I would like to add Content-Security-Policy headers for Exchange 2016 for /owa and /ecp.
Being well aware that a "too restrictive" Content-Security-Policy header can break both /owa and /ecp, is there a known working least permissive set for Exchange 2016 ?
The Windows Server DHCP Service has the ability to add predefined options for IPv4 and IPv6 by right clicking on the protocol and selecting "Set Predefined Options"
On IPv4 they work in just the same way that they worked on 2008 and 2003, one can set options to have a specific value, and one can add new options.
On IPv6, it appears that one can add new options (in this case option 59 for IPv6 PXE), but the options does not show and are not used.
The DHCP server has been configured with stateful DHCPv6 to provide recursive nameservers and a domain search list. WDS is not installed on the server.
In this instance I am trying to add option 59 to enable PXE on IPv6, and I am able to add the option via the GUI, but it does not show, if however I try to add option 59 again an error is shown "The given option identifier is already in use".
If the config is dumped to a file
netsh dhcp server dump > C:\temp\dhcpexport.txt
then the option (without any setting) is shown
Dhcp Server \\dhcp-1.domain.com v6 Add Optiondef 59 "BootURL" STRING 0 comment="IPv6 BootURL""
If the dump file is edited and the line extended with a Boot URL
Dhcp Server \\dhcp-1.domain.com v6 Add Optiondef 59 "BootURL" STRING 0 comment="IPv6 BootURL"tftp://tftp-1.domain.com/bootfile.bin"
then executed
netsh exec C:\temp\dhcpexport.txt
If the dump is created again, the edited part is still there, but it still does not show in the GUI.
Using Wireshark to capture all traffic to and from the client via a monitor port, I can see the initial request from the client for option 23 (recursive nameserver) and the response to the client, and then the second request for options 3, 59 and 60, but the response to the client only includes option 3.
I presume I am missing something basic, but I'm lost as to what it might be...
I have a red5 application http://code.google.com/p/openmeetings that runs under red5, and is accessible on port 5080 and 8443
I've installed it on Ubuntu 10.04
The eventual aim is to have it accessible via https on 443 instead of 8443, but I thought I would initially try on 80 so that any issues were just down to the port configuration and not SSL certificates.
I've tried changing the port from 5080 to 80 in the red5.properties file, but it fails to start.
In the red5.log I have seen
ERROR o.a.coyote.http11.Http11Protocol - Error initializing endpoint java.net.BindException: Permission denied /0.0.0.0:80
In the error.log I have seen
ERROR o.a.coyote.http11.Http11Protocol - Error initializing endpoint java.net.BindException: Permission denied /0.0.0.0:80
and
ERROR org.red5.server.tomcat.TomcatLoader - Error loading tomcat, unable to bind connector. You may not have permission to use the selected port org.apache.catalina.LifecycleException: Protocol handler initialization failed: java.net.BindException: Permission denied /0.0.0.0:80
There is nothing else installed or running on port 80, so I presume that this is a "needs to be root" situation. I would rather not run an Internet accessible web service as root.
I know that Tomcat can run on port 80 by changing “#AUTHBIND=no” to “AUTHBIND=yes” in /etc/default/tomcat6 but I have not been able to find anything similar for red5.
Am I on a hiding to nothing, or is there better way than running as root ?
Thanks!