Search Results

Search found 14878 results on 596 pages for 'mod security'.

Page 127/596 | < Previous Page | 123 124 125 126 127 128 129 130 131 132 133 134 | Next Page >

Apache rewrite module, 404 not found

- by Eneroth3

I've been having some problems with rewriting directory styled addresses into query strings for my php scripts. Here's the code RewriteRule ^(\w+)/?(\w+)?/?(\w+)?/?$ /index.php?section=$1&category=$2&subcategory=$3 [QSA] This line works perfectly fine on both my local wamp and lamp server, and my friend's lamp server. However on the web hotel I've been using (freehostia) I only get a 404 error when trying to browse a "directory" that isn't really there (supposed to be generated by php). I've tried connecting their support but they only say 3rd party applications aren't their job. I know rewriteEngine is turned on because some basic redirect attempts have worked. Perhaps this line of code could be better written? It's quite important that extra queries are appended and would be nice (but not necessary) if the last slash could be left out. Any help is appreciated :)

Read the article
FreeBSD Server .htaccess issues

- by Will Ayers

Server Details: FreeBSD PHP Version 4.3.11 Apache Appache Modules: mod_throttle, mod_php4, mod_speedycgi, mod_ssl, mod_setenvif, mod_so, mod_unique_id, mod_headers, mod_expires, mod_auth_db, mod_auth_anon, mod_auth, mod_access, mod_rewrite, mod_alias, mod_actions, mod_cgi, mod_dir, mod_autoindex, mod_include, mod_info, mod_status, mod_negotiation, mod_mime, mod_mime_magic, mod_log_config, mod_define, mod_env, mod_vhost_alias, mod_mmap_static, http_core The issue I am having is when ever I write any kind of code in the .htaccess file, it throws a 500 Internal error I am simply trying to rewrite url's and am using the exact code that wordpress creates for me and even tried custom code used before on previous servers and it still does not work. WordPress created code: # BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase /lobster-tail-blog/ RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /lobster-tail-blog/index.php [L] </IfModule> # END WordPress And even a simple thing like this throws the error: <IfModule mod_rewrite.c> RewriteEngine On </IfModule> Anyone know of any fixes or why this is causing this error? I have the mod_rewrite module loaded

Read the article
Add a trailing slash mod_rewrite

- by Conner Stephen McCabe

just wondering how I add a trailing slash at the end of my URL's using Mod_Rewrite? This is my .htaccess file currently: RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^([^/]*)$ index.php?pageName=$1 My URL show like so: wwww.**.com/pageName I want it to show like so: wwww.**.com/pageName/ The URL is holding a GET request internally, but I want it to look like a genuine directory.

Read the article
How to change .htaccess file to work right in localhost?

- by Manolo Salsas

I have this snippet code in my .htaccess file to prevent users from hotlinking the server's images: RewriteEngine On RewriteCond %{HTTP_REFERER} ^$ [OR] RewriteCond %{HTTP_REFERER} !^http://(www.)?itransformer.es/.*$ [NC] RewriteRule \.(gif|jpe?g|png|wbmp)$ http://itransformer.es [R,L] Of course, it is not working in my localhost, but don't know how to achieve it. My guess is that I should change the domain name with any wildcard. Any idea? Update I've finally found out the answer thanks to @Chris solution: RewriteCond %{HTTP_REFERER} ^$ [OR] RewriteCond %{HTTP_REFERER} ^https?://%{HTTP_HOST}/.*/usuarios/.*$ [NC] RewriteRule \.(gif|jpe?g|png|wbmp)$ http://%{HTTP_HOST} [R=301,L] The /usuarios/ directory is because I only want to deny direct access to files inside this directory. Update2 For some reason, it doesn't work again. Finally I think that I found out a better solution: RewriteCond %{REQUEST_FILENAME} .*/usuarios/.*$ [NC] RewriteRule \.(gif|jpe?g|png|wbmp)$ http://%{HTTP_HOST} [R=301,L] I say better solution because what I want to deny is direct access to a file (image). Update3 Well, after a while I discovered above wasn't exactly what I wanted, so the next is definitive: RewriteCond %{HTTP_REFERER} ^$ [OR] RewriteCond %{HTTP_REFERER} !^https?://itransformer.*$ [NC] RewriteRule /usuarios/.*\.(gif|jpe?g|png|wbmp)$ - [R=404,L] Just two doubts: If I change the above to: RewriteCond %{HTTP_REFERER} ^$ [OR] RewriteCond %{HTTP_REFERER} !^https?://%{HTTP_HOST}.*$ [NC] RewriteRule /usuarios/.*\.(gif|jpe?g|png|wbmp)$ - [R=404,L] it doesn't work. I don't understand why, because %{HTTP_HOST} is equal to itransformer in my localhost, and it should work. The second doubt is why is shown the default 404 page and not my custom page (that is shown in all other 404 responses).

Read the article
Enabling mod_fcgid results in 403

- by laggingreflex

I have an EasyPHP 12.1 setup (latest) on Windows 7x64 and I'm trying to enable mod_fcgid for PHP. I have added the following in my httpd.conf Include conf/extra/httpd-vhosts.conf LoadModule fcgid_module modules/mod_fcgid.so FcgidInitialEnv PHPRC "C:\progra~2\EasyPHP-12.1\php\php546x121028092509" AddHandler fcgid-script .php FcgidWrapper "C:\progra~2\EasyPHP-12.1\php\php546x121028092509/php-cgi.exe" .php and Options ExecCGI Indexes FollowSymLinks under <Directory "${path}/www"> I've made sure the paths are all good and set permissions on the entire C:\progra~2\EasyPHP-12.1 and my www root to Everyone - Allow All. Yet I still get 403 on all server(localhost) requests. Along with Apache/2.4.2 (Win32) PHP/5.4.6 mod_fcgid/2.3.7 so I know mod_fcgid is enabled and is causing the 403. Commenting out the above lines from httpd.conf makes it work again but is slower than death (which is why I wanted mod_fcgid). What could I be doing wrong?

Read the article
mod_rewrite rules in httpd configuration

- by wag2639

How and where do I put my mod_rewrite rules in the httpd configuration so that they're only parsed once at startup instead of each time a file in my web directory is read. Additional info: assuming all scripts work in .htaccess file RHEL4 running Apache 2.0.52 multiple sub/domains on the the machine Thanks

Read the article
How to analyse logs after the site was hacked

- by Vasiliy Toporov

One of our web-projects was hacked. Malefactor changed some template files in project and 1 core file of the web-framework (it's one of the famous php-frameworks). We found all corrupted files by git and reverted them. So now I need to find the weak point. With high probability we can say, that it's not the ftp or ssh password abduction. The support specialist of hosting provider (after logs analysis) said that it was the security hole in our code. My questions: 1) What tools should I use, to review access and error logs of Apache? (Our server distro is Debian). 2) Can you write tips of suspicious lines detection in logs? Maybe tutorials or primers of some useful regexps or techniques? 3) How to separate "normal user behavior" from suspicious in logs. 4) Is there any way to preventing attacks in Apache? Thanks for your help.

Read the article
AJP Connector Apache-Tomcat with php and java application

- by Safari

I have a question about proxy and ajp module. On my machine I have a Apache web server and a Tomcat servlet container. On Tomcat is running a my java webapplication. On Apache I have some services and I can call these in this way: http://myhos/service1 http://myhos/service2 http://myhos/service3 I would configurate a ajp connector to call my tomcat webapplication from Apache. I would somethin as http://myhost to call the Tomcat webapp. So, I configurated my apache in this way..and I have what I wanted: I can use http://myHost to visualize the Tomcat webApp by Apache. <VirtualHost *:80> ProxyRequests off ProxyPreserveHost On ServerAlias myserveralias ErrorLog logs/error.log CustomLog logs/access.log common <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass /server-status ! ProxyPass /balancer-manager ! ProxyPass / balancer://mycluster/ stickysession=JSESSIONID nofailover=Off maxattempts=1 <Proxy balancer://mycluster> BalancerMember ajp://myIp:8009 min=10 max=100 route=portale loadfactor=1 ProxySet lbmethod=bytraffic </Proxy> <Location /balancer-manager> SetHandler balancer-manager Order deny,allow Allow from localhost </Location> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent </VirtualHost> But, now I can't use the apache services: If I use http://myhos/service1 I have an error because apache try to search service1 on my tomcatWebApp. Is there a way to fix it?

Read the article
Apache Rewrite Rules breaking each other?

- by neezer

I have this rule: RewriteCond %{REQUEST_URI} ^/(manhattan|queens|westchester|new-jersey|bronx|brooklyn)-apartments/.*$ RewriteCond %{REQUEST_URI} !^/guide/(.*)$ RewriteRule ^(.*)$ /home/neezer/public-html/domain.com/guide/$1 [L] Which works great on it's own. Essentially, I have a bunch of directories that have a bunch of files in them that I want to keep in the "/guide" folder, but I want them to appear at the web root for SEO reasons. This rule works, but unfortunately the original URL's still work too (with "/guide"). I want to 301 Redirect the ones with "/guide" in the URL to those without, without actually moving the files on the server. I tried adding this rule: RewriteCond %{REQUEST_URI} ^/guide/(manhattan|queens|westchester|new-jersey|bronx|brooklyn)-apartments/.*$ RewriteRule ^guide/(.*)$ http://www.domain.com/$1 [R=301,L] ... but that breaks my first rule completely. Any thoughts about what I might be doing wrong? Please let me know if you need to know anything else from me to help me with this issue.

Read the article
how to separate a network for traffic

- by Student_CVO

At the moment our all computers in one big LAN, it is the intention to separate the admin and edu (it's in a school) especially for traffic and less for security. How do this best? I have a drawing, but can't post it (a can send it in a mail) Firewall?, VLAN?, IPCop (no two green zones)?, pfsense? ... Should there be two scopes on the dhcp server (WIN 2008 R2), one for admin and one for edu or is one scope enough? I would like your advice, I am a student in training with this task as a project. Thanks

Read the article
proxy_ajp wildcards

- by The Digital Ninja

I need to setup apache so that any site.com/ANYTHING/servlet/ANYTHING goes over ajp into tomcat, but regular files will go through apache still. I have been messing around with this to no avail <LocationMatch "./*/servlet/*"> Order Allow,Deny Allow from all ProxyPass ajp://localhost:8009/ ProxyPassReverse / </LocationMatch> This works at directing everything to our tomcat insance. ProxyPass / ajp://localhost:8009/

Read the article
How to use mod_proxy to let my index of Apache go to Tomcat ROOT and be able to browse my other Apac

- by Dagvadorj

Hello, I am trying to use my Tomcat application (deployed at ROOT) to be viewed from Apache port 80. To do this, I used mod_proxy, since mod_jk made me try harder. I used sth like this in httpd.conf: <location http://www.example.com> Order deny,allow Allow from all PassProxy http://localhost:8080/ PassProxyReverse http://localhost:8080/ </location> <Proxy *> Order deny,allow Allow from all </Proxy> And now I can not retrieve my previous sites on Apache, which was running prior to my configuration. How can I have both running?

Read the article
How do I redirect/rewrite to the FQDN URL without setting ServerName?

- by ChaimKut

Often in intranets, users will direct URLs to a hostname without supplying the FQDN. Example: http://internalHost Instead of http://internalHost.example.com I would like to redirect users / rewrite URLs so that everything will use the FQDN. Here's the catch: I don't want to set ServerName explicitly. (This is for a product which will be deployed in multiple intranets so we can't know the value of ServerName ahead of time). According to: http://wiki.apache.org/httpd/CouldNotDetermineServerName Apache uses a reverse lookup to determine a default FQDN. How can I make use of/reference that FQDN that Apache is using for a mod_rewrite or redirect?

Read the article
How to tell httpd to preserve the proxied error message?

- by ZNK - M

I have an httpd server proxying the requests to 2 different tomcat servers. One of my server handles the authentication and returns a specific http error code 521 when the user already have a running session. My issue is httpd automatically maps this 521 error code to a 500 (internal server error) and then my client can not handle it properly. I have tried to disable ProxyErrorOverride, to remove the /error/HTTP_INTERNAL_SERVER_ERROR.html.var but it does not changes anything. How can I ask httpd to not change anything to the proxied message? <IfModule proxy_module> ProxyPass /context1 http://127.0.0.1:8001/context1 ProxyPass /context2 http://127.0.0.1:8002/context2 ProxyPreserveHost Off ProxyErrorOverride Off </IfModule> Thanks in advance httpd 2.2.22 (Win32) mod_ssl tomcat 7.25 windows 7 64-bits

Read the article
Mod_rewrite to eliminate query strings

- by Greg Frommer

Hi everyone, I have been working on this for a while but I'm not finding exactly what I am looking for. I am writing a webapp to let my users create and publish pieces of HTML content in a domain and URL folder structure of their choosing. All of the content and requested URL structures are stored in a database. I have all of the code in my index.php (in the root folder) to access the database content, and based on the server name (and hopefully folder structure) will pick out the proper content from the DB and display it to the end-users browser. So my situation looks like this: www.test.com/index.php?id=123234345 ... will display the proper page, but I want my users to be able to define a unique "page name" instead of using the numeric index (also I want to hide the /index.php part) so what I would like the end-user to see is: www.test.com/arbitrary-unique-keyword/keyword2/keyword3 which will invoke the index.php page in the root folder. Then I will use the PHP $_SERVER['PATH_INFO'] variable to match the requested folder structure up with the proper content in my database and display that. All the material I have found so far expects me to hard code parts of the folder structure into the rules.... but I think I want something simpler (perhaps). So the question in a nutshell: How do I use mod_rewrite to allow all "non-existent" folder paths be passed through to a main index.php residing in the root folder? (For all paths that DO exist, like for calls to images... I want those to succeed and not be directed to the index.php obviously) Thanks everyone, please let me know if I can clear anything up.

Read the article
Using mod_rewrite to hide tomcat port

- by user123181

I have apps on Tomcat that use URLs like this: http://xxx:8080/myapp I don't want the users to see the port in the URL. Hi can do a rewrite rule like this: RewriteRule ^/myapp(.*) http://xxx:8080/myapp$1 [P,L] This way, if a user goes to the URL http://xxx/myapp he can enter the app fine, but the port will still show up on the browser. I want the URL that the user sees to be always http://xxx/myapp How can I do this using mod_rewrite?

Read the article
Jenkins projects not visible even though user has all privleges

- by Frank Rosario

We want to lock down Jenkins and specific jobs to certain personnel. I have my account with all global privileges granted with project based matrix security. A coworker has a similar account and has been granted all the same privileges. When I log in with my account, I can see all of the projects we have setup. When my coworker whom has the exact same privileges logs in, none of the projects are visible. I've double and triple checked the permissions matrix to make sure we have the same global privileges; we do. Some of the projects have project specific privileges setup as well, but again; I've confirmed that both of us have the same access to these projects as well. So why can I see all the projects and my coworker is unable to see any of the projects?

Read the article
How can I flush my ssh keys on power management activity?

- by Sam Halicke

Hi all, Using ssh-agent and private keys per the usual. Everything's working as normal. My question regards best practices on flushing keys from ssh-add on activity like sleep, suspend, hibernate, etc. I thought about writing a simple wrapper around those commands, but then wondered if are they even called? Or does the kernel initiate this activity directly? Are the PM utilities strictly userland? I would like this additional layer of security beyond locking my screen, etc. and was wondering if anyone else had solved this elegantly or has best practices to recommend. Thanks.

Read the article
Concerns about a Dedicated (Windows Server 2008) + DDoS

- by TheKillerDev

I am have today a dedicated server with these specs: Intel Core i5 750, 2x120GB (ssd + raid), Windows Server 2008 Web, 200Mbps Network, 24 Gb DD3 And I would like to know what are the best thing I can do to prevent a DDoS Attack, since I know this will be a real threat by the importance of the files that will be archived in it. Today I have apache listening port 80 and RDC listening port 3389. But the security is beeing made only by Windows Firewall. So, any thoughts on what would be good to prevent from DDoS attacks?

Read the article
How to get uncaught PHP errors from fcgi server

- by jason

My web hosting company recently replaced suPHP with fcgi on my dedicated server because I needed opcode functionality. Since then I see loads of 500 errors in apache error and php error log is empty. I have no way to figure out whats the root cause. One reason I found out was time out so my hosting company changed FcgidConnectTimeout and FcgidIOTimeout to a value of 200. I believe there are no more timeout errors in my php script. My question is how do I capture PHP error before 500 internal server error page display to user? I am using Centos 5.8 server, WHM 11.34.0 (build 9), PHP 5.3.18 and Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.6

Read the article
apache 'The specified module could not be found. ' error

- by Weiwei

Hi all, I got thie message when i started apache service The Apache service named reported the following error: httpd.exe: Syntax error on line 128 of C:/data/apache/conf/httpd.conf: Cannot load C:/data/apache/modules/mod_wsgi.so into server: The specified module could not be found. . Not sure what went wrong, I do have "C:/data/apache/modules/mod_wsgi.so" Thanks for any help.

Read the article
How do i enable deflate on apache2? debian

- by acidzombie24

I looked at the other answers and those solutions did not help. I am completely confused how to do this. I know almost nothing about apache nor how to use it and nearly all the article say write this but doesnt tell me where. So far i have done this # a2enmod deflate Module deflate already enabled Then i tried writing this in httpd.conf AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css Then i wrote a longer version which involved deflate.c. After those didnt work i deleted them all and wrote the AddOutputFilterByType line in apache2/sites-enabled/000-default inside of I used this to test http://www.whatsmyip.org/http_compression/ everytime it says no compression. I used another site but i could never compress. Also i restart the server everytime i save a file so what could be the problem and how do i enable this properly?

Read the article
How to serve 410 from Apache rather than a 404

- by DanSingerman

On our site, we tend to remove pages a lot where the content has expired, and we want to return http status 410 rather than 404 for requests to pages (physical files) that don't exist on our server (the entire site is made up of static files). We have tried from http://diveintomark.org/archives/2003/03/27/http_error_410_gone but that just breaks our entire site, serving a 410 for every request. We are using Apache 2.2.3

Read the article
mod_fcgi in virtualmin: graceful kill fail, sending SIGKILL?

- by mgjk

Yesterday around 1am, our server ground to a crawl. This doesn't happen often, but I'm trying to get to the bottom of it. There is no unusual traffic volume, no unusual processes running, just all of the sudden the server started killing fcgid processes. [Thu Aug 02 01:17:32 2012] [warn] mod_fcgid: process 26460 graceful kill fail, sending SIGKILL ... for as many fcgid processes as we have... CPU idle fell to 0% and I/O seemed to take up most of the load. The issue lasted about 5 minutes. I suspect there was some swap activity, although I'm not sure if it was due to killed processes being swapped in to die, or if it was because some process ramped up memory usage faster than my process watching scripts can see them. The oom-killer wasn't triggered (at least it's not logged), so I think this was Apache for some reason restarting the processes. This is not regular, and nothing obvious appears in cron. Is there a normal Apache process which might cause this? We run dozens of different sites, and it was late at night, so volume was very, very low. (maybe 200 requests in a 10 minute period).

Read the article
direct http to https on certain pages?

- by Elliott

Hi below is some code I added to my .htaccess code how can I add certain pages to be re-directed to https? such as login.php & login.html also if the user types in www. they get a "untrusted connection" as the SSL is only valid without the www. how could I fix this? Thanks RewriteEngine On RewriteCond %{HTTPS} off RewriteCond %{REQUEST_URI} /login.html RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Read the article

< Previous Page | 123 124 125 126 127 128 129 130 131 132 133 134 | Next Page >