Search Results

Search found 14546 results on 582 pages for 'mod authz host'.

Page 77/582 | < Previous Page | 73 74 75 76 77 78 79 80 81 82 83 84  | Next Page >

  • Does ModSecurity 2.7.1 work with ASP.NET MVC 3?

    - by autonomatt
    I'm trying to get ModSecurity 2.7.1 to work with an ASP.NET MVC 3 website. The installation ran without errors and looking at the event log, ModSecurity is starting up successfully. I am using the modsecurity.conf-recommended file to set the basic rules. The problem I'm having is that whenever I am POSTing some form data, it doesn't get through to the controller action (or model binder). I have SecRuleEngine set to DetectionOnly. I have SecRequestBodyAccess set to On. With these settings, the body of the POST never reaches the controller action. If I set SecRequestBodyAccess to Off it works, so it's definitely something to do with how ModSecurity forwards the body data. The ModSecurity debug shows the following (looks to me as if all passed through): Second phase starting (dcfg 94b750). Input filter: Reading request body. Adding request argument (BODY): name "[0].IsSelected", value "on" Adding request argument (BODY): name "[0].Quantity", value "1" Adding request argument (BODY): name "[0].VariantSku", value "047861" Adding request argument (BODY): name "[1].Quantity", value "0" Adding request argument (BODY): name "[1].VariantSku", value "047862" Input filter: Completed receiving request body (length 115). Starting phase REQUEST_BODY. Recipe: Invoking rule 94c620; [file "*********************"] [line "54"] [id "200001"]. Rule 94c620: SecRule "REQBODY_ERROR" "!@eq 0" "phase:2,auditlog,id:200001,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:%{reqbody_error_msg},severity:2" Transformation completed in 0 usec. Executing operator "!eq" with param "0" against REQBODY_ERROR. Operator completed in 0 usec. Rule returned 0. Recipe: Invoking rule 5549c38; [file "*********************"] [line "75"] [id "200002"]. Rule 5549c38: SecRule "MULTIPART_STRICT_ERROR" "!@eq 0" "phase:2,auditlog,id:200002,t:none,log,deny,status:44,msg:'Multipart request body failed strict validation: PE %{REQBODY_PROCESSOR_ERROR}, BQ %{MULTIPART_BOUNDARY_QUOTED}, BW %{MULTIPART_BOUNDARY_WHITESPACE}, DB %{MULTIPART_DATA_BEFORE}, DA %{MULTIPART_DATA_AFTER}, HF %{MULTIPART_HEADER_FOLDING}, LF %{MULTIPART_LF_LINE}, SM %{MULTIPART_MISSING_SEMICOLON}, IQ %{MULTIPART_INVALID_QUOTING}, IP %{MULTIPART_INVALID_PART}, IH %{MULTIPART_INVALID_HEADER_FOLDING}, FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'" Transformation completed in 0 usec. Executing operator "!eq" with param "0" against MULTIPART_STRICT_ERROR. Operator completed in 0 usec. Rule returned 0. Recipe: Invoking rule 554bd70; [file "********************"] [line "80"] [id "200003"]. Rule 554bd70: SecRule "MULTIPART_UNMATCHED_BOUNDARY" "!@eq 0" "phase:2,auditlog,id:200003,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'" Transformation completed in 0 usec. Executing operator "!eq" with param "0" against MULTIPART_UNMATCHED_BOUNDARY. Operator completed in 0 usec. Rule returned 0. Recipe: Invoking rule 554cbe0; [file "*********************************"] [line "94"] [id "200004"]. Rule 554cbe0: SecRule "TX:/^MSC_/" "!@streq 0" "phase:2,log,auditlog,id:200004,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'" Rule returned 0. Hook insert_filter: Adding input forwarding filter (r 5541fc0). Hook insert_filter: Adding output filter (r 5541fc0). Initialising logging. Starting phase LOGGING. Recording persistent data took 0 microseconds. Audit log: Ignoring a non-relevant request. I can't see anything unusual in Fiddler. I'm using a ViewModel in the parameters of my action. No data is bound if SecRequestBodyAccess is set to On. I'm even logging all the Request.Form.Keys and values via log4net, but not getting any values there either. I'm starting to wonder if ModSecurity actually works with ASP.NET MVC or if there is some conflict with the ModSecurity http Module and the model binder kicking in. Does anyone have any suggestions or can anyone confirm they have ModSecurity working with an ASP.NET MVC website?

    Read the article

  • Redirect subdomain to hidden folder using mod_rewrite

    - by radious
    Hello! I want to keep my blog in subfolder domain_com/htdocs/blog and access it using blog.domain.com. I can obtain it using apache's mod_rewrite: RewriteEngine On RewriteBase / RewriteCond %{HTTP_HOST} ^blog\.domain\.com RewriteCond %{HTTP_HOST} !^/blog RewriteRule ^(.*)$ /blog/$1 [L] But I also want to redirect hxxp://domain.com/blog to hxxp://blog.domain.com (simply because I want to hide it from users). Simple redirection like: RewriteCond %{HTTP_HOST} ^wojtyniak\.com$ RewriteRule %{REQUEST_URI} ^/foo RewriteRule ^(.*)$ http://foo.wojtyniak.com [L,R=301] causes redirection loop. Is there any way to make such a redirection without loop? Big thanks! PS. Sorry for those hxxp thing, but serverfault thinks these are link and doesn't allow me to post more than one.

    Read the article

  • Unable to add host running ubuntu for nagios monitoring?

    - by karthick87
    I am unable to add ubuntu server in nagios monitoring. I am getting "CHECK_NRPE: Socket timeout after 40 seconds." error for few services "CPU Load, Cron File Check, Current Users, Disk Check, NTP Daemon, Time Check, Total Processes, Zombie Processes". Please find the snapshot for the same below, Details: Installed nrpe plugin in ubuntu host. On running the below command from remote host running ubuntu (not nagios server) am getting the following output, root@ubuntu-cacher:~# /usr/local/nagios/libexec/check_nrpe -H localhost NRPE v2.13 But in nagios server i am getting "CHECK_NRPE: Socket timeout after 40 seconds." error. Additional Information: Am running nrpe under xinetd, when i execute the following command i dont get any output, root@ubuntu-cacher:~# netstat -at | grep nrpe But getting the following output when checking, root@ubuntu-cacher:~# netstat -ant|grep 5666 tcp 0 0 0.0.0.0:5666 0.0.0.0:* LISTEN tcp 0 0 172.29.*.*:5666 172.29.*.*:33693 ESTABLISHED tcp 0 0 172.29.*.*:5666 172.29.*.*:33692 ESTABLISHED

    Read the article

  • htaccess rewrite and auth conflict

    - by Michael
    I have 2 directories each with a .htaccess file: html/.htaccess - There is a rewrite in this file to send almost everything to url.php RewriteCond %{REQUEST_URI} !(exported/?|\.(php|gif|jpe?g|png|css|js|pdf|doc|xml|ico))$ RewriteRule (.*)$ /url.php [L] and html/exported/.htaccess AuthType Basic AuthName "exported" AuthUserFile "/home/siteuser/.htpasswd" require valid-user If I remove html/exported/.htaccess the rewriting works fine and the exported directory can be access. If I remove html/.htaccess the authentication works fine. However when I have both .htaccess files exported/ is being rewritten to /url.php. Any ideas how I can prevent it?

    Read the article

  • mod_rewite Rule: root/? root/app/views/home/home.php

    - by Jonathon David Oates
    I am shocking at mod_rewite, here's the scenario: I need a rule that rewrites mydomain.com to mydomain.com/app/views/home/home.php. The rule, or set of rules rather, must also rewite mydomain.com/signin to mydomain.com/app/views/signin/signin.php, and work in a similar fashion for any subdirectory, for example: mydomain.com/subdir must redirect to mydomain.com/app/views/subdir/subdir.php. The rules must also work with or without the trailing slash, for example: ….com or ….com/. Thank you all, your help is much appreciated! If you could outline how and why your solution works or direct me to a good resource that explains it, I'd be exceptionally grateful! Edit: I have got a simple .htaccess file with this: Options +FollowSymLinks RewriteEngine On RewriteRule ^$ http://mydomain.local/~Jay/some_awesome_app/app/views/home/home.php This does the redirect but changes the URL in the address bar too! I've not got a trailing [R] flag so why would this be?

    Read the article

  • Apache server as reverse proxy is removing xmlns info from html tag

    - by Johnco
    I have a Java application running in tomcat, in front of which I have an Apache http server as a reverse proxy. However, the proxy is removing all xmlns data from the html tag, which breaks all the Facebook's FBML which is never parsed. My current config is as follows: ProxyRequests off ProxyHTMLDocType XHTML ProxyPassReverseCookiePath /cas / <Location /> ProxyPass http://localhost:8080/cas ProxyPassReverse http://localhost:8080/cas </Location> ProxyHTMLURLMap /cas / SetOutputFilter proxy-html <Proxy *> Order deny,allow Allow from all Satisfy all </Proxy> Thanks in advance.

    Read the article

  • fcgid, suexec, and userdir

    - by Martin v. Löwis
    I'm trying to set up per-user trac instances, using fcgid. The problem is that trac requires rw access to the trac instance, so I need the fcgi process to run under the respective user. I have the suexec, fcgid, and userdir Apache modules installed (on Debian). I put up vhost directive ScriptAliasMatch /~(.*)/trac /home/$1/public_html/trac.fcgi This works insofar as trac.fcgi is run, but unfortunately, under the www-data user. How can I make fcgid launch it under the $1 user?

    Read the article

  • Cannot load 47_mod_dav_svn.conf when install apache and svn

    - by user8264
    I am install apache and subversion in gentoo. I have one problem that need your help. I install by guide from here. But my problem is that I can not see file 47_mod_dav_svn.conf in the folder /ect/apache2/modules.d, athough I set APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D SSL -D SSL_DEFAULT_VHOST -D LANGUAGE -D DAV -D DAV_FS -D SVN -D SVN_AUTHZ" And then restart apache by /etc/init.d/apache2 restart How to fixed my problem? Thank you so much

    Read the article

  • How to disable mod_security2 rule (false positive) for one domain on centos 5

    - by nicholas.alipaz
    Hi I have mod_security enabled on a centos5 server and one of the rules is keeping a user from posting some text on a form. The text is legitimate but it has the words 'create' and an html <table> tag later in it so it is causing a false positive. The error I am receiving is below: [Sun Apr 25 20:36:53 2010] [error] [client 76.171.171.xxx] ModSecurity: Access denied with code 500 (phase 2). Pattern match "((alter|create|drop)[[:space:]]+(column|database|procedure|table)|delete[[:space:]]+from|update.+set.+=)" at ARGS:body. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "352"] [id "300015"] [rev "1"] [msg "Generic SQL injection protection"] [severity "CRITICAL"] [hostname "www.mysite.com"] [uri "/node/181/edit"] [unique_id "@TaVDEWnlusAABQv9@oAAAAD"] and here is /usr/local/apache/conf/modsec2.user.conf (line 352) #Generic SQL sigs SecRule ARGS "((alter|create|drop)[[:space:]]+(column|database|procedure|table)|delete[[:space:]]+from|update.+set.+=)" "id:1,rev:1,severity:2,msg:'Generic SQL injection protection'" The questions I have are: What should I do to "whitelist" or allow this rule to get through? What file do I create and where? How should I alter this rule? Can I set it to only be allowed for the one domain, since it is the only one having the issue on this dedicated server or is there a better way to exclude table tags perhaps? Thanks guys

    Read the article

  • Weird unexpected image compression on a web server running Apache on Ubuntu?

    - by Billy Bob Thornton
    I have a weird problem on my production web server running Apache on Ubuntu: it compresses my images thereby dramatically lowering their quality! Actually I have two virtual hosts running, each located in a different folder. Wether I display .gif images by navigating on the two sites, or acceding them directly by their url, their size and quality are invariably degraded. I tried with three different browsers: same problem. Using them on other sites on the Web: no problem. Of course I disabled mod_deflate on the server (which should not compress images anyway), but the phenomenon remains. On my local développement server, running the same configuration, everything is Ok. Now I'm completely lost! For the record, my configuration: Ubuntu 10.04, Apache 2, Php 5.

    Read the article

  • Cascade rewriting with special characters

    - by Korjavin Ivan
    I have this .htaccess RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php All queries send to index.php. In my site, I have this link: http://site/search/?v[1]=myid it work nice, I think index.php handle it. But now I want to more readable name for this link, something like http://site.si/byid_$myid.html I tried # RewriteRule ^byid_(.*).html$ search/?v\%5B1\%5D=$1 [NC,PS,NE] #escape and urlencode # RewriteRule ^byid_(.*).html$ search/?v%5B1%5D=$1 [NC,PS,NE] #urlencode # RewriteRule ^byid_(.*).html$ search/?v[1]=$1 [NC,PS,NE] #raw RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php Each of this lines kills rewriting, all requests return 500 error. Where is my fault?

    Read the article

  • apache2 mod_rewrite enable, but not working

    - by user611478
    I have enabled mod_rewrite on my server and confirmed it using phpinfo() and it shows as enabled. I have the following in my httpd.conf file: ServerName 172.16.1.114 RewriteEngine on RewriteRule ^/test$ /index.php I've tried the rewrite rule on another server and it works as expected. No errors are thrown to my apache error log and it restarts cleanly. When I try the page it 404s and doesn't load index.php I'm sure this must be a simple problem, but I am at a loss on how to figure it out. Any help is appreciated.

    Read the article

  • How can Django/WSGI and PHP share / on Apache?

    - by Mark Snidovich
    I have a server running an established PHP site, as well as some Django apps. Currently, a VirtualHost set up for PHP listens on port 80, and requests to certain directories are proxied to a VirtualHost set up for Django with WSGI. I'd like to change it so Django handles anything not existing as a PHP script or static file. For example, / -parsed by PHP as index.php /page.php -parsed as PHP normally /images/border.jpg -served as a static file /johnfreep -handled by Django (interpreted by urls.py) /pages/john -handled by Django /(anything else) - handled by Django I have a few ideas. It seems the options are 'php first' or 'wsgi first'. set up Django on port 80, and set Apache to skip all the known PHP, CSS or image files. Maybe using SetHandler? Anything else goes to Django to be parsed by urls.py. Set up a script referring everything to Django as a 404 handler on PHP. So, if a file is not found for a name, it sends the request path to a VirtualHost running Django to be parsed.

    Read the article

  • Disable mod_security on Dreamhost, for a single cgi script

    - by Hippyjim
    Hi I've searched around a lot, and tried various tweaks to .htaccess files to try to turn off mod_security for a particular cgi script (uber uploader) but it doesn't seem to have any effect. The most popular one I see rehashed all over the web is: # Turn off mod_security filtering. SecFilterEngine Off # The below probably isn't needed, # but better safe than sorry. SecFilterScanPOST Off Which looks relative simple to me - if "SecFilterEngine" is in some way related to mod_security of course. Shame it has absolutely no effect! Does anyone have a suggested way I can simply disable it for a request to any file in my cgi-bin directory?

    Read the article

  • Apache rewrite redirect to https and www

    - by Jo Erlang
    I need to get mod_rewrite to do the following http://abc.com -> https://www.abc.com https://abc.com/login -> https://www.abc.com/login http://www.abc.com?x=3 -> https://www.abc.com?x=3 https://abc.com/login?x=1 -> https://www.abc.com/login?x=1 http://www.abc.com/login?x=3 -> https://www.abc.com/login I have the following, in my abc.com.conf vhost file but its not work correctly <VirtualHost *:80> ServerName abc.com ServerAlias www.abc.com RewriteCond %{HTTP_HOST} ^abc\.com RewriteRule ^(.*)$ https://www.abc.com/$1 [R=permanent,L] RewriteCond %{HTTPS} off RewriteRule (.*) https://www.abc.com/%{REQUEST_URI} </VirtualHost> <VirtualHost *:443> ServerName abc.com ServerAlias www.abc.com RewriteCond %{HTTP_HOST} ^abc\.com RewriteRule ^(.*)$ https://www.abc.com/$1 [R=permanent,L] </VirtualHost> Can anyone help me out on the rest? [edited to clarify]

    Read the article

  • How to turn SSLCompression off in Apache 2.4.3?

    - by kumar
    I have installed Apache 2.4.3(OpenSSL 1.0.0j) on a machine and trying to do SSLCompression off in the ssl.conf file throws an error: Syntax error on line 219 of /etc/httpd/conf.d/ssl.conf: Invalid command 'SSLCompression', perhaps misspelled or defined by a module not included in the server configuration What could be wrong here? If it helps, I installed mod_ssl(2.4). Is that enough or is something more to be done to configure Apache with mod_ssl. I tried phpinfo() in php, and mod_ssl is reflected in the Loaded Modules section.

    Read the article

  • Apache server as reverse proxy is removing xmlns info from html tag

    - by Johnco
    I have a Java application running in tomcat, in front of which I have an Apache http server as a reverse proxy. However, the proxy is removing all xmlns data from the html tag, which breaks all the Facebook's FBML which is never parsed. My current config is as follows: ProxyRequests off ProxyHTMLDocType XHTML ProxyPassReverseCookiePath /cas / <Location /> ProxyPass http://localhost:8080/cas ProxyPassReverse http://localhost:8080/cas </Location> ProxyHTMLURLMap /cas / SetOutputFilter proxy-html <Proxy *> Order deny,allow Allow from all Satisfy all </Proxy> Thanks in advance.

    Read the article

  • wsgi - narrow user permissions.

    - by Tomasz Wysocki
    I have following Apache configuration and my application is working fine: <VirtualHost *:80> ServerName ig-test.example.com WSGIScriptAlias / /home/ig-test/src/repository/django.wsgi WSGIDaemonProcess ig-test user=ig-test </VirtualHost> But I want to protect my files from other users, so I do: chown ig-test /home/ig-test/ -R chmod og-rwx /home/ig-test/ -R And application stops working: (13)Permission denied: /home/ig-test/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable Is it possible to achieve what i'm doing with wsgi? If I have to give read permissions to some files it will be fine. But there are files I have to protect (like file with DB configuration or business logic of application).

    Read the article

  • How to redirect (or Alias) jump page with Apache

    - by Meltemi
    I'm not an Apache expert but need to make a small change to a web server. We are introducing a "jump page" URL that is different from a primary URL (for tracking reasons). /productA/index.html /productA/jump_index.html Basically i want to log that jump_index.html was requested and then return index.html. I don't want the client to wait 8 seconds or so for a redirect. How should we be handling this? Simply symlink (or alias) the file in the filesystem? Use mod_alias Alias Match (if so how exactly)? something better still? Edit: mod_rewrite in httpd.conf: <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{REQUEST_METHOD} ^TRACE RewriteRule .* - [F] </IfModule>

    Read the article

  • mod_rewrite not working?

    - by Sean Kimball
    I have a bunch of non-existent urls that need to be redirected to new ones, though they are not working... mod_rewrite does work and is enabled, I'm wondering if the redirect URL has to actually exist in order for a redirect ot work. Here is what I have: Redirect 301 /cgi-bin/commerce.cgi?display=action&emptyoverride=yes&template=Assets/XHTML/Advantage.html http://domain.com/the-bag-to-nature-advantage.html UPDATE this is the request that comes in [indexed in google!] http://domain.com//cgi-bin/commerce.cgi?display=action&emptyoverride=yes&template=Assets/XHTML/Advantage.html this is where it needs to go: http://domain.com/the-bag-to-nature-advantage.html

    Read the article

  • .htaccess https redirect best method

    - by Douglas Cottrell
    I have searched through all the redirects posted buy others and cant quite find the answer to my problem. I have a website with over 3000 pages and we are getting duplication issues within google. We want to keep everything in the parent directory to be http except our contact.php and login.php page. We then have 3 folders that must be secured. admin, clients, customers I have tried using the following code in seperate .htaccess files for each folder, but I keep getting a conflict when I try and I am still trying to find a good solution for the home directory. RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteCond %{REQUEST_URI} admin RewriteRule ^(.*)$ https://www.website.com/$1 [R,L] Any help would be greatly appreciated.

    Read the article

  • Apache crashes a few seconds after the start.

    - by Nacho
    Hi, i've got a problem with apache. When i try to start it (/etc/init.d/apache2 start) it dies after a few seconds. It shows up on "ps aux" consuming a lot of memory and then dies. I don't know what could be causing apache to consume this amount of memory: USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 13379 1.0 0.3 14376 3908 ? Ss 22:31 0:00 /usr/sbin/apache2 -k start www-data 13383 0.0 0.4 197316 4196 ? Sl 22:31 0:00 /usr/sbin/apache2 -k start www-data 13390 0.0 0.3 172728 4172 ? Sl 22:31 0:00 /usr/sbin/apache2 -k start www-data 13396 0.0 0.3 156336 4160 ? Sl 22:31 0:00 /usr/sbin/apache2 -k start www-data 13400 0.0 0.3 148140 4156 ? Sl 22:31 0:00 /usr/sbin/apache2 -k start www-data 13403 0.0 0.3 131748 4148 ? Sl 22:31 0:00 /usr/sbin/apache2 -k start Here is a htop screenshot: http://i.imgur.com/N4Chh.png It happened suddenly, no change had been made to server config, so i don't know whats causing it. The error log of my virtual servers shows this: [Sun Jan 30 22:19:50 2011] [alert] (11)Resource temporarily unavailable: mod_wsgi (pid=9685): Couldn't create worker thread 11 in daemon process 'fb.ebookmetafinder.com'. [Sun Jan 30 22:19:55 2011] [alert] (11)Resource temporarily unavailable: mod_wsgi (pid=9685): Couldn't create worker thread 19 in daemon process 'fb.ebookmetafinder.com'. [Sun Jan 30 22:29:40 2011] [alert] (11)Resource temporarily unavailable: mod_wsgi (pid=12009): Couldn't create worker thread 18 in daemon process 'fb.ebookmetafinder.com'. [Sun Jan 30 22:31:06 2011] [alert] (11)Resource temporarily unavailable: mod_wsgi (pid=13396): Couldn't create worker thread 15 in daemon process 'fb.ebookmetafinder.com'. [Sun Jan 30 22:35:02 2011] [alert] (11)Resource temporarily unavailable: mod_wsgi (pid=14009): Couldn't create worker thread 16 in daemon process 'fb.ebookmetafinder.com'. [Sun Jan 30 22:35:07 2011] [alert] (11)Resource temporarily unavailable: mod_wsgi (pid=14009): Couldn't create worker thread 17 in daemon process 'fb.ebookmetafinder.com'. I'm on a ubuntu server vps and i use mod_wsgi with django. Thanks.

    Read the article

  • Can I make Apache drop a connection when matching a URL?

    - by PP
    Using mod_rewrite I can construct a rule to respond with a clean error code (e.g. 404 not found, 410 gone, or 403 unauthorised) when a page is requested that I don't want to serve. But frequently I get completely erroneous requests from hackers scanning my website for vulnerabilities or possibly cross-site scripting attempts. For these customers I do not want to return a clean error - I'd rather do something else like immediately drop the connection with no response or, alternatively, hold the connection open for a lengthy period of time to frustrate the automated process. Any ideas how to accomplish this with Apache? I've read that nginx has the ability to immediately terminate a connection when a particular pattern is matched.

    Read the article

< Previous Page | 73 74 75 76 77 78 79 80 81 82 83 84  | Next Page >