Search Results

Search found 14878 results on 596 pages for 'mod security'.

Page 127/596 | < Previous Page | 123 124 125 126 127 128 129 130 131 132 133 134 | Next Page >

FreeBSD Server .htaccess issues

- by Will Ayers

Server Details: FreeBSD PHP Version 4.3.11 Apache Appache Modules: mod_throttle, mod_php4, mod_speedycgi, mod_ssl, mod_setenvif, mod_so, mod_unique_id, mod_headers, mod_expires, mod_auth_db, mod_auth_anon, mod_auth, mod_access, mod_rewrite, mod_alias, mod_actions, mod_cgi, mod_dir, mod_autoindex, mod_include, mod_info, mod_status, mod_negotiation, mod_mime, mod_mime_magic, mod_log_config, mod_define, mod_env, mod_vhost_alias, mod_mmap_static, http_core The issue I am having is when ever I write any kind of code in the .htaccess file, it throws a 500 Internal error I am simply trying to rewrite url's and am using the exact code that wordpress creates for me and even tried custom code used before on previous servers and it still does not work. WordPress created code: # BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase /lobster-tail-blog/ RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /lobster-tail-blog/index.php [L] </IfModule> # END WordPress And even a simple thing like this throws the error: <IfModule mod_rewrite.c> RewriteEngine On </IfModule> Anyone know of any fixes or why this is causing this error? I have the mod_rewrite module loaded

Read the article
Enabling mod_fcgid results in 403

- by laggingreflex

I have an EasyPHP 12.1 setup (latest) on Windows 7x64 and I'm trying to enable mod_fcgid for PHP. I have added the following in my httpd.conf Include conf/extra/httpd-vhosts.conf LoadModule fcgid_module modules/mod_fcgid.so FcgidInitialEnv PHPRC "C:\progra~2\EasyPHP-12.1\php\php546x121028092509" AddHandler fcgid-script .php FcgidWrapper "C:\progra~2\EasyPHP-12.1\php\php546x121028092509/php-cgi.exe" .php and Options ExecCGI Indexes FollowSymLinks under <Directory "${path}/www"> I've made sure the paths are all good and set permissions on the entire C:\progra~2\EasyPHP-12.1 and my www root to Everyone - Allow All. Yet I still get 403 on all server(localhost) requests. Along with Apache/2.4.2 (Win32) PHP/5.4.6 mod_fcgid/2.3.7 so I know mod_fcgid is enabled and is causing the 403. Commenting out the above lines from httpd.conf makes it work again but is slower than death (which is why I wanted mod_fcgid). What could I be doing wrong?

Read the article
Securing a persistent reverse SSH connection for management

- by bVector

I am deploying demo Ubuntu 10.04 LTS servers in environments I do not control and would like to have an easy and secure way to administer these machines without having to have the destination firewall forward port 22 for SSH access. I've found a few guides to do this with reverse port (e.g. howtoforge reverse ssh tunneling guide) but I'm concerned with security of the stored ssh credentials required for the tunnel to be opened automatically. If the machine is compromised (primary concern is physical access to the machine is out of my control) how can I stop someone from using the stored credentials to poke around in the reverse ssh tunnel target machine? Is it possible to secure this setup, or would you suggest an alternate method?

Read the article
How to change .htaccess file to work right in localhost?

- by Manolo Salsas

I have this snippet code in my .htaccess file to prevent users from hotlinking the server's images: RewriteEngine On RewriteCond %{HTTP_REFERER} ^$ [OR] RewriteCond %{HTTP_REFERER} !^http://(www.)?itransformer.es/.*$ [NC] RewriteRule \.(gif|jpe?g|png|wbmp)$ http://itransformer.es [R,L] Of course, it is not working in my localhost, but don't know how to achieve it. My guess is that I should change the domain name with any wildcard. Any idea? Update I've finally found out the answer thanks to @Chris solution: RewriteCond %{HTTP_REFERER} ^$ [OR] RewriteCond %{HTTP_REFERER} ^https?://%{HTTP_HOST}/.*/usuarios/.*$ [NC] RewriteRule \.(gif|jpe?g|png|wbmp)$ http://%{HTTP_HOST} [R=301,L] The /usuarios/ directory is because I only want to deny direct access to files inside this directory. Update2 For some reason, it doesn't work again. Finally I think that I found out a better solution: RewriteCond %{REQUEST_FILENAME} .*/usuarios/.*$ [NC] RewriteRule \.(gif|jpe?g|png|wbmp)$ http://%{HTTP_HOST} [R=301,L] I say better solution because what I want to deny is direct access to a file (image). Update3 Well, after a while I discovered above wasn't exactly what I wanted, so the next is definitive: RewriteCond %{HTTP_REFERER} ^$ [OR] RewriteCond %{HTTP_REFERER} !^https?://itransformer.*$ [NC] RewriteRule /usuarios/.*\.(gif|jpe?g|png|wbmp)$ - [R=404,L] Just two doubts: If I change the above to: RewriteCond %{HTTP_REFERER} ^$ [OR] RewriteCond %{HTTP_REFERER} !^https?://%{HTTP_HOST}.*$ [NC] RewriteRule /usuarios/.*\.(gif|jpe?g|png|wbmp)$ - [R=404,L] it doesn't work. I don't understand why, because %{HTTP_HOST} is equal to itransformer in my localhost, and it should work. The second doubt is why is shown the default 404 page and not my custom page (that is shown in all other 404 responses).

Read the article
Add a trailing slash mod_rewrite

- by Conner Stephen McCabe

just wondering how I add a trailing slash at the end of my URL's using Mod_Rewrite? This is my .htaccess file currently: RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^([^/]*)$ index.php?pageName=$1 My URL show like so: wwww.**.com/pageName I want it to show like so: wwww.**.com/pageName/ The URL is holding a GET request internally, but I want it to look like a genuine directory.

Read the article
Mod_rewrite to eliminate query strings

- by Greg Frommer

Hi everyone, I have been working on this for a while but I'm not finding exactly what I am looking for. I am writing a webapp to let my users create and publish pieces of HTML content in a domain and URL folder structure of their choosing. All of the content and requested URL structures are stored in a database. I have all of the code in my index.php (in the root folder) to access the database content, and based on the server name (and hopefully folder structure) will pick out the proper content from the DB and display it to the end-users browser. So my situation looks like this: www.test.com/index.php?id=123234345 ... will display the proper page, but I want my users to be able to define a unique "page name" instead of using the numeric index (also I want to hide the /index.php part) so what I would like the end-user to see is: www.test.com/arbitrary-unique-keyword/keyword2/keyword3 which will invoke the index.php page in the root folder. Then I will use the PHP $_SERVER['PATH_INFO'] variable to match the requested folder structure up with the proper content in my database and display that. All the material I have found so far expects me to hard code parts of the folder structure into the rules.... but I think I want something simpler (perhaps). So the question in a nutshell: How do I use mod_rewrite to allow all "non-existent" folder paths be passed through to a main index.php residing in the root folder? (For all paths that DO exist, like for calls to images... I want those to succeed and not be directed to the index.php obviously) Thanks everyone, please let me know if I can clear anything up.

Read the article
proxy_ajp wildcards

- by The Digital Ninja

I need to setup apache so that any site.com/ANYTHING/servlet/ANYTHING goes over ajp into tomcat, but regular files will go through apache still. I have been messing around with this to no avail <LocationMatch "./*/servlet/*"> Order Allow,Deny Allow from all ProxyPass ajp://localhost:8009/ ProxyPassReverse / </LocationMatch> This works at directing everything to our tomcat insance. ProxyPass / ajp://localhost:8009/

Read the article
Apache Rewrite Rules breaking each other?

- by neezer

I have this rule: RewriteCond %{REQUEST_URI} ^/(manhattan|queens|westchester|new-jersey|bronx|brooklyn)-apartments/.*$ RewriteCond %{REQUEST_URI} !^/guide/(.*)$ RewriteRule ^(.*)$ /home/neezer/public-html/domain.com/guide/$1 [L] Which works great on it's own. Essentially, I have a bunch of directories that have a bunch of files in them that I want to keep in the "/guide" folder, but I want them to appear at the web root for SEO reasons. This rule works, but unfortunately the original URL's still work too (with "/guide"). I want to 301 Redirect the ones with "/guide" in the URL to those without, without actually moving the files on the server. I tried adding this rule: RewriteCond %{REQUEST_URI} ^/guide/(manhattan|queens|westchester|new-jersey|bronx|brooklyn)-apartments/.*$ RewriteRule ^guide/(.*)$ http://www.domain.com/$1 [R=301,L] ... but that breaks my first rule completely. Any thoughts about what I might be doing wrong? Please let me know if you need to know anything else from me to help me with this issue.

Read the article
How to use mod_proxy to let my index of Apache go to Tomcat ROOT and be able to browse my other Apac

- by Dagvadorj

Hello, I am trying to use my Tomcat application (deployed at ROOT) to be viewed from Apache port 80. To do this, I used mod_proxy, since mod_jk made me try harder. I used sth like this in httpd.conf: <location http://www.example.com> Order deny,allow Allow from all PassProxy http://localhost:8080/ PassProxyReverse http://localhost:8080/ </location> <Proxy *> Order deny,allow Allow from all </Proxy> And now I can not retrieve my previous sites on Apache, which was running prior to my configuration. How can I have both running?

Read the article
How do I redirect/rewrite to the FQDN URL without setting ServerName?

- by ChaimKut

Often in intranets, users will direct URLs to a hostname without supplying the FQDN. Example: http://internalHost Instead of http://internalHost.example.com I would like to redirect users / rewrite URLs so that everything will use the FQDN. Here's the catch: I don't want to set ServerName explicitly. (This is for a product which will be deployed in multiple intranets so we can't know the value of ServerName ahead of time). According to: http://wiki.apache.org/httpd/CouldNotDetermineServerName Apache uses a reverse lookup to determine a default FQDN. How can I make use of/reference that FQDN that Apache is using for a mod_rewrite or redirect?

Read the article
AJP Connector Apache-Tomcat with php and java application

- by Safari

I have a question about proxy and ajp module. On my machine I have a Apache web server and a Tomcat servlet container. On Tomcat is running a my java webapplication. On Apache I have some services and I can call these in this way: http://myhos/service1 http://myhos/service2 http://myhos/service3 I would configurate a ajp connector to call my tomcat webapplication from Apache. I would somethin as http://myhost to call the Tomcat webapp. So, I configurated my apache in this way..and I have what I wanted: I can use http://myHost to visualize the Tomcat webApp by Apache. <VirtualHost *:80> ProxyRequests off ProxyPreserveHost On ServerAlias myserveralias ErrorLog logs/error.log CustomLog logs/access.log common <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass /server-status ! ProxyPass /balancer-manager ! ProxyPass / balancer://mycluster/ stickysession=JSESSIONID nofailover=Off maxattempts=1 <Proxy balancer://mycluster> BalancerMember ajp://myIp:8009 min=10 max=100 route=portale loadfactor=1 ProxySet lbmethod=bytraffic </Proxy> <Location /balancer-manager> SetHandler balancer-manager Order deny,allow Allow from localhost </Location> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent </VirtualHost> But, now I can't use the apache services: If I use http://myhos/service1 I have an error because apache try to search service1 on my tomcatWebApp. Is there a way to fix it?

Read the article
How to serve 410 from Apache rather than a 404

- by DanSingerman

On our site, we tend to remove pages a lot where the content has expired, and we want to return http status 410 rather than 404 for requests to pages (physical files) that don't exist on our server (the entire site is made up of static files). We have tried from http://diveintomark.org/archives/2003/03/27/http_error_410_gone but that just breaks our entire site, serving a 410 for every request. We are using Apache 2.2.3

Read the article
Concerns about a Dedicated (Windows Server 2008) + DDoS

- by TheKillerDev

I am have today a dedicated server with these specs: Intel Core i5 750, 2x120GB (ssd + raid), Windows Server 2008 Web, 200Mbps Network, 24 Gb DD3 And I would like to know what are the best thing I can do to prevent a DDoS Attack, since I know this will be a real threat by the importance of the files that will be archived in it. Today I have apache listening port 80 and RDC listening port 3389. But the security is beeing made only by Windows Firewall. So, any thoughts on what would be good to prevent from DDoS attacks?

Read the article
How can I flush my ssh keys on power management activity?

- by Sam Halicke

Hi all, Using ssh-agent and private keys per the usual. Everything's working as normal. My question regards best practices on flushing keys from ssh-add on activity like sleep, suspend, hibernate, etc. I thought about writing a simple wrapper around those commands, but then wondered if are they even called? Or does the kernel initiate this activity directly? Are the PM utilities strictly userland? I would like this additional layer of security beyond locking my screen, etc. and was wondering if anyone else had solved this elegantly or has best practices to recommend. Thanks.

Read the article
Apache rewrite module, 404 not found

- by Eneroth3

I've been having some problems with rewriting directory styled addresses into query strings for my php scripts. Here's the code RewriteRule ^(\w+)/?(\w+)?/?(\w+)?/?$ /index.php?section=$1&category=$2&subcategory=$3 [QSA] This line works perfectly fine on both my local wamp and lamp server, and my friend's lamp server. However on the web hotel I've been using (freehostia) I only get a 404 error when trying to browse a "directory" that isn't really there (supposed to be generated by php). I've tried connecting their support but they only say 3rd party applications aren't their job. I know rewriteEngine is turned on because some basic redirect attempts have worked. Perhaps this line of code could be better written? It's quite important that extra queries are appended and would be nice (but not necessary) if the last slash could be left out. Any help is appreciated :)

Read the article
How can I set up VLANs in a way that won't put me at risk for VLAN hopping?

- by hobodave

We're planning to migrate our production network from a VLAN-less configuration to a tagged VLAN (802.1q) configuration. This diagram summarizes the planned configuration: One significant detail is that a large portion of these hosts will actually be VMs on a single bare-metal machine. In fact, the only physical machines will be DB01, DB02, the firewalls and the switches. All other machines will be virtualized on a single host. One concern that has been is that this approach is complicated (overcomplicated implied), and that the VLANs are only providing an illusion of security, because "VLAN hopping is easy". Is this a valid concern, given that multiple VLANs will be used for a single physical switch port due to virtualization? How would I setup my VLANs appropriately to prevent this risk? Also, I've heard that VMWare ESX has something called "virtual switches". Is this unique to the VMWare hypervisor? If not, is it available with KVM (my planned hypervisor of choice)?. How does that come into play?

Read the article
Wordpress Automatic Updating/Installing Plugins Permissions

- by karmic

I am using the latest Wordpress and I have always had issues with the automatic updater. For the files in the wordpress directory, i set them to permission 770, and add the webserver user 'www-data' as the group owner. I use lighttpd. However, the automatic updating plugins or installing plugins does not work. It works if I chmod 777 the files or if I set the actual owner to the web server as well. What are the best permission settings for security while still allowing the updating feature to work properly in wordress? Also, by 'not work' i mean, it will go to the screen that asks me for FTP credentials when I try to update.

Read the article
Rewritten URLs with parameter length > 255 don't work

- by philfreo

I'm using mod_rewrite to rewrite URLs like this: http://example.com/1,2,3,4/foo/ By doing this in .htaccess: RewriteRule ^([\d,]+)/foo/$ /foo.php?id=$1 [L,QSA] It works fine, except for when "1,2,3,4" turns into a string longer than 255 characters, Apache returns a "403 Forbidden". Is there some apache setting I should tweak?

Read the article
How do i enable deflate on apache2? debian

- by acidzombie24

I looked at the other answers and those solutions did not help. I am completely confused how to do this. I know almost nothing about apache nor how to use it and nearly all the article say write this but doesnt tell me where. So far i have done this # a2enmod deflate Module deflate already enabled Then i tried writing this in httpd.conf AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css Then i wrote a longer version which involved deflate.c. After those didnt work i deleted them all and wrote the AddOutputFilterByType line in apache2/sites-enabled/000-default inside of I used this to test http://www.whatsmyip.org/http_compression/ everytime it says no compression. I used another site but i could never compress. Also i restart the server everytime i save a file so what could be the problem and how do i enable this properly?

Read the article
apache 'The specified module could not be found. ' error

- by Weiwei

Hi all, I got thie message when i started apache service The Apache service named reported the following error: httpd.exe: Syntax error on line 128 of C:/data/apache/conf/httpd.conf: Cannot load C:/data/apache/modules/mod_wsgi.so into server: The specified module could not be found. . Not sure what went wrong, I do have "C:/data/apache/modules/mod_wsgi.so" Thanks for any help.

Read the article
PHP files are downloaded, not executed in UserDir on Apache

- by Fabian

We're running a webserver using Debian 6.0.3 with Apache 2, we recently upgraded from Debian 5 to 6. Since then php scripts in the user directories (using mod_userdir) have stopped working, they are downloaded instead of being executed. There is also a website using php outside of the user directories, and that one continues to work fine, so PHP seems to generally work on the server. I tested it with several PHP files, among the a simple phpinfo file that works fine on the main site, but is just downloaded when copying it to one of the user directories. The php files and the directory containing them are executable for everyone. The option in the Apache php5.conf that by default disables PHP in the user directories, is commented out, so the php5.ini looks like this: <IfModule mod_php5.c> <FilesMatch "\.ph(p3?|tml)$"> SetHandler application/x-httpd-php </FilesMatch> <FilesMatch "\.phps$"> SetHandler application/x-httpd-php-source </FilesMatch> # To re-enable php in user directories comment the following lines # (from <IfModule ...> to </IfModule>.) Do NOT set it to On as it # prevents .htaccess files from disabling it. #<IfModule mod_userdir.c> # <Directory /home/*/public_html> # php_admin_value engine Off # </Directory> #</IfModule> </IfModule> We restarted Apache after changing this. I'm running out of ideas now what the problem could be, and I don't know how I could really determine which problem is preventing those php files from being executed. Any ideas on how I can solve this? Update: Strangely, PHP seems to work fine in subfolders of user directories, so if I copy a PHP file from /home/user/public_html/ to /home/user/public_html/test/ it suddenly works.

Read the article
Apply SetEnvIf after Apache RewriteRule

- by coneybeare

I have a working apache rewrite rule: RewriteCond %{HTTP_HOST} ^.*foo.com RewriteRule (.*) http://bar.com$1 [R=301,QSA,L] and some working dontlog SetEnvIfs: SetEnvIf Request_URI "^/server-status$" dontlog SetEnvIf Request_URI "^/home/ping$" dontlog SetEnvIf Request_URI "^/haproxy-status$" dontlog SetEnvIf User-Agent ".*internal dummy connection.*" dontlog CustomLog /var/log/apache2/access.log combined env=!dontlog but I can't figure out how to stop the RewriteRule from logging a duplicate line. foo.com and bar.com are both on the same machine. I would expect this rule to work, but it did not: SetEnvIf Host "foo.com" dontlog I still get duplicates in the Apache Log: 10.250.18.97 - - [06/Apr/2012:16:57:12 +0000] "GET / HTTP/1.1" 200 732 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/534.55.3 (KHTML, like Gecko) Version/5.1.5 Safari/534.55.3" 68.194.30.42 - - [06/Apr/2012:16:57:12 +0000] "GET / HTTP/1.1" 200 732 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/534.55.3 (KHTML, like Gecko) Version/5.1.5 Safari/534.55.3" .... where 10.250.18.97 is the server's IP. How can I prevent that RewriteRule from logging?

Read the article
direct http to https on certain pages?

- by Elliott

Hi below is some code I added to my .htaccess code how can I add certain pages to be re-directed to https? such as login.php & login.html also if the user types in www. they get a "untrusted connection" as the SSL is only valid without the www. how could I fix this? Thanks RewriteEngine On RewriteCond %{HTTPS} off RewriteCond %{REQUEST_URI} /login.html RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Read the article
Using mod_rewrite to hide tomcat port

- by user123181

I have apps on Tomcat that use URLs like this: http://xxx:8080/myapp I don't want the users to see the port in the URL. Hi can do a rewrite rule like this: RewriteRule ^/myapp(.*) http://xxx:8080/myapp$1 [P,L] This way, if a user goes to the URL http://xxx/myapp he can enter the app fine, but the port will still show up on the browser. I want the URL that the user sees to be always http://xxx/myapp How can I do this using mod_rewrite?

Read the article
I am trying to rewrite a few links with htaccess

- by Thorpe Obazee

I have a few URLs and I need them to be rewrite'd to the ones below: http://domain.net/blog/posts http://domain.net/blog/posts/index http://domain.net/blog/posts/view/uri/non-working-holiday http://domain.net/blog/posts/view/uri/we-no-longer-offer http://domain.net/blog/posts/view/uri/festivals http://domain.net/blog/posts/view/uri/christmas-is-just-around-the-corner http://domain.net/posts/ http://domain.net/posts/index http://domain.net/posts/view/uri/non-working-holiday http://domain.net/posts/view/uri/we-no-longer-offer http://domain.net/posts/view/uri/festivals http://domain.net/posts/view/uri/christmas-is-just-around-the-corner I was hoping that my .htaccess will fix this but it doesn't: Options +FollowSymLinks IndexIgnore */* RewriteEngine on RewriteRule ^blog\/(.*)$ posts\/$1 [NC] # if a directory or a file exists, use it directly RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d # otherwise forward it to index.php RewriteRule . index.php

Read the article

< Previous Page | 123 124 125 126 127 128 129 130 131 132 133 134 | Next Page >