Search Results

Search found 2283 results on 92 pages for 'mod evasive'.

Page 32/92 | < Previous Page | 28 29 30 31 32 33 34 35 36 37 38 39  | Next Page >

  • Uploading file > 1 MB on Django admin gives 400 Bad Request response.

    - by ayaz
    I have a small Django (1.2.x) project deployed on Apache (2.x) via mod_wsgi (2.x). In the admin, if I upload a file < 1MB, I can get it through; however, for a file, say, 1.2MB in size, I get a 400 response from the server with "Error 400" in the body only. I am wondering why this is happening. As far as I can see, there is no LimitRequestBody set in Apache configuration. I have tried uploading with several browsers including: Firefox, Chrome, and Safari. In the log file for Apache, there is apparently no entry for requests that gave the 400 error response. This is strange. I should point out that the scenario where this is happening is thus: The project in question is deployed on two identical Apache servers (completely identical setup) that are behind a load balancer. On my development setup, of course, the problem does not surface. Any help with this will be very much appreciated.

    Read the article

  • Apache mod_proxy parameters

    - by mike
    Hi! I have a machine running Apache with mod_proxy that I'm using to proxy a local Tomcat server running on another port. The problem is that Tomcat does not support wildcard sub-domains(whole reason for using apache/mod_proxy) and our app uses the subdomain to figure out what account the data should come from. So with that said, is there a way to pass the subdomain as a url parameter via mod_proxy? For example, I have this: ProxyPass / http://example.com:8080/ In a virtual host block and I can access the site from any subdomain. Would is be possible to do something like: ProxyPass / http://example.com:8080/?subdomain=the_sub_domain_requested Thanks for any and all help... Mike

    Read the article

  • Set WordPress permalinks directly in httpd.conf?

    - by songdogtech
    Is is possible to configure WordPress permalinks directly in Apache httpd.conf? I have a server situation (Apache 2.2.3 CentOS PHP5.1.6) where I can't use .htaccess for performance reasons, but can use httpd.conf. The admin says that mod_rewrite is enabled, but AllowOverride is not, and I can't change those settings. And I need to restrict the permalinks to just the "blog" directory. This is what would go in .htaccess but needs to go into httpd.conf: <IfModule mod_rewrite.c> RewriteEngine On RewriteBase /blog/ RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /blog/index.php [L] </IfModule> Thanks...

    Read the article

  • Order of mod_rewrite rules in .htaccess not being followed

    - by user39461
    We're trying to enforce HTTPS on certain URLs and HTTP on others. We are also rewriting URLs so all requests go through our index.php. Here is our .htaccess file. # enable mod_rewrite RewriteEngine on # define the base url for accessing this folder RewriteBase / # Enforce http and https for certain pages RewriteCond %{HTTPS} on RewriteCond %{REQUEST_URI} !^/(en|fr)/(customer|checkout)(.*)$ [NC] RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] RewriteCond %{HTTPS} off RewriteCond %{REQUEST_URI} ^/(en|fr)/(customer|checkout)(.*)$ [NC] RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # rewrite all requests for file and folders that do not exists RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php?query=$1 [L,QSA] If we don't include the last rule (RewriteRule ^(.*)$ index.php?query=$1 [L,QSA]), the HTTPS and HTTP rules work perfectly however; When we add the last three lines our other rules stop working properly. For example if we try to goto https:// www.domain.com/en/customer/login, it redirects to http:// www.domain.com/index.php?query=en/customer/login. It's like the last rule is being applied before the redirection is done and after the [L] flag indicating the the redirection is the last rule to apply.

    Read the article

  • apache using mod_auth_kerb always asks for the password twice

    - by DrStalker
    (Debian Squeeze) I'm trying to set apache up to use Kerberos authentication to allow AD users to log in. It is working, but prompts the user twice for a username and password, with the first time being ignored (no matter what is put it in.) Only the second prompt includes the AuthName string from the config (i.e.: the first windows is a generic username/password one, the second includes the title "Kerberos Login") I'm not worried about integrated windows authentication working at this stage, I just want users to be able to login with their AD account so we don't need to set up a second repository of user accounts. How do I fix this to eliminate that first useless prompt? The directives in the apache2.conf file: <Directory /var/www/kerberos> AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate On KrbMethodK5Passwd On KrbAuthRealms ONEVUE.COM.AU.LOCAL Krb5KeyTab /etc/krb5.keytab KrbServiceName HTTP/[email protected] require valid-user </Directory> krb5.conf: [libdefaults] default_realm = ONEVUE.COM.AU.LOCAL [realms] ONEVUE.COM.AU.LOCAL = { kdc = SYD01PWDC01.ONEVUE.COM.AU.LOCAL master_kdc = SYD01PWDC01.ONEVUE.COM.AU.LOCAL admin_server = SYD01PWDC01.ONEVUE.COM.AU.LOCAL default_domain = ONEVUE.COM.AU.LOCAL } [login] krb4_convert = true krb4_get_tickets = false The access log when accessing the secured directory (note the two seperate 401's) 192.168.10.115 - - [24/Aug/2012:15:52:01 +1000] "GET /kerberos/ HTTP/1.1" 401 710 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.83 Safari/537.1" 192.168.10.115 - - [24/Aug/2012:15:52:06 +1000] "GET /kerberos/ HTTP/1.1" 401 680 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.83 Safari/537.1" 192.168.10.115 - [email protected] [24/Aug/2012:15:52:10 +1000] "GET /kerberos/ HTTP/1.1" 200 375 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.83 Safari/537.1" And one line in error.log [Fri Aug 24 15:52:06 2012] [error] [client 192.168.0.115] gss_accept_sec_context(2) failed: An unsupported mechanism was requested (, Unknown error)

    Read the article

  • 404 Error on a file that exists?

    - by Abs
    Hello all, A script makes a GET request to my URL like so: http://mydomain.com/cgi-bin/uu_ini_status_audios.pl?tmp_sid=b742be1d131c4d32237a9f1fcdca659e&rnd_id=0.2363453360320319 However, I get a 404 returned straight away: The requested URL /cgi-bin/uu_ini_status_audios.pl was not found on this server. But that script exists on my server, I can see the file! It has the correct permissions (I gave it a 777 to be sure). It is also owned by my apache user and its in the group apache. What am I missing?? Thanks for any help on this! Update I thought it would have been a htaccess (rewrite) but I don't think it is anymore. I tried putting a index.php file in there and try to access it via my URL but I can't even do that! I tried this: http://mydoamin.com/cgi-bin/index.php - same 404 error! I get this in myerror log: [Tue Sep 14 14:42:49 2010] [error] [client xx.xxx.xx.xxx] script not found or unable to stat: /var/www/vhosts/mydomain.com/cgi-bin Access_log file: xx.xxx.xx.xxx - - [14/Sep/2010:14:48:25 +0200] "GET /cgi-bin/index.php HTTP/1.1" 404 475 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.9) Gecko/20100824 Firefox/3.6.9 (.NET CLR 3.5.30729)" Update 2 My htaccess file: <IfModule mod_rewrite.c> RewriteEngine On RewriteRule ^blog/ - [L] RewriteCond %{HTTP_HOST} ^www\.mydomain\.com$ [NC] RewriteRule ^(.*)$ http://mydomain.com/$1 [R=301,L] RewriteRule ^search/(.*)/(.*)/(.*)/(.*) /search.php?searchfor=$1&sortby=$2&page=$3&searchterm=$4 RewriteRule ^confirmemail/(.*) /confirmemail.php?code=$1 RewriteRule ^resetpassword/(.*) /resetpassword.php?code=$1 RewriteRule ^resendconfirmation/(.*) /resendconfirmation.php?userid=$1 RewriteRule ^categories/ /categories.php RewriteRule ^([-_~*a-zA-Z0-9]+)(\/)?$ /memberprofile.php?username=$1 RewriteRule ^browse/audios/(.*)/(.*)/(.*)/(.*) /audios.php?sortby=$1&filter=$2&page=$3&title=$4 RewriteRule ^browse/categories/audios/(.*)/(.*)/(.*)/(.*) /categoryaudios.php?sortby=$1&filter=$2&page=$3&title=$4 RewriteRule ^audios/(.*)/(.*) /playaudio.php?audioid=$1&title=$2 RewriteRule ^download/audio/(.*)/(.*) /downloadaudio.php?AUDIOID=$1&title=$2 RewriteRule ^members/audios/(.*)/(.*) /memberaudios.php?pid=$1&username=$2 RewriteRule ^syndicate/audios/(.*)/(.*) /syndicateaudios.php?filter=$1&title=$2 </IfModule> Update 3 [root@smydomain ~]# ls -la /var/www/vhosts/mydoamin.com/httpdocs/cgi-bin/ total 60 drwxr-xr-x 3 apache root 4096 Sep 14 14:37 . drwxr-x--- 20 som psaserv 4096 Sep 14 14:40 .. drwxr-xr-x 2 apache root 4096 Sep 7 03:01 configs -rwxrwxrwx 1 apache root 4 Sep 14 14:37 index.php -rwxrwxrwx 1 apache apache 6520 Sep 7 03:01 uu_ini_status_audios.pl -rwxr-xr-x 1 apache root 3215 Sep 7 03:01 uu_lib_audios.pl -rwxr-xr-x 1 apache root 30249 Sep 7 03:01 uu_upload_audios.pl

    Read the article

  • Mod_rewrite not working on ISPConfig 3 Server

    - by Akahadaka
    Problem I recently migrated a Drupal site from a shared hosting server to my own VM. Everything appears to work correctly, except clean urls. My VM Setup Ubuntu 10.04 LAMP ISPConfig 3 What I've tried From reading up on a number of drupal forums I've tried the following in this order Check that mod_rewrite is installed and enabled Changed PHP from FastCGI to Mod_PHP (prefer to use FastCGI or suPHP though to avoid having tmp/files folders with 777 permissions) Changed the Redirect type to L in ISPConfig Sites-domain.com-Redirect Changed /etc/apache2/sites-enabled/000-default <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride All ... </Directory> Not sure about points 3 and 4, I do want all domains to be able to use mod_rewrite out of the box. Question Have I done something wrong or am I missing a step? Ultimately I would like to use FastCGI and clean urls working on all ISPConfig 3 domains without having to make any changes to individual domain settings. Any ideas appreciated, I'll try them all.

    Read the article

  • mod_rewrite rules to run fcgi for different subdomains

    - by Anthony Hiscox
    On my shared hosting server (Hostmonster) I have django (actually pinax) setup so that a .htaccess mod_rewrite rule rewrites the request to a pinax.fcgi file: RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.*)$ pinax.fcgi/$1 [QSA,L] What I would like to do is have a different pinax.fcgi file get called depending on the domain used (or subdomain), something like this: RewriteCond %{HTTP_HOST} ^subdomain\.domain\.com$ [NC] RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.*)$ pinax2.fcgi/$1 [QSA,L] RewriteCond %{HTTP_HOST} ^domain\.com$ [NC] RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.*)$ pinax.fcgi/$1 [QSA,L] This is stored in a .htaccess file in my ROOT public_html folder (not in the public_html/subdomain/ folder), but unfortunately just results in internal redirect errors. How can I write these rules so that they use a different fcgi file for different domains?

    Read the article

  • Apache Proxy HTTP CONNECT method enabled

    - by John
    I'm using Apache as reverse proxy for several different projects. PCI-DSS compliance scanning shows that my Apache is having HTTP CONNECT method enabled. as stated on Acunetix's site - http://www.acunetix.com/vulnerabilities/apache-proxy-http-connect-metho/ As far as I know, CONNECT is used by the web server to tunnel SSL to application server. Any suggestion how should I fix this? Otherwise, anyone know how should I perform the test if my Apache's HTTP CONNECT method is enabled/disabled?

    Read the article

  • Trying to install mod_proxy in Apache-Httpd-2.2.15

    - by Dspace
    Hello, I have spent the afternoon trying to install the mod_proxy module into apache. I have tried ./configure --prefix=/opt/apache2 --enable-proxy --enable-proxy-http ./configure --prefix=/opt/apache2 --enable-module=proxy After it finishes installing, navigating to /opt/apache2/modules only shows one file: httpd.exp. It seems that the module is not being installed. Any help is appreciated. Thanks.

    Read the article

  • Permission issue for apache

    - by Aamir Adnan
    Environment Details: Amazon Ec2 Ubuntu 12.04 Django + mod_wsgi + python 2.6 web server: apache2 I have mounted a 10GB ebs volume to an instance to /mnt/ebs1/. After mounting the volume and formatting, I have placed all my project files in /mnt/ebs1/project. the wsgi file is in /mnt/ebs1/project/apache/django.wsgi. The content of wsgi file is: import os, sys sys.path.insert(0, '/mnt/ebs1/project') sys.path.insert(1, '/mnt/ebs1') os.environ['DJANGO_SETTINGS_MODULE'] = 'project.configs.common.settings' import django.core.handlers.wsgi application = django.core.handlers.wsgi.WSGIHandler() My httpd.conf file looks as: LoadModule wsgi_module /usr/lib/apache2/modules/mod_wsgi.so WSGIPythonHome /usr/bin/python2.6 WSGIScriptAlias / /mnt/ebs1/project/apache/django.wsgi <Directory /mnt/ebs1/project> Order allow,deny Allow from all </Directory> <Directory /mnt/ebs1/project/apache> Order allow,deny Allow from all </Directory> Alias /static/ /mnt/ebs1/project/static/ <Directory /mnt/ebs1/project/static> Order deny,allow Allow from all </Directory> The above configurations gives me Forbidden: You don't have permission to access / on this server. I tried to find the user which is running apache using ps aux which is www-data and has group www-data. I have tried to change the ownership of /mnt/ebs1 and its subdirectories using chown -R www-data:www-data /mnt/ebs1 but that still does not solve the problem. Can any one tell me what I am doing wrong or have missed?

    Read the article

  • Connection refused in ssh tunnel to apache forward proxy setup

    - by arkascha
    I am trying to setup a private forward proxy in a small server. I mean to use it during a conference to tunnel my internet access through an ssh tunnel to the proxy server. So I created a virtual host inside apache-2.2 running the proxy, the proxy_http and the proxy_connect module. I use this configuration: <VirtualHost localhost:8080> ServerAdmin xxxxxxxxxxxxxxxxxxxx ServerName yyyyyyyyyyyyyyyyyyyy ErrorLog /var/log/apache2/proxy-error_log CustomLog /var/log/apache2/proxy-access_log combined <IfModule mod_proxy.c> ProxyRequests On <Proxy *> # deny access to all IP addresses except localhost Order deny,allow Deny from all Allow from 127.0.0.1 </Proxy> # The following is my preference. Your mileage may vary. ProxyVia Block ## allow SSL proxy AllowCONNECT 443 </IfModule> </VirtualHost> After restarting apache I create a tunnel from client to server: #> ssh -L8080:localhost:8080 <server address> and try to access the internet through that tunnel: #> links -http-proxy localhost:8080 http://www.linux.org I would expect to see the requested page. Instead a get a "connection refused" error. In the shell holding open the ssh tunnel I get this: channel 3: open failed: connect failed: Connection refused Anyone got an idea why this connection is refused ?

    Read the article

  • Redhat | error in mod_swgi installation

    - by MMRUSer
    I'm getting the following error when I try to install mod_wsgi ./configure checking for apxs2... no checking for apxs... /usr/sbin/apxs checking Apache version... 2.2.3 configure: creating ./config.status config.status: creating Makefile make /usr/sbin/apxs -c -I/usr/local/include/python2.6 -DNDEBUG mod_wsgi.c -L/usr/local/lib -L/usr/local/lib/python2.6/config -lpython2.6 -lpthread -ldl -lutil -lm /apr-1/build/libtool --silent --mode=compile gcc -prefer-pic -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -fno-strict-aliasing -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -pthread -I/usr/include/httpd -I/usr/include/apr-1 -I/usr/include/apr-1 -I/usr/local/include/python2.6 -DNDEBUG -c -o mod_wsgi.lo mod_wsgi.c && touch mod_wsgi.slo sh: /apr-1/build/libtool: No such file or directory apxs:Error: Command failed with rc=8323072 . make: *** [mod_wsgi.la] Error 1 mod_wsgi 3.2 Apache 2.2 Python 2.6 apr-1.2.7-11 Is this error because of a missing package.. or else how do I solve this issue?

    Read the article

  • HOw to secure whm/cpanel centos server from javascript malacious code virus

    - by Master
    Recently my sites index.php code was replaced some malacious javascript virus code. I really don't know how did that entered into that page. Today when i tried to download that file via ftp then antivirus gave me the warning. So it means it was not entered from my computer. Is there any way to install some antivirus on VPS server with centos 5 , cpanel/whm so that those code should not be allowed to add. also what is mod_security . will it be helpful.

    Read the article

  • Authentication in Apache2 with mod_dav_svn

    - by Poita_
    I'm having some trouble setting up authentication in Apache2 for a SVN repository that's being served using mod_dav_svn. Here is my Apache config for the directory: <Location /svn> DAV svn SVNParentPath /var/svn/repos AuthType Basic AuthName "Subversion Repository" AuthUserFile /etc/apache2/dev.passwd Require valid-user </Location> I can use svn with the projects under /var/svn/repos, so I know that the DAV is working, but when I do svn updates or commits (or anything), Apache doesn't ask for any authentication... It does the exact same thing whether the Auth directives are there or not. The permissions on the repository directory (and all subdirectories/files) only give permission to www-data (the Apache2 user/group). I have also ensured that all relevant modules are enabled (in particular mod_auth is enabled, as are all mod_dav* modules). Any ideas why svn commands aren't authenticating? Thanks in advance.

    Read the article

  • How can I install mod_dav_svn 1.6 on CentOS 5.4?

    - by Vincenzo
    I'm trying to install mod_dav_svn on CentOS 5.4, and this is what I see: # yum --enablerepo=rpmforge install mod_dav_svn Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * addons: mirrors.adams.net * base: mirror.sanctuaryhost.com * extras: mirror.sanctuaryhost.com * rpmforge: fr2.rpmfind.net * updates: mirror.steadfast.net Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package mod_dav_svn.x86_64 0:1.4.2-4.el5_3.1 set to be updated --> Processing Dependency: subversion = 1.4.2-4.el5_3.1 for package: mod_dav_svn --> Running transaction check ---> Package subversion.i386 0:1.4.2-4.el5_3.1 set to be updated --> Finished Dependency Resolution [...] Version 1.4.2 is older than my installed Subversion 1.6.9 (I installed it before). How and where can I get mod_dav_svn in version 1.6.9?

    Read the article

  • Segmentation Fault with mod_include

    - by Benedikt Eger
    Hi, I'm using a rather complex structure with multiple ssi-includes, set- and echo-commands. The first document writes a lot of set-commands, includes another document which then again includes a third document. On the last included document the variable values are printed using the echo-command. I noticed that with an increasing number of variables the probability for a segmentation fault to happen rises. Did anyone experience something similar? How do I go about debugging such a problem? I'm using IBM_HTTP_Server/2.0.47.1-PK65782 Apache/2.0.47

    Read the article

  • Enabling mod_wsgi in Apache for a Django app on Gentoo

    - by hobbes3
    I installed Apache, Django, and mod_wsgi on Gentoo using emerge (on Amazon EC2). I know that the mod_wsgi is configured in /etc/apache2/modules.d/70_mod_wsgi.conf: <IfDefine WSGI> LoadModule wsgi_module modules/mod_wsgi.so </IfDefine> # vim: ts=4 filetype=apache So in my /etc/conf.d/apache I added the WSGI module: APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D SSL -D SSL_DEFAULT_VHOST -D LANGUAGE -D WSGI" But when I try to list the loaded module, mod_wsgi isn't listed. root ~ # apache2 -M | grep wsgi Syntax OK I also know that mod_wsgi isn't loading properly because the Apache configuration file doesn't recognize WSGIScriptAlias. By the way for Django to work I need to include a custom Apache configuration file. Where should I insert the line below? Include "/var/www/localhost/htdocs/mysite/apache/apache_django_wsgi.conf" I currently have that in the httpd.conf file but I feel like that file will get reseted whenever I upgrade Gentoo or related package. EDIT: it seems the mod_wsgi file is located in /usr/lib64/apache2/modules/mod_wsgi.so. Here is my detailed Apache settings: root@ip-99-99-99-99 /usr/portage/eclass # apache2 -V Server version: Apache/2.2.21 (Unix) Server built: Mar 7 2012 06:52:30 Server's Module Magic Number: 20051115:30 Server loaded: APR 1.4.5, APR-Util 1.3.12 Compiled using: APR 1.4.5, APR-Util 1.3.12 Architecture: 64-bit Server MPM: Prefork threaded: no forked: yes (variable process count) Server compiled with.... -D APACHE_MPM_DIR="server/mpm/prefork" -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=128 -D HTTPD_ROOT="/usr" -D SUEXEC_BIN="/usr/sbin/suexec" -D DEFAULT_PIDLOG="/var/run/httpd.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_LOCKFILE="/var/run/accept.lock" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types" -D SERVER_CONFIG_FILE="/etc/apache2/httpd.conf"

    Read the article

  • Mod_rewrite pretty url when domain/foo is a directory

    - by ModRewriter
    Starting with something as simple as: RewriteRule ^(.*)$ index.php?page=$1 What if I also want the following to work: RewriteRule ^/foo$ /index.php?page=foo #/foo IS a directory This seem to work ONLY if the R flag is set, but then the full non-pretty url is written. Thus it seems I can REDIRECT existing directory, but not rewrite them... Maybe with an .htaccess inside the directory itself? Or some PHP magic in /foo/index.php like header(/index.php?page=foo)? Will it work? Will it be HTTP standard/search engine optimized? Please help! PS: The oddest idea occurred to me: redirecting /foo to /not-a-dir, and then rewriting /not-a-dir to /index.php?p=foo should theorically work... But... Come on... Really?!?

    Read the article

  • How do I find out if mod_security is installed on my apache server?

    - by Haluk
    How can I find out if mod_security is installed on my apache server? I would also like to learn its version. I'm having some upload issues and I tried to disable mod_security using .htaccess. But that started producing 500 internal server errors. I read somewhere that depending on my mod_security version I might not be able to disable it using .htaccess. So I would like to understand if I have mod_security installed and what version it is. I'm on a centos 5 box. Thanks! UPDATE -1 xxxxxxxxxxxxx Does the below output mean I do not have mod_security installed? [root@u11 htdocs]# httpd -l Compiled in modules: core.c prefork.c http_core.c mod_so.c

    Read the article

  • Why does mod_security require an ACCEPT HTTP header field?

    - by ripper234
    After some debugging, I found that the core ruleset of mod_security blocks requests that don't have the (optional!) ACCEPT header field. This is what I find in the logs: ModSecurity: Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required. [file "/etc/apache2/conf.d/modsecurity/modsecurity_crs_21_protocol_anomalies.conf"] [line "41"] [id "960015"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [hostname "example.com"] [uri "/"] [unique_id "T4F5@H8AAQEAAFU6aPEAAAAL"] ModSecurity: Access denied with code 400 (phase 2). Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required. [file "/etc/apache2/conf.d/modsecurity/optional_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "41"] [id "960015"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [hostname "example.com"] [uri "/"] [unique_id "T4F5@H8AAQEAAFU6aPEAAAAL"] Why is this header required? I understand that "most" clients send these, but why is their absence considered a security threat?

    Read the article

  • Apache 2: Mod_Rewrite Help - If/else for directory exists

    - by BHare
    This is my current and sloppy Apache 2 mod_rewrite. Keep in mine the part with site1 site2..etc has about 50 sites. RewriteEngine on RewriteCond %{HTTP_HOST} ^([^.]+)\.mainsite\.org$ RewriteCond /home/%1/ -d RewriteRule ^(.+) %{HTTP_HOST}$1 RewriteRule ^([^.]+)\.mainsite\.org/media/(.*) /home/$1/special/media/$2 RewriteRule ^([^.]+)\.mainsite\.org/(.*) /home/$1/www/$2 RewriteCond %{HTTP_HOST} ^mainsite\.org$ [NC] RewriteRule ^(.*)$ http://www.mainsite.org$1 [R=302] RewriteCond %{HTTP_HOST} (site1|site2|site3|site4)\.(com|net|biz|org|us)$ [NC] RewriteCond %{REQUEST_URI} !^/media/ RewriteRule ^/(.*)$ /home/%1/www/$1 RewriteCond %{HTTP_HOST} (site1|site2|site3|site4)\.(com|biz|net|org|us)$ [NC] RewriteRule ^/media/(.*)$ /home/%1/special/media/$1 RewriteCond %{REQUEST_URI} favicon.ico$ RewriteRule ^(.*)$ /misc/favicon.ico So if someone tries to go to theirusername.mainsite.org it will check if /home/theirusername/ exists, and if it does use their www (/home/theirusername/www/) as the file location for web files. If they try they try to access theirusername.mainsite.org/media/ it will make a special file location to look for the file(s) at /home/theirusername/special/media/ I would like it if the username did NOT have /home/username that it would automatically default to www.mainsite.org. I am having a hard time understanding how to do skips and such. so: If someone went to notrealusername.mainsite.org/forum/ it would auto direct to www.mainsite.org/forum/ Extra: I am using repetitive code for other site for example lets say foobar has a website foobar.com, it goes through the same process as mainsite.org so figured maybe having something like: RewriteCond %{HTTP_HOST} ^([^.]+).(mainsite.org|com|net|biz|org)$ where I could have one major rule for all existing domains who have a /home/

    Read the article

  • Help with Apache rewriteengine rules

    - by Vinay
    Hello - I am trying to write a simple rewrite rule using the rewriteengine in apache. I want to redirect all traffic destined to a website unless the traffic originates from a specific IP address and the URI contains two specific strings. RewriteEngine On RewriteLog /var/log/apache2/rewrite_kudithipudi.log RewriteLogLevel 1 RewriteCond %{REMOTE_ADDR} ^199\.27\.130\.105 RewriteCond %{REQUEST_URI} !/StringOne [NC, OR] RewriteCond %{REQUEST_URI} !/StringTwo [NC] RewriteRule ^/(.*) http://www.google.com [R=302,L] I put these statements in my virtual host configuration. But the rewriteengine seems to be redirect all requests, whether they match the condition or not. Am I missing something? Thank you. Vinay.

    Read the article

< Previous Page | 28 29 30 31 32 33 34 35 36 37 38 39  | Next Page >