Search Results

Search found 14878 results on 596 pages for 'mod security'.

Page 134/596 | < Previous Page | 130 131 132 133 134 135 136 137 138 139 140 141 | Next Page >

Mod_pagespeed, Varnish and Apache cache issues after new code pushes

- by WerkkreW

I have a rather strange issue. In my environment we are running a load balanced cluster of 8 apache servers with a master-master MySQL backend. In front of apache we have Varnish in the cache layer. We have been running Apache mod_pagespeed for several weeks now and for the most part it has been working great. The issue arises when we do fresh code updates from Git, and and/all of the JS/CSS assets change. Basically the problem appears to be two fold. One, after the code push we generally take the opportunity to flush varnish, restart apache, and restart varnish. In doing this all of the mod_pagespeed combinied/minified files are cleared out ensuring that all of the new JS/CSS assets are fresh. The problem is, upon doing this the file names that mod_pagespeed creates change, but the old files (appear) to be still cached for many people client side leading to very unexpected results. However, if we do not restart apache, the changes to the files may or may not appear client side due to the cached minified assets. The simple solution is to disable mod_pagespeed, however I would rather not do that as it has made a fairly large impact in performance. I feel as if there must be a better way to deal with the inconsistencies in cache between the client and server to prevent having people to go to great lengths or perform a large number of page refreshes to see a working page. I can provide configuration snippets if anyone needs them. If you would like to inspect the site, source, headers, or anything try the following addresses: http://wellplayed.org http://wellplayed.org/tv Thanks in advance!

Read the article
Tool to launch a script driven by modem activity

- by Will M

Can anyone suggest a software tool (preferably under Windows XP or later) that would launch an application or script in response to a phone call being received on a landline phone line connected to a data modem on the same PC? or, better, in response to a sequence of touch-tones being played over such a phone line. This would allow, for example, using the telephone to manipulate firewall settings so as to create another layer of security in connection with remote internet access to that computer. I seem to recall seeing tools to do this sort of thing in the days before broadband internet access, when there was more attention to various tips and tricks for the dial-up modem, but a few attempts at Google hasn't turned anything up.

Read the article
NGINX rewrite rules help. Redirect not working and want to get rid of index.php in urls

- by Tamerax

hey! I have 2 questions for nginx users. 1) I'm trying to setup my joomla server onto my new linode running NGINX and after much (like days) of searching and testing, I finally have a config that works with with SEF url plugins...sorta. I was using an apache system on the old server and it used mod_rewrite and life was fine in terms of SEF. Since NGINX doesn't have mod_rewrite, I found something that works BUT it constantly leaves index.php in the urls. ex: http://mysite.com/index.php/forum i want it to be just http://mysite.com/forum but without mod_rewrite it doesn't seem to be possible in joomla that i'm aware of. I know in wordpress it IS possible but I have to use a plugin. Here is my config file: server { listen 80; server_name mysite.com www.mysite.com; access_log /home/public_html/mysite.com/log/access.log; error_log /home/public_html/mysite.com/log/error.log; root /home/public_html/mysite.com/public/; large_client_header_buffers 4 8k; # prevent some 400 errors index index.php index.html; fastcgi_index index.php; location / { expires 30d; error_page 404 = @joomla; log_not_found off; } # Rewrite location @joomla { rewrite ^(.*)$ /index.php?q=last; } # Static Files location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico)$ { access_log off; expires 30d; } # PHP location ~ \.php { keepalive_timeout 0; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include /usr/local/nginx/conf/fastcgi_params; fastcgi_param SCRIPT_FILENAME /home/public_html/mysite.com/public /$fastcgi_script_name; } } 2) second question should be easy but i can't get it to work. I want to use the same config I posted above and have either mysite.com or www.mysite.com both forward to mysite.com/portal. Basically when you hit up the front page with or without the www, it all gets forwarded to a sub directory on the server I called Portal. I have tried several variations of: rewrite ^/(.*) http://www.example.com/portal/$1 permanent; but it usually ends with firefox telling me there is some crazy loop happening the address bar saying something like mysite.com/portalportalportalportalportal.........on and on. So, any help on either of these issues would be awesome!! Thanks!!

Read the article
How to I test if mod_rewrite is enabled?

- by user124130

I'm setting up an environment for wordpress on apache2, on a fresh install of ubuntu 12.04. In order to get friendly URLS working, I'm trying to set up mod_rewrite. I followed some instructions I found on the net, and used a2enmod. Now. after restarting apache, I'd like to check if the module is actually loaded. The command that I've found for getting a list of loaded modules is this: apache2 -t -D DUMP_MODULES However, this returns an error: apache2: bad user name ${APACHE_RUN_USER} So, how do I actually list all loaded modules, or otherwise check to see if mod_rewrite has been enabled?

Read the article
I need a script to lockdown the system time to users via gpedit.msc

- by Chester

I need to lockdown the system time on a number of PCs via gpedit.msc and then removing administrators from the group and then adding 'administrator' and 'polling'. Can I do this via a script? Essentially I have to; Run gpedit.msc Computer Configuration Windows Settings Security Settings Local Policies User Rights Assignment Double Click Change the system time Select Administrators Click Remove Click Add User or Group Type Administrator Click Check Names Type polling Click Check Names OK Apply OK Logoff I have to do this for a huge number of computers so is there a batch file I could run on each PC to do this? Your help would be very much appreciated. Best Regards

Read the article
Where the heck is mod_login? (Joomla)

- by Joey Adams

I'm a Joomla newbie, and I'm trying to set up a site to require login access to certain articles. Simply setting the article's Access Level to Restricted makes it disappear rather than prompting for a login. I can't figure out how to make a login page because I can't find any menu items or documentation pertaining to mod_login. I want to set at least one page to require login access. Where do I start?

Read the article
apache automatically completes url

- by John

See this NYTimes url: http://opinionator.blogs.nytimes.com/2011/01/02/war-in-the-cabinet/?hp If we type opinionator.blogs.nytimes.com/2011/01/02/war-i in browser, it automatically redirects us to the above article, the only article in that folder starting with "war-i". How to do this in a site with apache, which serves static html files only? That is, if there is a apache module, without adding scripts, that would be best.

Read the article
Need to rewrite unless a rule is matched

- by aussiegeek

I need to rewrite to another host, unless the url starts with /store or /utils I have tried looking at the apache docs, but I can't work out how to do this

Read the article
Apache certificates for some urls not working

- by Vegaasen

We are having a rather strange problem with a Apache-installation. Here is a short summary: Currently I'm setting up Apache with https, and server-certificates. This is fairly easy and works straight out of the box - as expected. This is the configuration for this setup: Listen 443 SSLEngine on SSLCertificateFile "/progs/apache/ssl/example-site.no.pem" SSLCertificateKeyFile "/progs/apache/ssl/example-site.no.key" SSLCACertificateFile "/progs/apache/ssl/ca/example_root.pem" SSLCADNRequestFile "/progs/apache/ssl/ca/example_intermediate.pem" SSLVerifyClient none SSLVerifyDepth 3 SSLOptions +StdEnvVars +ExportCertData RequestHeader set ssl-ClientCert-Subject-CN "%{SSL_CLIENT_S_DN}s" RewriteEngine On ProxyPreserveHost On ProxyRequests On SSLProxyEngine On ... <LocationMatch /secureStuff/$> SSLVerifyClient require Order deny,allow Allow from All </LocationMatch> ... <Proxy balancer://exBalancer> Header add Set-Cookie "EX_ROUTE=EB.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED BalancerMember http://10.0.0.1:7200 route=ee1 retry=300 flushpackets=off keepalive=on BalancerMember http://10.0.0.2:7200 route=ee2 retry=300 flushpackets=off keepalive=on status=+H ProxySet stickysession=EX_ROUTE scolonpathdelim=Off timeout=10 nofailover=off failonstatus=505 maxattempts=1 lbmethod=bybusyness Order deny,allow Allow from all </Proxy> RewriteCond %{REQUEST_URI} !^/index.html [NC] RewriteRule ^/(.*)$ balancer://exBalancer/$1 [P,NC] ProxyPassReverse / balancer://exBalancer/ Header edit Set-Cookie "(.*)" "$1;HttpsOnly" ... So - everything works fine and as expected for all of the pages that are not a part of the LocationMatch-directive. When requesting something that matches the LocationMatch-directive, I'm asked for a certificate (hence the SSLVerifyClient required attribute) - and getting all the correct certificates in my browser that is based on the root/intermediate chain. After choosing a certificate and clicking "OK", this is what pops up in the apache logs: [ssl:info] [pid 9530:tid 25] [client :43357] AH01998: Connection closed to child 86 with abortive shutdown ( [Thu Oct 11 09:27:36.221876 2012] [ssl:debug] [pid 9530:tid 25] ssl_engine_io.c(1171): (70014)End of file found: [client 10.235.128.55:45846] AH02007: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] And this just spams the logs. What is happening here? I can see this configuration working on my local machine, but not on one of our servers. There is no configration differences between the servers, only minor application-wise-changes. I've tried the following: 1) Removing CA-certificate-checking (works) 2) Adding required CA-certificate for the whole site (works) 3) Adding "SSLVerifyClient optional" does not work 4) ++ Server/Application Information Local: -OpenSSL v.1.0.1x -Apache 2.4.3 -Ubuntu -mpm: event -every configuration should be turned on (failing) server: -OpenSSL 0.9.8e -Apache 2.4.2 -SunOS -mpm: worker -every configuration should be turned on Please let me know if more information is needed, I'll provide it instantly. Brief sum-up: -Running apache 2.4 -Server certificates works just fine -Client certificates for some /Locations does not work, fails with errors PS: Could it be related with the OpenSSL version and the "Renegotiation" stuff related to TLS/SSLv3?

Read the article
mod_rewrite filename from mod_pagespeed back to normal files

- by British Sea Turtle

I am hoping someone can help me with this problem. I am moving to a new server and not using mod_pagespeed any more. However we have lots of external links to images on our site using the strange mod_pagespeed filenames. This is not an issue but we do not want to have lots of 404 errors. So I have lots of links like the following : http://www.domain.com/images/150x150xlink.png.pagespeed.ic.pPXw45HSQm.png http://www.domain.com/images/paris_01.gif.pagespeed.ce.vfrkuKUaj0.gif http://www.doamin.com/images/1st2.gif.pagespeed.ce.OUg38q6VbZ.gif How can I redirect them to : http://www.domain.com/images/150x150xlink.png http://www.domain.com/images/paris_01.gif http://www.doamin.com/images/1st2.gif There are thousands of files like this so I am hoping for a simple solution with mod_rewrite, I tried this but it does not work. So any help would be appreciated. RewriteCond %{REQUEST_URI} \.gif\.pagespeed\. [NC] RewriteRule ^(.*?\.gif)\..*\.gif$ $1 [NC,L]

Read the article
forward all ports via htaccess to new address

- by user875933

I have a chat server running on my local machine that listens to different ports. I want to use the sub-domain of one of my accounts to access it. I intend to manually change the redirect whenever my local machine gets a different ip address. So: chat.example.com:123 would redirect to dynamic.ip.address:123 I am trying to accomplish this with .htaccess and RewriteRule I have tried: RewriteEngine on RewriteRule ^(.*) http://dynamic.ip.address/ [L, R=302] but this doesn't work. When I try chat.example.com:123 nothing happens. When I input chat.example.com into the web browser, I get dynamic.ip.address Is .htaccess the right tool for this? I am using a simple web host that gives me ssh access, but not much more.

Read the article
How to merge several detached signatures from different people into one?

- by Petr Pudlák

A group of people wants to publish a file and they all want to digitally sign the file as different recipients of the file will have different chains of trust. For simplicity, it's desired that there is only one detached signature file with all the signatures, so that the recipients don't need to check them one by one: foo.tar.gz foo.tar.gz.sig However, for security reasons, every person needs to perform the signing on their computer, it's not possible to create the combined signature by having multiple private keys on one computer and performing the operation with one command. Is it possible with GPG to somehow merge detached signatures of a file from multiple participants?

Read the article
CPANEL ModSec2 not working with SecFilterSelective

- by jfreak53

Ok, I have cPanel/WHM latest on a Dedi, here are my specs on apache: Server version: Apache/2.2.23 (Unix) Server built: Oct 13 2012 19:33:23 Cpanel::Easy::Apache v3.14.13 rev9999 I just ran a re-compile using easyapache as you can see by the date. When running it I made sure that ModSec was selected and it stated in big bold letters something to the effect of If you install Apache 2.2.x you get ModSec 2 So I believed it :) I recompiled, I then ran: grep -i release /home/cpeasyapache/src/modsecurity-apache_2.6.8/apache2/mod_security2.c Hmm, the file is there but grep doesn't output anything, if I run: grep -i release /home/cpeasyapache/src/modsecurity-apache_1.9.5/apache2/mod_security.c I of course get the ModSec 1 version output. But the thing is that ModSec2 is installed since the c file is there. So I continued and put the following in modsec2.user.conf: SecFilterScanOutput On SecFilterSelective OUTPUT "text" Now when I restart Apache I get this error: Syntax error on line 1087 of /usr/local/apache/conf/modsec2.user.conf: Invalid command 'SecFilterScanOutput', perhaps misspelled or defined by a module not included in the server configuration Now supposedly this is supposed to work, I even have it running in ModSec2 on a non-cpanel server setup manually. So I know ModSec2 supports it. Anyone have any ideas? I have asked this question over at cpanel forum and it got nowhere.

Read the article
What does the red x icon mean next to a user in folder permissions (Windows 7)

- by Scott Szretter

In trying to debug various strange issues on a machine, I found something strange - when I go to C:\Users\administrator and get properties, security tab, it lists the users (the local admin account, system, and 'administrator' which is the domain administrator account). It all looks fine in terms of permissions (full control, etc.) compared to other machines. The one difference is there is a small red circle with an X to the left of the user icon/name. Additionally, there are various folders where it says access denied under there - for example, my documents! Even logged in as the local machine administrator account (which is not named administrator), I am unable to change the permissions - it says access denied. Any ideas what this means and how to fix it? I even tried re-joining the machine to the domain.

Read the article
How do I host multiple domains on Ubuntu Server (Hardy Heron)?

- by markle976

I am trying to figure out the best way to host multiple domains on my Ubuntu server. I have tried multiple options, but I can't get everything to work the way I want it to. I want to be able to add domains without having to restart Apache each time. I tried using mod_vhost_alias (see below), but that maps www.domain.com and domain.com to different folders. I also need to be able to use mod_rewite to map requests for domain.com/app/* to domain.com/somescript.php current httpd.conf: UseCanonicalName Off VirtualDocumentRoot /var/www/%0 Any thoughts?

Read the article
mod_rewrite, 301 problem

- by blid

Hi, Currently I can access specific site in two ways: 1. http://a.com/foo/bar 2. http://a.com/index.php?url=foo/bar What I'm trying to achive is to allow to do it only using first way, and make redirect 301 on the second to the first one. Here's the code which I made so far and put into .htaccess: <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.*)$ index.php?url=$1 [QSA,L] #tricky part RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\?url=?(.*)\ HTTP/ RewriteRule ^index\.php$ http://a.com/$1 [R=301,L] </IfModule> Currently it do almost all the job, it's redirecting index.php to /, but index.php?url=foo/bar to /?url=foo/bar and I can't manage to make it right. TIA.

Read the article
How to setup Apache 2.2 (prefork) with mod_fcgid to test a C++ application?

- by skyeagle

I have written my first fastcgi application (C/C++), and I need to test it to ensure that it is behaving the way I expect it to. I have searched for examples on setting up Apache 2.2. with mod_fcgid, but all of teh tutorials etc I have seen, relate to PHP, Python, Perl etc. Is anyone aware of a resource that shows how I may setup Apache to use mod_fcgid (NOT mod_fastcgi) to test my binary? If no online resource is available (I'd be surprised), then could someone please point out the steps required to do the testing?

Read the article
htacces rewrite condition old site to new site with querystring

- by Brandon Braner

I am not even going to pretend to fully understand how htaccess rewrite conidtions work. Ive been working on this for a while searching and searching. I have an old wordpress site www.old-site.com and a new site www.site.com wordpress uses query strings page_id=# to redirect to pages on the old site page_id=2 went to a specific page but on the new site it goes the the home page i need old-site/?page_id=2 to go to site.com/our-company here is what i am trying RewriteCond %{HTTP_HOST} ^(www.)?old-site.com$ [NC] RewriteCond %{QUERY_STRING} ^page_id=2$ RewriteRule ^(.*)$ http://www.site.com/our-company/ [R=301,L] if i take out the rewrite conditio for query string it redirects all traffic from old-site.com to the our company page on the new site. where am i going wrong? i have about 15 redirects i need to do this way. thanks in advance

Read the article
Url rewrite rule

- by vvr

How to redirect a page form show.php?id=(15charstring) to show/(15charstring) I tried like this it is doing reverse means it is redirecting /show/(15chars) to show.php?id=(15chars) RewriteEngine on RewriteRule ^/show/([a-zA-Z0-9]{15})$ http://site.com/show.php?id=$1 Second case is i have to redirect to another page if he added &m=true to the url show.php?id=(15chars)&m=true html/show.php?id=(15chars).

Read the article
mod_perl custom configuration directives don't work when placed in .htaccess and there is <Location>

- by al_l_ex

I'm trying to complete Redmine's feature request #2693: Use Redmine.pm to authenticate for any directory (1). I have not much knowledge on all these things and need help. Redmine uses mod_perl module Redmine.pm for authentication & authorization. This module defines several custom configuration directives. I've successfully modified patch from (1) and it works when all config is in <Location>: <Location /digischrank/test> AuthType basic AuthName "Digischrank Test" Require valid-user PerlAccessHandler Apache::Authn::Redmine::access_handler PerlAuthenHandler Apache::Authn::Redmine::authen_handler RedmineDSN "DBI:mysql:database=SomedaTaBAse;host=localhost" RedmineDbUser "SoMeuSer" RedmineDbPass "SomePaSS" RedmineProject "digischrank" </Location> But when I move one of these directives (RedmineProject, see (1)) in .htaccess file, Redmine.pm doesn't see it! I've tried to change <Location> to <Directory> and add AllowOverride All. Directives from .htaccess is visible, but remaining ones from <Directory> - not. I don't want to move all directives to each .htaccess. When I add <Location> in addition to <Directory>, again - only directives from <Location> are visible. As far as I know, directives should be merged. I miss something?

Read the article
.htaccess & Mod_Rewrite

- by Francesc

Hi, I'm creating a website. I have this code in the .htaccess file: RewriteEngine On RewriteRule ^/([0-9][0-9])/$ /redirect.php?id=$1 But when I go to, for example /ASEi it says 404 Not Found What's the problem?

Read the article
mod_rewrite ssl redirect

- by Thomas

Hi all, I want to use mod_rewrite to ensure that certain pages are served with SSL and all others normally, but I am having trouble getting it to work This works (redirect to SSL when request uri is for users or cart) RewriteCond %{SERVER_PORT} 80 RewriteCond %{REQUEST_URI} users [OR] RewriteCond %{REQUEST_URI} cart RewriteRule ^(.*)$ https://secure.host.tld/$1 [R,L] So, to accomodate for a user not to keep browsing the site with ssl, when requesting other uris, I thought the below, but doesn't work: (when port is 443 and request uri is not one of uris that need to be served by ssl, redirect back to normal host) RewriteCond %{SERVER_PORT} 443 RewriteCond %{REQUEST_URI} !^/users [OR] RewriteCond %{REQUEST_URI} !group RewriteRule ^/?(users|groups)(.*)$ http://host.tld/$1 [R,L] Any help? Thanks

Read the article
htaccess rewriterule leading slash

- by Tiddo

I'm using htaccess to rewrite my urls so that I can have nice clean urls. However, the same htaccess file does different things on my local server and my remote server: On my local server the url to the website is like http://localhost/example/ and on my remote server the url is http://example.com/. For my local server I can use the following htaccess redirect rule: RewriteRule ^(.*)$ index.php?page=$1 [L,QSA] However, when I use this on my remote server I get an internal server error. Instead I have to use this: (note the leading slash) RewriteRule ^(.*)$ /index.php?page=$1 [L,QSA] Unfortunately this doesn't work on my local server: this rewrite rule requests http://localhost/index.php instead of http://localhost/example/index.php on my local server. How can I make this work on both my remote and local server?

Read the article
Safety concerns on allowing connections to MySQL with no password on localhost?

- by ÉricO

In the case of a Linux system, is there any security concern to let MySQL users with standard privileges (that is, not the root users) connect to the database with no password from localhost? I think that enforcing a password even for localhost can add a layer of protection, since, with no password the database access would be compromised if the SSH access is itself compromised. Considering that, would it be less safe to allow no password connection to MySQL than having the same password for SSH and for MySQL? I don't know if that is to be taken into account, but we also use phpMyAdmin to let users administrate their own database. I am asking because I kinda dislike having to put our database passwords unencrypted in the source or configuration files of our applications, where they can easily be leaked unintentionally. Since our servers are configured to run our applications as the Linux user the application belongs to, I was considering allowing no password from localhost as a simple solution. So, would that be a very bad idea or not?

Read the article
mod_rewrite only one extension

- by Matthias Reisner

Currently I'm having the following htaccess content: <IfModule mod_rewrite.c> RewriteEngine on RewriteRule ^(.*).html$ $1.php </IfModule> I want to change the php extension to html. Now if I browse for localhost/xx.html I get the right content. BUT I also can use xx.php or xx to access the oontent! I only want to get the content if there is an html extension! How can I make this work??? Example: On the server I have the file foo.php. Now I want the user to type in foo.html in the browser to get the content of foo.php. But if he types foo.php there will be an error. I already tried this RewriteRule ^(.*)[^\.html]$ error.php RewriteRule ^(.*)\.html$ $1.php But that does not really work Thanks!

Read the article

< Previous Page | 130 131 132 133 134 135 136 137 138 139 140 141 | Next Page >