[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-developers] SSL
- Subject: [cobalt-developers] SSL
- From: "Kal Amry" <kamry1888@xxxxxxxxx>
- Date: Sun Jan 21 16:56:00 2001
- List-id: Discussion Forum for developers on Cobalt Networks products <cobalt-developers.list.cobalt.com>
Anyone knows how can I force a page to be displayed using https protocol and
not http protocol. I know that I can have a link to https and it is secure,
but still if someone typed http, he will go to that same page. Thus, what
mechanism do I need to use...
Kal
-----Original Message-----
From: cobalt-developers-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]On Behalf Of Thomas
Schmitz
Sent: Sunday, January 21, 2001 7:46 PM
To: cobalt-developers@xxxxxxxxxxxxxxx
Subject: [cobalt-developers] Tweaking DNS management / undocumented
features
I've set up the DNS daemon on my RAQ2 to restrict zone-transfers to
the hosts which run the secondary ns for my zones (and ban certain bad
addresses from connecting to my nameserver).
I watched how the cobalt GUI overwrote "named.conf" over and over, every
time
the DNS settings are changed within the control panel.
Fed up editing my named.conf after each change (to add the zone-transfer
statement), I decided to tweak the cobalt GUI / cobalt cgi's in order to be
able
to include my own customized options-directive.
Now, only the zone-entries are created / overwritten by the cobalt UI,
everything above
(options, etc.) is included from /etc/named.conf.options.
Changes made to /usr/admserv/cgi-bin/.cobalt/dns/index.cgi:
[root /etc]# diff /usr/admserv/cgi-bin/.cobalt/dns/index.cgi.old
/usr/admserv/cgi-bin/.cobalt/dns/index.cgi
10a11
> # 1/22/01, Thomas Schmitz ts-lists@xxxxxxxxxxxxxxxxx
882c883,894
< print NAMEDCONF "options { directory \"$Named_dir\"; };\n";
---
>
> if( -r '/etc/named.conf.options' )
> {
> open( INCLUD, '/etc/named.conf.options' );
> while( <INCLUD> ) { print NAMEDCONF; }
> close( INCLUD );
> }
> else
> {
> print NAMEDCONF "options { directory \"$Named_dir\"; };\n";
# Orginal / Cobalt
> }
>
/etc/named.conf.options :
acl "bogus" {
0.0.0.0/8; // Null address
1.0.0.0/8; // IANA reserved, popular fakes
2.0.0.0/8;
192.0.2.0/24; // Test address
224.0.0.0/3; // Multicast addresses
10.0.0.0/8;
172.16.0.0/12;
192.168.0.0/16;
};
options {
directory "/etc/named";
allow-transfer {
(...) // Secondary NS
127.0.0.1;
};
blackhole {
bogon;
};
};
Needless to say this procedure WILL absolutely any void any cobalt software
warranty
and be sure to keep a clean BACKUP of this cgi-script (might be needed if
cobalt
issues a patch which makes changes to this script -> apply patch to original
file).
There are also two undocumented features built-in by cobalt:
/etc/named.conf.include everything in here will be included between
"options" and "zones" (might be useful
if you want to define some custom zones which the cobalt UI will not touch)
/etc/named.conf.forwarding quote from source: "Allow DNS request
forwarding for our friends at Nokia"
Regards,
Thomas
---
Thomas Schmitz Tel: +41-1-793 15 55
SIC Internet Consulting Fax: +41-1-793 15 56
Feldguetliweg 83 mailto: sic@xxxxxxxxxxxxxxxxx
CH-8706 Feldmeilen http://www.web-consulting.ch
Switzerland
_______________________________________________
cobalt-developers mailing list
cobalt-developers@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-developers
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com