Search Results

Search found 14878 results on 596 pages for 'mod security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 137/596 | < Previous Page | 133 134 135 136 137 138 139 140 141 142 143 144  | Next Page >

  • openVAS - Microsoft RDP Server Private Key Information Disclosure Vulnerability - false Alarm?

    - by huebkov
    I performed a openVAS scan on a Windows Server 2008 R2 and got a report for a high threat level vulnerability called Microsoft RDP Server Private Key Information Disclosure Vulnerability. An remote attacker could perform a man-in-the-middle attack to gain access to a RDP session. Affected Software is Microsoft RDP 5.2 and below. My server uses RDP 7.1, is this alarm a false alarm? Security Advisor Pages say: Solution Status Unpatched, No remedy... References http://secunia.com/advisories/15605/ http://xforce.iss.net/xforce/xfdb/21954/ http://www.oxid.it/downloads/rdp-gbu.pdf CVE: CVE-2005-1794 BID:13818

    Read the article

  • Switch to switch encryption over a wireless bridge (TrustSec?)

    - by metatheorem
    I am planning to connect an existing Cisco 3750 switch to a 3560C switch over a wireless PTP bridge. The bridge will be WPA2 protected, but I am looking for an additional measure of security between the switches to prevent other wireless access through either switch. They do not support IPSec, only 802.1Q tunnels, and buying additional hardware is not likely an option. I am looking into using TrustSec manual mode between the switches. After some effort reading into TrustSec and MACsec, I am mostly certain this is a good choice over the wireless bridge, keeping in mind it is a shared medium. Two questions: Can I reliably prevent other wireless traffic from accessing the switches using TrustSec? Does anyone know of any better options with the 3000 series switches?

    Read the article

  • Access Rails under /app/, not /app/public/

    - by blinry
    I'm trying to deploy Rails 2.1.2 with Apache 2.2.10 and FastCGI (yeah, bad, ancient, ugly, I know). My application can be accessed via example.com/app/public/, but I want to access it via example.com/app/. In my .htaccess-File (in the app/-directory!) I have: RewriteEngine On RewriteBase /app/ RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.*)$ public/dispatch.fcgi [QSA,L] How can I forward each request going to app/ to app/public/? Every time I try this (like, with RewriteRule ^.*$ public/$1 [QSA]) I get a routing error: No route matches "/app/" with {:method=>:get} Help?

    Read the article

  • Personally identifiable information (PII) on shared web hosting

    - by S. Cobbs
    Hey folks, I am providing web hosting services (shared and dedicated) and have had one of my shared hosting clients mention needing an SSL cert for their site where they are collecting insurance quotes in a form, including names and social security numbers. My privacy sense is tingling, and I'm pretty sure it's not legal (in the US) to do this on a shared system, but can't find anything to support my thoughts outside of PCI-DSS, but the customer isn't processing payments through the site so I'm not sure if that applies. I'm reading lots of policy documents where people advise to minimize and manage the PII footprint internally, but as the host I don't want to put all of my customer's clients at possible risk. I'm not looking here for legal advice necessarily, but perhaps someone in a similar position to mine can provide some rule of thumb or point me in the right direction.

    Read the article

  • Is disabling password login for SSH the same as deleting the password for all users?

    - by Arsham Skrenes
    I have a cloud server with only a root user. I SSH to it using RSA keys only. To make it more secure, I wanted to disable the password feature. I know that this can be done by editing the /etc/ssh/sshd_config file and changing PermitRootLogin yes to PermitRootLogin without-password. I was wondering if simply deleting the root password via passwd -d root would be the equivalent (assuming I do not create more users or new users have their passwords deleted too). Are there any security issues with one approach verses the other?

    Read the article

  • vBulletin 5 + lighttpd url rewriting

    - by Boots
    I'm trying to get vBulletin 5 up and running under lighttpd but I'm having some problems with url rewriting. Here is the apache .htaccess provided by vBulletin. <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php?routestring=$1 [L,QSA] #needed because admincp is an actual directory. RewriteRule ^(admincp/)$ index.php?routestring=$1 [L,QSA] </IfModule> If this helps, this is the IIS config provided by vBulletin <?xml version="1.0" encoding="UTF-8"?> <!-- This file is to support redirection in IIS. It is harmless if you are running under Apache --> <configuration> <system.webServer> <rewrite> <rules> <rule name="Main Redirect" stopProcessing="true"> <match url="^(.*)$" ignoreCase="false" /> <conditions logicalGrouping="MatchAll"> <add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" negate="true" /> <add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" negate="true" /> </conditions> <action type="Rewrite" url="index.php/{R:1}" /> </rule> <rule name="Admincp" stopProcessing="true"> <match url="^(admincp/)$" ignoreCase="false" /> <action type="Rewrite" url="index.php/{R:1}" /> </rule> </rules> </rewrite> </system.webServer> </configuration> Anyone have any suggestions as to the lighttpd url.rewrite equivalent? All my experiments have failed thus far. I'm running lighttpd-1.4.31-1 I tried this but it didn't work. I think it has something to do with me not properly emulating [QS] in the .htaccess url.rewrite-once = ("^(.*)$" => "index.php?routestring=$1", "^(admincp/)$)" => "index.php?routestring=$1") This has gotten me closer but not fully functional yet. url.rewrite-if-not-file = ("^(.*)$" => "index.php?routestring=$1", "^(admincp/)$)" => "index.php?routestring=$1")

    Read the article

  • Which modules can be disabled in apache2.4 on windows

    - by j0h
    I have an Apache 2.4 webserver running on Windows. I am looking into system hardening and the config file httpd.conf. There are numerous load modules and I am wondering which modules I can safely disable for performance and / or security improvements. Some examples of things I would think I can disable are: LoadModule cgi_module others like LoadModule rewrite_module LoadModule version_module LoadModule proxy_module LoadModule setenvif_module I am not so sure they can be disabled. I am running php5 as a scripting engine, with no databases, and that is it. My loaded modules are: core mod_win32 mpm_winnt http_core mod_so mod_access_compat mod_actions mod_alias mod_allowmethods mod_asis mod_auth_basic mod_authn_core mod_authn_file mod_authz_core mod_authz_groupfile mod_authz_host mod_authz_user mod_autoindex mod_dav_lock mod_dir mod_env mod_headers mod_include mod_info mod_isapi mod_log_config mod_cache_disk mod_mime mod_negotiation mod_proxy mod_proxy_ajp mod_rewrite mod_setenvif mod_socache_shmcb mod_ssl mod_status mod_version mod_php5

    Read the article

  • Url rewrite rule

    - by vvr
    How to redirect a page form show.php?id=(15charstring) to show/(15charstring) I tried like this it is doing reverse means it is redirecting /show/(15chars) to show.php?id=(15chars) RewriteEngine on RewriteRule ^/show/([a-zA-Z0-9]{15})$ http://site.com/show.php?id=$1 Second case is i have to redirect to another page if he added &m=true to the url show.php?id=(15chars)&m=true html/show.php?id=(15chars).

    Read the article

  • How to secure a VM while allowing customer RDS (or equivalent) access to its desktop

    - by ChrisA
    We have a Windows Client/(SQL-)Server application which is normally installed at the customer's premises. We now need to provide a hosted solution, and browser-based isn't feasible in the short term. We're considering hosting the database ourselves, and also hosting the client in a VM. We can set all this up easily enough, so we need to: ensure that the customer can connect easily, and also ensure that we suitably restrict access to the VM (and its host, of course) We already access the host and guest machines across the internet via RDS, but we restrict access to it to only our own internal, very small, set of static IPs, and of course theres the 2 (or 3?)-user limit on RDS connections to a remote server. So I'd greatly appreciate ideas on how to manage: the security the multi-user aspect. We're hoping to be able to do this initially without a large investment in virtualisation infrastructure - it would be one customer only to start with, with perhaps two remote users. Thanks!

    Read the article

  • amazon ec2-medium apache requests per second terrible

    - by TheDayIsDone
    EDITED -- test running from localhost now to rule out network... i have a c1.medium using EBS. when i do an apache benchmark and i'm just printing a "hello" for the test from localhost - no database hits, it's very slow. i can repeat this test many times with the same results. any thoughts? thanks in advance. ab -n 1000 -c 100 http://localhost/home/test/ Benchmarking localhost (be patient) Completed 100 requests Completed 200 requests Completed 300 requests Completed 400 requests Completed 500 requests Completed 600 requests Completed 700 requests Completed 800 requests Completed 900 requests Completed 1000 requests Finished 1000 requests Server Software: Apache/2.2.23 Server Hostname: localhost Server Port: 80 Document Path: /home/test/ Document Length: 5 bytes Concurrency Level: 100 Time taken for tests: 25.300 seconds Complete requests: 1000 Failed requests: 0 Write errors: 0 Total transferred: 816000 bytes HTML transferred: 5000 bytes Requests per second: 39.53 [#/sec] (mean) Time per request: 2530.037 [ms] (mean) Time per request: 25.300 [ms] (mean, across all concurrent requests) Transfer rate: 31.50 [Kbytes/sec] received Connection Times (ms) min mean[+/-sd] median max Connect: 0 7 21.0 0 73 Processing: 81 2489 665.7 2500 4057 Waiting: 80 2443 654.0 2445 4057 Total: 85 2496 653.5 2500 4057 Percentage of the requests served within a certain time (ms) 50% 2500 66% 2651 75% 2842 80% 2932 90% 3301 95% 3506 98% 3762 99% 3838 100% 4057 (longest request)

    Read the article

  • How to secure a new server OS installation

    - by Pat R Ellery
    I bought (and just received) a new 1u dell poweredge 860 (got it on ebay for $35). I finished installing Ubuntu Server (Ubuntu Server 12.04.3 LTS), install apache/mariadb/memcache/php5 works great but I am scared about security. so far I am the only one using the server but eventually more people (friends, friends of friends) will use this server, use ssh etc... I want to know what can I do to secure all the information and not get hacked, both from the web or ssh or ddos and any other attack possible. Does Ubuntu Server does it for you right away? or I have to fix it my self? Thank you EDIT: I installed (so far): All dev tools ssh server LAMP I didn't install: Graphical interface

    Read the article

  • Apache not routing to tomcat on correct Virtual host

    - by ttheobald
    We are looking at moving from Websphere to Tomcat. I'm trying to send traffic to tomcat from apache web server based on the virtual host directives in apache web server. After some playing around I have it sort of working, but I'm noticing that if I have a JKMount directive in the first VirtualHost in apache, all virtualHosts will send to the application server. If I have the JKMount in Virtual hosts further down in the configs, then only that VirtualHost works with the request. For Example, with the configs below here are my symptoms mysite.com/Webapp1/ -- I resolve to the proper application mysite2.com/Webapp1/ -- I resolve to the proper application (bad!) mysite.com/MonitorApp/ -- I resolve to the proper application mysite2.com/MonitorApp/ -- I resolve to the proper application (bad!) mysite.com/Webapp2/ -- I DO NOT get to the app (good) mysite2.com/Webapp2/ -- I resolve to the proper application Here's what my web server virtualhosts look like. <VirtualHost 255.255.255.1:80> ServerName mysite.com ServerAlias aliasmysite.ca ##all our rewrite rules JkMount /Webapp1/* LoadBalanceWorker JKmount /MonitorApp/* LoadBalanceWorker </VirtualHost> <VirtualHost 255.255.255.2:80> ServerName mysite2.com ServerAlias aliasmysite2.ca ##all our rewrite rules JkMount /Webapp2/* LoadBalanceWorker </VirtualHost> we are running apache webserver 2.2.10 and tomcat 7.0.29 on Solaris10 I've posted an image of our architecture here. http://imgur.com/IFaA6Rh I HAVE not defined VirtualHosts on Tomcat. Based on what I've read, my understanding is that it's only needed if I'm accessing Tomcat directly. Any assistance is appreciated. Edit Here's my worker.properties. worker.list= LoadBalanceWorker,App1,App2 worker.intApp1.port=8009 worker.intApp1.host=10.15.8.8 worker.intApp1.type=ajp13 worker.intApp1.lbfactor=1 worker.intApp1.socket_timeout=30 worker.intApp1.socket_connect_timeout=5000 worker.intApp1.fail_on_status=302,500,503 worker.intApp1.recover_time=30 worker.intApp2.port=8009 worker.intApp2.host=10.15.8.9 worker.intApp2.type=ajp13 worker.intApp2.lbfactor=1 worker.intApp2.socket_timeout=30 worker.intApp2.socket_connect_timeout=5000 worker.intApp2.fail_on_status=302,500,503 worker.intApp2.recover_time=30 worker.LoadBalanceWorker.type=lb worker.LoadBalanceWorker.balanced_workers=intApp1,intApp2 worker.LoadBalanceWorker.sticky_session=1

    Read the article

  • Having trouble searching for a ‘.’ using htaccess.

    - by ThisLanham
    I'm setting up a website that (ideally) would allow users to access other users' homepages with a url in the format "www.mysite.com/ThisLanham" where 'ThisLanham' is the username. The username begins with a letter and can consists of any alphanumeric character along with an underscore, hyphen, or period. So far, the redirection has worked perfectly when I ignore usage of the period character. The following code handles that request: RewriteRule ^([a-zA-Z][0-9a-zA-Z-_]*)/?$ Page/?un=$1 [NC,L] However, I've tried a number of ways it check for the period as well, but all have resulted in a 500 Internal Server Error. Here are some my attempts: RewriteRule ^([a-zA-Z][0-9a-zA-Z-\_\\.]\*)/?$ Page/?un=$1 [NC,L] RewriteRule ^([0-9a-zA-Z-\_\\.]\*)/?$ Page/?un=$1 [NC,L] RewriteRule ^([a-zA-Z].\*)/?$ Page/?un=$1 [NC,L] RewriteRule ^(.\*)/?$ Page/?un=$1 [NC,L] also tried... RewriteCond $1 != index.php RewriteRule ^([a-z][0-9a-z-_.]*)/?$ Page/?un=$1 [NC,L] My backup plan is to no longer allow users to include periods in their usernames, but I'd much rather find a solution. Any ideas?

    Read the article

  • Does Windows 8 include the Windows Help program (WinHlp32.exe)?

    - by amiregelz
    In 2011, Symantec reported on the use of the Windows Help File (.hlp) extension as an attack vector in targeted attacks. The functionality of the help file permits a call to the Windows API which, in turn, permits shell code execution and the installation of malicious payload files. This functionality is not an exploit, but there by design. Here's the malicious WinHelp files (Bloodhound.HLP.1 & Bloodhound.HLP.2) detection heat map: I would like to know if the Windows Help program exists on my Windows 8 machine by default, because if it does I might need to remove it for security reasons. Does Windows 8 include the Windows Help program (WinHlp32.exe)?

    Read the article

  • mod_wsgi -apache configuration file

    - by Kevin
    guys sorry I'm a newbie to this but I've been following the mod_wsgi configuration tutorial and it's very spotty. In my httpd.conf file I add the virtual host like so: 'Main' server configuration # The directives in this section set up the values used by the 'main' server, which responds to any requests that aren't handled by a definition. These values also provide defaults for any containers you may define later in the file. # All of these directives may appear inside containers, in which case these default settings will be overridden for the virtual host being defined. # ServerName wsgihost DocumentRoot "/Library/WebServer/Documents" <Directory "/Library/WebServer/Documents"> Order allow,deny Allow from all </Directory> WSGIScriptAlias /myapp /Users/KL/modwsgi/env/myapp.wsgi <Directory "/Users/KL/modwsgi/env"> <Files myapp.wsgi> Order allow,deny Allow from all </Files> </Directory> Now, when I also added in my local host the following: 127.0.1.1 wsgihost but I can't seem to connect. Am I doing something terribly wrong?

    Read the article

  • Apache will not start with mod_wsgi enabled

    - by Rox45
    I'm trying to run Apache with mod_wsgi to run Python scripts. The server is running Ubuntu 12.04 with Zend Server installed, but when I enable the wsgi module Apache will not start. I get an error message of "apache2: apr_sockaddr_info_get() failed" in the error log. I installed the module using the Debian package. I can't seem to find this specific problem anywhere so maybe it's a problem with Zend Server? I'm stumped. Thanks

    Read the article

  • Dynamic Virtual Hosts In Apache with www and non-www subdomains

    - by haukish
    I don't know apache very well and I've got a problem with configure mod_vhost_alias This is my httpd.conf file: UseCanonicalName Off LogFormat "%V %h %l %u %t \"%r\" %s %b" vcommon <Directory /var/www/sites/> Options FollowSymLinks AllowOverride All </Directory> <VirtualHost *:80> CustomLog logs/access_log.sites vcommon ServerAlias *.domain.com UseCanonicalName Off VirtualDocumentRoot /var/www/sites/%1/ </VirtualHost> Subdomains work fine without www. but I need to make them work with www too. Here's an example: something.domain.com - site is loading www.something.domain.com - Not Found What should I do?

    Read the article

  • Lighttpd rewite url from specific client when using proxy

    - by Edu
    I need to send all CGI request to another server so I decided to use it with proxy. The problem is that I need to send the client IP to the server so I did the following configuration: $HTTP["url"] =~ "cgi" { $HTTP["remoteip"] =~ "^(.*)$" { url.rewrite-once = ("^(.*)$" => "$1?myip=%1") } proxy.server = ( "" => ( ( "host" => "XXX.XXX.XXX.XXX", "port" => 80, ) ) ) } the problem is that its not rewriting the URL.

    Read the article

  • What does the red x icon mean next to a user in folder permissions (Windows 7)

    - by Scott Szretter
    In trying to debug various strange issues on a machine, I found something strange - when I go to C:\Users\administrator and get properties, security tab, it lists the users (the local admin account, system, and 'administrator' which is the domain administrator account). It all looks fine in terms of permissions (full control, etc.) compared to other machines. The one difference is there is a small red circle with an X to the left of the user icon/name. Additionally, there are various folders where it says access denied under there - for example, my documents! Even logged in as the local machine administrator account (which is not named administrator), I am unable to change the permissions - it says access denied. Any ideas what this means and how to fix it? I even tried re-joining the machine to the domain.

    Read the article

  • nginx redirects and rewrites

    - by ptheofan
    I'm closing a website but want to maintain a couple of urls working plus a static html file to serve as index. All old urls should redirect to root (/) except a couple of chosen locations. Here's an example of what I need to do All should give 301 permanent to / http:://www.domain.tld/whatever/anything/realy == 301 ==> http://www.domain.tld http:://www.domain.tld/blabla == 301 ==> http://www.domain.tld http:://www.domain.tld/ == 301 ==> http://www.domain.tld except for http://www.domain.tld/special.html == serve ==> special.html root should serve the defailt file (as specificed in index) http:://www.domain.tld == serve => somefile.html

    Read the article

  • apache front-end rewriting URL to different https ports?

    - by khedron
    Hi all, One of my users is having some trouble with forwarding to an internal web app from a public address. Everything worked fine for him when the situation was like this: front page: http://www.myexample.com/ public ref to internal app: http://www.example.com/app-8903/app.html secretly goes to: http://secret.example.com:8903/app-8903/app.html This is to say, my user is providing the very last URL, with the port information duplicated in the URL base, and they were using that to give a public face that hid both the port and the internal machine name. You could still read the port in the URL base if you looked, but the obvious reference and machine name were hidden. Doing it this way, he could have several different instances of the application running on secret.example.com with different ports, and on the front end it just looked like it was changing the URL directory/base. Now the user wants to do the same thing over https:, and the people helping him with apache config say it can't be done. Is that so? Without being there to tinker with the configuration myself, I'm not sure what his IT people have tried, but reading through the apache2 SSL FAQ and other docs, it seems like it should be possible to rewrite URLs to different ports and still use https:.

    Read the article

  • Apache with mod_php high memory utilization

    - by Raj
    We have Magento application deployed on Apache with mod_php and mysql. I have observed that sometime apache server starts consuming high memory which causes memory swapping and results in high load on servers. whenever there is high load on apache server, the apache processes which are causing the high load were in sleep mode at mysql end and CLOSE_WAIT state at client side. Any help is appreciated to resolve this issue.

    Read the article

  • Use mod_rewrite to force users to homepage when entering a site?

    - by scotru
    Is it possible to use mod_rewrite to force all users entering a site (either through a link from another site, or by typing a URL in the address bar) to be redirected to the homepage? From the homepage (or any page within the site), users should then be able to access other pages in the site. But all users would be forced to enter the site through the homepage. Can this be done with mod_rewrite (or without using a scripting language)?

    Read the article

  • Apply rewrite rule for all but all the files (recursive) in a subdirectory?

    - by user784637
    I have an .htaccess file in the root of the website that looks like this RewriteRule ^some-blog-post-title/ http://website/read/flowers/a-new-title-for-this-post/ [R=301,L] RewriteRule ^some-blog-post-title2/ http://website/read/flowers/a-new-title-for-this-post2/ [R=301,L] <IfModule mod_rewrite.c> RewriteEngine On ## Redirects for all pages except for files in wp-content to website/read RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} !/wp-content RewriteRule ^(.*)$ http://website/read/$1 [L,QSA] #RewriteRule ^http://website/read [R=301,L] RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> My intent is to redirect people to the new blog post location if they propose one of those special blog posts. If that's not the case then they should be redirected to http://website.com/read. Nothing from http://website.com/wp-content/* should be redirected. So far conditions 1 and 3 are being met. How can I meet condition 2?

    Read the article

  • Apache redirects directories

    - by Ziaix
    So, I'm trying to redirect any pages to a file, but avoid redirecting anything thats an existing file or directory. RewriteEngine On RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} -d RewriteRule ^(.+)$ $1 [L] RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-f RewriteRule ^(.+)$ /index.php?page=$1 [QSA] However, any directories still get redirected (existing files are fine and can be located.)

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 133 134 135 136 137 138 139 140 141 142 143 144  | Next Page >