Search Results

Search found 58272 results on 2331 pages for 'apache log files'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 220/2331 | < Previous Page | 216 217 218 219 220 221 222 223 224 225 226 227  | Next Page >

  • Security issues of running PHP scripts as the owner of the PHP file with suexec

    - by thomasrutter
    I'm using suexec to ensure that PHP scripts (and other CGI/FastCGI apps) are run as the account holder associated with the relevant virtual host. This allows for securing each users' scripts from reading/writing by other users. However, it occurs to me that this opens up a different security hole. Previously, the web server ran as an unprivileged user, with read-only access to user's files (unless the user changed the file permissions for some reason). Now, the web server can also write to user's files. So while I've prevented different users taking advantage of each other's scripts, I've made it so that in the event that some application has a remote code injection vulnerability, it now has not only read access but also write access to all that user's scripts and website. How can I deal with this? One idea I've had is to create a second user account for each user account in the system, so that each user has their own user account, and all their scripts are run under another user account. But that seems cumbersome.

    Read the article

  • PHP app breaks on Nginx, but works on Apache

    - by rizon1990
    I want to migrate a PHP application from Apache to Nginx. The problem is that the App breaks, because the routing doesn't work anymore and I'm not exactly sure how to fix it. The PHP application includes some .htaccess files and I tried to convert those to Nginx. The first one is in the document root: <IfModule mod_rewrite.c> RewriteEngine on RewriteRule ^$ public/ [L] RewriteRule (.*) public/$1 [L] </IfModule> The second one is in /public/ <IfModule mod_rewrite.c RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d # Rewrite all other URLs to index.php/URL RewriteRule ^(.*)$ index.php?url=$1 [PT,L] </IfModule> <IfModule !mod_rewrite.c> ErrorDocument 404 index.php </IfModule> The third and last one is: deny from all My nginx version of it looks like the following: #user nobody; worker_processes 1; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; #tcp_nopush on; keepalive_timeout 65; gzip on; server { listen 8080; server_name localhost; root /Library/WebServer/Documents/admin; location / { index index.php; rewrite ^/$ /public/ break; rewrite ^(.*)$ /public/$1 break; } location /public { if (!-e $request_filename){ rewrite ^(.*)$ /index.php?url=$1 break; } } location /library { deny all; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } location ~ \.php$ { root /Library/WebServer/Documents/admin; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } } } The problem I face is that something that the routing is broken and just returns a 404 page instead. Hopefully someone has an idea and know how to fix it ;) Thanks EDIT I got it working with this config location /library { deny all; } location ~* ^.+.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js)$ { access_log off; rewrite ^(.*)$ /public/$1 break; } location / { rewrite ^/(.+)$ /index.php?url=$1 last; } I'm sure there are better solutions and I'm open for suggestions.

    Read the article

  • Running PHP scripts as the owner of the PHP file: security issues

    - by thomasrutter
    I'm using suexec to ensure that PHP scripts (and other CGI/FastCGI apps) are run as the account holder associated with the relevant virtual host. This allows for securing each users' scripts from reading/writing by other users. However, it occurs to me that this opens up a different security hole. Previously, the web server ran as an unprivileged user, with read-only access to user's files (unless the user changed the file permissions for some reason). Now, the web user can also write to user's files. So while I've prevented different users taking advantage of each other's scripts, I've made it so that in the event that some application has a remote code injection vulnerability, it now has not only read access but also write access to all that user's scripts and website. How can I deal with this? One idea I've had is to create a second user account for each user account in the system, so that each user has their own user account, and all their scripts are run under another user account. But that seems cumbersome.

    Read the article

  • installing w3c validator on Fedora 11

    - by coure06
    On Fedora 11 i have installed w3c validator using yum install w3c-markup-validator is this installation configure each and everything including the complete website? followed this doc http://validator.w3.org/docs/install.html Apache is already installed. Now how can i open validator site locally? i am trying localhost, 127.0.0.1, 127.0.0.2 but validator website is not opening...

    Read the article

  • Preserve amends to /etc/httpd/conf/httpd.conf in WHM cPanel?

    - by ed209
    Is there a way to preserve amends we make to first (default) VirtualHost container in /etc/httpd/conf/httpd.conf? We have a custom setup for a site and we want all unmatched hostnames to be caught by that VirtualHost. As per Apache manual all unmatched hosts are processed by first VirtualHost directive, hence we copied DocumentRoot, suPHP user and some other values from out main site's VH. Running /usr/local/cpanel/bin/apache_conf_distiller --update and then /usr/local/cpanel/bin/build_apache_conf reverts our changes.

    Read the article

  • How restore back up email files in qmail

    - by Maysam
    I have problem with restoring some old backup mail files in a mail server that uses qmail. The problem is, when I copy a new email file to the /cur directory, the number of emails in front of inbox increases, but when I click on the inbox, I don't see the newly copied email. I can only see the old emails. I also deleted maildirsize and courierimapuiddb files and they where automatically created again, but it didn't help and I cannot still see the email in my inbox. Is there something I am missing? How can I restore the backed up email files? Please note that when I copy the email files in /.sent-mail/cur directory, they are all displayed in my sent box, but that doesn't happen for inbox files in /cur directory.

    Read the article

  • Folder isn't visible

    - by user41998
    Hello, I have the latest apache under Arch Linux. Here is the screen: http://uppix.net/f/a/b/1f323092f2485e2f1e8e59c3744bf.png [ockonal@wincode public_html]$ ls -l total 1 drwxr-xr-x 10 ockonal users 432 May 2 16:48 site drwxrwxrwx 11 ockonal users 1456 Feb 20 23:24 unvisible Why?

    Read the article

  • fcgid, suexec, and userdir

    - by Martin v. Löwis
    I'm trying to set up per-user trac instances, using fcgid. The problem is that trac requires rw access to the trac instance, so I need the fcgi process to run under the respective user. I have the suexec, fcgid, and userdir Apache modules installed (on Debian). I put up vhost directive ScriptAliasMatch /~(.*)/trac /home/$1/public_html/trac.fcgi This works insofar as trac.fcgi is run, but unfortunately, under the www-data user. How can I make fcgid launch it under the $1 user?

    Read the article

  • Apache 2.4.2 with PHP 5.4.4 crashes as soon as phpinfo() script is opened

    - by Gremo
    As soon as i open a phpinfo() script called version.php apache stops working. Here is the error.log file. My configuration (my local development machine): Windows 7 Home Premium x64 SP1 with latest updates Apache 2.4.2 win32 from Apache Lounge PHP 5.4.4 VC9 x86 TS from PHP For Windows php5apache2_4.dll (PHP 5.4.4) taken from Apache Lounge php5apache2_4.dll-php-5.4-win32.zip PATH environment variable is PATH=C:\WAMP\Apache\bin;C:\WAMP\PHP and installation folders (unzipping) are: C:/WAMP/Apache C:/WAMP/PHP Microsoft Visual C++ 2010 SP1 x86/x64 installed and updated. So everything looks fine to me. PHP integration in httpd.conf is: # Integrazione PHP LoadModule php5_module "C:/WAMP/PHP/php5apache2_4.dll" PhpIniDir "C:/WAMP/PHP" AddType application/x-httpd-php .php <IfModule dir_module> DirectoryIndex index.html index.php </IfModule>

    Read the article

  • How do I remove the ServerSignature added by mod_fcgid?

    - by matthew
    I'm running Mod_Security and I'm using the SecServerSignature to customize the Server header that Apache returns. This part works fine, however I'm also running mod_fcgid which appends "mod_fcgid/2.3.5" to the header. Is there any way I can turn this off? Setting ServerSignature off doesn't do anything. I was able to get it to go away by changing the ServerTokens but that removed the customization I had added.

    Read the article

  • View hidden contents of usb device

    - by Srikanth Suresh
    I have a USB with the following contents on ls -lah total 8.0K drwx------ 1 srikanth srikanth 4.0K May 27 22:54 . drwxr-xr-x 4 root root 4.0K May 28 19:37 .. -rw------- 2 srikanth srikanth 0 May 27 22:52 Files.az3w On viewing the properties of the folder I have the following information: 90.4Mb used and 16.1GB free There is data in this pen drive which I am currently unable to view also it is sensitive. After searching about hiding contents in a USB I think that there is a hidden partition here that I cant access. How should I proceed to view the contents without damaging the files already present?

    Read the article

  • How to share files between cPanel accounts?

    - by Darren
    I am setting up a multi-site/multi-store Magento installation, and I want each site to have its own cPanel account so I can setup the SSL and dedicated IP properly. I have tried to create a linux group called 'magento' and changed the files I need to share to that group (even added the users to that group), however when I try to access files through my scripts on those accounts it doesn't acknowledge the files exist. I first made a soft symbolic link which didn't work and then including them to their real location but it didn't work. Am I missing a step in allowing which users can access which files? I added the users to the magento group and like I said changed the group of the files I need to share to them but it's still not working. Thanks, Darren

    Read the article

  • Secure LAMP server for production use

    - by WalterJ89
    What is the procedure for securing a Linux, Apache, MySQL, PHP Server (or even Perl) for production use? Other than setting the MySql password and the root password for linux what other (maybe not so obvious) steps should be taken? Also what steps can I take if I was going to be extra paranoid that may not normally be nessasary? this is for a basic single site use but must be secure. Thank you. (sorry if this was asked before)

    Read the article

  • Redirect visitors to a "site in maintenance" page?

    - by serhio
    My site is in maintenance(construction). How to redirect visitors to a "site in maintenance" single page? I heard something about app_offline.htm for ASP.NET. Is there something similar for PHP? I want that every page from "mysite.com" be redirected to "mysite.com/maintenance.php"; I don't want to do the minimum modification in the existing site pages, ideally no one. Apache version 2.2.15 PHP version 5.2.13

    Read the article

  • Local SSL connections are causing redirect loop (after Ubuntu update)

    - by codeinthehole
    Following a recent Ubuntu update, my local websites are no longer serving their pages over SSL. For example, my .htaccess file attempts to ensure /sign-in is always served over HTTPS: RewriteEngine On RewriteCond %{HTTPS} off RewriteCond %{REQUEST_URI} /sign-in RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,QSA,R=301] However when I make a request to /sign-in on the domain site2-local , I get the error "The page isn't redirecting properly" with the following in /var/log/apache2/error.log [Tue Jun 08 12:20:57 2010] [info] [client 127.0.1.1] Connection to child 0 established (server site1-local:443) [Tue Jun 08 12:20:57 2010] [info] Seeding PRNG with 656 bytes of entropy [Tue Jun 08 12:20:57 2010] [info] Initial (No.1) HTTPS request received for child 0 (server site2-local:443) [Tue Jun 08 12:20:57 2010] [info] Subsequent (No.2) HTTPS request received for child 0 (server site2-local:443) [Tue Jun 08 12:20:57 2010] [info] Subsequent (No.3) HTTPS request received for child 0 (server site2-local:443) [Tue Jun 08 12:20:57 2010] [info] Subsequent (No.4) HTTPS request received for child 0 (server site2-local:443) [Tue Jun 08 12:20:57 2010] [info] Subsequent (No.5) HTTPS request received for child 0 (server site2-local:443) [Tue Jun 08 12:20:57 2010] [info] Subsequent (No.6) HTTPS request received for child 0 (server site2-local:443) [Tue Jun 08 12:20:57 2010] [info] Subsequent (No.7) HTTPS request received for child 0 (server site2-local:443) [Tue Jun 08 12:20:57 2010] [info] Subsequent (No.8) HTTPS request received for child 0 (server site2-local:443) [Tue Jun 08 12:20:57 2010] [info] Subsequent (No.9) HTTPS request received for child 0 (server site2-local:443) [Tue Jun 08 12:20:57 2010] [info] Subsequent (No.10) HTTPS request received for child 0 (server site2-local:443) [Tue Jun 08 12:21:12 2010] [info] [client 127.0.1.1] (70007)The timeout specified has expired: SSL input filter read failed. [Tue Jun 08 12:21:12 2010] [info] [client 127.0.1.1] Connection closed to child 0 with standard shutdown (server site2-local:443) There is a connection to site1-local (another site on my machine which shares the certificate), which I don't understand. Anyone know what is causing this issue?

    Read the article

  • Bots see something different!?

    - by ilhan
    I've submitted my web site to different apps like YahooWebmasters and similar places. They see my web site's main page's title as Indef of/ . However I see it normally, as My Title. Server: it says Apashi (wtf!?), it is Apache in reality PHP 5.2.5 FreeBSD cPanel Version 11.24.4-RELEASE Kernel version 6.3-PRERELEASE main page: index.html I guess it is because of index.html But why?

    Read the article

  • Redirect Using htaccess

    - by manyxcxi
    I am trying to redirect /folder to / using .htaccess but all am I getting is the Apache HTTP Server Test Page. My root directory looks like this: / .htaccess -/folder -/folder2 -/folder3 My .htaccess looks like this: RewriteEngine On RewriteCond %{REQUEST_URI} !^/folder/ RewriteRule (.*) /folder/$1 What am I doing wrong? I checked my httpd.conf (I'm running Centos) and the mod_rewrite library is being loaded. As a side note, my server is not a www server, it's simply a virtual machine so it's hostname is centosvm.

    Read the article

  • High load on X3220 Quad Core Linux Apache server

    - by John Templar
    I'm seriously in need of help. My sites are now nearly impossible to use because of massive loads on my server. I'm already a month late on my mortgage and this really isn't helping my situation. I've been working on fixing this intermittent load problem for months (never this bad). I'm suspecting some kind of attack since I'm under DDOS attack a lot! I've been trying to figure out what is causing the load but I'm afraid I just don't have the experience or knowledge to understand all the data I've been looking at. I don't even know where to begin or how to test for the large array of attacks out there. Here's some data you might find useful... Server: Xeon X3220 Quad Core 2.4 GHz - Linux, FreeBSD 500 GB HD and 8 Gig of Ram. Runs Centos release 5.7 Server Version: Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_qos/9.74 Warning: All sites are softcore adult sites - mostly fantasy art like elves and amazons. 1) Sites may run fine for weeks or just days at less than 10 load then start jumping to 40-80 load - no idea why. Same sites, same mods, same amount of traffic - just WHAM! 2) I get an email almost every day that says: "Large Number of Failed Login Attempts from IP (different each time)". My webhost (who almost never helps me) told me it was a udp flood or something. 3) I've changed the port for MySQL from the default. If I ever put it back to the default - I get Loads of over 100 from what must be a constant mysql port flood. 4) I've reconfigured MYSQL. Link: http://www.deadlyamazons.com/logs/mycnf.txt 5) I have 3 Joomla Jomsocial networks. I've spent a couple weeks turning all the mods/plugins off, waiting a day and then turning them back on the next day or later if there isn't any change (there hasn't been). For example, on Thursday I'll turn off videos, on Friday I'll turn off chat.. etc and nothing changes the load appreciably. 6) Joomla info: All SEF turned off - sh404sef completely disabled and removed. Components: Joomla 1.5.22, Jomsocial 2.0.5, Kunena 1/31/2011, HWDMediashare 11/22/2010 and JBolo Chat 2.7.3, Comet Chat or Envolve Chat. Page Compression is on, Cache is on 15 mins. Please click on this forum to see links to all my reports: http://forum.joomla.org/viewtopic.php?f=433&t=706035&p=2777500#p2777500 Any help would be highly appreciated.

    Read the article

  • Windows 7, files reappear after deletion.

    - by HeavyWave
    I'm trying to delete some files from a folder. I've taken ownership of the files and the folder. When I delete these files Windows doesn't report any errors and deletes them. BUT, after I press F5 these files reappear again. There are no messages whatsoever, they are just undeletable. I know login off will help, but how do I fix it without going through the pain of closing everything down? P.S. Files disappear from the folder after aprox. 5 minutes. Update. Turns out my version of Windows did not properly upgrade from test version, so it had some weird disk drive issues.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 216 217 218 219 220 221 222 223 224 225 226 227  | Next Page >