Search Results

Search found 10300 results on 412 pages for 'apache httpcomponents'.

Page 119/412 | < Previous Page | 115 116 117 118 119 120 121 122 123 124 125 126  | Next Page >

  • Retrieve malicious IP addresses from Apache logs and block them with iptables

    - by Gabriel Talavera
    Im trying to keep away some attackers that try to exploit XSS vulnerabilities from my website, I have found that most of the malicious attempts start with a classic "alert(document.cookie);\" test. The site is not vulnerable to XSS but I want to block the offending IP addresses before they found a real vulnerability, also, to keep the logs clean. My first thought is to have a script constantly checking in the Apache logs all IP addresses that start with that probe and send those addresses to an iptables drop rule. With something like this: cat /var/log/httpd/-access_log | grep "alert(document.cookie);" | awk '{print $1}' | uniq Why would be an effective way to send the output of that command to iptables? Thanks in advance for any input!

    Read the article

  • Nginx & Apache Cannot get try_files to work with permalinks

    - by tcherokee
    I have been working on this for the past two weeks not and for some reason I cannot seem to get nginx's try_files to work with my wordpress permalinks. I am hoping someone will be able to tell me where I am going wrong and also hopefully tell me if I made any major errors with my configurations as well (I am an nginx newbie... but learning :) ). Here are my Configuration files nginx.conf user www-data; worker_processes 4; pid /var/run/nginx.pid; events { worker_connections 768; # multi_accept on; } http { ## # Basic Settings ## sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; # server_tokens off; # server_names_hash_bucket_size 64; # server_name_in_redirect off; include /etc/nginx/mime.types; default_type application/octet-stream; ## # Logging Settings ## # Defines the cache log format, cache log location # and the main access log location. log_format cache '***$time_local ' '$upstream_cache_status ' 'Cache-Control: $upstream_http_cache_control ' 'Expires: $upstream_http_expires ' '$host ' '"$request" ($status) ' '"$http_user_agent" ' ; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; } mydomain.com.conf server { listen 123.456.78.901:80; # IP goes here. server_name www.mydomain.com mydomain.com; #root /var/www/mydomain.com/prod; index index.php; ## mydomain.com -> www.mydomain.com (301 - Permanent) if ($host !~* ^(www|dev)) { rewrite ^/(.*)$ $scheme://www.$host/$1 permanent; } # Add trailing slash to */wp-admin requests. rewrite /wp-admin$ $scheme://$host$uri/ permanent; # All media (including uploaded) is under wp-content/ so # instead of caching the response from apache, we're just # going to use nginx to serve directly from there. location ~* ^/(wp-content|wp-includes)/(.*)\.(jpg|png|gif|jpeg|css|js|m$ root /var/www/mydomain.com/prod; } # Don't cache these pages. location ~* ^/(wp-admin|wp-login.php) { proxy_pass http://backend; } location / { if ($http_cookie ~* "wordpress_logged_in_[^=]*=([^%]+)%7C") { set $do_not_cache 1; } proxy_cache_key "$scheme://$host$request_uri $do_not_cache"; proxy_cache main; proxy_pass http://backend; proxy_cache_valid 30m; # 200, 301 and 302 will be cached. # Fallback to stale cache on certain errors. # 503 is deliberately missing, if we're down for maintenance # we want the page to display. #try_files $uri $uri/ /index.php?q=$uri$args; #try_files $uri =404; proxy_cache_use_stale error timeout invalid_header http_500 http_502 http_504 http_404; } # Cache purge URL - works in tandem with WP plugin. # location ~ /purge(/.*) { # proxy_cache_purge main "$scheme://$host$1"; # } # No access to .htaccess files. location ~ /\.ht { deny all; } } # End server gzip.conf # Gzip Configuration. gzip on; gzip_disable msie6; gzip_static on; gzip_comp_level 4; gzip_proxied any; gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript; proxy.conf # Set proxy headers for the passthrough proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_max_temp_file_size 0; client_max_body_size 10m; client_body_buffer_size 128k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; add_header X-Cache-Status $upstream_cache_status; backend.conf upstream backend { # Defines backends. # Extracting here makes it easier to load balance # in the future. Needs to be specific IP as Plesk # doesn't have Apache listening on localhost. ip_hash; server 127.0.0.1:8001; # IP goes here. } cache.conf # Proxy cache and temp configuration. proxy_cache_path /var/www/nginx_cache levels=1:2 keys_zone=main:10m max_size=1g inactive=30m; proxy_temp_path /var/www/nginx_temp; proxy_cache_key "$scheme://$host$request_uri"; proxy_redirect off; # Cache different return codes for different lengths of time # We cached normal pages for 10 minutes proxy_cache_valid 200 302 10m; proxy_cache_valid 404 1m; The two commented out try_files in location \ of the mydomain config files are the ones I tried. This error I found in the error log can be found below. ...rewrite or internal redirection cycle while internally redirecting to "/index.php" Thanks in advance

    Read the article

  • supervise/daemontools conflicts with apache -D FOREGROUND

    - by Kevin G.
    Hoping that somebody can help us understand this behavior. We've got a bunch of daemontools services under /etc/service/. One of the services controls apache, and the run script has this in it. exec envdir /var/lib/supervise/wwwproxy/env setuidgid root bash <<-BASH ulimit -n 8192 # also increase the running user's file descriptor limit exec apache2 -f /path/to/demo_apache2.conf -D FOREGROUND BASH We were having the problem that svc -d /etc/service/* actually had the effect of restarting all the services, it didn't take them down. We finally tracked it down to that one service, and found that svc -d /etc/service/apache2 would bring up any other service was down, including itself. Changing FOREGROUND to NO_DAEMONIZE fixes the behavior, but we'd really like to understand what's going on. Can anybody explain why an svc -d on one service would bring an other service up? Thanks for any clue you can offer.

    Read the article

  • eZ Components devient Zeta Components et sera désormais un projet de la fondation Apache Software.

    Le framework PHP eZ Components a depuis ce 19 avril changé d'identité, il sera désormais connu sous le nom de Zeta Components et sera désormais un projet de la fondation Apache Software. En effet, l'éditeur norvegien eZ Systems a accepté de donner les licences de proprietés à la fondation Apache pour en faire un projet Open source. -> Page principale de l'annonce : http://share.ez.no/blogs/ez/goodbye-...eta-components -> Page de la proposition du projet au groupe Apache : http://wiki.apache.org/incubator/ZetaComponentsProposal -> Page de Détai...

    Read the article

  • REMOTE_USER through Apache reverse proxy

    - by Laurent
    I have an Apache webserver with mod_proxy enabled and a Virtualhost, proxy.domain.com. This proxy is configured to prompt the user for credentials with AuthType Basic. Then, the content of web.domain.com is available through the proxy with ProxyPass and ProxyReverse. However, the REMOTE_USER variable is empty. I read different things to achieve this with mod_rewrite and mod_headers but all my tries have failed. Does anybody has been luckier than me? Thanks.

    Read the article

  • apache domain names are case sensitive

    - by neubert
    The following HTTP request results in a "See the error log for more details; Invalid Value Found For Domain" error: GET / HTTP/1.0 Host: www.MyWebsite.com If I make the hostname all lowercase, however, it works just fine. How can I make Apache case insensitive? Here's my httpd.conf file: <VirtualHost *:80> ServerName mywebsite.com ServerAlias www.mywebsite.com ... </VirtualHost> I tried adding ServerAlias www.MyWebsite.com to that but that didn't help. And in any event, it seems like that's a poor approach anyway since the case can be mixed up in a ton of different ways and trying to account for all of them would result in a huge *.conf file. Any ideas? Thanks!

    Read the article

  • Forward nginx to Apache Tomcat

    - by erdimeola
    I'm totally new to nginx. I want to forward two subdomains to the two applications in my apache tomcat server. As I searched over internet, I found that rewrite does the forwarding but I cannot see forwarding. Here is my server configuration server { listen 80; server_name subdomain1.domain.com; rewrite ^ http://tomcat.ip:8080/app1$request_uri? permanent; } server { listen 80; server_name subdomain2.domain.com; rewrite ^ http://tomcat.ip:8080/app2$request_uri? permanent; } Whenever I invoke subdomain1.domain.com or subdomain2.domain.com, I'm redirected to the main page of nginx which states that nginx is successfully installed and further configuration is needed. So, How can I do the forwarding?

    Read the article

  • Apache ProxyPass/ProxyPassReverse to IIS

    - by Dana
    We have an ASP.NET web application which is mapped to a folder on an apache hosted php site using ProxyPass.ProxyPassReverse. A couple of problems being encountered. cookies are being lost which breaks the site navigation, this can be overcome by setting the asp app as cookieless. Forms authentication is used on the ASP site, this is also broken withe the proxypass in place, suspect this is cookie related also. ASP site works ok when run from a domain/ip address. Use of a separate domain / sub-domain is not an option duew to client requirements.

    Read the article

  • Apache Web Server character encoding

    - by OBY
    I've recently transferred my webapp from my localhost (LH) to a VPS, and have had hebrew chars-encoding probs since. Whenever I send a request with a heb-char it results in "?????" saved to the DB. My LH config was tomcat6, MySQL, and centOS 6.2, opened to the web. In the VPS env I'm behind an Apache Web Server, and the rest is quite the same (though I haven't done anything to its installation). Please note I already have had this problem before, on my LH when the request was sent from IE/chrome (not FF!). The solution was to apply a filter on the the context and change the char-type to UTF-8. My webapp content char-encode is utf-8, MySql server set to utf8 using charset utf8;, and my centOS set to iw_IL.UTF8 using export LANG=iw_IL.UTF8. When I use locale the bash output seems to be set correctly. Any suggestions?

    Read the article

  • How to make local apache server public/visible ?

    - by George
    Hello. I am running an Apache2 server on a Fedora 13. I'd like to make it publicly accessible(visible).For example I'd like when somebody types http://my.ip.numbes/ that they would see what I have in my document root folder. Just for a presentation of a course work at university. Permissions are set to 755. User owning the document root is apache. SELinux is temporarily disabled. But port 80 is closed. I tried to open it by adding an entry to iptables and restarting them, no change. I guess I am missing something big here. Help would be greatly appreciated. Note: I have a static (public, real) IP address.

    Read the article

  • apache httpd cannot browse through browser

    - by nuttynibbles
    i've setup apache and php on a virtual machine. everything works fine in the virtual machine. im able to execute php files and run up phpmyadmin connecting to mysql. on my host machine, im able ping and ssh into the remote machines. however, im unable to browse the php files on the host browser using the ip address. in my httpd.conf, im listening to port 80. i enabled the ServerName 192.168.75.102:80 am i missing some settings? port settings maybe?

    Read the article

  • Apache mod_header rule to change all cookies to secure

    - by Supowski
    I would like to change all cookies to be secure and http-only. It works fine for one cookie, but doesn't work when multiple cookies are set in response. Apache mod_header rule should change cookies from: Set-Cookie cookie1=value; Path=/somePath Set-Cookie cookie2=value; Path=/somePath to Set-Cookie cookie1=value; Path=/somePath; Secure; Http-Only Set-Cookie cookie2=value; Path=/somePath; Secure; Http-Only I use mod_headers for it with following rule: Header edit Set-Cookie ^(.*)$ $1;Secure;HttpOnly It works fine when only one cookie is set, but if there is more than one, it just removes all the following and they are not set at all. Any help how to write mod_headers rule for multiple values? or the problem is in something else?

    Read the article

  • Windows 7 - XP Mode - Apache

    - by Howard
    I've setup Virtual PC and XP Mode on my Windows 7 Pro. Using Apache 2.0.52 I have no problems having my website up and running on the Windows 7 machine. But Under VPC/XP Mode the best I can do is Localhost mode. What do I need to do to enable http connections? I need the XP Mode as besides the website I also run a Web BBS and a Dos based (via telnet) BBS. Some of the apps in the Dos BBS just won't work under 64 bit, no matter what setting (capability) are used. Thanks in advance...

    Read the article

  • Apache Alias / VirtualHost run as different user

    - by inx
    I tried to create an alias or virtual host to run as different user. Well below is part of apache httpd.conf that doesn't work. Or, is it even possible? <VirtualHost blah:80> user DifferentUser group DifferentGroup ServerAdmin blah DocumentRoot blah ServerName blah ServerAlias blah ScriptAlias /cgi-bin/ blah DirectoryIndex index.html index.htm default.htm index.shtml index.php ErrorLog logs/blah-error_log CustomLog logs/blah-access_log common <Directory "/blah/"> Options Indexes FollowSymLinks MultiViews ExecCGI AllowOverride all Order Deny,Allow Deny from none Allow from all </Directory> </VirtualHost>

    Read the article

  • connection to apache server switches sockets connection

    - by Newben
    I have just post a question but I post an other one because the problem is not the one I had in thought when asking the latter. So, I am running some rails app on osx, when I run rails s, everything works fine. If I shut down the apache server (mamp) and if I run rails s again, I have this message Can't connect to local MySQL server through socket '/Applications/MAMP/tmp/mysql/mysql.sock', which for sure is normal. For info, my mamp server is running, and the connection must pass through /Applications/MAMP/Library/bin/mysql, so I aliased it by setting in my bash profile : alias mysql="/Applications/MAMP/Library/bin/mysql" Now, when I launch a rails generate command type, I get this message : /$root/vendor/bundle/ruby/2.0.0/gems/mysql2-0.3.11/lib/mysql2/client.rb:44:in `connect': Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2) (Mysql2::Error) So how it can be ?

    Read the article

  • Apache SMTP connection times out

    - by Kaivosukeltaja
    A web server that has successfully sent mail using the hosting providers's SMTP server before seems to suddenly have lost connection to the SMTP server. [Wed Nov 28 09:51:27 2012] [error] [client 10.250.11.81] PHP Warning: fsockopen(): unable to connect to smtp.ourprovider.net:25 (Connection timed out) in /var/www/(....)/phpmailer/class.smtp.php on line 105, referer: http://oursite.net/sendmessage.php# If I telnet to the SMTP server's port 25 manually from the web server, I'm able to connect and send mail with no problems whatsoever. The web server is running RHEL 6.3 and Apache 2.2.15. The SE boolean httpd_can_network_connect is on. Our PHP version is 5.3.3. Where should I start looking to fix this?

    Read the article

  • Apache 2 Symbolic link not allowed or link target not accessible

    - by astropanic
    My apache server runs as user foo. I have some Rails applications in /home/foo/app1 /home/foo/app2. Each of them has an vhost <VirtualHost *:80> ServerName app1.foobar.com ServerAlias www.app1.foobar.com DocumentRoot /var/www/html/app1/current/public RailsEnv production <Directory /var/www/html/app1/current/public> AllowOverride all Options -MultiViews </Directory> </VirtualHost> I have a symlink in /var/www/html/app1 : current -> /home/foo/app1/tmp_20102611 All file permissons are set correctly (user foo group foo), I can go through the filesystem from shell. SELINUX is disabled Distro is CentOs 5.5 Which the above symlink I get an 403 and an error entry in error_log Symbolic link not allowed or link target not accessible:/var/www/html/app1/current When I symlink my app in the subdir of /var/www/html instead of /home/foo it works. How I can avoid this error still placing my app in my /home/foo directory ?

    Read the article

  • Need advise on linking apache and tomcat

    - by hsnm
    I have been searching this for hours with no luck. I have a web server that uses https on Apache2. I also have installed tomcat7 on the same server to run some Java webapp on it. I need to keep my https port 443 on Apache but forward the requests to the Java webapp to tomcat. I tried to use mod_jk to redirect the requests to tomcat but I failed. Most tutorials talk about redirecting plain http requests not https. I also could not let tomcat use https on 8443. I'm following the steps here but facing errors. The question: Can I redirect https traffic to tomcat without installing https on tomcat? Is there a good tutorial you can recommend to me?

    Read the article

  • New Secure Website with Apache Reverse Proxy

    - by jtnire
    I wish to set up a new website that will be accessed by users using HTTPS. I think it is good practise to put the "real" web server in a seperate subnet, and then install an Apache Reverse Proxy in a DMZ. My question is, where should I put the SSL cert(s)? Should I a) Use a self-signed cert on the "real" web server, and a proper cert on the reverse proxy? b) Use 2 real certs on both the "real" web server and the reverse proxy? c) Don't use any cert on the "real" web server, and use a proper cert on the reverse proxy? I'd like to use a) or c), if possible. I also don't want anyone's browser complaining of a self-signed cert. Thanks

    Read the article

  • Apache: serving SSL only

    - by elect
    I have a website that I want to be access only by https://myurl.com. A normal typing myurl.com should be forwarded to the https. I tried different things such as: RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://myurl.com/$1 [R,L] (rewrite mod ON) or NameVirtualHost *:80 <VirtualHost *:80> ServerName mysite.example.com DocumentRoot /usr/local/apache2/htdocs Redirect permanent /secure https://mysite.example.com/secure </VirtualHost> But they didnt work, which is the right way to do it? Debian & Apache 2

    Read the article

  • Default documentroot apache does not work

    - by James Wise
    I have apache version 2.2 and php 5.3.15 on a single server. I configured virtual hosting and a default vhost. 0_default_.conf - goes to /var/www/default sub.domain.com.conf - goes to /var/www/sub.domain.com My question is, how could I set the default documentroot to sub.domain.com permanently? That means all request should be redirected to sub.domain.com. I try to remove 0_default_.conf but when viewing the page it display the php source code of sub.domain.com. Here is my configurations -- http://pastebin.com/4e3awUJ4 Although I can create index.php to /var/www/default and permanently redirect to sub.domain.com site but it's not viable solution for me because what if I didn't point the ip address of sub.domain.com to the server so user cannot view that subdomain. I would appreciate if anyone could share their knowledge and wisdom. Thanks. JamesW

    Read the article

  • Upgrading php, mysql, and apache

    - by Kevin
    I have been looking around and have not found a good answer to my question. I currently have php 5.3.3 installed via yum on my centos 6.3 server. I need to upgrade to php 5.10 or later. It is my understanding that you need to find the correct mysql and apache packages that fit with the php install. Can someone please point me in the direction of a an update guide? Btw I am not looking for "yum update httpd php5" this gets me the old 5.3.3 version. Thanks, Kevin.

    Read the article

  • Multiple redirects with one domain on Apache

    - by hfranco
    I'm trying to figure out how to redirect one URL to one location: http://mydomain.com/admin to http://mydomain.com/admin And have all other requests from http://mydomain.com point to http://myotherdomain.com So essentially all other requests will redirect to myotherdomain.com except for http://mydomain.com/admin I've tried setting up a Redirect rule in Apache but I'm not having any luck. I get a "The page isn't redirecting properly" message. <VirtualHost *:80> ServerName mydomain.com ServerAlias www.mydomain.com DocumentRoot /opt/www/mydomain.com/ Redirect /admin http://mydomain.com/admin Redirect / http://www.myotherdomain.com </VirtualHost>

    Read the article

< Previous Page | 115 116 117 118 119 120 121 122 123 124 125 126  | Next Page >