Cloud Network

Networking | Support | Tricks | Troubleshoot | Tips

Buymecoffe

Buy Me A Coffee

Friday, October 11, 2019

How to Block Internet Access on Servers through Terminal Using GPO

October 11, 2019
How to Block Internet Access on Servers through Terminal Using GPO
Blocking Internet access on Terminal Servers using group policy







Note : Backup before you try this!
Use a Group Policy Object (GPO) that forces Internet Explorer to use a proxy server with an address of 0.0.0.0 for port 80 requests. Then create another policy that states a user is not able to change the proxy server address in Internet Explorer. Both policies are applied to the user and not the computer. These settings tell Internet Explorer to call over to the non-existent proxy server for all internet requests. When the non-existent server does not respond, Web surfing is stopped.

The policy settings are located in the following locations in the GPO:
User Settings –> Windows Settings –> Internet Explorer Maintenance –> Connection
Then open the Proxy Settings window and add 0.0.0.0 for port 80.
User Settings –> Administrative Templates –> Windows Components –> Internet Explorer
Then set Disable Changing Proxy Settings.

Run gpedit.msc to open group policy management console

I normally do the same thing but replace the proxy settings ip address with the local host’s like so:
User Settings –> Windows Settings –> Internet Explorer Maintenance –> Connection
Then open the Proxy Settings window and add <b>127.0.0.1</b> for port 80.
User Settings –> Administrative Templates –> Windows Components –> Internet Explorer
Then set Disable Changing Proxy Settings.

Run gpupdate /force to update group policy or log off and login currently logged in user.

That's it. 




Thursday, October 10, 2019

Apache and Httpd Interview Question and Answer for Fresher and Experience

October 10, 2019
Apache and Httpd Interview Question and Answer for Fresher and Experience


Q1: – Command to restart/start Apache web server ?
Ans:- service httpd restart/start

Q2: – Command to check the version of Apache server ?
Ans:- rpm -qa |grep httpd

Q3: – What is meaning of “Listen” in httpd.conf file ?
Ans:- Port number on which to listen for nonsecure (http) transfers.

Q4: – What is location of log files for Apache server ?
Ans:- cd /var/log/httpd

Q5: – Apache server works on which ports ?
Ans:- http – port 80
           https – port 443

Q6: – Tell me name of main configuration file of Apache server ?
Ans:- httpd.conf

Q7: – On which version of apache you have worked ?
Ans:-httpd-2.2.3

Q8: – What is the main difference between and sections?
Ans:- Directory sections refer to file system objects; Location sections refer to elements in the address bar of the Web Page.

Q9: – What is the use of mod_perl module ?
Ans:- mod_perl scripting module to allow better Perl script performance and easy integration with the web server.

Q10: – If you have added “loglevel Debug” in httpd.conf file, than what will happen ?
Ans:- It will give you more information in the error log in order to debug a problem.

Q11: – Is it possible to record the MAC (hardware) address of clients that access your server ?
Ans:- No

Q12: – Can I serve content out of a directory other than the DocumentRoot directory?
Ans:- Yes. We can do it by using “Alias” command.

Q13: – What we should do to find out how people are reaching your site
Ans:- Add the following effect or to your activity log format. %{Referer}

Q14: – How t to enable PHP scripts on your server?
Ans:- If you have mod_php installed, use AddHandler to map .php and .phtml files to the PHP handler. AddHandler application/x-httpd-php .phtml .php

Q15: – Which tool you have used for Apache benchmarking?
Ans:-  ab (Apache bench)
            ab -n 1000 -c 10 http://www.test.com/test.html

Q16: – Can we cache files which are viewed frequently?
Ans:- Yes we can do it by using mod_file_cache module.
CacheFile /www/htdocs/index.html

Q17: – What is Document Root ?
Ans:- It is a location of files which are accessible by clients. By default, the Apache HTTP server in RedHat Enterprise Linux is configured to serve files from the /var/www/html/ directory.

Q20: – Can we do automatically roll over the Apache logs at specific times without having to shutdown and restart the server?
Ans:- Yes
Use CustomLog and the rotatelogs programs
Add following line in httpd.conf file. CustomLog “| /path/to/rotatelogs /path/to/logs/access_log.%Y-%m-%d 86400″ combined

Q21: – How you will put a limit on uploads on your web server ?
Ans:- This can be achieved by LimitRequestBody directive.
LimitRequestBody 100000
Here I have put limit of 100000 Bytes

Q22: – I want to stop people using my site by Proxy server. Is it possible?
Ans:- Order Allow,Deny
Deny from all
Satisfy All

Q23: – What is mod_evasive module?
Ans:- mod_evasive is a third-party module that performs one simple task and performs it very well. It detects when your site is receiving a Denial of Service (DoS) attack and it prevents that attack from doing as much damage. mod_evasive detects when a single client is making multiple requests in a short period of time and denies further requests from that client. The period for which the ban is in place can be very short, because it just gets renewed the next time a request is detected from that same host.

Q24: – What are the types of virtual hosts ?
Ans:-
a. name-based
b. IP-based.
Name-based virtual host means that multiple names are running on each IP address.
IP-based virtual host means that a different IP address exists for each website served. Most configurations are named-based because it only requires one IP address.

Q25: – You are asked to stop Apache Service through its control Script. What will you do?
Ans:- The Apache service is controlled using a script called apachectl. In order to stop apache using its control script we need to run.
# apachectl stop        [On Ubuntu based Systems]
# /etc/inid.t/httpd stop    [On Red Hat based Systems]

Q26: – How is ‘apachectl restart’ different from ‘apachect1 graceful’
Ans:- The ‘apachect1 restart’ when executed will force Apache to restart immediately, before the task complete whereas ‘apachectl graceful’ will wait for the current task to be finished before restarting the service. Not to mention ‘apachectl graceful’ is more safe to execute but the execution time for ‘apachect1 restart’ is less as compared to ‘apachectl graceful’.







Q27: – You are supposed to create a new Apache VirtualHost configuration for the host www.CloudNetwork.in that is available at /home/cloudnetwork/public_html/ and maintains log at /var/log/httpd/ by default.
Ans:- You need to create a Apache virtual host container in main apache configuration file located at ‘/etc/httpd/conf/httpd.conf’. The following is the virtual container for host www.cloudnetwork.in.
<VirtualHost *:80>
DocumentRoot /home/cloudnetwork/public_html
ServerName www.cloudnetwork.in
Server Alias cloudnetwork.in
CustomLog /var/log/httpd/cloudnetwork.in.log combined
ErrorLog /var/log/httpd/cloudnetwork.in.error.log
</VirtualHost>

 Q28: – I know ssh, telnet, dns,apache all are worked on TCP/UDP but i want to know any one service which are working on UDP only?
Ans:- snmptrap 162/udp
snmptrap – simple network management protocol trap
snmptrapd is an SNMP application that receives and logs

Q29: – What is the status code 403,404 represented in apache server?
Ans:- 403 represent forbidden error, means if a file misses some selinux security context.
404 represent that there is a cgi script missing or web pages missing.

Q30: – My clients are getting services from servers but how to know which client is using which service. is there any files to keep information about these? Clients used ftp, nis, samba, apache, squid, nfs and mail services how to know how many users got service from server side with date, time and client system ip?
Ans:- Mail server – /var/log/mail/maillog [RedHat,centos]
ssh – /var/log/secure
Apache – /var/log/http/access.log
nfs – /var/lib/nfs/rmtab

Q31: – Apache runs as which user? and location of main config file?.
Ans:-  Apache runs with the user “nobody” and httpd daemon. Apache main configuration file:

#  /etc/httpd/conf/httpd.conf    (CentOS/RHEL/Fedora) and
#  /etc/apache2.conf               (Ubuntu/Debian).