I have configured dispatcher that maps to publish environment. I have configured the filter section like this:
/filter
{
# Deny everything first and then allow specific entries
/0001 { /type "deny" /glob "*" }
# Open consoles
# /0011 { /type "allow" /url "/admin/*" } # allow servlet engine admin
# /0012 { /type "allow" /url "/crx/*" } # allow content repository
# /0013 { /type "allow" /url "/system/*" } # allow OSGi console
# Allow non-public content directories
# /0021 { /type "deny" /url "/apps/*" } # allow apps access
# /0022 { /type "allow" /url "/bin/*" }
/0023 { /type "deny" /url "/content*" } # disable this rule to allow mapped content only
# /0024 { /type "allow" /url "/libs/*" }
# /0025 { /type "deny" /url "/libs/shindig/proxy*" } # if you enable /libs close access to proxy
# /0026 { /type "allow" /url "/home/*" }
# /0027 { /type "allow" /url "/tmp/*" }
# /0028 { /type "allow" /url "/var/*" }
/0029 { /type "deny" /url "/etc/" }
/0030 { /type "allow" /url "/etc.clientlibs/*" }
/0031 { /type "allow" /url "/content/*" }
/0032 { /type "allow" /url "/etc/designs/*" }
/0033 { /type "allow" /url "/etc/clientlibs/*" }
/0034 { /type "allow" /path "/libs/granite/csrf/token" /extension '(json)' }
/0035 { /type "allow" /method '(GET)' /path "/content/we-retail" /selectors '(img)' /extension '(jpeg)' }
# Enable extensions in non-public content directories, using a regular expression
/0044 {/type "allow" /extension '(css|gif|ico|js|png|swf|jpeg|woff2|woff|tff)' }
# Enable features
/0062 { /type "allow" /url "/libs/cq/personalization/*" } # enable personalization
# Deny content grabbing, on all accessible pages, using regular expressions
#/0081 { /type "deny" /selectors '((sys|doc)view|query|[0-9-]+)' /extension '(json|xml)'}
# Deny content grabbing for /content
# /0082 { /type "deny" /path "/content" /selectors '(feed|rss|pages|languages|blueprint|infinity|tidy)' /extension '(json|xml|html)' }
#/0087 { /type "allow" /method "GET" /extension 'json' "*.1.json" } # allow one-level json requests
}
I have allowed the jpegs to load to the best of my knowledge but I don't know which rule is blocking the jpeg images to load. The attached image shows the jpegs that throw 403 forbidden on load.
Thanks in advance
Related
I have a list of ACLs that I need to organize so I can remove them from another database. Some of the lines have subnets as the source, some have ip addresses. Does anyone know anyway I can organize this into a csv file like this:
Jerry,192.168.1.2,192.168.1.3
Jason,2.2.2.2,192.168.1.0 255.255.255.0
access-list outside line 1 extended permit tcp object-group Jerry host 10.10.10.1 eq 7030 0x1a9153aa
access-list outside line 1 extended permit tcp host 192.168.1.1 host 10.10.10.1 eq 7030 (hitcnt=6) 0x3b6b876b
access-list outside line 1 extended permit tcp host 192.168.1.2 host 10.10.10.1 eq 7030 (hitcnt=0) 0x592c1755
access-list outside line 1 extended permit tcp host 192.168.1.3 host 10.10.10.1 eq 7030 (hitcnt=0) 0x8cd36041
access-list outside line 1 extended permit tcp host 192.168.1.4 host 10.10.10.1 eq 7030 (hitcnt=17) 0x8c336546
access-list outside line 2 extended permit tcp object-group Jason host 10.10.10.5 eq 3051 0x4e3c0d1d
access-list outside line 2 extended permit tcp host 2.2.2.2 host 10.10.10.5 eq 3051 (hitcnt=0) 0xfeb14ea6
access-list outside line 2 extended permit tcp 192.168.1.0 255.255.255.0 host 10.10.10.5 eq 3051 (hitcnt=0) 0xfafda7ae
access-list outside line 2 extended permit tcp host 3.3.3.3 host 10.10.10.5 eq 3051 (hitcnt=10) 0xaed11ed5
Assuming that the input is text that must therefore be parsed (and that you have no way to request a structured text format at the source), you can use a switch statement:
& {
$addresses = $null
switch -regex ($lines) {
'(?<= object-group )\w+' {
if ($addresses) {
(, $user + $addresses) -join ','
}
$user = $Matches[0]
$addresses = [System.Collections.Generic.List[string]] #()
continue
}
'(?<= tcp host )\S+' { $addresses.Add($Matches[0]); continue }
'(?<= tcp )\S+ \S+' { $addresses.Add($Matches[0]) }
}
if ($addresses) {
(, $user + $addresses) -join ','
}
}
Output with your sample input:
Jerry,192.168.1.1,192.168.1.2,192.168.1.3,192.168.1.4
Jason,2.2.2.2,192.168.1.0 255.255.255.0,3.3.3.3
Note that if you want to write the resulting lines to a CSV file, you'll have to prepend a header row that gives each column a distinct name. For that, you'll at least have to know the maximum number of addresses across all rows, and the rows may have different numbers of fields filled in.
Therefore, a better way to structure your CSV is to normalize it and to write your data as name-address pairs, which also simplifies the code:
& {
switch -regex ($lines) {
'(?<= object-group )\w+' { $user = $Matches[0]; continue }
'(?<= tcp host )\S+' { [pscustomobject] #{ Name = $user; Address = $Matches[0] }; continue }
'(?<= tcp )\S+ \S+' { [pscustomobject] #{ Name = $user; Address = $Matches[0] } }
}
} | ConvertTo-Csv
Output:
"Name","Address"
"Jerry","192.168.1.1"
"Jerry","192.168.1.2"
"Jerry","192.168.1.3"
"Jerry","192.168.1.4"
"Jason","2.2.2.2"
"Jason","192.168.1.0 255.255.255.0"
"Jason","3.3.3.3"
I have a code like this:
$powerSchemes = powercfg /l | ForEach-Object {
if ($_ -match 'Power Scheme GUID:\s*([-0-9a-f]+)\s*\(([^)]+)\)\s*(\*)?') {
[PsCustomObject]#{
GUID = $matches[1]
SchemeName = $matches[2] -eq 'Ultimate Performance'
Active = $matches[3]
}
}
}
$customScheme = $powerSchemes | Where-Object { $_.SchemeName -eq 'Ultimate Performance' }
try {
if (!$customScheme.Active) {
powercfg /s $($customScheme.GUID)
}
} catch {
powercfg -duplicatescheme e9a42b02-d5df-448d-aa00-03f14749eb61
if (!$customScheme.Active) {
powercfg /s $($customScheme.GUID)
}
}
I make a try{} cause I know not everyone going to have Ultimate Performance powerplan. But it give me error
powercfg : Invalid Parameters -- try "/?" for help
At C:\Users\MyWin\Desktop\PowerPlan.ps1:15 char:3
+ powercfg /s $($customScheme.GUID)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (Invalid Parameters -- try "/?" for help:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
isn't try{} going ignore
try {
if (!$customScheme.Active) {
powercfg /s $($customScheme.GUID)
}
and just jump to the catch{}??
Sorry I'm a newbie though, if you need more information about the code, just tell me
reason I didnt put
powercfg -duplicatescheme e9a42b02-d5df-448d-aa00-03f14749eb61
if (!$customScheme.Active) {
powercfg /s $($customScheme.GUID)
on try{} so it didn't keep making new powerplan, if theres already Ultimate Performance powerplan, then just active it
*** UPDATED ***
Actually you don't even need a try/catch block:
Clear-Host
$TestScheme = 'Ultimate Performance'
$powerSchemes = powercfg /l | ForEach-Object {
if ($_ -match 'Power Scheme GUID:\s*([-0-9a-f]+)\s*\(([^)]+)\)\s*(\*)?') {
[PsCustomObject]#{
GUID = $matches[1]
SchemeName = $matches[2]
Active = $matches[3] -eq '*'
}
}
}
$powerschemes #*** For Debugging Only ***
$customScheme = $powerSchemes | Where-Object { $_.SchemeName -eq "$TestScheme" }
$ErrorActionPreference = "SilentlyContinue" #*** For Debugging Only ***
"`nCustom Scheme: $($customScheme.SchemeName) `n" #*** For Debugging Only ***
$ErrorActionPreference = "Continue" #*** For Debugging Only ***
If ($Null -eq $CustomScheme) {
"Power scheme named: $TestScheme does NOT Exist!"
}
Else {
If ($customScheme.Active) {
"$TestScheme scheme ACTIVE!"
}
Else {
"$TestScheme Not Active"
}
} #End Else
Test this code on my Dell XPS8920 which has an Ultimate Performance scheme.
I've completely rewritten the code and I think it covers the bases. Note: that I changed your Custom PSObject logic to keep the name and indicate the status in the Active property.
Here are the test results with debugging information included, you can delete the code marked as such for production.
GUID SchemeName Active
---- ---------- ------
381b4222-f694-41f0-9685-ff5bb260df2e Balanced False
49ef8fc0-bb7f-488e-b6a0-f1fc77ec649b Dell False
831878fb-3408-4f4b-a88c-72fdbe2ced67 Ultimate Performance True
8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c High performance False
a1841308-3541-4fab-bc81-f71556f20b4a Power saver False
a7573aee-d201-4451-bf29-7165c6858f5c winword False
f92ea615-6000-45ae-96b2-cb6c364f0ae4 MRBackup False
fce6c371-318d-4bc2-b28e-6425737e2eef Samsung High Performance False
Custom Scheme: Ultimate Performance
Ultimate Performance scheme ACTIVE!
GUID SchemeName Active
---- ---------- ------
381b4222-f694-41f0-9685-ff5bb260df2e Balanced False
49ef8fc0-bb7f-488e-b6a0-f1fc77ec649b Dell False
831878fb-3408-4f4b-a88c-72fdbe2ced67 Ultimate Performance True
8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c High performance False
a1841308-3541-4fab-bc81-f71556f20b4a Power saver False
a7573aee-d201-4451-bf29-7165c6858f5c winword False
f92ea615-6000-45ae-96b2-cb6c364f0ae4 MRBackup False
fce6c371-318d-4bc2-b28e-6425737e2eef Samsung High Performance False
Custom Scheme: Ultimate Performance
Ultimate Performance scheme ACTIVE!
GUID SchemeName Active
---- ---------- ------
381b4222-f694-41f0-9685-ff5bb260df2e Balanced False
49ef8fc0-bb7f-488e-b6a0-f1fc77ec649b Dell False
831878fb-3408-4f4b-a88c-72fdbe2ced67 Ultimate Performance False
8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c High performance True
a1841308-3541-4fab-bc81-f71556f20b4a Power saver False
a7573aee-d201-4451-bf29-7165c6858f5c winword False
f92ea615-6000-45ae-96b2-cb6c364f0ae4 MRBackup False
fce6c371-318d-4bc2-b28e-6425737e2eef Samsung High Performance False
Custom Scheme:
Power scheme named: Test does NOT Exist!
Since the SchemeNames returned by powercfg are LOCALIZED, you should not compare against that, but always use the GUID.
In your case, you want to activate the Ultimate Performance scheme, which is not enabled by default and therefore chances are powercfg /l does not show this scheme.
Try
$desiredScheme = 'e9a42b02-d5df-448d-aa00-03f14749eb61' # we want to activate Ultimate Performance
$powerSchemes = powercfg /l | ForEach-Object {
if ($_ -match 'Power Scheme GUID:\s*([-0-9a-f]+)\s*\(([^)]+)\)\s*(\*)?') {
[PsCustomObject]#{
GUID = $matches[1]
SchemeName = $matches[2]
Active = $matches[3] -eq '*' # --> $true or $false
}
}
}
# GUID SchemeName Active
# ---- ---------- ------
# 381b4222-f694-41f0-9685-ff5bb260df2e Balanced False
# 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c High performance True
# a1841308-3541-4fab-bc81-f71556f20b4a Power saver False
# e9a42b02-d5df-448d-aa00-03f14749eb61 Ultimate Performance False
# NOTE
# -------------------------------------------------------------------------------------------
# 1) The Ultimate Performance scheme may not appear here because it is not enabled by default
# 2) The SchemeName is LOCALIZED, like in Dutch NL pc 'Power saver' is 'Energiebesparing' etc.
# This means you should not compare on the SchemeName, but use the GUID instead
$currentScheme = $powerSchemes | Where-Object { $_.GUID -eq $desiredScheme }
if (!$currentScheme) {
# scheme 'Ultimate Performance' not found, so enable it first
powercfg /duplicatescheme $desiredScheme
# and set it active
powercfg /s $desiredScheme
}
elseif (!$currentScheme.Active) {
powercfg /s $desiredScheme # or use: $currentScheme.GUID
}
If after this you want to check if the power scheme has been set to Ultimate Performance, do
# test if the setting is as desired (just compare GUIDs)
$currentScheme = (powercfg.exe /GETACTIVESCHEME) -replace '.*GUID:\s*([-a-f0-9]+).*', '$1'
if ($currentScheme -eq $desiredScheme) {
Write-Host "Current Power plan Settings: $($desiredScheme.SchemeName).!"
}
else {
# exit the script here???
Throw "Power plan Settings did not change to $($desiredScheme.SchemeName).!"
}
I have $loopback_address is 192.168.1.1/24 and $source_address is 192.168.1.1. I wrote a PowerShell script to split the loopback address and compare it to the source address as below:
$Loopback_ip = ($loopback_address -split '/')
# so my $loopback_ip[0] is now equal to 192.168.1.1 which should be the
# same as the source_address.
if ($loopback_ip[0] -eq $source_address) {
Write-Host "same"
} else {
Write-Host "different"
}
The result should be "same" but it is "different".
I'm not expert in powershell but looking to write function in powershell to read section of lines from Cisco IOS configuration loaded in as text file in powershell. there will be multiple sections with different names, each section have parent line with child section as below in configuration. "interface" section have names, "object" section have names and "object-group" section have names to filter them or search. so how to write function to get each section of lines and than parse further to get IPs from that section.
IOS Configuration Example:
interface GigabitEthernet0/0
description XXX
speed 1000
duplex full
nameif XXX
security-level 100
ip address 1.1.1.1 255.255.255.0
!
interface GigabitEthernet0/1
description YYY
speed 1000
duplex full
nameif YYY
security-level 100
ip address 2.2.2.2 255.255.255.0
!
...
object network APP_NETWORK
subnet 10.10.10.1 255.255.255.0
object network WEB_NETWORK
host 10.10.10.2
object network DB_NETWORK
range 10.10.10.3 10.10.10.5
...
object-group network APP_GROUP
network-object host 10.10.20.1
network-object host 10.10.20.2
network-object host 10.10.20.3
object-group network WEB_GROUP
network-object host 10.10.30.1
network-object host 10.10.30.2
network-object host 10.10.30.3
...
For Example I tried following to read all "object-group network" parent sections:
$config = Get-Content $runconfig -ErrorAction stop
$config | where { $_.Contains("object-group network") }
But not able to get its child section along with. how can write function to get parent and child section both.
Example1
Get-Section(object-group network APP_GROUP)
should return following
object-group network APP_GROUP
network-object host 10.10.20.1
network-object host 10.10.20.2
network-object host 10.10.20.3
Example2
Get-Section(nameif XXX) OR Get-Section(interface GigabitEthernet0/0)
should return something like this
interface GigabitEthernet0/0
description XXX
speed 1000
duplex full
nameif XXX
security-level 100
ip address 1.1.1.1 255.255.255.0
!
I have searched many blogs, your help or hints will be really appreciated! Thank you!
One way to do this is to use a state variable and an appropriate regular expression. Here's an example function:
function Get-Section {
param(
[String[]] $configData,
[String] $sectionName
)
$pattern = '(?:^(!)\s*$)|(?:^[\s]+(.+)$)'
$inSection = $false
foreach ( $line in $configData ) {
# Skip empty lines
if ( $line -match '^\s*$' ) {
continue
}
if ( $line -eq $sectionName ) {
$inSection = $true
continue
}
if ( $inSection ) {
if ( $line -match $pattern ) {
[Regex]::Matches($line, $pattern) | ForEach-Object {
if ( $_.Groups[1].Success ) {
$_.Groups[1].Value
}
else {
$_.Groups[2].Value
}
}
}
else {
$inSection = $false
}
if ( -not $inSection ) {
break
}
}
}
}
If your example data is in a text file (e.g., config.txt), you could extract the interface GigabitEthernet0/1 section as follows:
$configData = Get-Content "config.txt"
Get-Section $configData 'interface GigabitEthernet0/1'
The output would be:
description YYY
speed 1000
duplex full
nameif YYY
security-level 100
ip address 2.2.2.2 255.255.255.0
!
The function doesn't output the section's name because you already know it (you passed it to the function).
If you know the number of lines following the APP_GROUP, which in this case is 3, you can use that value for the -Context switch on Select-String:
$config | Select-String -Pattern '(object-group network APP_GROUP)' -Context 0,3
Which would give:
object-group network APP_GROUP
network-object host 10.10.20.1
network-object host 10.10.20.2
network-object host 10.10.20.3
Edit: Alternative regex solution below since no of lines is dynamic
$section = 'APP_GROUP'
$regex = "(?:object-group\snetwork\s$section\n)(\snetwork-object\shost\s.*\n)+(?=object-group)"
$oneline = Get-Content C:\temp\cisco.txt | Out-String
$oneline -match $regex
$matches[0]
network-object host 10.10.20.1
network-object host 10.10.20.2
network-object host 10.10.20.3
I am trying to create a PowerShell script (Target Level OS 2008 R2) that 1.
Runs through a array of ports
List all firewall policy associated with the ports
Capture the "Rule Names" into a array currently stuck here
Run through each "Rule Name", either disable or enable the policy based on current state.
I am stuck at point 3 of my list above. Is anyone able to help or possibly direct me in the correct direction?
Current Code:
$array = #("3050", "300", "8080","7080","5090")
for ($i=0; $i -lt $array.length; $i++) {
$searchPort = "(LocalPort.*" + $array[$i] + ")"
$front = netsh advfirewall firewall show rule dir=in name=all |
Select-String -Pattern ($searchPort) -Context 9,4
Write-Host $front
}
Copy of result based on my current script:
Rule Name: interbase port
----------------------------------------------------------------------
Enabled: Yes
Direction: In
Profiles: Domain,Private,Public
Grouping:
LocalIP: Any
RemoteIP: Any
Protocol: TCP
LocalPort: 3050
RemotePort: Any
Edge traversal: No
Action: Allow
Rule Name: MT
----------------------------------------------------------------------
Enabled: Yes
Direction: In
Profiles: Domain,Private,Public
Grouping:
LocalIP: Any
RemoteIP: Any
Protocol: UDP
LocalPort: 300
RemotePort: Any
Edge traversal: No
Action: Allow
Rule Name: medtech port
----------------------------------------------------------------------
Enabled: Yes
Direction: In
Profiles: Domain,Private,Public
Grouping:
LocalIP: Any
RemoteIP: Any
Protocol: UDP
LocalPort: 300
RemotePort: Any
Edge traversal: No
Action: Allow
Simply extract the rule name from the pre-context of your match. Since you probably want to work with several elements from the pre- and post-context I'd recommend piping the output of Select-String into ForEach-Object instead of collecting it in a variable. Then you can toggle firewall rules e.g. like this:
$toggle = #{
'yes' = 'no'
'no' = 'yes'
}
netsh ... | Select-String -Pattern $searchPort -Context 9,4 | ForEach-Object {
$rule = $_.Context.PreContext[0] -replace 'rule name:\s*'
$enabled = $_.Context.PreContext[2] -replace 'enabled:\s*'
& netsh advfirewall firewall set rule name="$rule" new enable=$($toggle[$enabled])
}