2.2 is used. The code in mod_rewrite as below :
...
- 13
1
vote
0
answers
134
views
How to restrict or hide users to specific drives only (not typical drives combinations)
How can I restrict users (not admins) to access to specific drives?
I know there is gp that allows to restrict typical combinations of drives, like C, A, B, D etc... But I would like to allow all ...
- 11
1
vote
0
answers
138
views
Can I limit users to VDI
I have a task to enable users to only access VDI(horizon view) when they login to their laptop or desktop.
This should restrict then from any other actions than accessing the view application.
...
- 243
1
vote
0
answers
745
views
Disallow JVM system security policy settings override
I've defined some parameters to file /usr/lib/jvm/jre-8-oracle-x64/lib/security/java.security to comply JAVA security settings with our security policy.
Some parameter I have edited are
security....
1
vote
0
answers
332
views
Openstack - Restrict user access to Regions Or Zones
We are going to upgrade our OpenStack by adding a bunch of new compute nodes. These nodes sole purpose is to host 'tiny' instances for users to run some small-scale experiments or to test stuff. Those ...
- 149
1
vote
2
answers
916
views
Need Help locking down many networked public computers
Does anybody know any type of system lockdown/parental control software that will work for networked machines, with users that may or may have not already setup an account on the local machine?
I'm ...
- 191
1
vote
1
answer
528
views
How to restrict access to command shell/explorer for non admin users
Is there a way to restrict access for specific (non admin) users to cmd, windows tools, explorer on an Wim XP system?
Partially I consider to do this through group policy & logon script
1. deny ...
- 141
1
vote
2
answers
234
views
IIS IP Adress Restriction - can I rely on it online?
I have an idea I'd like to float to the smart people of serverFault to pick holes in it.
I'm looking for a way to lock down a 3rd party application in IIS. It's a web service, so there's no login ...
- 569
1
vote
1
answer
405
views
Setting IPv4 address and domaine restrictions in IIS7
I have a couple of sites that I want to only allow access to specific IPs. I have added these IP addresses to IIS7 via the IPv4 Address and Domain Restrictions functionality, as per the link below:
...
user62975
1
vote
3
answers
2k
views
Can someone with "send on behalf of" send to a restricted exchange distribution list?
I have distribution list that where I have set Message restrictions to accept messages Only from a set of users. Some of these users have secretaries, which can send on behalf of their manager. If the ...
- 187
1
vote
3
answers
1k
views
Encryption container for multiple people
I was just wondering if anyone may have come across a product that would allow for a container based encryption to be used by multiple people, in a Windows Server setup.
I wanted to see if there ...
- 55
0
votes
2
answers
233
views
Restrict su command
I have user1 and user2. Normally, the user root can switch on all users with su command.
I want to restrict su command so that the user root can switch only to user1. It is possible??
- 259
0
votes
1
answer
389
views
Does postfix's check_recipient_access map allow for regex?
I am looking to update my postfix configuration so it restricts the domains to which emails can be sent. I am thinking of using smtpd_recipient_restrictions with check_recipient_access, based on this ...
0
votes
1
answer
3k
views
Nginx allow only specific API paths
I am very new to Nginx and I have below configuration in Nginx
server {
location /api {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:3000;
...
- 101
0
votes
1
answer
358
views
Postfix block internal communications
I'd like to know how to block my users to send mail to each other but give them chance to send and receive external mail.
[email protected] <---> [email protected] REJECT
john@localdomain....
0
votes
2
answers
2k
views
Group Policy - Software Restrictions
I've just set up a new server on a new Domain Controller. I have implemented my Group Policy too. However, I would like to implement a policy to restrict the installation of all software by users and ...
0
votes
1
answer
1k
views
Microsoft Exchange 2010 GAL Global Address List Restriction by OU Organizational Unit
We are offering hosted Exchange services and are in an Microsoft Exchange 2010 only environment with a Windows Server 2003 Domain Controller.
My problem is that all the customers have access to the ...
- 97
0
votes
1
answer
148
views
Best way to restrict and block countries on Apache 2.4 (By IP address or Maxmind GeoLite2-Country.mmdb)
I'm looking for a way to block certain countries to access our Apache 2.4 web server running on FreeBSD.
We have brute force attacks from time to time, and they often comes from a handfull of ...
- 185
0
votes
1
answer
670
views
Allow reverse proxy access only from the host server
I have two servers A) frontend server (ip 11.22.33.44), B) backend server (ip 22.33.44.55).
Both use Debian Linux and Apache server.
A) frontend server uses reverse proxy to show content of B) backend ...
- 344
0
votes
1
answer
49
views
Cloudflare prohibits API GET request
I am having a trouble with my API's GET request. I settled cloudflare as a firewall for my web application. Behind it, my web application is working on Nginx server. All HTTP Requests are working for ...
- 119
0
votes
1
answer
6k
views
ACL conditional zone in Bind9
I'm trying to apply "restrictmoderate.youtube.com" only for kids and let the others access the standard "youtube.com", using Bind9.
# cat named.conf
include "/etc/bind/named.conf.options";
include "/...
0
votes
1
answer
381
views
Blocking Azure Web App externally breaks internal
I am trying to lock down an Azure website we have running to our intranet. I have browsed to App Services > Webappname > Networking > Access Restrictions but when I enter the two "allow" ...
- 3
0
votes
1
answer
2k
views
Postfix restrict incoming emails on a specific adress to adress of the same domain
My SMTP server is being abused because external adresses can send emails to adresses like [email protected], [email protected] etc...
I would like to restrict the usage of those adresses only by ...
- 33