Search Results

Search found 14878 results on 596 pages for 'mod security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 136/596 | < Previous Page | 132 133 134 135 136 137 138 139 140 141 142 143  | Next Page >

  • WebDav uploads fail on files with certain characters on Apache

    - by bnferguson
    Have webdav uploads working great on one our boxes but anytime there is a ; # or * (and maybe a few others) the upload fails. That is expected since they're restricted characters but I'm curious if there's a way to rewrite/rename those files on their way through. We don't care what the name is really it just has to make it up to the server. Started looking at mod_rewrite solutions but my rewrite fu is rather weak.

    Read the article

  • Is UEFI more or less vulnerable than Legacy BIOS?

    - by Eric
    Is UEFI more secure than BIOS on a Windows 8.1 machine? Is UEFI vulnerable to malware in ways that Legacy BIOS is not? Is it correct that UEFI can connect to the internet before the OS (or anti-virus program) has loaded? On some boards, UEFI settings can be changed in Windows. Do these things affect PC security? I have read that BIOS on an MBR disc can be vulnerable to 'rootkits' There have been reports that suggest UEFI secure boot may not be infallible. Is UEFI better at defending against malware than BIOS?

    Read the article

  • vBulletin 5 + lighttpd url rewriting

    - by Boots
    I'm trying to get vBulletin 5 up and running under lighttpd but I'm having some problems with url rewriting. Here is the apache .htaccess provided by vBulletin. <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php?routestring=$1 [L,QSA] #needed because admincp is an actual directory. RewriteRule ^(admincp/)$ index.php?routestring=$1 [L,QSA] </IfModule> If this helps, this is the IIS config provided by vBulletin <?xml version="1.0" encoding="UTF-8"?> <!-- This file is to support redirection in IIS. It is harmless if you are running under Apache --> <configuration> <system.webServer> <rewrite> <rules> <rule name="Main Redirect" stopProcessing="true"> <match url="^(.*)$" ignoreCase="false" /> <conditions logicalGrouping="MatchAll"> <add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" negate="true" /> <add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" negate="true" /> </conditions> <action type="Rewrite" url="index.php/{R:1}" /> </rule> <rule name="Admincp" stopProcessing="true"> <match url="^(admincp/)$" ignoreCase="false" /> <action type="Rewrite" url="index.php/{R:1}" /> </rule> </rules> </rewrite> </system.webServer> </configuration> Anyone have any suggestions as to the lighttpd url.rewrite equivalent? All my experiments have failed thus far. I'm running lighttpd-1.4.31-1 I tried this but it didn't work. I think it has something to do with me not properly emulating [QS] in the .htaccess url.rewrite-once = ("^(.*)$" => "index.php?routestring=$1", "^(admincp/)$)" => "index.php?routestring=$1") This has gotten me closer but not fully functional yet. url.rewrite-if-not-file = ("^(.*)$" => "index.php?routestring=$1", "^(admincp/)$)" => "index.php?routestring=$1")

    Read the article

  • Apache mod_rewrite - remove extension/add trailing slash/preserve directory structure

    - by Henry Wrinkler
    I am currently using the following .htaccess file to remove the .php extension from my files and add a trailing slash to all URLs: RewriteEngine on RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME}\.php -f RewriteRule ^([^/]+)/$ $1.php # Forces a trailing slash to be added RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} !(\.[a-zA-Z0-9]{1,5}|/)$ RewriteRule (.*)$ /$1/ [R=301,L] This is working great, however, when I have a php file in a directory, and I want to serve that file from a directory I get a 404 error. Is there a way to do this with 1 .htaccess file in the root. I really don't want to remember to put a .htaccess file in each directory. Right now www.myexample.com/information/ Serves /information.php. Great! However www.myexample.com/categories/category-1/ this throws a 404 even though the file /categories/category-1.php does exist. I would like to modify my .htaccess file so this serves /categories/category-1.php.

    Read the article

  • How to rewrite index.php (and other valid default files) to the document root using mod_rewrite?

    - by TMG
    Hello, I would like to redirect index.php, as well as any other valid default file (e.g. index.html, index.asp, etc.) to the document root (which contains index.php) with something like this: RewriteRule ^index\.(php|htm|html|asp|cfm|shtml|shtm)/?$ / [NC,L] However, this is of course giving me an infinite redirect loop. What's the right way to do this? If possible, I'd like to have this work in both the development and production environment, so I don't want to specify an explicit url like http://www.mysite.com/ as the target. Thanks!

    Read the article

  • VPN connection over apache mod_proxy

    - by This is it
    Hi We have several virtual machines which are connected in a private virtual network connection. Internet access for these machines is provided via dedicated virtual machine which has apache proxy server on it (they all use this machine as proxy). The problem now is that from several machines we need to connect to external VPN Server, but it seems that VPN connections don't work over apache proxy. Any suggestions on how to enable VPN connection over apache proxy (or some other proxy)? Some other solution? Thanks

    Read the article

  • conditional mod_deflate based on headers

    - by Ben K.
    mod_deflate seems pretty sweet. I'd love to turn it on across the board for text/html--but for certain pages, I don't want to gzip since upstream proxies need to be able to inspect the content. I know there's an AddOutputFilterByType directive -- is there any way to combine that w/ a header inspect so that if I see X-NO-COMPRESS true I skip mod_deflate?

    Read the article

  • mod_rewrite hide subdirectory in return url part2

    - by user64790
    Hi I am having an issue trying to get my mod_rewrite configuration correctly i have a site: 0.0.0.0/oldname/directories/index.php I would like to rename "oldname" to "newname" resulting in: 0.0.0.0/newname/directories/index.php etc.. So when a user navigates to 0.0.0.0 my site will automatically send them to 0.0.0.0/oldname/index.php I'm not planning on moving my content marketing have asked me to rename the site folder I would like to mask the request of 0.0.0.0/oldname/index.php to 0.0.0.0/newname/index.php Also if a user navigates from index.php to an link of say /oldname/project1/index.Php the final browsers returned URL will be /newname/project1.php without having to move or edit site links. I also understand my hyperlinks will refer to /oldname but this is acceptable any help would be highly appreciated. Regards

    Read the article

  • Virtual Subdomains

    - by Dave P
    I would like to manage subdomains exclusively through .htaccess. I am able to catch subdomains that I set up - for example, support.testsite.com - currently, I redirect that to testsite.com/support. What I would like to do is retain the subdomain, even after the redirect - so support.testsite.com seems to stay in the address bar for the user, even though it is actually located at testsite.com/support. Should I maintain another .htaccess file in /support that rewrites the address? Thanks!

    Read the article

  • What is the overhead when redirect through mod_proxy

    - by ivoba
    I have an API that used to run on Apache but now is served via lighttpd. I can easily switch the API URL in the app to the lighty port like api.net:81. I wonder if I should use mod_proxy instead to have cleaner urls. There is no redirect for legacy urls necessary. What would be the overhead for the Apache in between compared to the direct call? Would mod_proxy and Apache steal the benefit of lightys lightweightness?

    Read the article

  • openVAS - Microsoft RDP Server Private Key Information Disclosure Vulnerability - false Alarm?

    - by huebkov
    I performed a openVAS scan on a Windows Server 2008 R2 and got a report for a high threat level vulnerability called Microsoft RDP Server Private Key Information Disclosure Vulnerability. An remote attacker could perform a man-in-the-middle attack to gain access to a RDP session. Affected Software is Microsoft RDP 5.2 and below. My server uses RDP 7.1, is this alarm a false alarm? Security Advisor Pages say: Solution Status Unpatched, No remedy... References http://secunia.com/advisories/15605/ http://xforce.iss.net/xforce/xfdb/21954/ http://www.oxid.it/downloads/rdp-gbu.pdf CVE: CVE-2005-1794 BID:13818

    Read the article

  • Restarting or stopping apache results in waiting forever

    - by steko
    I have two simple WSGI apps running on top of mod_wsgi and apache2 on a test development server. There is no mod_python on this machine. The WSGI configuration is as follows WSGIDaemonProcess tops stack-size=524288 maximum-requests=5 WSGIScriptAlias /tops /home/ubuntu/tops-cloud/tops.wsgi <Directory /home/ubuntu/tops-cloud> WSGIProcessGroup tops WSGIApplicationGroup %{GLOBAL} Order deny,allow Allow from all </Directory> WSGIDaemonProcess flaskal maximum-requests=5 WSGIScriptAlias /c14 /home/ubuntu/c14/flaskal/flaskal.wsgi <Directory /home/ubuntu/c14/flaskal> WSGIProcessGroup flaskal WSGIApplicationGroup %{GLOBAL} Order deny,allow Allow from all </Directory> If I make changes to the app, I need to restart the web server, so I would expect that a simple sudo service apache2 restart does what I need. Same goes for any changes to the config (e.g. number of maximum requests, etc). Instead, it never ends "waiting", like this: $ sudo service apache2 restart * Restarting web server apache2 ... waiting .................................................. until I just do CTRL-C. At that point, the only way to resume a working server is to kill the process and restart it, not very convenient. The same happens with the stop command. The error logs at the "debug" level show the following lines after a failed restart [Wed Nov 14 21:55:19 2012] [notice] caught SIGTERM, shutting down [Wed Nov 14 21:55:19 2012] [info] mod_wsgi (pid=9047): Shutdown requested 'tops'. [Wed Nov 14 21:55:19 2012] [info] mod_wsgi (pid=9047): Stopping process 'tops'. [Wed Nov 14 21:55:19 2012] [info] mod_wsgi (pid=9047): Destroying interpreters. [Wed Nov 14 21:55:19 2012] [info] mod_wsgi (pid=9047): Cleanup interpreter ''. [Wed Nov 14 21:55:19 2012] [info] mod_wsgi (pid=9047): Terminating Python. [Wed Nov 14 21:55:19 2012] [info] mod_wsgi (pid=8920): Shutdown requested 'flaskal'. [Wed Nov 14 21:55:19 2012] [info] mod_wsgi (pid=8920): Stopping process 'flaskal'. [Wed Nov 14 21:55:19 2012] [info] mod_wsgi (pid=8920): Destroying interpreters. [Wed Nov 14 21:55:19 2012] [info] mod_wsgi (pid=8920): Cleanup interpreter ''. [Wed Nov 14 21:55:19 2012] [info] mod_wsgi (pid=8920): Terminating Python. [Wed Nov 14 21:55:19 2012] [info] mod_wsgi (pid=8920): Python has shutdown. [Wed Nov 14 21:55:19 2012] [info] mod_wsgi (pid=9047): Python has shutdown. If I then try to restart again (with the process still running), I get the following error: * Restarting web server apache2 (98)Address already in use: make_sock: could not bind to address 0.0.0.0:80 no listening sockets available, shutting down Unable to open logs Action 'start' failed. The Apache error log may have more information. Unfortunately the Apache error log doesn't have anything. When apache2 is running properly, both apps work without any problem.

    Read the article

  • mod_rewrite add and switch directory

    - by Markus
    How to change the url pattern with mod_rewrite first from domain.de/images/myfile.jpg to domain.de/directory/images/myfile.jpg and then finally to domain.de/images/directory/myfile.jpg My rules so far RewriteCond %{HTTP_HOST} ^(www\.)?domain\.de$ RewriteCond %{REQUEST_URI} !^\/directory RewriteRule ^(.*)$ directory/$1 [NC] RewriteCond %{REQUEST_URI} ^\/directory\/images RewriteRule ^\/directory\/images\/(.*)$ images/directory/$1 [qsappend,L] The first part is working but the exchange of directory fails

    Read the article

  • mod_rewrite with AJAX applictions: possible?

    - by MrJackV
    I am trying to run Shell In a Box (link) through another server (the computer running shellinabox is not accessible from the internet) . Ideally I could use ProxyPass in the Apache config to have a reverse proxy. Problem is I can't access the conf file. So I tried using .htaccess and I discover that I cannot use ProxyPass in there. So I tried and used mod_rewrite to do the job. Currently I have the following on the .htaccess file RewriteEngine On RewriteRule ^$ http://10.1.13.236:4200/ [P] However while it displays the title correctly and if I open up the source code I can see there is something in the page, nothing is diplayed on the screen (it remains blank). My suspicion is that there are problems with AJAX and this kind of proxy. What I am trying to accomplish with the mod_rewrite as close as possible behaviour to ProxyPass (Mirorr a website in a subdirectory). Is this possible? Is there some other solution (I tried phproxy and khproxy but neither of them is able to display anything)? Thanks in advance

    Read the article

  • Which modules can be disabled in apache2.4 on windows

    - by j0h
    I have an Apache 2.4 webserver running on Windows. I am looking into system hardening and the config file httpd.conf. There are numerous load modules and I am wondering which modules I can safely disable for performance and / or security improvements. Some examples of things I would think I can disable are: LoadModule cgi_module others like LoadModule rewrite_module LoadModule version_module LoadModule proxy_module LoadModule setenvif_module I am not so sure they can be disabled. I am running php5 as a scripting engine, with no databases, and that is it. My loaded modules are: core mod_win32 mpm_winnt http_core mod_so mod_access_compat mod_actions mod_alias mod_allowmethods mod_asis mod_auth_basic mod_authn_core mod_authn_file mod_authz_core mod_authz_groupfile mod_authz_host mod_authz_user mod_autoindex mod_dav_lock mod_dir mod_env mod_headers mod_include mod_info mod_isapi mod_log_config mod_cache_disk mod_mime mod_negotiation mod_proxy mod_proxy_ajp mod_rewrite mod_setenvif mod_socache_shmcb mod_ssl mod_status mod_version mod_php5

    Read the article

  • Apache not routing to tomcat on correct Virtual host

    - by ttheobald
    We are looking at moving from Websphere to Tomcat. I'm trying to send traffic to tomcat from apache web server based on the virtual host directives in apache web server. After some playing around I have it sort of working, but I'm noticing that if I have a JKMount directive in the first VirtualHost in apache, all virtualHosts will send to the application server. If I have the JKMount in Virtual hosts further down in the configs, then only that VirtualHost works with the request. For Example, with the configs below here are my symptoms mysite.com/Webapp1/ -- I resolve to the proper application mysite2.com/Webapp1/ -- I resolve to the proper application (bad!) mysite.com/MonitorApp/ -- I resolve to the proper application mysite2.com/MonitorApp/ -- I resolve to the proper application (bad!) mysite.com/Webapp2/ -- I DO NOT get to the app (good) mysite2.com/Webapp2/ -- I resolve to the proper application Here's what my web server virtualhosts look like. <VirtualHost 255.255.255.1:80> ServerName mysite.com ServerAlias aliasmysite.ca ##all our rewrite rules JkMount /Webapp1/* LoadBalanceWorker JKmount /MonitorApp/* LoadBalanceWorker </VirtualHost> <VirtualHost 255.255.255.2:80> ServerName mysite2.com ServerAlias aliasmysite2.ca ##all our rewrite rules JkMount /Webapp2/* LoadBalanceWorker </VirtualHost> we are running apache webserver 2.2.10 and tomcat 7.0.29 on Solaris10 I've posted an image of our architecture here. http://imgur.com/IFaA6Rh I HAVE not defined VirtualHosts on Tomcat. Based on what I've read, my understanding is that it's only needed if I'm accessing Tomcat directly. Any assistance is appreciated. Edit Here's my worker.properties. worker.list= LoadBalanceWorker,App1,App2 worker.intApp1.port=8009 worker.intApp1.host=10.15.8.8 worker.intApp1.type=ajp13 worker.intApp1.lbfactor=1 worker.intApp1.socket_timeout=30 worker.intApp1.socket_connect_timeout=5000 worker.intApp1.fail_on_status=302,500,503 worker.intApp1.recover_time=30 worker.intApp2.port=8009 worker.intApp2.host=10.15.8.9 worker.intApp2.type=ajp13 worker.intApp2.lbfactor=1 worker.intApp2.socket_timeout=30 worker.intApp2.socket_connect_timeout=5000 worker.intApp2.fail_on_status=302,500,503 worker.intApp2.recover_time=30 worker.LoadBalanceWorker.type=lb worker.LoadBalanceWorker.balanced_workers=intApp1,intApp2 worker.LoadBalanceWorker.sticky_session=1

    Read the article

  • How to make a secure MongoDB server?

    - by Earlz
    Hello, I'm wanting my website to use MongoDB as it's datastore. I've used MongoDB in my development environment with no worries, but I'm worried about security with a public server. My server is a VPS running Arch Linux. The web application will also be running on it, so it only needs to accept connections from localhost. And no other users(by ssh or otherwise) will have direct access to my server. What should I do to secure my instance of MongoDB?

    Read the article

  • some issues with removing www and redirecting index.html

    - by MariaKeys
    Hello Fellas, I am having trouble doing what i want to do with the following setup. I would like to remove all WWW, and also forward index.html to root dir. I would like this to be for all domains, so i am doing inside httpd.conf directory directive. I tried many variations with no success. Latest version is below (domains are inside /var/www/html, in seperate directories). http://www.example.com/index.html > http://example.com http://www.example.com/someother/index.html > http://example.com/someother/ Thanks, Maria <Directory "/var/www/html/*/"> RewriteEngine on RewriteBase / RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] RewriteRule ^(.*)$ http://%1/$1 [R=301,L] #RewriteCond %{REQUEST_URI} /^index\.html/ RewriteRule ^(.*)index\.html$ / [R=301,L] Options ExecCGI Includes FollowSymLinks AllowOverride AuthConfig AllowOverride All Order allow,deny Allow from all </Directory>

    Read the article

  • Is disabling password login for SSH the same as deleting the password for all users?

    - by Arsham Skrenes
    I have a cloud server with only a root user. I SSH to it using RSA keys only. To make it more secure, I wanted to disable the password feature. I know that this can be done by editing the /etc/ssh/sshd_config file and changing PermitRootLogin yes to PermitRootLogin without-password. I was wondering if simply deleting the root password via passwd -d root would be the equivalent (assuming I do not create more users or new users have their passwords deleted too). Are there any security issues with one approach verses the other?

    Read the article

  • htaccess rewriting all subdomains to subdirectories

    - by indorock
    I'm trying to build a catch-all for any subdomains (not captured by previous rewrite rules) for a certain domain, and serve a website from a subdirectory that resides in the same folder as the .htaccess file. I already have my vhosts.conf to send all unmapped requests to a "playground" folder, where I want to easily create new subdomains by simply adding a subfolder. So, my structure looks like this: /var/www/playground |-> /foo |-> /bar The .htacces living inside the /playground folder and /foo and /bar being seperate websites. I want http://foo.domain.com to point to /foo and http://bar.domain.com to /bar. Here is my .htaccess file: RewriteEngine On RewriteCond %{HTTP_HOST} ^([^.]+).domain.com$ [NC] RewriteCond %{REQUEST_URI} !^/%1/(.*) RewriteRule ^(.*) /%1/$1 [L] This is supposed to capture the subdomain, add it as a subfolder in RewriteRule, then append after the slash and path information. The second RewriteCond is there to prevent an infinite loop. My idea was that %1 in the second RewriteCond would be able to capture the capture group in the first RewriteCond. But so far I haven't had any success, it's always ending up in a redirect loop. If I would replace %1 in the second RewriteCond with hardcoded 'foo' or 'bar', it works, which leads me to believe that you cannot refer to a capture group inside a RewriteCond. Is is true? Or am I missing something?

    Read the article

  • Mod_rewrite delete parameter in 301 Redirect

    - by Jack
    Hi, How would I go about rewriting: http://www.example.com/foo.html?order=desc&limit=all&something=else to http://www.example.com/foo.html?order=desc&something=else I want to remove all instances on limit=all regardless of how many other parameters in the url. I have tried: RewriteCond %{QUERY_STRING} ^(.*&)&limit=all(&.*)?$ [NC] RewriteRule ^foo\.html$ /foo\.html\?%1%2 [R=301,L]

    Read the article

  • How to setup Apache 2.2 (prefork) with mod_fcgid to test a C++ application?

    - by skyeagle
    I have written my first fastcgi application (C/C++), and I need to test it to ensure that it is behaving the way I expect it to. I have searched for examples on setting up Apache 2.2. with mod_fcgid, but all of teh tutorials etc I have seen, relate to PHP, Python, Perl etc. Is anyone aware of a resource that shows how I may setup Apache to use mod_fcgid (NOT mod_fastcgi) to test my binary? If no online resource is available (I'd be surprised), then could someone please point out the steps required to do the testing?

    Read the article

  • Does Windows 8 include the Windows Help program (WinHlp32.exe)?

    - by amiregelz
    In 2011, Symantec reported on the use of the Windows Help File (.hlp) extension as an attack vector in targeted attacks. The functionality of the help file permits a call to the Windows API which, in turn, permits shell code execution and the installation of malicious payload files. This functionality is not an exploit, but there by design. Here's the malicious WinHelp files (Bloodhound.HLP.1 & Bloodhound.HLP.2) detection heat map: I would like to know if the Windows Help program exists on my Windows 8 machine by default, because if it does I might need to remove it for security reasons. Does Windows 8 include the Windows Help program (WinHlp32.exe)?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 132 133 134 135 136 137 138 139 140 141 142 143  | Next Page >