Search Results

Search found 3358 results on 135 pages for 'ssl'.

Page 39/135 | < Previous Page | 35 36 37 38 39 40 41 42 43 44 45 46 | Next Page >

Can tomcat perform ssl redirection by filtering host alias?

- by Stephen

Hi, We have a tomcat server (6.0.20) running one web application behind two urls, e.g. www.foo and secure.foo This is configured in the server.xml as one host with a single alias: <Host name="www.foo" appBase="webapps"> <Context docBase="foo" path=""></Context> <Alias>secure.foo</Alias> </Host> Ideally we'd like any requests to secure.foo on port 80 to be automatically redirected to use ssl. However, I can only find instructions for redirecting based on the path after the hostname, so I could add a /* security constraint but then this would apply to both urls. Does anyone know if it's possible to apply the redirection by filtering on hostname requested? (We've already got the ssl connector, certificate, etc. working ok). I know we could do it by sticking an apache server in front of tomcat and handling the redirection there, but I'm curious to know if tomcat can do this on its own. Thanks

Read the article
WCF 4: Fileless Activation Fails On XP (IIS 5) that has SSL port enabled.

- by Richard Collette

I have a service being hosted in IIS on XP via fileless activation. The service starts fine when there is no SSL port enabled for IIS but when the SSL port is enabled, I get the error message: System.ServiceModel.ServiceActivationException: The service '/SkillsPrototype.Web/services/Linkage.svc' cannot be activated due to an exception during compilation. The exception message is: A binding instance has already been associated to listen URI 'http://rcollet.hsb-corp.hsb.com/SkillsPrototype.Web/Services/Linkage.svc'. If two endpoints want to share the same ListenUri, they must also share the same binding object instance. The two conflicting endpoints were either specified in AddServiceEndpoint() calls, in a config file, or a combination of AddServiceEndpoint() and config. . ---> System.InvalidOperationException: A binding instance has already been associated to listen URI 'http://rcollet.hsb-corp.hsb.com/SkillsPrototype.Web/Services/Linkage.svc'. If two endpoints want to share the same ListenUri, they must also share the same binding object instance. The two conflicting endpoints were either specified in AddServiceEndpoint() calls, in a config file, or a combination of AddServiceEndpoint() and config. My service model configuration is <system.serviceModel> <diagnostics wmiProviderEnabled="true"> <messageLogging logEntireMessage="true" logMalformedMessages="true" logMessagesAtServiceLevel="true" logMessagesAtTransportLevel="true" maxMessagesToLog="3000"/> </diagnostics> <standardEndpoints> <webHttpEndpoint> <standardEndpoint name="" helpEnabled="true" automaticFormatSelectionEnabled="true" /> </webHttpEndpoint> </standardEndpoints> <behaviors> <serviceBehaviors> <behavior> <serviceMetadata httpGetEnabled="true"/> <serviceDebug includeExceptionDetailInFaults="true" /> </behavior> </serviceBehaviors> </behaviors> <bindings> <webHttpBinding> <binding> <security mode="None"> <transport clientCredentialType="None"/> </security> </binding> </webHttpBinding> </bindings> <protocolMapping> </protocolMapping> <services> </services> <serviceHostingEnvironment multipleSiteBindingsEnabled="false"> <serviceActivations> <clear/> <add factory="System.ServiceModel.Activation.WebScriptServiceHostFactory" service="SkillsPrototype.ServiceModel.Linkage" relativeAddress="~/Services/Linkage.svc"/> </serviceActivations> </serviceHostingEnvironment> </system.serviceModel> When you look in the svclog file, there two base addresses that are returned when SSL is enabled, one for http and one for https. I suspect that this is part of the issue but I am not sure how to resolve it. <E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent"> <System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>524333</EventID> <Type>3</Type> <SubType Name="Information">0</SubType> <Level>8</Level> <TimeCreated SystemTime="2010-06-16T17:40:55.8168605Z" /> <Source Name="System.ServiceModel" /> <Correlation ActivityID="{95927f9a-fa90-46f4-af8b-721322a87aaa}" /> <Execution ProcessName="aspnet_wp" ProcessID="1888" ThreadID="5" /> <Channel/> <Computer>RCOLLET</Computer> </System> <ApplicationData> <TraceData> <DataItem> <TraceRecord xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Information"> <TraceIdentifier>http://msdn.microsoft.com/en-US/library/System.ServiceModel.ServiceHostBaseAddresses.aspx</TraceIdentifier> <Description>ServiceHost base addresses.</Description> <AppDomain>/LM/w3svc/1/ROOT/SkillsPrototype.Web-1-129211836532542949</AppDomain> <Source>System.ServiceModel.WebScriptServiceHost/49153359</Source> <ExtendedData xmlns="http://schemas.microsoft.com/2006/08/ServiceModel/CollectionTraceRecord"> <BaseAddresses> <Address>http://rcollet.hsb-corp.hsb.com/SkillsPrototype.Web/Services/Linkage.svc</Address> <Address>https://rcollet.hsb-corp.hsb.com/SkillsPrototype.Web/Services/Linkage.svc</Address> </BaseAddresses> </ExtendedData> </TraceRecord> </DataItem> </TraceData> </ApplicationData> </E2ETraceEvent> I can't post the full service log due to character limits on the post.

Read the article
Need some help in understanding SSL concepts

- by user1115256

I am new to SSL programming and finding some difficulties in understanding SSL concepts. I tried to get it through openssl site,but it is not much informative. Here is my doubts. What is difference between SSL Buffer and BIO buffer..? I mean layerwise detail will be very helpful. Can I use SSL_Write and SSL_Read without setting any BIO object to SSL object..? What exactly BIO_flush will do... I mean is it going to flush all the data to network buffer from BIO buffer.. ? If it is possible to do write and read data from SSL directly without using any BIO object then is it possible to flush the data from SSL buffer to network buffer by any means.. ? It would be very helpful if any body explain these things or giving any links where I can find answers to my questions.

Read the article
Dovecot: no auth attempts in 0 secs (IMAP protocol)

- by Luca D'Amico

I'm having a lot of problems configuring dovecot ony vps. I'm already able to send email using port 110 and to receive email using port 25, but I can't connect using port 993 and 995. I'm using self-signed ssl certificates. When I try to connect to 993 this error is logged: Jun 8 19:06:39 MY_HOSTNAME dovecot: imap-login: Disconnected (no auth attempts in 2 secs): user=<>, rip=MY_IP, lip=MY_VPS_IP, TLS, session=<MY_SESSION> When I try to connect to 995 here is the error log: Jun 8 19:08:17 MY_HOSTNAME dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=MY_IP, lip=MY_VPS_IP, TLS: SSL_read() failed: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown: SSL alert number 46, session=<MY_SESSION> EDIT: I was able to fix this part by refreshing my mail client ssl cert. Anybody can help me please ? I'm stuck :/ Many thanks

Read the article
smtp.gmail.com from bash gives "Error in certificate: Peer's certificate issuer is not recognized."

- by ndasusers

I needed my script to email admin if there is a problem, and the company only uses Gmail. Following a few posts instructions I was able to set up mailx using a .mailrc file. there was first the error of nss-config-dir I solved that by copying some .db files from a firefox directory. to ./certs and aiming to it in mailrc. A mail was sent. However, the error above came up. By some miracle, there was a Google certificate in the .db. It showed up with this command: ~]$ certutil -L -d certs Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI GeoTrust SSL CA ,, VeriSign Class 3 Secure Server CA - G3 ,, Microsoft Internet Authority ,, VeriSign Class 3 Extended Validation SSL CA ,, Akamai Subordinate CA 3 ,, MSIT Machine Auth CA 2 ,, Google Internet Authority ,, Most likely, it can be ignored, because the mail worked anyway. Finally, after pulling some hair and many googles, I found out how to rid myself of the annoyance. First, export the existing certificate to a ASSCII file: ~]$ certutil -L -n 'Google Internet Authority' -d certs -a > google.cert.asc Now re-import that file, and mark it as a trusted for SSL certificates, ala: ~]$ certutil -A -t "C,," -n 'Google Internet Authority' -d certs -i google.cert.asc After this, listing shows it trusted: ~]$ certutil -L -d certs Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI ... Google Internet Authority C,, And mailx sends out with no hitch. ~]$ /bin/mailx -A gmail -s "Whadda ya no" [email protected] ho ho ho EOT ~]$ I hope it is helpful to someone looking to be done with the error. Also, I am curious about somethings. How could I get this certificate, if it were not in the mozilla database by chance? Is there for instance, something like this? ~]$ certutil -A -t "C,," \ -n 'gmail.com' \ -d certs \ -i 'http://google.com/cert/this...'

Read the article
How to overcome Local Group Policy Editor's 1023 character limit?

- by Louis

I want to reorder the SSL Cipher Suite Order applied as part of KB2919355, prioritizing the forward secrecy suites above all else. Trying to do this with gpedit at Computer Configuration Administrative Templates Network SSL Configuration Settings SSL Cipher Suite Order is a problem because the new list goes over the tool's character limit. Is there anyway to overcome this limit so I don't have to keep the current priority or omit something from the list?

Read the article
Weblogic SSL Configuration 10.3 Steps

- by ssd

Hello, I am currently looking to install ssl on weblogic 10.3. There are is tons of info on oracle website however it seems to be shattered all over the place. is there a weblogic expert who can provide the steps for the following: setup ssl with self signed certificate (from scratch) setup ssl with CA from Verisign (from scratch) Thank you

Read the article
old ssl certficate didn't go away on apache2

- by user1212143

I have replaced the old ssl certficate with new one and restart apache several time but the old certificate still show on web browser and when I run a command openssl s_client -connect 127.0.0.1:443 -showcerts also I have delete all old certficate files. so not sure where apache still read these certficate. and not read the new one. here is my ssl.conf Listen 0.0.0.0:443 SSLEngine on SSLOptions +StrictRequire <Directory /> SSLRequireSSL </Directory> SSLProtocol -all +TLSv1 +SSLv3 SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM SSLMutex file:/usr/apache2/logs/ssl_mutex SSLRandomSeed startup file:/dev/urandom 1024 SSLRandomSeed connect file:/dev/urandom 1024 SSLSessionCache shm:/usr/apache2/logs/ssl_cache_shm SSLSessionCacheTimeout 600 SSLPassPhraseDialog builtin SSLCertificateFile /usr/apache2/conf/ssl.crt/server.crt SSLCertificateKeyFile /usr/apache2/conf/ssl.key/server.key SSLVerifyClient none SSLProxyEngine off <IfModule mime.c> AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl </IfModule>

Read the article
SSL_CLIENT_CERT_CHAIN not being passed to backend server

- by nidkil

I have client certificate configured and working in Apache. I want to pass the PEM-encoded X.509 certificates of the client to the backend server. I tried with the SSLOptions +ExportCertData. This does nothing at all, while the documentation states it should add SSL_SERVER_CERT, SSL_CLIENT_CERT and SSL_CLIENT_CERT_CHAINn (with n = 0,1,2,..) as headers. Any ideas why this option is not working? I then tried setting the headers myself using RequestHeader. This works fine for all variables except SSL_CLIENT_CERT_CHAIN. It shows null in the header. Any ideas why the certificate chain is not being filled? This is my first Apache configuration: <VirtualHost 192.168.56.100:443> ServerName www.test.org ServerAdmin webmaster@localhost DocumentRoot /var/www ErrorLog ${APACHE_LOG_DIR}/error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined SSLEngine on SSLProxyEngine on SSLCertificateFile /etc/apache2/ssl/certs/www.test.org.crt SSLCertificateKeyFile /etc/apache2/ssl/private/www.test.org.key SSLCACertificateFile /etc/apache2/ssl/ca/ca.crt <Proxy *> AddDefaultCharset Off Order deny,allow Allow from all </Proxy> <Location /carbon> ProxyPass http://www.test.org:9763/carbon ProxyPassReverse http://www.test.org:9763/carbon </Location> <Location /services/GbTestProxy> SSLVerifyClient require SSLVerifyDepth 5 SSLOptions +ExportCertData ProxyPass http://www.test.org:8888/services/GbTestProxy ProxyPassReverse http://www.test.org:8888/services/GbTestProxy </Location> </VirtualHost> This is my second Apache configuration: <VirtualHost 192.168.56.100:443> ServerName www.test.org ServerAdmin webmaster@localhost DocumentRoot /var/www ErrorLog ${APACHE_LOG_DIR}/error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined SSLEngine on SSLProxyEngine on SSLCertificateFile /etc/apache2/ssl/certs/www.test.org.crt SSLCertificateKeyFile /etc/apache2/ssl/private/www.test.org.key SSLCACertificateFile /etc/apache2/ssl/ca/ca.crt <Proxy *> AddDefaultCharset Off Order deny,allow Allow from all </Proxy> <Location /carbon> ProxyPass http://www.test.org:9763/carbon ProxyPassReverse http://www.test.org:9763/carbon </Location> <Location /services/GbTestProxy> SSLVerifyClient require SSLVerifyDepth 5 RequestHeader set SSL_CLIENT_S_DN "%{SSL_CLIENT_S_DN}s" RequestHeader set SSL_CLIENT_I_DN "%{SSL_CLIENT_I_DN}s" RequestHeader set SSL_CLIENT_S_DN_CN "%{SSL_SERVER_S_DN_CN}s" RequestHeader set SSL_SERVER_S_DN_OU "%{SSL_SERVER_S_DN_OU}s" RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s" RequestHeader set SSL_CLIENT_CERT_CHAIN0 "%{SSL_CLIENT_CERT_CHAIN0}s" RequestHeader set SSL_CLIENT_CERT_CHAIN1 "%{SSL_CLIENT_CERT_CHAIN1}s" RequestHeader set SSL_CLIENT_VERIFY "%{SSL_CLIENT_VERIFY}s" ProxyPass http://www.test.org:8888/services/GbTestProxy ProxyPassReverse http://www.test.org:8888/services/GbTestProxy </Location> </VirtualHost> Hope someone can help. Regards, nidkil

Read the article
Hosting 2 different SSL domains on the same IP [closed]

- by Jim

Possible Duplicate: Multiple SSL domains on the same IP address and same port? I have 2 different domains, domain1.com and domain2.net. Both require SSL certificates. I've got the certificates signed by a CA and now need to set them up on Apache. I've got a single IP address and have found a post here: SSL site not using the correct IP in Apache and Ubuntu that apparently works for ubuntu but I am on CentOS and have not had the same luck trying that configuration. When I try that configuration, Apache dies telling me that the port is already in use: (98)Address already in use: make_sock: could not bind to address 0.0.0.0:443 I had SSL working for a single domain but now that I've added the second, I get a browser warning about the cert not belonging to the domain. How do I get both domains to work using virtual host containers?

Read the article
activesync not working with forms based authentication

- by Chad

I have an Exchange 2003 SP2 single backend server with an SSL cert. I was having trouble getting OMA to work so I found a MS article about making a reg hack and creating a new Exchange-OMA virtual directory. I am able to connect and access content from my mailbox by using secure mail.domainname.com/oma and using my credentials. ActiveSync was not working on a Windows mobile phone or iPhone. I found another article about using Forms Based Authenication and SSL on a single Exchange server environment and the fix was to elliminate FBA and SSL for the Exchange virtual directory. That allows ActiveSync to now work. I have very few mobile users, but they are management, so I need to make ActiveSync work but I would like to get back to using SSL. http://support.microsoft.com/kb/817379 Any ideas about this setup? Thanks.

Read the article
Using client certificates with wget

- by Doc

I cannot get wget to use the client certificates. The documentation speaks about using the --certificate flag. The use of the certificate flag is clear, I set it to use the PEM version of the client certificate. But when I connect I get the following error: HTTP request sent, awaiting response... Read error (error:14094410:SSL routines: SSL3_READ_BYTES:sslv3 alert handshake failure; error:140940E5:SSL routines:SSL3_ READ_BYTES:ssl handshake failure) in headers. Giving up. ssl handshake failure means the client did not supply a correct client cert. Still the client cert I use, works in a browser. Note: When I disable client authentication on the server, wget can connect. Note: The use of curl is suggested, but I'd like to avoid the switch.

Read the article
Using client certificates with wget

- by Doc

I cannot get wget to use the client certificates. The documentation speaks about using the --certificate flag. The use of the certificate flag is clear, I set it to use the PEM version of the client certificate. But when I connect I get the following error: HTTP request sent, awaiting response... Read error (error:14094410:SSL routines: SSL3_READ_BYTES:sslv3 alert handshake failure; error:140940E5:SSL routines:SSL3_ READ_BYTES:ssl handshake failure) in headers. Giving up. ssl handshake failure means the client did not supply a correct client cert. Still the client cert I use, works in a browser. Note: When I disable client authentication on the server, wget can connect. Note: The use of curl is suggested, but I'd like to avoid the switch.

Read the article
nginx - 403 Forbidden

- by michell90

I've trouble to get aliases working correctly on nginx. When i try to access the aliases, /pma and /mba (see secure.example.com.conf), i get a 403 Forbidden but the base url works correctly. I read a lot of posts but nothing helped, so here i am. Nginx and php-fpm are running as www-data:www-data and the permissions for the directories are set to: drwxrwsr-x+ 5 www-data www-data 4.0K Dec 5 22:48 ./ drwxr-xr-x. 3 root root 4.0K Dec 4 22:50 ../ drwxrwsr-x+ 2 www-data www-data 4.0K Dec 5 13:10 mda.example.com/ drwxrwsr-x+ 11 www-data www-data 4.0K Dec 5 10:34 pma.example.com/ drwxrwsr-x+ 3 www-data www-data 4.0K Dec 5 11:49 www.example.com/ lrwxrwxrwx. 1 www-data www-data 18 Dec 5 09:56 secure.example.com -> www.example.com/ Im sorry for the bulk, but i thought better too much than too little. Here are the configuration files: /etc/nginx/nginx.conf user www-data www-data; worker_processes 1; error_log /var/log/nginx/error.log; #error_log /var/log/nginx/error.log notice; #error_log /var/log/nginx/error.log info; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; keepalive_timeout 65; include /etc/nginx/sites-enabled/*; } /etc/nginx/sites-enabled/secure.example.com server { listen 80; server_name secure.example.com; return 301 https://$host$request_uri; } server { listen 443; server_name secure.example.com; access_log /var/log/nginx/secure.example.com.access.log; error_log /var/log/nginx/secure.example.com.error.log; root /srv/http/secure.example.com; include /etc/nginx/ssl/secure.example.com.conf; include /etc/nginx/conf.d/index.conf; include /etc/nginx/conf.d/php-ssl.conf; autoindex off; location /pma/ { alias /srv/http/pma.example.com; } location /mda/ { alias /srv/http/mda.example.com; } } /etc/nginx/ssl/secure.example.com.conf ssl on; ssl_certificate /etc/nginx/ssl/secure.example.com.crt; ssl_certificate_key /etc/nginx/ssl/secure.example.com.key; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; /etc/nginx/conf.d/index.conf index index.php index.html index.htm; /etc/nginx/conf.d/php-ssl.conf location ~ \.php$ { try_files $uri =404; fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; fastcgi_index index.php; fastcgi_param HTTPS on; fastcgi_param SCRIPT_FILENAME $request_filename; include fastcgi_params; } /var/log/nginx/secure.example.com.error.log 2013/12/05 22:49:04 [error] 29291#0: *2 directory index of "/srv/http/pma.example.com" is forbidden, client: 176.199.78.88, server: secure.example.com, request: "GET /pma/ HTTP/1.1", host: "secure.example.com" EDIT: forgot to mention, i'm running CentOS 6.4 x86_64 and nginx 1.0.15 Thanks in advance!

Read the article
Remove all HTTP bindings from an IIS 6 site while leaving SSL bindings

- by MikeBaz

We have a (remote, via a reseller) customer who configured their IIS6 server to not have any port 80 HTTP bindings, only port 443 SSL bindings. We would like to reproduce this without going through the three layers (!) to get to the customer to test some error scenerios. However, whenever I try to get IIS to not listen on IIS at all, I can't do it. If I do it in the UI, either leaving in the main properties page, or in the advanced bindings page, the UI does not let me proceed. If I remove the HTTP ServerBindings from the metabase.xml directly, IIS makes it port 80, all unassigned addresses anyway. Is there a way to get to the "SSL only" state naturally? Please note I am NOT talking about the "require SSL" checkbox or underlying metabase setting, as that still listens on port 80 (or whatever) to give the "SSL required" error message. I'm talking about not having any bindings listed at all for HTTP.

Read the article
Redirect an Apache2 SSL VirtualHost with mod_alias

- by Jeff

I want to make sure there aren't any odd behaviors that I don't know about when redirecting a SSL VirtualHost with mod_alias Redirect as outlined by Apache here. My code seems to work, but since SSL virtual hosts are restricted to just one IP address, I want to make sure there aren't any problems eluding me. Explicitly not using TLS. I'm stuck with Apache 2.2 for now. <VirtualHost *:443> ServerName example.com SSLEngine On Redirect 301 / https://www.example.com/ </VirtualHost> <VirtualHost *:443> ServerName www.example.com SSLEngine On # Do stuff # </VirtualHost> So I guess my question is, should SSL VirtualHost redirection with mod_alias Redirect work the same as non-SSL redirection?

Read the article
PCI scan findings and problems with week ciphers on ports 993,443,995,465

- by user64991

From PCI scan results: Synops is : The remote service encrypts traffic using a protocol with known weaknesses . Description : The remote service accepts connections encrypted using SSL 2.0, which reportedly suffers from several cryptographic flaws and has been deprecated for several years. An attacker may be able to exploit these issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients . See also : http://www.schneier.com/paper-ssl.pdf Solution: Consult the application's documentation to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead. Risk Factor: Medium / CVSS Base Score : 2 (AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N) I have tried to change SSLProtocol all -SSLv2 to SSLProtocol -ALL +SSLv3 +TLSv1 And SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW To SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT But using SSLdigger, it shows the same result. Is this the right way to do something like this?

Read the article
PHP failing to connect to GMail via IMAP [Edited!!]

- by Alexander

I have some php code that I'm trying to use to connect to gmail using imap. Here's the code: $hostname = '{imap.gmail.com:993/imap/ssl/novalidate-cert}INBOX'; $tmp_username = 'username'; $tmp_password = 'password'; $inbox = imap_open($hostname, $username, $password) or die(imap_last_error()); And I get this error output everytime i try to connect: Warning: imap_open() [function.imap-open]: Couldn't open stream {imap.gmail.com:993/imap/ssl/novalidate-cert}INBOX in /var/www/PHP/EmailScript.php on line 14 Login aborted I dont understand what could be wrong!! I've heard of people having SSL errors but this doesnt seem to be one of those. Please please please help me!!!!! Edit: When trying to connect to imap.gmail.com through telnet-ssl i get the following output: Trying 74.125.155.109... Connected to gmail-imap.l.google.com. Escape character is '^]'. And Nothign else happens

Read the article
How can I prevent Apache from asking for credentials on non SSL site

- by Scott

I have a web server with several virtual hosts. Some of those hosts have an associated ssl site. I have a DirectoryMatch directive in my main config file which requires basic authentication to any directory with secured as part of the directory path. On sites that have an SSL site, I have a rewrite rule (located in the non ssl config for that site), that redirects to the SSL site, same uri. The problem is the http (80) site asks for credentials first, and then the https (443) site asks for credentials again. I would like to prevent the http site from asking and thus avoid the potential for someone entering credentials and having them sent in clear text. I know I could move the DirectoryMatch down to the specific site, and just put the auth statement in the SSL config, but that would introduce the possibility of forgetting to protect critical directories when creating new sites. Here are the pertinent declarations: httpd.conf (all sites): <DirectoryMatch "_secured_"> AuthType Basic AuthName "+ + + Restrcted Area on Server + + +" AuthUserFile /home/websvr/.auth/std.auth Require valid-user </DirectoryMatch> site.conf (specific to individual site) <DirectoryMatch "_secured_"> RewriteEngine On RewriteRule .*(_secured_.*) https://site.com/$1 </DirectoryMatch> Is there a way to leave DirectoryMatch in the main config file and prevent the request for authorization from the http site? Running Apache 2 on Ubuntu 10.04 server from the default package. I have AllowOverride set to none - I prefer to handle things in the config files instead of .htaccess.

Read the article
Rails 2 and Ngnix: https pages can't load css or js (but will load graphics)

- by Max Williams

ADMISSION: i've posted this same question on stackoverflow, before realising it's probabaly better suited to superuser, but it kind of depends on the answer: If it turns out to be a problem in my nginx config, it's definitely superuser. If it turns out to be a problem in my Rails config (or code) then it's arguably stackoverflow. I'm adding some https pages to my rails site. In order to test it locally, i'm running my site under one mongrel_rails instance (on 3000) and nginx. I've managed to get my nginx config to the point where i can actually go to the https pages, and they load. Except, the javascript and css files all fail to load: looking in the Network tab in chrome web tools, i can see that it is trying to load them via an https url. Eg, one of the non-working file urls is https://cmw-local.co.uk/stylesheets/cmw-logged-out.css?1383759216 I have these set up (or at least think i do) in my nginx config to redirect to the http versions of the static files. This seems to be working for graphics, but not for css and js files. If i click on this in the Network tab, it takes me to the above url, which redirects to the http version. So, the redirect seems to be working in some sense, but not when they're loaded by an https page. Like i say, i thought i had this covered in the second try_files directive in my config below, but maybe not. Can anyone see what i'm doing wrong? thanks, Max Here's my nginx config - sorry it's a bit lengthy! I think the error is likely to be in the first (ssl) server block: server { listen 443 ssl; keepalive_timeout 70; ssl_certificate /home/max/work/charanga/elearn_container/elearn/config/nginx/certs/max-local-server.crt; ssl_certificate_key /home/max/work/charanga/elearn_container/elearn/config/nginx/certs/max-local-server.key; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_protocols SSLv3 TLSv1; ssl_ciphers RC4:HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; server_name elearning.dev cmw-dev.co.uk cmw-dev.com cmw-nginx.co.uk cmw-local.co.uk; root /home/max/work/charanga/elearn_container/elearn; # ensure that we serve css, js, other statics when requested # as SSL, but if the files don't exist (i.e. any non /basket controller) # then redirect to the non-https version location / { try_files $uri @non-ssl-redirect; } # securely serve everything under /basket (/basket/checkout etc) # we need general too, because of the email/username checking location ~ ^/(basket|general|cmw/account/check_username_availability) { # make sure cached copies are revalidated once they're stale add_header Cache-Control "public, must-revalidate, proxy-revalidate"; # this serves Rails static files that exist without running # other rewrite tests try_files $uri @rails-ssl; expires 1h; } location @non-ssl-redirect { return 301 http://$host$request_uri; } location @rails-ssl { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_redirect off; proxy_read_timeout 180; proxy_next_upstream off; proxy_pass http://127.0.0.1:3000; expires 0d; } } #upstream elrs { # server 127.0.0.1:3000; #} server { listen 80; server_name elearning.dev cmw-dev.co.uk cmw-dev.com cmw-nginx.co.uk cmw-local.co.uk; root /home/max/work/charanga/elearn_container/elearn; access_log /home/max/work/charanga/elearn_container/elearn/log/access.log; error_log /home/max/work/charanga/elearn_container/elearn/log/error.log debug; client_max_body_size 50M; index index.html index.htm; # gzip html, css & javascript, but don't gzip javascript for pre-SP2 MSIE6 (i.e. those *without* SV1 in their user-agent string) gzip on; gzip_http_version 1.1; gzip_vary on; gzip_comp_level 6; gzip_proxied any; gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; #text/html # make sure gzip does not lose large gzipped js or css files # see http://blog.leetsoft.com/2007/7/25/nginx-gzip-ssl gzip_buffers 16 8k; # Disable gzip for certain browsers. #gzip_disable "MSIE [1-6].(?!.*SV1)"; gzip_disable "MSIE [1-6]"; # blank gif like it's 1995 location = /images/blank.gif { empty_gif; } # don't serve files beginning with dots location ~ /\. { access_log off; log_not_found off; deny all; } # we don't care if these are missing location = /robots.txt { log_not_found off; } location = /favicon.ico { log_not_found off; } location ~ affiliate.xml { log_not_found off; } location ~ copyright.xml { log_not_found off; } # convert urls with multiple slashes to a single / if ($request ~ /+ ) { rewrite ^(/)+(.*) /$2 break; } # X-Accel-Redirect # Don't tie up mongrels with serving the lesson zips or exes, let Nginx do it instead location /zips { internal; root /var/www/apps/e_learning_resource/shared/assets; } location /tmp { internal; root /; } location /mnt{ root /; } # resource library thumbnails should be served as usual location ~ ^/resource_library/.*/*thumbnail.jpg$ { if (!-f $request_filename) { rewrite ^(.*)$ /images/no-thumb.png break; } expires 1m; } # don't make Rails generate the dynamic routes to the dcr and swf, we'll do it here location ~ "lesson viewer.dcr" { rewrite ^(.*)$ "/assets/players/lesson viewer.dcr" break; } # we need this rule so we don't serve the older lessonviewer when the rule below is matched location = /assets/players/virgin_lesson_viewer/_cha5513/lessonViewer.swf { rewrite ^(.*)$ /assets/players/virgin_lesson_viewer/_cha5513/lessonViewer.swf break; } location ~ v6lessonViewer.swf { rewrite ^(.*)$ /assets/players/v6lessonViewer.swf break; } location ~ lessonViewer.swf { rewrite ^(.*)$ /assets/players/lessonViewer.swf break; } location ~ lgn111.dat { empty_gif; } # try to get autocomplete school names from memcache first, then # fallback to rails when we can't location /schools/autocomplete { set $memcached_key $uri?q=$arg_q; memcached_pass 127.0.0.1:11211; default_type text/html; error_page 404 =200 @rails; # 404 not really! Hand off to rails } location / { # make sure cached copies are revalidated once they're stale add_header Cache-Control "public, must-revalidate, proxy-revalidate"; # this serves Rails static files that exist without running other rewrite tests try_files $uri @rails; expires 1h; } location @rails { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_redirect off; proxy_read_timeout 180; proxy_next_upstream off; proxy_pass http://127.0.0.1:3000; expires 0d; } }

Read the article
mod_rewrite ssl redirect

- by Thomas

Hi all, I want to use mod_rewrite to ensure that certain pages are served with SSL and all others normally, but I am having trouble getting it to work This works (redirect to SSL when request uri is for users or cart) RewriteCond %{SERVER_PORT} 80 RewriteCond %{REQUEST_URI} users [OR] RewriteCond %{REQUEST_URI} cart RewriteRule ^(.*)$ https://secure.host.tld/$1 [R,L] So, to accomodate for a user not to keep browsing the site with ssl, when requesting other uris, I thought the below, but doesn't work: (when port is 443 and request uri is not one of uris that need to be served by ssl, redirect back to normal host) RewriteCond %{SERVER_PORT} 443 RewriteCond %{REQUEST_URI} !^/users [OR] RewriteCond %{REQUEST_URI} !group RewriteRule ^/?(users|groups)(.*)$ http://host.tld/$1 [R,L] Any help? Thanks

Read the article
Are Google Chrome's suggestions encrypted?

- by NullUser

Some of you might have noticed that Google has changed their search to use SSL by default. I noticed that even if you set your search engine on Chrome to unsecured Google, the results are delivered via HTTPS. I was wondering if the suggestions typed on the address bar are also sent via SSL. If not, how can I make them so? I can change the default search provider to Google SSL, but then I lose the suggestions.

Read the article
How to Configure SSL on Particular Folder,Not overall Site in iis 7

- by user66001

I have a website for example www.somesite.com. I want to apply SSL settings on Particular Folder in this site. I followed following steps. (1) Import Certificate in IIS 7. (2) Create SSL Bindings. (3) Select folder in website and set required ssl. Now my problem is that I want one particular folder to require SSL not overall site. By Following above steps. I can browse whole site with both http and https. I want whole site to be browsed by only http and the particular folder in website to be browsed using only https. Like -http://www.somesite.com and -https://www.somesite.com/somefolder Thanks in advance.

Read the article
SSL site in IIS7 doesn't load (times out)... everything seems correct (ports open, cert installed)

- by rksprst

I have a site in IIS where I have SSL set up. The certificate is installed correctly. It is listening on port 443, the port is open. Doing openssl s_client -connect host:port Get's a timeout... This is really driving me crazy as I have no idea what is wrong. The server is on EC2, if that makes a difference. Anyone know what could possibly be wrong?

Read the article
how do I get rid of the secure nonsecure warning on page with iframe under SSL with phishing filter?

- by Manu

I have a page under SSL with an iframe that refreshes itself every 20 seconds through an HTTP refresh prgama. If I browse the site with IE7 and phishing filter enabled I receive secure-nonsecure content warnings in irregular intervals which cease if phishing filter is disabled. Does anybody have an idea what I can do in order to get rid of the warnings even if phishing filter is enabled?

Read the article

< Previous Page | 35 36 37 38 39 40 41 42 43 44 45 46 | Next Page >