skorous
skorous
About
- Username
- skorous
- Joined
- Visits
- 7,510
- Last Active
- Roles
- Member, OG
- Thanked
- 527
Comments
-
(Quote) You use SNI and set up ACLs to route traffic via the http header.
-
(Quote) What do you mean only works for non-ssl?
-
(Quote) Both his frontend and backend are running in tcp mode so ... ( confused) there's ... nothing injecting an x-forward-for header. Umm, is option forwardfor even valid in tcp mode? I just accepted you needed tcp mode and didn't question it.
-
I'm not an HAProxy expert but I don't think there's an easy way to do that with straight TCP requests. There's just no provision for it in TCP. There is the PROXY protocol if your application supports it but I'm not sure what services do to be hon…
-
(Quote) Guessing he tried.
-
(Quote) Please, please, PLEASE let it be this.
-
(Quote) And Higher Ed.
-
(Quote) It better be otherwise I don't know what I'm paying him for. Um, I mean .... followed.
-
In case there's any left. Thanks for the giveaway! 0b0d5a301a8b3aa21bc9717c63888021
-
It's a fairly new. Came online around the same time as Japan and Italy I believe.
-
(Quote) To be fair, what they claim and what actually happens in practice don't always coincide. Unless they plan for drone strikes to take out a corporate office it may be unenforceable.
-
(Quote) Now that's what I call a collision domain.
-
(Quote) Operative word being safer. Anytime you eliminate a substantial portion of bad actors you are safer - just not safe. The same way taking an armored car to work while wearing riot gear makes you safer. It just makes no difference when you get…
-
Just so the question has been asked, this is the same OS just migrated over to the new OVZ7 node or were you re-provisioned?
-
Ah, so iptables as a whole does work. Just the string matching doesn't. ( Edited: because I didn't read the whole post )
-
I've never done --string matches. Does the rest of the config work if you remove those? If you just do a simple iptables --list what do you see?
-
(Quote) I use it with Centos/Oracle Enterprise and a Fedora box. It's installed by default and as long as you only use included packages it's about 90%. As soon as you wanna do anything even vaguely non-standard you're still modifying things though.…
-
(Quote) Heh heh heh ... that I won't argue with but that's not really a security gain unless you're arguing it makes auditing the logs easier. I prefer iptables rate-limiting for that.
-
(Quote) It's a pretty simple argument, what security does moving the port provide other than obscurity? None. Therefore the only thing it provides is security through obscurity.
-
(Quote) lol. I knew that group was there I just didn't expect it to be such a high percentage. I guess I assumed they'd know better.
-
(Quote) I have a different question for you, what percentage of people do you think go outside of the stock OS packages to run their own kernel, etc...? Not being a dick, an honest question. Other than my NAT boxes I only have one OVZ box and you'r…
-
(Quote) If they're a summer host it's a pretty long con.
-
(Quote) Incidentally, this is why I asked about your requirement for KVM in your other thread but you ignored me. EDIT: ( comment for iandk not chocolateshirt )
-
(Quote) Curious, why the requirement for KVM?
-
(Quote) So I'm gathering. He seems to have become fairly infamous. :) (Quote) Quite welcome. I've actually been idling one of their machines for a few months playing with IPv6.
-
Didn't pay any attention to the Manish saga but I believe https://datacenterlight.ch was the one that was doing some sort of Kickstarter.
-
Depending on how old school an interface you like, I'm actually using Xymon to monitor my LES nodes.