Search Results

Search found 14878 results on 596 pages for 'mod security'.

Page 127/596 | < Previous Page | 123 124 125 126 127 128 129 130 131 132 133 134 | Next Page >

htaccess - Redirects with more than 1 level deep not working

- by barfoon

Hey everyone, Just moved to shared hosting on GoDaddy and Im trying to get my .htaccess rules working. Heres what I have: ErrorDocument 404 /error.php Options FollowSymLinks RewriteEngine On RewriteBase / RewriteCond %{HTTP_HOST} ^www\.mydomain\.org$ RewriteRule ^(.*)$ http://mydomain.org/$1 [R=301,L] RewriteRule ^view/(\w+)$ viewitem.php?itemid=$1 [R=301,L] RewriteRule ^category/(\w+)$ viewcategory.php?tag=$1 [R=301,L] RewriteRule ^faq$ faq.php RewriteRule ^about$ about.php RewriteRule ^contact$ contact.php RewriteRule ^submit$ submit.php RewriteRule ^contactmsg$ handler-contact.php All the pages @ the root of the domain seem to be working i.e mydomain.org/faq, mydomain.org/about are working. But whenever I try mydomain.org/category/somecategory, I get a 404. How can I fix my .htaccess to obey these rules that are more than 1 level deep? Thanks,

Read the article
Force caching of handler output which actively resists caching

- by deceze

I'm trying to force caching of a very obnoxious piece of PHP script which actively tries to resist caching for no good reason by actively setting all the anti-cache headers: Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Content-Type: text/html; charset=UTF-8 Date: Thu, 22 May 2014 08:43:53 GMT Expires: Thu, 19 Nov 1981 08:52:00 GMT Last-Modified: Pragma: no-cache Set-Cookie: ECSESSID=...; path=/ Vary: User-Agent,Accept-Encoding Server: Apache/2.4.6 (Ubuntu) X-Powered-By: PHP/5.5.3-1ubuntu2.3 If at all avoidable I do not want to have to modify this 3rd party piece of code at all and instead just get Apache to cache the page for a while. I'm doing this very selectively to only very specific pages which have no real impact on session cookies or the like, i.e. which do not contain any personalised information. CacheDefaultExpire 600 CacheMinExpire 600 CacheMaxExpire 1800 CacheHeader On CacheDetailHeader On CacheIgnoreHeaders Set-Cookie CacheIgnoreCacheControl On CacheIgnoreNoLastMod On CacheStoreExpired On CacheStoreNoStore On CacheLock On CacheEnable disk /the/script.php Apache is caching the page alright: [cache:debug] AH00698: cache: Key for entity /the/script.php?(null) is http://example.com:80/the/script.php? [cache_disk:debug] AH00709: Recalled cached URL info header http://example.com:80/the/script.php? [cache_disk:debug] AH00720: Recalled headers for URL http://example.com:80/the/script.php? [cache:debug] AH00695: Cached response for /the/script.php isn't fresh. Adding conditional request headers. [cache:debug] AH00750: Adding CACHE_SAVE filter for /the/script.php [cache:debug] AH00751: Adding CACHE_REMOVE_URL filter for /the/script.php [cache:debug] AH00769: cache: Caching url: /the/script.php [cache:debug] AH00770: cache: Removing CACHE_REMOVE_URL filter. [cache_disk:debug] AH00737: commit_entity: Headers and body for URL http://example.com:80/the/script.php? cached. However, it is always insisting that the "cached response isn't fresh" and is never serving the cached version. I guess this has to do with the Expires header, which marks the document as expired (but I don't know whether that's the correct assumption). I've tried to overwrite and unset headers using mod_headers, but this doesn't help; whatever combination I try the cache is not impressed at all. I'm guessing that the order of operation is wrong, and headers are being rewritten after the cache sees them. early header processing doesn't help either. I've experimented with CacheQuickHandler Off and trying to set explicit filter chains, but nothing is helping. But I'm really mostly poking in the dark, as I do not have a lot of experience with configuring Apache filter chains. Is there a straight forward solution for how to cache this obnoxious piece of code?

Read the article
Apache reports a 200 status for non-existent WordPress URLs

- by Jonah Bishop

The WordPress .htaccess generally has the following rewrite rules: # BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> When I access a non-existent URL at my website, this rewrite rule gets hit, redirects to index.php, and serves up my custom 404.php template file. The status code that gets sent back to the client is the correct 404, as shown in this HTTP Live Headers output example: http://www.borngeek.com/nothere/ GET /nothere/ HTTP/1.1 Host: www.borngeek.com {...} HTTP/1.1 404 Not Found However, Apache reports the entire exchange with a 200 status code in my server log, as shown here in a log snippet (trimmed for simplicity): {...} "GET /nothere/ HTTP/1.1" 200 2155 "-" {...} This makes some sense to me, seeing as the original request was redirected to page that exists (index.php). Is there a way to force Apache to report the exchange as a 404? My problem is that bogus requests coming from Bad Guys show up as "successful requests" in the various server statistics software I use (AWStats, Analog, etc). I'd love to have them show up on the Apache side as 404s so that they get filtered out from the stat reports that get generated. I tried adding the following line to my .htaccess, but it had no effect (I'm guessing for the same reason as the previous redirect rules): ErrorDocument 404 /index.php?error=404 Does anyone have a clever way to fix this annoyance? Additional Info: OS is Debian 6.0.4, and Apache version looks to be 2.2.22-3 (hosted on DreamHost) The 404 being sent back to the client is being set by WordPress (i.e. I'm not manually calling header() anywhere)

Read the article
How do i enable deflate on apache2? debian

- by acidzombie24

I looked at the other answers and those solutions did not help. I am completely confused how to do this. I know almost nothing about apache nor how to use it and nearly all the article say write this but doesnt tell me where. So far i have done this # a2enmod deflate Module deflate already enabled Then i tried writing this in httpd.conf AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css Then i wrote a longer version which involved deflate.c. After those didnt work i deleted them all and wrote the AddOutputFilterByType line in apache2/sites-enabled/000-default inside of I used this to test http://www.whatsmyip.org/http_compression/ everytime it says no compression. I used another site but i could never compress. Also i restart the server everytime i save a file so what could be the problem and how do i enable this properly?

Read the article
How can I prevent Apache from asking for credentials on non SSL site

- by Scott

I have a web server with several virtual hosts. Some of those hosts have an associated ssl site. I have a DirectoryMatch directive in my main config file which requires basic authentication to any directory with secured as part of the directory path. On sites that have an SSL site, I have a rewrite rule (located in the non ssl config for that site), that redirects to the SSL site, same uri. The problem is the http (80) site asks for credentials first, and then the https (443) site asks for credentials again. I would like to prevent the http site from asking and thus avoid the potential for someone entering credentials and having them sent in clear text. I know I could move the DirectoryMatch down to the specific site, and just put the auth statement in the SSL config, but that would introduce the possibility of forgetting to protect critical directories when creating new sites. Here are the pertinent declarations: httpd.conf (all sites): <DirectoryMatch "_secured_"> AuthType Basic AuthName "+ + + Restrcted Area on Server + + +" AuthUserFile /home/websvr/.auth/std.auth Require valid-user </DirectoryMatch> site.conf (specific to individual site) <DirectoryMatch "_secured_"> RewriteEngine On RewriteRule .*(_secured_.*) https://site.com/$1 </DirectoryMatch> Is there a way to leave DirectoryMatch in the main config file and prevent the request for authorization from the http site? Running Apache 2 on Ubuntu 10.04 server from the default package. I have AllowOverride set to none - I prefer to handle things in the config files instead of .htaccess.

Read the article
apache url rewrite not working as expected

- by hetaoblog

looks as if it's working now, i'm not doing anything... stange... I want to write http://www.1024jobs.net/jobs/view/17.jhtml to http://www.1024jobs.com/jobs/view/17.jhtml so i have tried either of below rules in .htaccess RewriteRule ^jobs/view/([0-9]+)\.jhtml$ http://www.1024jobs.com/jobs/view/$1.jhtml [L,R=301] RewriteRule ^jobs/view/([^.]+).jhtml$ http://www.1024jobs.com/jobs/view/$1.jhtml [L,R=301] but it's always translating to below url http://www.1024jobs.net/jobs/view/17.jhtml to http://www.1024jobs.com/jobs/view/.jhtml however, just found below is translated correctly.... http://www.1024jobs.net/jobs/view/16.jhtml can anyone help and explain? thx

Read the article
Microsoft Ergonomic Keyboards With Card Readers?

- by Steve

When I started working at my current job I developed tendinitis in my wrists. Luckily that cleared up when I started using a Microsoft ergonomic keyboard. The problem is that where I work is moving to more security. We will need to stick a card into a slot to log into our PCs. They bought a bunch of new keyboards with these slots built in. All regular keyboards. Is there something like the Microsoft Ergonomic keyboard that comes with such a card slot? Thanks.

Read the article
Python and mod_wsgi path issue

- by jasonh

I have an AIX 6.1 system that I've compiled and installed: Apache 2.2.21 (into /usr/local/mercurial) Python 2.7.2 (into /usr/local/bin and /usr/local/lib) mod_wsgi 3.3 (with the AIX fix #1 described here) Mercurial 2.0 (system-wide) However, when Apache starts, I get the following message in error_log: IOError: invalid Python installation: unable to open /usr/local/bin/lib/python2.7/config/Makefile (No such file or directory) See the problem? bin/lib doesn't exist. /usr/local/lib/python2.7/config/Makefile does exist though. However, I can't figure out where it's getting that path from. Here's the environment variables I've got: PYTHONHOME=/usr/local/bin PYTHONPATH=/usr/local/lib/python2.7 LIBPATH="/usr/local/mercurial/lib:$LIBPATH" PATH=/usr/local/bin:/usr/local/lib:$PATH LDR_CNTRL="MAXDATA=0x80000000" AIXTHREAD_SCOPE=S AIXTHREAD_MUTEX_DEBUG=OFF AIXTHREAD_RWLOCK_DEBUG=OFF AIXTHREAD_COND_DEBUG=OFF SPINLOOPTIME=1000 YIELDLOOPTIME=8 MALLOCMULTIHEAP=considersize,heaps:8 I've tried all sorts of combinations with and without PYTHONHOME, PYTHONLIB and PATH in envvars. My PATH, in case it matters is: /usr/bin:/etc:/usr/sbin:/usr/ucb:/usr/bin/X11:/sbin:/usr/opt/ifor/bin:/usr/local/bin:.

Read the article
Is it possible to rewrite some query strings to HTTPS and keep everything else on HTTP?

- by Matt

I'm rewriting query strings to pretty URIs, example: index.php?q=/en/contact becomes /en/contact and all works nicely.. # httpd.conf # HANDLE THE QUERY RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php?q=$1 [L,QSA] Is it even possible to rewrite single queries to force https and force everything else onto http? I've tried many different approaches that typically end in infinate loops. I could write a plugin to do this in PHP but figured it would be more effecient to handle this in the server conf. I'd be greatful for any advice. EDIT: To clarify, I'd like to be able to rewrite the non SSL http://example.com/index.php?q=/en/contact to the SSL enabled https://example.com/en/contact and every query that is not /en/contact get written to http://example.com/...

Read the article
Apache - mod_pagespeed freezes my website

- by Jonathan Rioux

I have installed the mod_pagepseed module for Apache. I am using Debian so I downloaded the .deb file, and installed it successfully. I then configured some filters, and it worked like a charm for some minutes. Then after something like 10 minutes, my website no longer responded to the requests. When I was requesting for my website, it said "Waiting for www.blablabla.com" and I never got the page back from the server. I checked the processes running on my Debian box with top -d 0.5, and nothing eats up the CPU. To make my website responding to requests again, I must do a /etc/init.d/apache2 restart. And then it works again with mod_modspeed applying it's filters for a couple of minutes, and no more response again. How can I diagnose this issue? Is there some other configurations in the mod_pagespeed.conf file that I must set?

Read the article
I am trying to write an htaccess file performs authentication and redirects authenticated users to a

- by racl101

This is what I have so far but I can't get the RewriteCond and RewriteRule properly. RewriteEngine On RewriteCond %{LA-U:REMOTE_USER} (\d{3})$ RewriteRule !^%1 http://subdomain.mydomain.com/%1 [R,L]. AuthName "My Domain Protected Area" AuthType Basic AuthUserFile /path/to/my/.htpasswd Require valid-user This is what I mean the ReWriteCond and RewriteRule to say: "If the REMOTE_USER has a username ending in 3 digits then capture the three digits that match and for whatever url they are trying to access if it does not start with the 3 digits captured then redirect them to the sub directory with the name equal to those captured three digits." In other words, if a user named 'johnny202' is authenticated then if he's requesting any directory other than http://subdomain.mydomain.com/202/ then he should be redirected to http://subdomain.mydomain.com/202/ The only thing I can think of that is wrong is the first instance of '%1'.

Read the article
Two servers, two domains, one ip. mod_proxy beginner

- by Gutsav

I run two virtual web servers (both running apache2 on debian). I have just one external IP, but two domains, and I want a domain going to each of the servers. I've understood that I need a Reverse Proxy, and I enabled both the mod_proxy and the mod_proxy_http modules on the "primary server". Do I need to enable anything on the "secondary server"? I also understood that I need to write some things in a virtual host file, but what? On the primary server, I have a virtual host file for one of the domains, and some for subdomains. I want domain1.tld to go to the primary server (port 80 is forwarded to it, so that works) and domain2.tld to go to the other server (internal ip 192.168.0.x). No ports needs to be forwarded to it, right? So, what to add and in which virtual host file? Or a new one? Other questions suggest adding ProxyPass and ProxyPassReverse, but I'm lost anyway, and I just don't understand the apache documentation. Thanks in advance

Read the article
How can I use fetchmail (or another email grabber) with OSX keychain for authentication?

- by bias

Every fetchmail tutorial I've read says putting your email account password clear-text in a config file is safe. However, I prefer security through layers (since, if my terminal is up and someone suspecting such email foolery slides over and simply types "grep -i pass ~/.*" then, oops, all my base are belong to them!). Now, with msmtp (as opposed to sendmail) I can authenticate using the OSX keychain. Is there an email 'grabber' that lets me use Keychains (specifically the OSX keychain) or at least, that lets me MD5 the password? This is a duplicate of my unanswered question on serverfault. I've put it on superuser because I'm doing this on a personal computer (viz. with OSX) so it's more of a superuser question.

Read the article
Using Chinese Charachters With Mod_Rewrite

- by Moak

I'm trying to create a rule using Chinese characters #RewriteRule ^zh(.*) /???$1 [L,R=301] creates error 500 when i change the file to UTF-8 #RewriteRule ^zh(.*) /%E4%B8%AD%E6%96%87%E7%89%88$1 [L,R=301] redirects to /%25E4%25B8%25AD%25E6%2596%2587%25E7%2589%2588 (basically replacing % with %25) Anybody familiar with this problem?

Read the article
Configuring wsgi for a simple Python based site

- by jbbarnes

I have an Ubuntu 10.04 server that already has apache and wsgi working. I also have a python script that works just fine using the make_server command: if __name__ == '__main__': from wsgiref.simple_server import make_server srv = make_server('', 8080, display_status) srv.serve_forever() Now I would like to have the page always active without having to run the script manually. I looked at what Moin is doing. I found these lines in apache2.conf: WSGIScriptAlias /wiki /usr/local/share/moin/moin.wsgi WSGIDaemonProcess moin user=www-data group=www-data processes=5 threads=10 maximum-requests=1000 umask=0007 WSGIProcessGroup moin And moin.wsgi is as listed: import sys, os sys.path.insert(0, '/usr/local/share/moin') from MoinMoin.web.serving import make_application application = make_application(shared=True) QUESTION: Can I create a similar section in apache2.conf pointing to another wsgi file? Like this: WSGIScriptAlias /status /mypath/status.wsgi WSGIDaemonProcess status user=www-data group=www-data processes=5 threads=10 maximum-requests=1000 umask=0007 WSGIProcessGroup status And if so, what is required to convert my simple_server script into a daemonized process? Most of the information I find about wsgi is related to using it with frameworks like Django. I haven't found a simple howto detailing how to make this work. Thanks.

Read the article
Apache 2 UserDir for only one VirtualHost

- by dentarg

Is it possible to enable the UserDir Directive for just one VirtualHost rather than have it on for all and then disable it (with "UserDir disable") for each VirtualHost you don't want it on? I have tried by putting this inside a <VirtualHost> and comment out everything in the global config (/etc/apache2/conf.d/userdir.conf). No luck though. <IfModule mod_userdir.c> UserDir public.www UserDir disabled root <Directory /home/*/public.www> AllowOverride FileInfo AuthConfig Limit Indexes Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec <Limit GET POST OPTIONS> Order allow,deny Allow from all </Limit> <LimitExcept GET POST OPTIONS> Order deny,allow Deny from all </LimitExcept> </Directory> </IfModule>

Read the article
"This file came from another computer..." - how can I unblock all the files in a folder without having to unblock them individually?

- by Schnapple

Windows XP SP2 and Windows Vista have this deal where zone information is preserved in downloaded files to NTFS partitions, such that it blocks certain files in certain applications until you "unblock" the files. So for example if you download a zip file of source code to try something out, every file will display this in the security settings of the file properties "This file came from another computer and might be blocked to help protect this computer" Along with an "Unblock" button. Some programs don't care, but Visual Studio will refuse to load projects in solutions until they've been unblocked. While it's not terribly difficult to go to every project file and unblock it individually, it's a pain. And it does not appear you can unblock multiple selected files simultaneously. Is there any way to unblock all files in a directory without having to go to them all individually? I know you can turn this off globally for all new files but let's say I don't want to do that

Read the article
How to analyse logs after the site was hacked

- by Vasiliy Toporov

One of our web-projects was hacked. Malefactor changed some template files in project and 1 core file of the web-framework (it's one of the famous php-frameworks). We found all corrupted files by git and reverted them. So now I need to find the weak point. With high probability we can say, that it's not the ftp or ssh password abduction. The support specialist of hosting provider (after logs analysis) said that it was the security hole in our code. My questions: 1) What tools should I use, to review access and error logs of Apache? (Our server distro is Debian). 2) Can you write tips of suspicious lines detection in logs? Maybe tutorials or primers of some useful regexps or techniques? 3) How to separate "normal user behavior" from suspicious in logs. 4) Is there any way to preventing attacks in Apache? Thanks for your help.

Read the article
How to use mod_proxy to let my index of Apache go to Tomcat ROOT and be able to browse my other Apac

- by Dagvadorj

Hello, I am trying to use my Tomcat application (deployed at ROOT) to be viewed from Apache port 80. To do this, I used mod_proxy, since mod_jk made me try harder. I used sth like this in httpd.conf: <location http://www.example.com> Order deny,allow Allow from all PassProxy http://localhost:8080/ PassProxyReverse http://localhost:8080/ </location> <Proxy *> Order deny,allow Allow from all </Proxy> And now I can not retrieve my previous sites on Apache, which was running prior to my configuration. How can I have both running?

Read the article
Swapping root directory of a web server

- by Austin

One of the clients that I maintain requests a website redesign, we do all the work in a subfolder /newsite/ and they intend to make it live this instant. The /newsite/ is made in wordpress and from my understanding WP keeps all the URL's as they were initially created. Would it be easier to just create the new root dir at /newsite/ or move all contents of the root to /oldsite/ and move /newsite/ to the root? Please advise the best route, i.e. mod_rewrite.

Read the article
Django apache + mod_wsgi with virtualenv

- by ArgsKwargs

I have some questions running multiple Django sites on a VPS I have a server that uses openPanel to automatically create VirtualHosts within apache2. My ideal situation is that I would have multiple virtualenvs with different dependencies installed so the python dist-packages directory isn't contaminated for different Django sites. For example: /home/user/virtualenv1 /home/user/virtualenv2 My django applications reside at /var/www, so For example: /var/www/djangosite1 /var/www/djangosite2 Now I've read upon openPanel docs and figured out the best thing todo is create a django.conf file inside the mydomain.com.inc folder, which looks something like: /etc/apache2/openpanel.d/mydomain.com.inc/django.conf DocumentRoot /var/www/djangosite1/project WSGIScriptAlias / /var/www/djangosite1/project/wsgi.py WSGIDaemonProcess mydomain python-path=/home/user/virtualenv1/lib/python2.6/site-packages <Directory /var/www/djangosite1/project> Order allow,deny Allow from all </Directory> Alias /static /var/www/djangosite1/project/static-root Now my problem is that this setup seems unable to find the virtualenv site-packages thus not recognizing any dependencies available in the given virtualenv Also, commenting out this line doesn't seem to break or change a thing: WSGIDaemonProcess mydomain python-path=/home/user/virtualenv1/lib/python2.6/site-packages For example: > service apache2 start ImportError: No module named South When I install South outside the virtualenv everything works

Read the article
Use subpath internal proxy for subdomains, but redirect external clients if they ask for that subpath?

- by HostileFork

I have a VirtualHost that I'd like to have several subdomains on. (For the sake of clarity, let's say my domain is example.com and I'm just trying to get started by making foo.example.com work, and build from there.) The simplest way I found for a subdomain to work non-invasively with the framework I have was to proxy to a sub-path via mod_rewrite. Thus paths would appear in the client's URL bar as http://foo.example.com/(whatever) while they'd actually be served http://foo.example.com/foo/(whatever) under the hood. I've managed to do that inside my VirtualHost config file like this: ServerAlias *.example.com RewriteEngine on RewriteCond %{HTTP_HOST} ^foo\.example\.com [NC] # <--- RewriteCond %{REQUEST_URI} !^/foo/.*$ [NC] # AND is implicit with above RewriteRule ^/(.*)$ /foo/$1 [PT] (Note: It was surprisingly hard to find that particular working combination. Specifically, the [PT] seemed to be necessary on the RewriteRule. I could not get it to work with examples I saw elsewhere like [L] or trying just [P]. It would either not show anything or get in loops. Also some browsers seemed to cache the response pages for the bad loops once they got one... a page reload after fixing it wouldn't show it was working! Feedback welcome—in any case—if this part can be done better.) Now I'd like to make what http://foo.example.com/foo/(whatever) provides depend on who asked. If the request came from outside, I'd like the client to be permanently redirected by Apache so they get the URL http://foo.example.com/(whatever) in their browser. If it came internally from the mod_rewrite, I want the request to be handled by the web framework...which is unaware of subdomains. Is something like that possible?

Read the article
how to separate a network for traffic

- by Student_CVO

At the moment our all computers in one big LAN, it is the intention to separate the admin and edu (it's in a school) especially for traffic and less for security. How do this best? I have a drawing, but can't post it (a can send it in a mail) Firewall?, VLAN?, IPCop (no two green zones)?, pfsense? ... Should there be two scopes on the dhcp server (WIN 2008 R2), one for admin and one for edu or is one scope enough? I would like your advice, I am a student in training with this task as a project. Thanks

Read the article
Jenkins projects not visible even though user has all privleges

- by Frank Rosario

We want to lock down Jenkins and specific jobs to certain personnel. I have my account with all global privileges granted with project based matrix security. A coworker has a similar account and has been granted all the same privileges. When I log in with my account, I can see all of the projects we have setup. When my coworker whom has the exact same privileges logs in, none of the projects are visible. I've double and triple checked the permissions matrix to make sure we have the same global privileges; we do. Some of the projects have project specific privileges setup as well, but again; I've confirmed that both of us have the same access to these projects as well. So why can I see all the projects and my coworker is unable to see any of the projects?

Read the article
What is causing this completely bizarre behavior with mod_rewrite?

- by George Edison

Here is my rule: RewriteRule ^user/(\d+)$ rewrite.php?id=$1 This redirects, but $_GET['id'] is not set. If I change the above rule to: RewriteRule ^anything/(\d+)$ rewrite.php?id=$1 It works. Why does one work but not the other? Here is more information: There is no directory named user The only other .htaccess file in the hierarchy is blank.

Read the article

< Previous Page | 123 124 125 126 127 128 129 130 131 132 133 134 | Next Page >