Notes

I wanted to build a reverse proxy configuration for a web app. But on a certain URL, I wanted to allow either none or one specific query string.

Here is a snippet from my nginx configuration:

location /my/app {
    if ($query_string !~ "(^$)|(^key=value$)") {
        return 404;
    }

    proxy_pass https://app.example.local/my/app;
}

The regex (^$)|(^key=value$) does the magic. If the URL doesn't match on the regex, nginx returns HTTP status 404. If it does match, nginx proxies the request to the web app.

While migrating one AD domain to another, I stumbled into the legacyExchangeDN problem.

We had a lot of of global mail contacts in the first domain pointing to recipients in the other domain and vice versa. Many users had cached contacts in Outlook that ceased to work after migrating to the other domain generating IMCEAEX non-delivery reports.

So we had to fix this by adding the legacyExchangeDN string of the mail contacts as a X500 proxy address.

Luckily this does not affect mailboxes migrated using Exchange's forest migration feature. The legacyExchangeDN is properly migrated.

Some good information on this topic:

English:

• https://docs.microsoft.com/en-us/exchange/troubleshoot/email-delivery/imceaex-ndr
• https://blog.quadrotech-it.com/blog/what-is-the-x500-email-address/

German:

• https://www.frankysweb.de/exchange-migration-sonderfall-pst-migration-550-5-1-1/
• https://www.langlitz-it.de/?p=1048
• https://blog.devilatwork.de/office365-exchange-nachricht-konnte-nicht-zugestellt-werden-legacyexchangedn-und-x500/

Recently I tried to rebuild some port forwarding rules on a Cisco ASA using Cisco ASDM. I wanted to use the Public Server feature. Strangely it didn't allow me to create port forwarding rules on the public interface IP. It got the following error message:

The public address cannot be the same as the public interface address.

I don't understand this, because using plain NAT rules works just well on the interface IP.

I built the NAT rules in the following way and it works fine for me:

Here is the source code for this site / web application: https://github.com/pcanterino/pcdenotes

This is is somewhat like a premiere to me, because I released the source code under the terms of the terms of the GNU AGPL 3.0.

Contrary to CTX130499, it worked perfectly fine for me to move the Citrix PVS database while the workers were online. The only thing that was important, was that offline database had to be enabled.