Search Results

Search found 10307 results on 413 pages for 'apache chainsaw'.

Page 102/413 | < Previous Page | 98 99 100 101 102 103 104 105 106 107 108 109  | Next Page >

  • PHP may be executing as a "privileged" group and user, which could be a serious security vulnerability

    - by Martin
    I ran some security tests on a Ubuntu 12.04 Server, and I've got these warnings : PHP may be executing as a "privileged" group, which could be a serious security vulnerability. PHP may be executing as a "privileged" user, which could be a serious security vulnerability. In /etc/apache2/envvars, I have this: export APACHE_RUN_USER=www-data export APACHE_RUN_GROUP=www-data And all files in /var/www are having these user/group: www-data:www-data Am I setting this correctly? What should I do to fix this problem?

    Read the article

  • fully encrypt website using SSL

    - by eddywebs
    I had been trying to use SSL for the following site http://bit.ly/e8Lj32 , although the SSL certificate is signed properly by networksolutions , each time the pages are loaded it still displays an SSl warning in browser warning "Some parts of the site are not using SSL" , in I.E, its even worst if you hit "no I dont want view unsecured part of the page" site does not display properly (as it blocks some of the widgets) screenshots upped at http://i.imgur.com/fm5GO.png

    Read the article

  • Apache2 rewrite without htaccess

    - by inorganik
    Reading up on doing url rewrites in Apache2, I found this: "In general, you should never use .htaccess files unless you don't have access to the main server configuration file. Okay, great. But there is no information anywhere about how to do it in the server configuration file. So before I mess stuff up, can I safely use the same rewrite directives, like <IfModule mod_rewrite.c> Options +FollowSymLinks RewriteEngine On RewriteCond %{SCRIPT_FILENAME} !-d RewriteCond %{SCRIPT_FILENAME} !-f RewriteRule ^test/(\w+)$ test.php?n=$1 [L] </IfModule> in /etc/apache2/apache2.conf? /etc/apache2/httpd.conf is blank, but I suppose I could do it there too? Another question, should the rewrite rule paths be prefixed with /var/www/ or can I do it relative to the site root? Thanks.

    Read the article

  • How does the web server choose between unicode and utf-8 for accented characters?

    - by jacques
    I have a web server with my ISP which replaces accented characters in URLs with their unicode values: for instance é (eacute) is translated to %e9 (dec 233). For testing locally I use EasyPHP which translates those characters by their utf-8 equivalence: é is then replaced by the well known sequence %c3%a9 (é)... Browsers served by EasyPHP don't decode unicode values but they do if running locally (utf-8 and non converted accent also)... I have been unable to find where this behavior is configured in the server. This is a problem as some urls are built by my application using the php rawurlencode() which seems to always encode with unicode values on both servers. Any idea?

    Read the article

  • Ubuntu security with services running from /opt

    - by thejartender
    It took me a while to understand what's going on here (I think), but can someone explain to me if there are security risks with regards to my logic of what's going on here as I am trying to set up a home web server as a developer with some good Linux knowledge? Ubuntu is not like other systems, as it has restricted the root user account. You can not log in as root or su to root. This was a problem for me as I have had to install numerous applications and services to /opt as per user documentation (XAMPPfor Linux is a good example). The problem here is that this directory is owned by root:root. I notice that my admin user account does not belong to root group through the following command: groups username so my understanding is that even though the files and services that I place in /opt belong to root, executing them by means of sudo (as required) does not mean that they are run as root? I imagine that the sudo command is hidden somewhere under belonging to the root user and has a 775 permission? So the question I have is if running a service like Tomcat, Apcahe, etc exposes my system like on other systems? Obviously I need to secure these in configurations, but isn't the golden rule to never run something as root? What happens if I have multiple services running under same user/group with regards to a compromised server?

    Read the article

  • Seeking .htaccess help: Converting multiple subdomains (both HTTP and HTTPS) to www.domain.com using .htaccess

    - by Joshua Dorkin
    I've been trying to get an answer to this question on other forums (the folks at SuperUser thought this was the place I needed to post) and via my connections, but I haven't gotten very far. Hopefully you guys can help me find an answer. I've got a dozen old subdomains that have been indexed by Google. These have been indexed as both HTTP AND HTTPS. I've managed to redirect all the subdomains properly, provided they are not HTTPS, but can't get any of the HTTPS subdomains to property redirect. Here's the code I'm using: RewriteCond %{HTTP_HOST} ^subdomain1.mysite.com$ [NC] RewriteRule ^(.*)$ http://www.mysite.com/$1 [R=301,L] RewriteCond %{HTTP_HOST} ^subdomain2.mysite.com$ [NC] RewriteRule ^(.*)$ http://www.mysite.com/$1 [R=301,L] RewriteCond %{HTTP_HOST} ^subdomain3.mysite.com$ [NC] RewriteRule ^(.*)$ http://www.mysite.com/$1 [R=301,L] This works great until someone goes to: https://subdomain2.mysite.com$ which is not redirected back to http://www.mysite.com$ How can I get this to work? Additionally, I'm guessing there is an easier way to make it happen than setting up a dozen pairs of RewriteCond/RewriteRule? Is there any way to do this in just a few lines, including one where I list all the subdomains? I'd actually also like to redirect everything on https://www.mysite.com$ to http://www.mysite.com$ except for 3 folders. These are mysite.com/secure, mysite.com/store, mysite.com/user. Is there any good way to add this to the .htaccess file?

    Read the article

  • Subdomains on WampServer

    - by MohamedKadri
    Hello, I'm working on WampServer for development, I've set up the domain tuniguide.local and it works fine with this configuration: DocumentRoot "D:\www\tuniguide" ServerName tuniguide.local But when I wanted to add a subdomain fr.tuniguide.local I get a 404 Not Found with this configuration: DocumentRoot "D:\www\tuniguide\fr" ServerName fr.tuniguide.local It gives me this message: The requested URL /www/tuniguide/index.php was not found on this server. Is there someting that I missed? Thanks.

    Read the article

  • HTTPS To http redirect issue. How to overcome?

    - by Akshay
    Have already seen suggests on how to rewrite https to http. currently using this technique : RewriteCond %{SERVER_PORT} ^443$ RewriteRule ^(.*)$ http://www.mysite.com/$1 [L,R=301] RewriteRule ^(.*)$ http ://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] Problem : I am currently on hostgator VPS and have found Google indexing my HTTPS pages. Weird for me as never bought an SSL. My site is a blog only. When spoke to Google forums, ( https://productforums.google.com/forum/#!msg/webmasters/2Hz46t44nwk/7voZWudFtAQJ ), they say I should redirect https to http. Now when I have redirected this using the above method, I am still getting SSL warning in browsers. And found that Google is still indexing my new pages with https. I feel as I do not have an SSL, adding a redirect in https doesn't work. So if Google indexes my https page, then I should go and buy SSL, and tell there to redirect https to http. Why would I do that? Please help me, reduced the traffic by nearly 30% because of this. Have even told search engines to go to this file (disallows everything) if they are on https. Options +FollowSymlinks RewriteCond %{SERVER_PORT} ^443$ RewriteRule ^robots.txt$ robots_ssl.txt

    Read the article

  • Prevent hotlinking of attachments

    - by reggie
    People are able to embed my forum's attachments (vbulletin). I tried to create an htaccess rule for the hotlinking, but it did not work. RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com.*$ [NC] RewriteRule attachmentid=\d+(\&d=\d*)?|\.([Gg][Ii][Ff]|[Jj][Pp][Gg])$ http://mydomain.com/antihotlink.jpeg [R] Is it not possible to check for numbers in regular expressions in htaccess files?

    Read the article

  • Extend depth of .htaccess to all subfolders and their children

    - by JoXll
    I need to be able to use .htaccess in all subfolders for full depth. E.g. I have .htaccess in public_html folder: \public_html\.htaccess How I make it to work for the folder small as well? \public_html\home\images\red\thumbs\small\ It only enforces up to home directory not more. ErrorDocument 403 http://google.com Order Deny,Allow Deny from all Allow from 11.22.33.44 Options +FollowSymlinks RewriteEngine On RewriteCond %{HTTPS} off RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC] RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

    Read the article

  • How can I allow robots access to my sitemap, but prevent casual users from accessing it?

    - by morpheous
    I am storing my sitemaps in my web folder. I want web crawlers (Googlebot etc) to be able to access the file, but I dont necessarily want all and sundry to have access to it. For example, this site (superuser.com), has a site index - as specified by its robots.txt file (http://superuser.com/robots.txt). However, when you type http://superuser.com/sitemap.xml, you are directed to a 404 page. How can I implement the same thing on my website? I am running a LAMP website, also I am using a sitemap index file (so I have multiple site maps for the site). I would like to use the same mechanism to make them unavailable via a browser, as described above.

    Read the article

  • How to encrypt php folder under /var/www?

    - by sirchaos
    I need to encrypt the folder /var/www/test. The folder contains PHP files. The goal it to prevent any user to read the php content AND if the HD is mounted on another computer, the /var/www/test should be encrypted AND if computer booted up without any user logged I would like anyone to be able to access data in /var/www/tests. What is the correct approach for this? I've tried "ecryptfs-setup-private" as advised in How to encrypt /var/www? yet it didn't work for me. I've might missed something - I've tested the folders while booting with ubuntu 12.04 installation disk and mounted the drive, than I was able to access /var/www/test content.. yet this is what I want to prevent. The gnome-encfs isn't the way to go since its decryption happens when users logs on to the system & I would like the system to be working after power failure etc' without any one logged in. Please advice.

    Read the article

  • Redirect Permanent and https

    - by Clem
    I just set up https on my server, and I have an issue with redirect permanent. If I have a link for example http://domain.com/index.html it redirect me on https://www.domain.comindex.html The / is missing and I can't figure out how to fix it. It's work with http://www.domain.com/index.html Here is my httpd.conf <VirtualHost *:80> ServerName domain.com Redirect permanent / https://www.domain.com/ </VirtualHost> <VirtualHost *:80> ServerName www.domain.com Redirect permanent / https://www.domain.com/ </VirtualHost> <VirtualHost *:443> DocumentRoot /var/www/domain/ ServerName www.domain.com SSLEngine on SSLCertificateFile ssl.crt SSLCertificateKeyFile ssl.key </VirtualHost>

    Read the article

  • OpenOffice doesn't work

    - by dn.usenet
    I installed OpenOffice on 12.04, and set it as the default utility for spreadsheets, but it doesn't run at all. While trying to troubleshoot, I read that it is not recommended to install it alongside LibreOffice. I am about to uninstall OpenOffice because I don't know how to get it working, and LibreOffice is opening my spreadsheet just fine. But just out of curiosity, I also read that I should try deleting .openoffice.org folder; but from where? I don't see it under /usr/lib, nor under my /home.

    Read the article

  • 403 error on index file

    - by John L.
    When I try to access index.py in my server root through http://domain/, I get a 403 Forbidden error, but when I can access it through http://domain/index.py. In my server logs it says "Options ExecCGI is off in this directory: /var/www/index.py". However, my httpd.conf entry for that directory is the same as the ones for other directories, and getting to index.py works fine. My permissions are set to 755 for index.py. I also tried making a php file and naming it index.php, and it works from both domain/ and domain/index.php. Here is my httpd.conf entry: <Directory /var/www> Options Indexes Includes FollowSymLinks MultiViews AllowOverride All Order allow,deny Allow from all AddHandler cgi-script .cgi AddHandler cgi-script .pl AddHandler cgi-script .py Options +ExecCGI DirectoryIndex index.html index.php index.py </Directory> Thanks

    Read the article

  • Making file in user's homedir accessible from web/webserver

    - by evident
    Hi everybody, I have a txt-file one of my user's homedir which is regularly updated there by a script. I now want to be able to access (read) this file from the web. /home/user/folder/file.txt So what I tried now is to log in as root, go into my webservers httpdocs folder /var/www/path/to/domain/httpdocs and there I tried to create a symbolic link with ln -s /home/user/foler/file.txt /var/www/path/to/domain/httpdocs/file.txt But this didn't work... I already tried changing the chmod of the symlink (which changes the ones from the original file of course) and also a chown to the user from webserver, but no matter what I tried I cannot open the file from the web or from a php-script (which is what I want to do) Can anybody help me and tell me what I need to do? What rights do I need to give? Or is there another way of achieving this?

    Read the article

  • Webserver not giving the correct response on CURL and other httprequest methods [migrated]

    - by Maxim
    I am trying to make a REST request to a external webserver by using this code <?php $user = 'USER'; $pass = 'PASS'; $data = "MYDATA" $ch = curl_init('URL'); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $data); curl_setopt($ch, CURLOPT_HTTPHEADER, array( 'Content-Type: application/json', 'Content-Length: ' . strlen($data)) ); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_VERBOSE, true); if(!($res = curl_exec($ch))) { echo('[cURL Failure] ' . curl_error($ch)); } curl_close($ch); echo($res); Now this is a CURL request, however i tried different methods to test my result and they all give me a 403 forbidden error response that i get from the webserver, however i do get a 200 response when i run it on any other webserver (localhost, webserver2, ...) Therefore i think there is something wrong with my webserver and it might be disallowing/caching the post parameters that i provide because sometimes it returns a 200 response but most of the times it returns the 403. This is the response i get : HTTP/1.1 403 Forbidden Accept-Ranges: bytes Content-Type: application/json; charset=UTF-8 Date: Sat, 26 Oct 2013 13:56:37 GMT Server: Restlet-Framework/2.1.3 Vary: Accept-Charset, Accept-Encoding, Accept-Language, Accept Content-Length: 77 Connection: keep-alive {"error":"ForbiddenOperationException","errorMessage":"Invalid credentials."} It says Invalid credentials however i provide the correct credentials and i can confirm them because it is working on other servers. Since this is a crucial part of my script that i use for clients to register i assume that there is something wrong with the post parameters. I am running cpanel and uninstalled the following already: - varnish - apachebooster i also recompiled php already and enabled curl and its dependencies but nothing seems to resolve my problem. If more information is required then don't hesitate to ask me in the comments i will respond very quickly as i really need this. any help is appreciated. Kind regards Maxim

    Read the article

  • Why is a # sign added to the end of URLS?

    - by Niro
    Note: I'm asking this from the perspective of the site developers (trying to help someone there). not as a user. Please don't forward this to superuser.com. It's a server admin question. Have a look here http://www.wanimo.com/fr/chiens/coussin-matelas-tapis-pour-chien-sc28/tapis-plat-urban-chic-sf7263/ you'll see that the page gets redirected to the same page with # at the end. Worse, when you click back you get garbage url. I'm trying to debug what is causing the redirect. Any advice on how to find it ?

    Read the article

  • Files inside Alias folder not accessible

    - by John Isaacks
    In my apache2.conf I have an alias setup like this: Alias /cake/ /var/www-cake/repo <Directory /var/www-cake/repo> Order allow,deny Allow from all AllowOverride All Options +Indexes </Directory> inside the /var/www-cake/repo directory I just have 1 file that is index.php when I go to http://linux-server/cake/ I get a directory listing that shoes the index.php file. When I click on the file it takes me to http://linux-server/cake/index.php in which I get a 404 page not found error. What do I need to do to make the files accessible?

    Read the article

  • Move site from one tld to another

    - by Amol Ghotankar
    If we want to move site from say xyz.com to xyz.org. What all things we need to do to make sure seo works fine. I am doing something like Point both xyz.com and xyz.org to same ip where my site is working Use cannonical url to have xyz.org/* instead of xyz.com/* Add site to webmaster and make a change request. But problem is we are not able to 301 redirect from xyz.com to xyz.org as both are on same i/p and doing so is causing redirect loop and error. How to fix this? Please help.

    Read the article

  • How to install Joomla in Ubuntu?

    - by Leon-TastyDev
    I have installed the lamp-server but i stuck in one certain step.. Were it says remove installation folder if i i click the button "Remove installation folder:" it says error and i guess this is because it doesn't have root previlages. So i run sudo nautilus go to the folder var/www, and remove the folder installation.. So now when i try to access my localhost No configuration file found and no installation code available. Exiting... I am confused, it asked me to remove it and now that is removed it needs it..:?

    Read the article

  • Can a NodeJS webserver handle multiple hostnames on the same IP?

    - by Matthew Patrick Cashatt
    I have just begun learning NodeJS and LOVE it so far. I have set up a Linux box to run it and, in learning to use the event-driven model, I am curious if I can use a common IP for multiple domain names. Could I point, for example, www.websiteA.com, www.websiteB.com, and www.websiteC.com all to the same IP (node webserver) and then route to the appropriate source files based on the request? Would this cause certain doom when it came to scaling to any reasonable size?

    Read the article

  • How to run a local and external website on same computer with 2 NIC's, 2 Routers and 3 seperate networks?

    - by CandN
    Hello and hopefully I can get some answers to my question, though I think I'm making it more complicated for myself than it has to be. My business is a used auto dealership, and I'm in the process of connecting it to the world - via ethernet from the business server [running Xubuntu] to the ISP's ethernet router/modem, so that I can host our own website (no more than 5-10 people probably visiting at any time - mainly paying their bill), as well as set up a web based internal-intranet site - via DD-WRT Router on the 2nd NIC on the business server - that'll be accessed over Wifi from employees personal devices. On the other end of this is trying to offer free wifi to customers that is completely seperate of the 2 mentioned above networks. Quick Rundown: 1. Web Site for Customers to access. I'm going to use no-ip.org for DNS for the moment being, so I'll have a site that customers can access from anywhere in the world at "mybiz.no-ip.org". This will be forwarded to NIC #1 on the server, possibly at an address like "108.69.." as its being provided an IP from the ISP's modem/router, that is from Time Warner, and they allow NO! configuration options. Web Site for employees to access. I'm trying not to use the server too much as a desktop, only for critical situations, so having a backend thats seperate from the front-facing website is critical. This will be the DD-WRT router hardwired into NIC #2 on the server. This WiFi will be password accessible. Public WiFi for customers. The DD-WRT can seperate networks if I'm correct, I just can't seem to understand how to seperate the 2 and still have internet access on both. I've done it before, but the "Public" wifi (with no password set to connect) kept dropping the connection like a problem was happening that I couldn't figure out. So if I could do a little drawing, this is how it would/should possibly look. ISP -- [Sends Public Facing IP of 108.69.*.1/8] -- ISP Modem Router ISP Modem Router (Ethernet Only) -- [Gives Private IP 108.69.*.2] -- Server NIC #1 Server NIC #1 -- [Gives Private IP 108.69.*.3] -- DD-WRT Router DD-WRT Router -- [DHCP Enabled Giving IP's 172.16.0.0/16] -- Employees Network | | --------- [DHCP Enabled Giving IP's 192.168.1.0/24] -- Public WIFI Hope it's not too confusing, but it anyone could give me some good direct tutorials on how to accomplish this, or if YOU know, then it'll be alot of help. Thanks to all in advance. Need anything else to be explained? Don't hesitate to ask! *Using The LAMP stack with Webmin/VirtualMin -Customer site is located in /var/www2/ -Private Employees site is located in /var/www/ Using no-ip.org's dynamic client updater

    Read the article

  • Best solution for a team home server

    - by aliasbody
    I created a home server with Ubuntu 12.04 Server (using an old Netbook with an Atom CPU and 512Mb). The idea is just to be used for a small team (maximum 10 persons) that will have constant access by SSH to the main projects and could add features with Git, and will, as well, have their own directory (with VirtualHost configured) for their own personal projects. Everything is configured and running, but my question is : What is the best solution here for everyone to work? It is to have them on the http group and then all have access as normal users to the /var/www folder (that also contains GitWeb and Drupal), or would be to create a new user named after the project (as an example) where only those with the password could have access to work (configured with VirtualHost). Notice: The idea is to have 1 person responsible of the server directly (since he is the one who is hosting it), 2 more people that will have access to the root from their home in order to configure anything from their home, plus anyone else that joins the group without any root access, but just the necessary access to create personal works and work with Git.

    Read the article

  • SVN Checkout folder as local webroot

    - by Shredder
    I have XAMPP installed and running. I have an SVN working directory (WD) on my local that checks out from the repository. I set up a virtual host in xampp to point to my WD, but my browser (FF) gives me a 500 http status error: Either the server is overloaded or there was an error in a CGI script. When I place a regular folder in the same location with the WD and switch names, it works fine.. Can I not use an SVN working directory as a web root folder?

    Read the article

< Previous Page | 98 99 100 101 102 103 104 105 106 107 108 109  | Next Page >