Search Results

Search found 3423 results on 137 pages for 'mod authz ldap'.

Page 57/137 | < Previous Page | 53 54 55 56 57 58 59 60 61 62 63 64  | Next Page >

  • Why does mod_security require an ACCEPT HTTP header field?

    - by ripper234
    After some debugging, I found that the core ruleset of mod_security blocks requests that don't have the (optional!) ACCEPT header field. This is what I find in the logs: ModSecurity: Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required. [file "/etc/apache2/conf.d/modsecurity/modsecurity_crs_21_protocol_anomalies.conf"] [line "41"] [id "960015"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [hostname "example.com"] [uri "/"] [unique_id "T4F5@H8AAQEAAFU6aPEAAAAL"] ModSecurity: Access denied with code 400 (phase 2). Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required. [file "/etc/apache2/conf.d/modsecurity/optional_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "41"] [id "960015"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [hostname "example.com"] [uri "/"] [unique_id "T4F5@H8AAQEAAFU6aPEAAAAL"] Why is this header required? I understand that "most" clients send these, but why is their absence considered a security threat?

    Read the article

  • How to let mod_wsgi only handle certain URLs under Apache?

    - by Frederik
    I have a Django app that handles "/admin/" and "/myapp/". All the other requests should be handled by Apache. I've tried using LocationMatch but then I'd have to write a negative regex. I've tried WSGIScriptAlias with the /admin/ prefix but then the wsgi_handler receives the request with the /admin/ part cut off. Is there a cleaner way to make mod_wsgi only handle certain requests?

    Read the article

  • Mod_jk Tomcat VirtualHost

    - by user37143
    Hi, I have two applications in Tomcat app1 and app2. I have mod_jk configured for Apache front end and I am able to get the Tomcat index.jsp Now I created two virtualhosts for app1 and app2 so that app1.domain.com will point to app1 in tomcat and app2.domain.com will point to app2 in Tomcat but it's not working. I have the Vhost as ServerName www.app1.domain.com ServerAlias app1.domain.com DocumentRoot "/opt/tomcat/webapps/app1" DirectoryIndex index.jsp Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all The following section added for Jk JkMount /.do ajp13 JkMount /.jsp ajp13 JkMount / ajp13 JkMount /* ajp13 JkUnMount /.php ajp13 JkUnMount /.gif ajp13 JkUnMount /.html ajp13 JkUnMount /.css ajp13 JkUnMount /.png ajp13 JkUnMount /.jpg ajp13 # But this did not work both the sub domains loads Tomcat's index.jsp. Can some one help me? Thanks

    Read the article

  • Apache reports a 200 status for non-existent WordPress URLs

    - by Jonah Bishop
    The WordPress .htaccess generally has the following rewrite rules: # BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> When I access a non-existent URL at my website, this rewrite rule gets hit, redirects to index.php, and serves up my custom 404.php template file. The status code that gets sent back to the client is the correct 404, as shown in this HTTP Live Headers output example: http://www.borngeek.com/nothere/ GET /nothere/ HTTP/1.1 Host: www.borngeek.com {...} HTTP/1.1 404 Not Found However, Apache reports the entire exchange with a 200 status code in my server log, as shown here in a log snippet (trimmed for simplicity): {...} "GET /nothere/ HTTP/1.1" 200 2155 "-" {...} This makes some sense to me, seeing as the original request was redirected to page that exists (index.php). Is there a way to force Apache to report the exchange as a 404? My problem is that bogus requests coming from Bad Guys show up as "successful requests" in the various server statistics software I use (AWStats, Analog, etc). I'd love to have them show up on the Apache side as 404s so that they get filtered out from the stat reports that get generated. I tried adding the following line to my .htaccess, but it had no effect (I'm guessing for the same reason as the previous redirect rules): ErrorDocument 404 /index.php?error=404 Does anyone have a clever way to fix this annoyance? Additional Info: OS is Debian 6.0.4, and Apache version looks to be 2.2.22-3 (hosted on DreamHost) The 404 being sent back to the client is being set by WordPress (i.e. I'm not manually calling header() anywhere)

    Read the article

  • Help with Apache rewriteengine rules

    - by Vinay
    Hello - I am trying to write a simple rewrite rule using the rewriteengine in apache. I want to redirect all traffic destined to a website unless the traffic originates from a specific IP address and the URI contains two specific strings. RewriteEngine On RewriteLog /var/log/apache2/rewrite_kudithipudi.log RewriteLogLevel 1 RewriteCond %{REMOTE_ADDR} ^199\.27\.130\.105 RewriteCond %{REQUEST_URI} !/StringOne [NC, OR] RewriteCond %{REQUEST_URI} !/StringTwo [NC] RewriteRule ^/(.*) http://www.google.com [R=302,L] I put these statements in my virtual host configuration. But the rewriteengine seems to be redirect all requests, whether they match the condition or not. Am I missing something? Thank you. Vinay.

    Read the article

  • Why is my apache2, mod_fcgid, php configuration causing 100% cpu usage?

    - by Scott Lundgren
    Page load makes a quick initial connection, then hangs about 10 seconds before the page renders. When the server load goes up I start watching top & I see that both CPUs get pegged at times to 100% by between 4-8 processes of php-cgi. My theory is that since I never see RAM usage never go above 50%, that apache is able to handle the requests coming in, but is queueing them for PHP to process. What is wrong with my mod_fcgid/php configuration ? RHEL 5.4 2 Xeon E5420s @ 2.50 Ghz 4 Gb RAM Apache 2.2.3 Timeout 30 KeepAlive On MaxKeepAliveRequests 0 KeepAliveTimeout 5 <IfModule worker.c> StartServers 2 MaxClients 300 MinSpareThreads 25 MaxSpareThreads 75 ThreadsPerChild 25 MaxRequestsPerChild 0 </IfModule> mod_fcgid 2.2.10 LoadModule fcgid_module modules/mod_fcgid.so <IfModule !mod_fastcgi.c> AddHandler fcgid-script fcg fcgi fpl php </IfModule> SocketPath run/mod_fcgid SharememPath run/mod_fcgid/fcgid_shm DefaultInitEnv PHPRC "/etc/" FCGIWrapper /usr/bin/php-cgi .php MaxRequestsPerProcess 1500 MaxProcessCount 20 IPCCommTimeout 240 IdleTimeout 240 APC 3.0.19 extension = apc.so apc.enabled=1 apc.shm_segments=1 apc.optimization=0 apc.shm_size=32 apc.ttl=7200 APC cache is 43% used with a 99% hit rate

    Read the article

  • HOw to secure whm/cpanel centos server from javascript malacious code virus

    - by Master
    Recently my sites index.php code was replaced some malacious javascript virus code. I really don't know how did that entered into that page. Today when i tried to download that file via ftp then antivirus gave me the warning. So it means it was not entered from my computer. Is there any way to install some antivirus on VPS server with centos 5 , cpanel/whm so that those code should not be allowed to add. also what is mod_security . will it be helpful.

    Read the article

  • How to make subdirectory the document root of a web domain or localhost

    - by Ben Huh
    I have a subdirectory abc in the document root /var/www/html I want to be able to run any file any_file.html within the subdirectory by typing in the browser: localhost/any_file instead of localhost/abc/any_file.html or my_domain.com/any_file instead of my_domain.com/abc/any_file.html I tried writing in httpd.conf: <Directory "/var/www/html/abc"> RewriteEngine On RewriteBase / RewriteRule %{REQUEST_FILENAME} %{REQUEST_FILENAME}\.html </Directory> But it doesn't work. Options FollowSymLinks is activated in <Directory> so I believe I would not need to write this again. Does anyone knows why and how to solve it? Thanks. Update: I have another subdirectory efg which I need to be able to access through localhost.

    Read the article

  • How to choose a web server for a Python application?

    - by Phil
    Information and prerequisites: I have a project which is, at its core, a basic CRUD application. It doesn't have long running background processes which it forks at the beginning and talks to later on, nor does it have long running queries or kept alive connection requirements. It receives a request, makes some queries to the database and then responds. In order to serve static files and cachable files fast, I am going to use Varnish in all cases. Here is my question: After reading about various Python web application servers, I have seen that they all have their "fans" for certain, usually "personal" reasons, which got me confused since each usecase differs from the next. How can I learn about the core differentiating factors of Python web servers (in order) to decide how suitable they are for my project and if one would be better than the other? What are your (technically provable) thoughts on the matter? How should I choose a Python web server? Thank you.

    Read the article

  • Trying to install mod_proxy in Apache-Httpd-2.2.15

    - by Dspace
    Hello, I have spent the afternoon trying to install the mod_proxy module into apache. I have tried ./configure --prefix=/opt/apache2 --enable-proxy --enable-proxy-http ./configure --prefix=/opt/apache2 --enable-module=proxy After it finishes installing, navigating to /opt/apache2/modules only shows one file: httpd.exp. It seems that the module is not being installed. Any help is appreciated. Thanks.

    Read the article

  • .htaccess redirect - Is it secure?

    - by thecrandallster
    This works; I'm not having trouble, but I want to be certain that this is bulletproof. I came up with a neat little .htaccess redirect, but I am not sure if it is secure; do you know? <IfModule mod_rewrite.c     RewriteEngine On     RewriteRule ^goto/([a-z]+)/?$ /$1/ [R] </IfModule I think as long as the server is configured correctly and the files handle authentication autonomously, then it shouldn't be a security issue. Also, being that the rewrite rule only works with characters a-z and one slash I doubt they could jump around directories by injecting stuff into the URL I think...

    Read the article

  • .htaccess send requests to a subfolder's index.php

    - by mediaslave
    I have searched stackoverflow for my answer, but nothing that I have seen seems to work. I have a framework that sends all requests to an index.php file. Everything works when I install it in the root of the virtual host: http://domain/ http://domain/home http://domain/home/index The problem happens when I try to install the framework in a subdirectory like: http://domain/blog/ Requests like: http://domain/blog/home http://domain/blog/home/index All of those requests should be sent to the index.php file that lives in /blog My current set up is: http://domain/index.php - This file just prints out 'we are in the root of the virtual host' The framework is not installed there. http://domain/blog - This works fine When I try to got to http://domain/blog/home I get the roots index.php file not the frameworks. I get the message 'we are in the root of the virtual host'. I have the following .htaccess file located at http://domain/blog/.htaccess RewriteEngine on Options Indexes FollowSymLinks -MultiViews RewriteBase /blog/ RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule !\.(js|ico|gif|jpg|png|css)$ index.php Any help is greatly appreciated. Regards, Justin

    Read the article

  • Redhat | error in mod_swgi installation

    - by MMRUSer
    I'm getting the following error when I try to install mod_wsgi ./configure checking for apxs2... no checking for apxs... /usr/sbin/apxs checking Apache version... 2.2.3 configure: creating ./config.status config.status: creating Makefile make /usr/sbin/apxs -c -I/usr/local/include/python2.6 -DNDEBUG mod_wsgi.c -L/usr/local/lib -L/usr/local/lib/python2.6/config -lpython2.6 -lpthread -ldl -lutil -lm /apr-1/build/libtool --silent --mode=compile gcc -prefer-pic -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -fno-strict-aliasing -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -pthread -I/usr/include/httpd -I/usr/include/apr-1 -I/usr/include/apr-1 -I/usr/local/include/python2.6 -DNDEBUG -c -o mod_wsgi.lo mod_wsgi.c && touch mod_wsgi.slo sh: /apr-1/build/libtool: No such file or directory apxs:Error: Command failed with rc=8323072 . make: *** [mod_wsgi.la] Error 1 mod_wsgi 3.2 Apache 2.2 Python 2.6 apr-1.2.7-11 Is this error because of a missing package.. or else how do I solve this issue?

    Read the article

  • How to exclude a specific URL from basic authentication in Apache?

    - by ripper234
    Two scenarios: Directory I want my entire server to be password-protected, so I included this directory config in my sites-enabled/000-default: <Directory /> Options FollowSymLinks AllowOverride None AuthType Basic AuthName "Restricted Files" AuthUserFile /etc/apache2/passwords Require user someuser </Directory> The question is how can I exclude a specific URL from this? Proxy I found that the above password protection doesn't apply to mod_proxy, so I added this to my proxy.conf: <Proxy *> Order deny,allow Allow from all AuthType Basic AuthName "Restricted Files" AuthUserFile /etc/apache2/passwords Require user someuser </Proxy> How do I exclude a specific proxied URL from the password protection? I tried adding a new segment: <Proxy http://myspecific.url/> AuthType None </Proxy> but that didn't quite do the trick.

    Read the article

  • apache url rewrite not working as expected

    - by hetaoblog
    looks as if it's working now, i'm not doing anything... stange... I want to write http://www.1024jobs.net/jobs/view/17.jhtml to http://www.1024jobs.com/jobs/view/17.jhtml so i have tried either of below rules in .htaccess RewriteRule ^jobs/view/([0-9]+)\.jhtml$ http://www.1024jobs.com/jobs/view/$1.jhtml [L,R=301] RewriteRule ^jobs/view/([^.]+).jhtml$ http://www.1024jobs.com/jobs/view/$1.jhtml [L,R=301] but it's always translating to below url http://www.1024jobs.net/jobs/view/17.jhtml to http://www.1024jobs.com/jobs/view/.jhtml however, just found below is translated correctly.... http://www.1024jobs.net/jobs/view/16.jhtml can anyone help and explain? thx

    Read the article

  • Apache: Rewrite rule to remove slashes from the permalink?

    - by javipas
    I've seen this previous question on ServerFault, and I want something similar, but I'm not sure how to accomplish it. What I want is to remove all slashes from the permalink except for the one that goes after the domain name. For example: http://www.muycomputerpro.com/Actualidad/Especiales/La-Ciudad-Eficiente-Netapp would be redirected to http://www.muycomputerpro.com/ActualidadEspecialesLa-Ciudad-Eficiente-Netapp I need it to correct some 404 errors remaining on my WordPress blog under Apache web server. So, what would be the right rewrite rule?

    Read the article

  • How to prevent mod_cluster as single point failure?

    - by Hitesh
    In my configuration i used Apche+mod_cluster as a front_end(load balancer) server and two JBOSS AS 7.1.0 as backend server. In my configuration on one system i have install Apache+mod_cluster + JBOSS AS 7.1.0 and on other system JBOSS AS 7.1.0. Both JBOSS AS 7.1.0 are in domain mode means in clustering. My problem is that if Apche+mod_cluster crash than client can not access any JBOSS AS . I want to configure Apache+mod_cluster in Master_Slave format, means if one of Apache+mod_cluter down another Apache+mod_cluster become active and pass client(browser) request to back-end server in normal form without any interruption. Is there any way to make two Apache+mod_cluster to communicate with each other , means to check health status of each other and if any one get down other Apche+mod_cluster will do it's task ......

    Read the article

  • Enabled Apache mod_status but server-status was not found on SUSE enterprise 11 SP1

    - by Charles Yeung
    In /etc/apache2/httpd.conf, I have remove the line of Include mod_status and add the following to the last line, LoadModule status_module /usr/lib/apache2/mod_status.so ExtendedStatus On <Location /server-status> SetHandler server-status AllowOverride None Order Deny,Allow Deny from all Allow from all </Location> Then I restart Apache, and go to http://HOSTNAME/server-status, but I get the page not found, Did someone know why I get page not found? Is there any more step needed to do to see the Apache status? Thanks

    Read the article

  • Apache: redirect to https before AUTH for server-status

    - by Putnik
    I want to force https and basic auth for server-status output (mod_status). If I enable auth and user asks for http://site/server-status apache first asks for pass, then redirects to httpS, then asks for pass again. This question is similar to Apache - Redirect to https before AUTH and force https with apache before .htpasswd but I cannot get it work because we are speaking not about generic folder but Location structure. My config (shortly) is as follows: <Location /server-status> SSLRequireSSL <IfModule mod_rewrite.c> RewriteEngine on RewriteBase /server-status RewriteCond %{HTTPS} off RewriteCond %{SERVER_PORT} 80 RewriteRule ^ - [E=nossl] RewriteRule (.*) https://site/server-status} [R=301,L] </IfModule> SetHandler server-status Order deny,allow Deny from all Allow from localhost ip6-localhost Allow from 1.2.3.0/24 Allow from env=nossl AuthUserFile /etc/httpd/status-htpasswd AuthName "Password protected" AuthType Basic Require valid-user Satisfy any </Location> I assume Allow from env=nossl should allow everyone with RewriteCond %{HTTPS} off and server port 80, then force it to redirect but it does not work. Please note, I do not want force to SSL the whole site but /server-status only. If it matters the server has several sites. What am I doing wrong? Thank you.

    Read the article

  • Django apache + mod_wsgi with virtualenv

    - by ArgsKwargs
    I have some questions running multiple Django sites on a VPS I have a server that uses openPanel to automatically create VirtualHosts within apache2. My ideal situation is that I would have multiple virtualenvs with different dependencies installed so the python dist-packages directory isn't contaminated for different Django sites. For example: /home/user/virtualenv1 /home/user/virtualenv2 My django applications reside at /var/www, so For example: /var/www/djangosite1 /var/www/djangosite2 Now I've read upon openPanel docs and figured out the best thing todo is create a django.conf file inside the mydomain.com.inc folder, which looks something like: /etc/apache2/openpanel.d/mydomain.com.inc/django.conf DocumentRoot /var/www/djangosite1/project WSGIScriptAlias / /var/www/djangosite1/project/wsgi.py WSGIDaemonProcess mydomain python-path=/home/user/virtualenv1/lib/python2.6/site-packages <Directory /var/www/djangosite1/project> Order allow,deny Allow from all </Directory> Alias /static /var/www/djangosite1/project/static-root Now my problem is that this setup seems unable to find the virtualenv site-packages thus not recognizing any dependencies available in the given virtualenv Also, commenting out this line doesn't seem to break or change a thing: WSGIDaemonProcess mydomain python-path=/home/user/virtualenv1/lib/python2.6/site-packages For example: > service apache2 start ImportError: No module named South When I install South outside the virtualenv everything works

    Read the article

  • Own server, multiple website: most secure PHP setup

    - by plua
    Hi there, We have a company server with a variety of websites. They are maintained by different people from within our company. All websites are public. The server access is limited to our company only. This is NOT a shared hosting environment. We are looking into securing the server, currently analyzing the risk related to permissions of files. We feel the highest risk is when files are uploaded and then opened/executed by the public. This should not happen, but an error in a script might allow people to do so (there are image uploaders, file uploaders, etc). Uploader scripts use PHP. So the question is: what is the best way of setting / organizing permissions of files and processes? There seem to be several options to run PHP (and Apache), and setting the permissions. What should we take into consideration? Any tips? We are considering mod_php and FastCGI, but perhaps given our situation other solutions are preferred?

    Read the article

  • How to serve 410 from Apache rather than a 404

    - by DanSingerman
    On our site, we tend to remove pages a lot where the content has expired, and we want to return http status 410 rather than 404 for requests to pages (physical files) that don't exist on our server (the entire site is made up of static files). We have tried from http://diveintomark.org/archives/2003/03/27/http_error_410_gone but that just breaks our entire site, serving a 410 for every request. We are using Apache 2.2.3

    Read the article

  • How to use mod_proxy to let my index of Apache go to Tomcat ROOT and be able to browse my other Apac

    - by Dagvadorj
    Hello, I am trying to use my Tomcat application (deployed at ROOT) to be viewed from Apache port 80. To do this, I used mod_proxy, since mod_jk made me try harder. I used sth like this in httpd.conf: <location http://www.example.com> Order deny,allow Allow from all PassProxy http://localhost:8080/ PassProxyReverse http://localhost:8080/ </location> <Proxy *> Order deny,allow Allow from all </Proxy> And now I can not retrieve my previous sites on Apache, which was running prior to my configuration. How can I have both running?

    Read the article

< Previous Page | 53 54 55 56 57 58 59 60 61 62 63 64  | Next Page >