While installing the certificate of the WSO2 agent I am getting the following error "Cannot Install Profile-Safari could not install a profile due to an unknown error".
The logs which I am getting are
<ip>- - [20/Jun/2016:16:47:54 +0530] "GET /ios-enrollment/ca HTTP/1.1" 302 - "-" "Jakarta Commons-HttpClient/3.1"
<ip>- - [20/Jun/2016:16:47:54 +0530] "GET /carbon/admin/login.jsp HTTP/1.1" 200 15541 "-" "Jakarta Commons-HttpClient/3.1"
172.17.242.31 - - [20/Jun/2016:16:47:54 +0530] "GET /emm-web-agent/enrollment/ios/download-certificate HTTP/1.1" 200 15541 "https://<ip>:9443/emm-web-agent/enrollments/ios/download-agent" "Mozilla/5.0 (iPad; CPU OS 7_0_2 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A501 Safari/9537.53"
Related
I have an issue with login into django admin site which is almost the same question
five years ago. Unfortunately, there is no specific answer until now. Here is the brief introduction for the question.
My nginx serves the 80 port and it will proxy all the URL starts with prefix to 8000 port which Django is listening.
location /prefix/ {
proxy_pass http://0.0.0.0:8000/;
}
access /prefix/admin/, it gives me a 302 and redirect to /admin/login/?next=/admin/. However, if we access /prefix/admin/login, it works and we have the Django Administration login page as below.
However, if we are trying to login(url is /admin/login/) with username and password, it gives me a 404.
Let me make a summary, here we have two issues in total.
prefix/admin not working, prefix/admin/login works.
Login into the admin site(admin/login) not working.
The first issue has been solved by
location /prefix/admin/ {
proxy_pass http://0.0.0.0:8000/admin/login/;
}
The second issue, however, not working by the following.
location = /admin/login {
proxy_pass http://0.0.0.0:8000/admin/;
}
It told me that I have too many redirects. How can I fix this? Thanks in advance.
Edit:
I have compared my local login and remote login. Here is the local.
[16/Sep/2022 13:58:55] "POST /admin/login/?next=/admin/ HTTP/1.1" 302 0
[16/Sep/2022 13:58:55] "GET /admin/ HTTP/1.1" 200 6211
And here is the remote.
192.168.12.33 - - [16/Sep/2022:05:59:36 +0000] "POST /admin/login/?next=/admin/ HTTP/1.1" 302 0 "http://192.168.6.32/admin/login/?next=/admin/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36"
192.168.12.33 - - [16/Sep/2022:05:59:36 +0000] "GET /admin/ HTTP/1.1" 302 0 "http://192.168.6.32/admin/login/?next=/admin/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36"
In the remote, the second GET request returns 302.
My website under Route 53 and ALB was flooded once on 12 May but seemed AWS Shield Standard version (free) didn't do anything to prevent?
Showing 1000 of 9,828,102 records matched:
2022-05-12T08:01:25.024+08:00 51.15.0.133 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36" "-"
2022-05-12T08:01:25.024+08:00 51.15.0.133 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko" "-"
2022-05-12T08:01:25.024+08:00 51.15.0.133 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36" "-"
2022-05-12T08:01:25.024+08:00 51.15.0.133 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3599.0 Safari/537.36" "-"
2022-05-12T08:01:25.024+08:00 51.15.0.133 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; rv:11.0) like Gecko" "-"
enter image description here
Shield standard only protects Layer 3 and 4 of your application network stack - so its expected it would allow valid web traffic through. You would need to use Shield Advanced or WAF to gain greater control and Cloud Front to provide a caching layer (all paid services) to better protect your instances.
My advice is to follow the principle of least privilege at each layer in terms of firewall ports open and what hostnames you allow. You can use rate limiting via WAF to avoid getting flooded, and using CloudFront to intercept requests and return cached responses where possible to reduce load on your instances.
I have tried to get this project deployed to AWS Elastic Beanstalk: https://github.com/coralproject/talk The dockerfile exposes port 5000 and I have defined environment variables also all using port 5000.
When I run the project locally with the recommended docker-compose file (https://coralproject.github.io/talk/installation-from-docker/#installing) everything works fine locally.
But when I deploy the app to Beanstalk, the html page is served and loads fine, however other files that are referenced locally such as my bundle.js and favicon files return a 502.
What am I missing?
Logs that may be relevant:
/var/log/eb-activity.log
cat: /var/app/current/Dockerrun.aws.json: No such file or directory
8c17e6ddb0f842e592940a3aa67d0f39ec8702eb4ad6c3f9b876fc33b7f02ddc
[2018-02-11T08:29:26.836Z] INFO [24507] - [Application update
app-5d978-180211_092600#12/AppDeployStage1/AppDeployEnactHook/01flip.sh]
: Starting activity... [2018-02-11T08:29:28.428Z] INFO [24507] -
[Application update
app-5d978-180211_092600#12/AppDeployStage1/AppDeployEnactHook/01flip.sh]
: Completed activity. Result: nginx: [warn] duplicate MIME type
"text/html" in
/etc/nginx/sites-enabled/elasticbeanstalk-nginx-docker-proxy.conf:11
Stopping nginx: [ OK ] Starting nginx: nginx: [warn] duplicate
MIME type "text/html" in
/etc/nginx/sites-enabled/elasticbeanstalk-nginx-docker-proxy.conf:11
[ OK ] cat: /var/app/current/Dockerrun.aws.json: No such file or
directory /opt/elasticbeanstalk/hooks/common.sh: line 95: [: 1:
unary operator expected iptables: Saving firewall rules to
/etc/sysconfig/iptables: [ OK ]
The nginx access log only shows the html requests not the other files
/var/log/nginx/access.log
95.90.245.122 - - [11/Feb/2018:22:43:00 +0000] "GET / HTTP/1.1" 302 72 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36"
95.90.245.122 - - [11/Feb/2018:22:43:00 +0000] "GET /admin/install HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132
Safari/537.36"
95.90.245.122 - - [11/Feb/2018:22:45:57 +0000] "GET /admin/install HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132
Safari/537.36"
95.90.245.122 - - [11/Feb/2018:22:46:04 +0000] "GET / HTTP/1.1" 302 72 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36"
95.90.245.122 - - [11/Feb/2018:22:46:04 +0000] "GET /admin/install HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132
Safari/537.36"
I see this when I access the page:
install:45 GET
https://talk-now.us-east-1.elasticbeanstalk.com:5000/static/coral-admin/bundle.js
net::ERR_CONNECTION_REFUSED :5000/public/img/favicon-32x32.png:1 GET
https://talk-now.us-east-1.elasticbeanstalk.com:5000/public/img/favicon-32x32.png
net::ERR_CONNECTION_REFUSED :5000/public/img/favicon-16x16.png:1 GET
https://talk-now.us-east-1.elasticbeanstalk.com:5000/public/img/favicon-16x16.png
net::ERR_CONNECTION_REFUSED :5000/public/img/favicon-96x96.png:1 GET
https://talk-now.us-east-1.elasticbeanstalk.com:5000/public/img/favicon-96x96.png
net::ERR_CONNECTION_REFUSED
The problem is that you are missing a Dockerrun.aws.json file at the root level of your repository. This file is necessary for Beanstalk to determine how to execute the set of containers in your project.
Also note that the format of the sections in this file is similar to that of Amazon ECS Task definitions
I am setting up Fail2ban on my server, recently got a lots bad bots is crawling my site cause my SQL server down
From my Apache2 logs
51.255.65.13 - - [10/Dec/2017:12:03:19 +0800] "GET /crew/nm0935095-gary-winick HTTP/1.0" 200 17985 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.2; +http://ahrefs.com/robot/)"
51.255.65.30 - - [10/Dec/2017:12:03:31 +0800] "GET /movie/tt0498567-summer-time-machine-blues HTTP/1.0" 200 17658 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.2; +http://ahrefs.com/robot/)"
217.182.132.190 - - [10/Dec/2017:12:03:36 +0800] "GET /movie/tt1705064-genji-monogatari:-sennen-no-nazo/ HTTP/1.0" 200 17344 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.2; +http://ahrefs.com/robot/)"
how to create a failregex for "ahrefs.com" ?
Many Thanks
In order to catch anything containing "ahrefs.com", your failregex would look as follows:
failregex = ^<HOST>.*ahrefs\.com.*
Where the <HOST> tag is built-in Fail2ban as an alias for (?:::f{4,6}:)?(?P<host>\S+):
https://www.fail2ban.org/wiki/index.php/Apache
I have successfully got the credentials on my mail id for enrolling my device through WSO2 EMM. But when i am signing in using the mail credentials its giving an error which "Enrollment failed -Please contact administrator "
The logs were:
Chrome/44.0.2403.133 Mobile Safari/537.36"
172.17.29.121 - - [16/Jun/2016:12:34:53 +0530] "GET /emm-web-agent/public/asset-download-agent-android/asset/android-agent.apk HTTP/1.1" 200 2896941 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)"
172.17.29.121 - - [16/Jun/2016:12:35:32 +0530] "GET /emm-web-agent/public/asset-download-agent-android/asset/android-agent.apk HTTP/1.1" 200 590411 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)"
172.17.29.121 - - [16/Jun/2016:12:40:13 +0530] "GET /emm-web-agent/public/asset-download-agent-android/asset/android-agent.apk HTTP/1.1" 200 590411 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
172.17.29.121 - - [16/Jun/2016:12:42:45 +0530] "POST /dynamic-client-web/register HTTP/1.1" 201 148 "-" "Mozilla/5.0 ( compatible ), Android"
172.17.29.121 - - [16/Jun/2016:12:42:45 +0530] "POST /oauth2/token HTTP/1.1" 200 160 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
172.17.29.121 - - [16/Jun/2016:12:42:45 +0530] "GET /mdm-android-agent/device/license HTTP/1.1" 401 23 "-" "Mozilla/5.0 ( compatible ), Android"
According to the conversation the problem is with the permission you have provided to the given user role.
You can use an existing role with device management permission as sashika has suggested.
There is a login permission as the very last permission entry in the permission management UI, please include that permission to the related role in order to overcome the situation.
You need to add permissions to the role - specifically the "enroll" role.