Re: [users@httpd] PHP-7.2.5 with Apache-2.4.25
have you install mod_php72? pkg info | grep "mod_php" mod_php72-7.2.6 if not you need to install it pkg install mod_php72 in httpd.conf LoadModule php7_module libexec/apache24/libphp7.so I hope this help! Thanks, Mot On 06/27/2018 03:09 AM, Hemant Chaudhary wrote: > Hi, > > I was using mod_php of php-5.5.37 with apache-2.4.25 and it was > working fine. I upgraded the php to php-7.2.5. But after upgrade, > mod_php is not able to unload properly. > > Does anybody also face the same issue. > > Thanks > Hemant - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] redirects on Apache 2.4.
Hello, I often sent users links to manual or howtos behind a portal that requires username and password. However, users get redirected to homepage after they successfully logged in. I suspect this htaccess file is the cause. My objective is to allow users to view any page only "if web_route" cookie is present and if cookie is not present they would need to log in first. .htaccess: ## Can be commented out if causes errors, see notes above. Options +FollowSymLinks RewriteEngine on RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteRule . /index.php [L] ErrorDocument 404 index.php RewriteCond %{HTTP_COOKIE} !^.*web_route.*$ [NC] RewriteRule ^ https://apps.mydomain.com/portal/account/LogOn?ReturnUrl=https://portal.mydo main.com/ [R=301,L]
Re: [users@httpd] Apache24 - how to optimize httpd.conf
Thanks for your suggestions! Thanks, Motty On 06/09/2015 06:59 AM, James Smith wrote: In many cases it will only be a few packets anyway so won't actually make that much difference! The point is that it is better to stop the request in the first place by setting the appropriate expires/cache control header... than use the etag mechanism... James On 09/06/2015 14:56, Frederik Nosi wrote: Hi James, On 06/09/2015 02:36 PM, James Smith wrote: Yes - it is the request over head - the client will still make the request at which point the server has got to decide has it changed before even - which for most static requests is the heaviest (slowest) part before returning the not-changed response - and then serving the content! But at this point the server in case of a positive match will send just a 304 reply with no content, thus saving bandwith and time (due to eventual roundtrips) no? You are better to: (a) set near future or mid future headers [ expires in a month or in a year] Sure, the best request is the one that does not even come :-) (b) alter filenames if you significantly change the file contents [ we use MD5 of content for js/css ] This only if you're in the posisition to decide the site layout though. Note this is hyper-tuning of Apache... some people may want to enable it - it was originally set up when most users were on 28K/33.6K modems (or slower) and the transfer of data was the slow part of the equation! James [...] Thanks, Frederik -- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE.
Re: [users@httpd] Apache24 restrict director access by IP
Thanks, seem to be blocking me when accesssing from a different IP now: here is the code am using: # defese agains brute force attacks Directory ~ /administrator order deny,allow Deny from all allow from 192.168.1.65 /Directory yes! I am using Apache 2.4 version. On 06/09/2015 02:18 PM, Richard wrote: Date: Tuesday, June 09, 2015 02:11:55 PM -0700 From: Motty Cruz motty.c...@gmail.com Hello, I am trying to restrict access to joomla Administrator directory by IP: # defese agains brute force attacks Directory /administrator order deny,allow Deny from all Require ip 192.168.1.65 /Directory this code on httpd.conf is not stopping me from logging onto www.site.com/administrator any ideas? I used this http://httpd.apache.org/docs/2.4/en/mod/mod_authz_host.html Thanks Motty What you are showing are apache 2.2 access control directives. These changed with 2.4, so if you are using 2.4, as implied by your subject line, see the Run-Time Configuration Changes section of: http://httpd.apache.org/docs/2.4/upgrading.html - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Apache24 restrict director access by IP
Hello, I am trying to restrict access to joomla Administrator directory by IP: # defese agains brute force attacks Directory /administrator order deny,allow Deny from all Require ip 192.168.1.65 /Directory this code on httpd.conf is not stopping me from logging onto www.site.com/administrator any ideas? I used this http://httpd.apache.org/docs/2.4/en/mod/mod_authz_host.html Thanks Motty - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Apache24 restrict director access by IP
Thanks for your support; I changed my code to this: Directory ~ /administrator Require all denied Require ip 192.168.1.65 /Directory now is working fine. Thanks, Motty On 06/09/2015 02:27 PM, Richard wrote: Original Message Date: Tuesday, June 09, 2015 09:18:02 PM + From: Richard lists-apa...@listmail.innovate.net Date: Tuesday, June 09, 2015 02:11:55 PM -0700 From: Motty Cruz motty.c...@gmail.com Hello, I am trying to restrict access to joomla Administrator directory by IP: # defese agains brute force attacks Directory /administrator order deny,allow Deny from all Require ip 192.168.1.65 /Directory this code on httpd.conf is not stopping me from logging onto www.site.com/administrator any ideas? I used this http://httpd.apache.org/docs/2.4/en/mod/mod_authz_host.html Thanks Motty What you are showing are apache 2.2 access control directives. These changed with 2.4, so if you are using 2.4, as implied by your subject line, see the Run-Time Configuration Changes section of: http://httpd.apache.org/docs/2.4/upgrading.html Apologies (overlooked part of your directives) -- You have a mix of 2.2 and 2.4 directives. The order directives are 2.2, while require are 2.4, so I suspect your directives aren't being parsed correctly by your 2.4 environment. I think things are clearer in the upgrading document than the one you referenced. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Apache24 - how to optimize httpd.conf
Hello, I added this code on .htaccess IfModule mod_mime.c AddType application/x-javascript .js AddType text/css .css /IfModule IfModule mod_deflate.c *AddOutputFilterByType DEFLATE text/css application/x-javascript text/x-component text/html text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon application/javascript* IfModule mod_setenvif.c BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4\.0[678] no-gzip BrowserMatch \bMSIE !no-gzip !gzip-only-text/html /IfModule IfModule mod_headers.c Header append Vary User-Agent env=!dont-vary /IfModule /IfModule does not seem to make a difference! On 06/08/2015 02:38 PM, Emir Ibrahimbegovic wrote: What have you tried? On Mon, Jun 8, 2015 at 5:35 PM, Motty Cruz motty.c...@gmail.com mailto:motty.c...@gmail.com wrote: Hello, I am getting the following suggestions from: https://developers.google.com/speed/pagespeed/insights/ Should Fix: Optimize images Leverage browser caching Consider Fixing: Eliminate render-blocking JavaScript and CSS in above-the-fold content Minify CSS Minify HTML What is the best practice to solve errors above? Thanks, - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org mailto:users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org mailto:users-h...@httpd.apache.org
[users@httpd] Apache24 - how to optimize httpd.conf
Hello, I am getting the following suggestions from: https://developers.google.com/speed/pagespeed/insights/ Should Fix: Optimize images Leverage browser caching Consider Fixing: Eliminate render-blocking JavaScript and CSS in above-the-fold content Minify CSS Minify HTML What is the best practice to solve errors above? Thanks, - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Re: Apache 2.4 PHP 5.5
Thanks Good Guy, I am not getting anything similar to the example you have, I get a blank page, (using chrome) then I get file download Thanks, On Wed, Aug 6, 2014 at 5:38 PM, Good Guy xfs...@hotmail.com wrote: On 06/08/2014 21:38, motty cruz wrote: Thanks, I created index.php with the following: ?php phpinfo(); ? when I go to localhost, it download file. I don't get an error, Well I don't know what it means it download file because that small file is not supposed to download anything but it should show something like this: [image: PhP-Info] http://content.screencast.com/users/JT19560819/folders/Jing/media/b24b1096-bdcd-430d-aa14-682182b5a980/2014-08-07_0133.png Do you get anything like this? If so then PHP module is working but it might need some tinkering if something doesn't work.
[users@httpd] Apache 2.4 PHP 5.5
Hello, I just finished installing Apache 2.4 and PHP 5.5 on FreeBSD 10, but Apache 2.4 is not loading PHP. can someone help me with this issue? Thanks in advance
Re: [users@httpd] Apache 2.4 PHP 5.5
Thanks, I created index.php with the following: ?php phpinfo(); ? when I go to localhost, it download file. I don't get an error, Thanks again, On Wed, Aug 6, 2014 at 12:04 PM, Jeff Trawick traw...@gmail.com wrote: On Wed, Aug 6, 2014 at 1:07 PM, Jeff Trawick traw...@gmail.com wrote: On Wed, Aug 6, 2014 at 10:57 AM, motty cruz motty.c...@gmail.com wrote: Hello, I just finished installing Apache 2.4 and PHP 5.5 on FreeBSD 10, but Apache 2.4 is not loading PHP. can someone help me with this issue? Thanks in advance error messages? I probably read too much into loading. What exactly is the symptom? Have you read this? http://php.net/manual/en/install.unix.apache2.php What is your configuration? With the LoadModule for php and FilesMatch \.php$ SetHandler application/x-httpd-php /FilesMatch it should be trivial to get some simple test.php working. (test.ph contains the classic ?php phpinfo(); ?
[users@httpd] PHP Warning
Hello, I noticed the following error in my error logs: [error] [client 50.17.211.201] PHP Warning: Unknown: Input variables exceeded 1000. To increase the limit change max_input_vars in php.ini. in Unknown on line 0 it seems to me that person tried to inject my website how do i know if it was successful?
Re: [users@httpd] PHP Warning
Thanks for your prompt reply David; This is the first time i see this error, I'm a bit unclear on how to clean up inputs, I will look that up. Thanks for the hint, On Fri, Jun 21, 2013 at 7:29 AM, David Guerra imdavidgue...@gmail.comwrote: Do you clean your inputs? If so, then it doesn't matter unless you get a ton of these. On Fri, Jun 21, 2013 at 10:19 AM, motty cruz motty.c...@gmail.com wrote: Hello, I noticed the following error in my error logs: [error] [client 50.17.211.201] PHP Warning: Unknown: Input variables exceeded 1000. To increase the limit change max_input_vars in php.ini. in Unknown on line 0 it seems to me that person tried to inject my website how do i know if it was successful? -- Take Care, David Guerra http://frustratedtech.com/
[users@httpd] block directories using Apache22
Hello, I am trying to block a directory from being access except my IP but I had being unsuccessful in doing so, please help: First I place this in httpd.conf Directory /usr/local/www/apache22/data Options Indexes FollowSymLinks Options ALL -Indexes IndexIgnore * AllowOverride None Order allow,deny Allow from all RewriteEngine On RewriteBase / RewriteCond %{REQUEST_METHOD} POST RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC] RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR] RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$ RewriteRule ^(.*)$ - [R=403,L] RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR] RewriteCond %{QUERY_STRING} (\|%3C).*script.*(\|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\|%3C).*iframe.*(\|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) RewriteRule ^(.*)$ index_error.php [F,L] RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] RewriteRule ^my-admin$ wp-login.php [L,NC,QSA] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] /Directory I also tried this : on the / directory .htaccess FilesMatch wp-login.php Order Allow,Deny Allow from 192.168.8.4 Deny from all /FilesMatch Is the wp-admin or wp-login.php script that I'm trying to protect from brute force attacks, Thanks, Motty
Re: [users@httpd] block directories using Apache22
Hello David, this is the content on .htaccess # BEGIN WordPress IfModule mod_rewrite.c RewriteEngine On RewriteCond %{REQUEST_METHOD} POST RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC] RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR] RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$ RewriteRule ^(.*)$ - [R=403,L] RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] /IfModule FilesMatch wp-login.php Order Deny,Allow Deny from all Allow from 192.169.8.4 /FilesMatch # END WordPress but no success! On Wed, Jun 12, 2013 at 8:43 AM, David Guerra imdavidgue...@gmail.comwrote: Flop Allow and Deny so that your IP is whitelisted after the Deny from all. On Wed, Jun 12, 2013 at 11:20 AM, motty cruz motty.c...@gmail.com wrote: Hello, I am trying to block a directory from being access except my IP but I had being unsuccessful in doing so, please help: First I place this in httpd.conf Directory /usr/local/www/apache22/data Options Indexes FollowSymLinks Options ALL -Indexes IndexIgnore * AllowOverride None Order allow,deny Allow from all RewriteEngine On RewriteBase / RewriteCond %{REQUEST_METHOD} POST RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC] RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR] RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$ RewriteRule ^(.*)$ - [R=403,L] RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR] RewriteCond %{QUERY_STRING} (\|%3C).*script.*(\|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\|%3C).*iframe.*(\|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) RewriteRule ^(.*)$ index_error.php [F,L] RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] RewriteRule ^my-admin$ wp-login.php [L,NC,QSA] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] /Directory I also tried this : on the / directory .htaccess FilesMatch wp-login.php Order Allow,Deny Allow from 192.168.8.4 Deny from all /FilesMatch Is the wp-admin or wp-login.php script that I'm trying to protect from brute force attacks, Thanks, Motty
Re: [users@httpd] block directories using Apache22
192.168.9.43 - - [12/Jun/2013:09:05:23 -0700] GET /wp-login.php HTTP/1.1 200 1085 I am still able to get access from a different IP than the one allow in .htaccess as you suggest: Files wp-login.php order deny,allow Deny from all allow from 192.168.8.4 /Files On Wed, Jun 12, 2013 at 9:01 AM, David Guerra imdavidgue...@gmail.comwrote: Try this format: Files wp-login.php order deny,allow Deny from all allow from xx.xxx.xx.xx allow from xx.xxx.xx.xx /Files On Wed, Jun 12, 2013 at 11:52 AM, motty cruz motty.c...@gmail.com wrote: Hello David, this is the content on .htaccess # BEGIN WordPress IfModule mod_rewrite.c RewriteEngine On RewriteCond %{REQUEST_METHOD} POST RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC] RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR] RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$ RewriteRule ^(.*)$ - [R=403,L] RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] /IfModule FilesMatch wp-login.php Order Deny,Allow Deny from all Allow from 192.169.8.4 /FilesMatch # END WordPress but no success! On Wed, Jun 12, 2013 at 8:43 AM, David Guerra imdavidgue...@gmail.comwrote: Flop Allow and Deny so that your IP is whitelisted after the Deny from all. On Wed, Jun 12, 2013 at 11:20 AM, motty cruz motty.c...@gmail.comwrote: Hello, I am trying to block a directory from being access except my IP but I had being unsuccessful in doing so, please help: First I place this in httpd.conf Directory /usr/local/www/apache22/data Options Indexes FollowSymLinks Options ALL -Indexes IndexIgnore * AllowOverride None Order allow,deny Allow from all RewriteEngine On RewriteBase / RewriteCond %{REQUEST_METHOD} POST RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC] RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR] RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$ RewriteRule ^(.*)$ - [R=403,L] RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR] RewriteCond %{QUERY_STRING} (\|%3C).*script.*(\|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\|%3C).*iframe.*(\|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) RewriteRule ^(.*)$ index_error.php [F,L] RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] RewriteRule ^my-admin$ wp-login.php [L,NC,QSA] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] /Directory I also tried this : on the / directory .htaccess FilesMatch wp-login.php Order Allow,Deny Allow from 192.168.8.4 Deny from all /FilesMatch Is the wp-admin or wp-login.php script that I'm trying to protect from brute force attacks, Thanks, Motty
Re: [users@httpd] block directories using Apache22
Thanks for your help David, can this be accomplish in httpd.conf? Thanks, On Wed, Jun 12, 2013 at 9:07 AM, motty cruz motty.c...@gmail.com wrote: 192.168.9.43 - - [12/Jun/2013:09:05:23 -0700] GET /wp-login.php HTTP/1.1 200 1085 I am still able to get access from a different IP than the one allow in .htaccess as you suggest: Files wp-login.php order deny,allow Deny from all allow from 192.168.8.4 /Files On Wed, Jun 12, 2013 at 9:01 AM, David Guerra imdavidgue...@gmail.comwrote: Try this format: Files wp-login.php order deny,allow Deny from all allow from xx.xxx.xx.xx allow from xx.xxx.xx.xx /Files On Wed, Jun 12, 2013 at 11:52 AM, motty cruz motty.c...@gmail.comwrote: Hello David, this is the content on .htaccess # BEGIN WordPress IfModule mod_rewrite.c RewriteEngine On RewriteCond %{REQUEST_METHOD} POST RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC] RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR] RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$ RewriteRule ^(.*)$ - [R=403,L] RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] /IfModule FilesMatch wp-login.php Order Deny,Allow Deny from all Allow from 192.169.8.4 /FilesMatch # END WordPress but no success! On Wed, Jun 12, 2013 at 8:43 AM, David Guerra imdavidgue...@gmail.comwrote: Flop Allow and Deny so that your IP is whitelisted after the Deny from all. On Wed, Jun 12, 2013 at 11:20 AM, motty cruz motty.c...@gmail.comwrote: Hello, I am trying to block a directory from being access except my IP but I had being unsuccessful in doing so, please help: First I place this in httpd.conf Directory /usr/local/www/apache22/data Options Indexes FollowSymLinks Options ALL -Indexes IndexIgnore * AllowOverride None Order allow,deny Allow from all RewriteEngine On RewriteBase / RewriteCond %{REQUEST_METHOD} POST RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC] RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR] RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$ RewriteRule ^(.*)$ - [R=403,L] RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR] RewriteCond %{QUERY_STRING} (\|%3C).*script.*(\|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\|%3C).*iframe.*(\|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) RewriteRule ^(.*)$ index_error.php [F,L] RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] RewriteRule ^my-admin$ wp-login.php [L,NC,QSA] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] /Directory I also tried this : on the / directory .htaccess FilesMatch wp-login.php Order Allow,Deny Allow from 192.168.8.4 Deny from all /FilesMatch Is the wp-admin or wp-login.php script that I'm trying to protect from brute force attacks, Thanks, Motty
Re: [users@httpd] block directories using Apache22
I am not using virtual host, I'm adding to .htaccess in the root directory of web site. but after adding this to my httpd.conf file it worked perfectly fine. Thank you very much David for your help, -Motty On Wed, Jun 12, 2013 at 9:09 AM, David Guerra imdavidgue...@gmail.comwrote: Yes, it should work just fine. Are you putting this in the virtual host? On Wed, Jun 12, 2013 at 12:08 PM, motty cruz motty.c...@gmail.com wrote: Thanks for your help David, can this be accomplish in httpd.conf? Thanks, On Wed, Jun 12, 2013 at 9:07 AM, motty cruz motty.c...@gmail.com wrote: 192.168.9.43 - - [12/Jun/2013:09:05:23 -0700] GET /wp-login.php HTTP/1.1 200 1085 I am still able to get access from a different IP than the one allow in .htaccess as you suggest: Files wp-login.php order deny,allow Deny from all allow from 192.168.8.4 /Files On Wed, Jun 12, 2013 at 9:01 AM, David Guerra imdavidgue...@gmail.comwrote: Try this format: Files wp-login.php order deny,allow Deny from all allow from xx.xxx.xx.xx allow from xx.xxx.xx.xx /Files On Wed, Jun 12, 2013 at 11:52 AM, motty cruz motty.c...@gmail.comwrote: Hello David, this is the content on .htaccess # BEGIN WordPress IfModule mod_rewrite.c RewriteEngine On RewriteCond %{REQUEST_METHOD} POST RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC] RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR] RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$ RewriteRule ^(.*)$ - [R=403,L] RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] /IfModule FilesMatch wp-login.php Order Deny,Allow Deny from all Allow from 192.169.8.4 /FilesMatch # END WordPress but no success! On Wed, Jun 12, 2013 at 8:43 AM, David Guerra imdavidgue...@gmail.com wrote: Flop Allow and Deny so that your IP is whitelisted after the Deny from all. On Wed, Jun 12, 2013 at 11:20 AM, motty cruz motty.c...@gmail.comwrote: Hello, I am trying to block a directory from being access except my IP but I had being unsuccessful in doing so, please help: First I place this in httpd.conf Directory /usr/local/www/apache22/data Options Indexes FollowSymLinks Options ALL -Indexes IndexIgnore * AllowOverride None Order allow,deny Allow from all RewriteEngine On RewriteBase / RewriteCond %{REQUEST_METHOD} POST RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC] RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR] RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$ RewriteRule ^(.*)$ - [R=403,L] RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR] RewriteCond %{QUERY_STRING} (\|%3C).*script.*(\|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\|%3C).*iframe.*(\|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) RewriteRule ^(.*)$ index_error.php [F,L] RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] RewriteRule ^my-admin$ wp-login.php [L,NC,QSA] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] /Directory I also tried this : on the / directory .htaccess FilesMatch wp-login.php Order Allow,Deny Allow from 192.168.8.4 Deny from all /FilesMatch Is the wp-admin or wp-login.php script that I'm trying to protect from brute force attacks, Thanks, Motty
Re: [users@httpd] block directories using Apache22
you're right I did not have htaccess override set to allow, I just fixed it too; yeah, them busters are giving me headache lately, Thanks again! On Wed, Jun 12, 2013 at 9:17 AM, David Guerra imdavidgue...@gmail.comwrote: Glad I could help. Your issue is probably that you don't have htaccess override set to allow. :) Kick those bots! On Wed, Jun 12, 2013 at 12:16 PM, motty cruz motty.c...@gmail.com wrote: I am not using virtual host, I'm adding to .htaccess in the root directory of web site. but after adding this to my httpd.conf file it worked perfectly fine. Thank you very much David for your help, -Motty On Wed, Jun 12, 2013 at 9:09 AM, David Guerra imdavidgue...@gmail.comwrote: Yes, it should work just fine. Are you putting this in the virtual host? On Wed, Jun 12, 2013 at 12:08 PM, motty cruz motty.c...@gmail.comwrote: Thanks for your help David, can this be accomplish in httpd.conf? Thanks, On Wed, Jun 12, 2013 at 9:07 AM, motty cruz motty.c...@gmail.comwrote: 192.168.9.43 - - [12/Jun/2013:09:05:23 -0700] GET /wp-login.php HTTP/1.1 200 1085 I am still able to get access from a different IP than the one allow in .htaccess as you suggest: Files wp-login.php order deny,allow Deny from all allow from 192.168.8.4 /Files On Wed, Jun 12, 2013 at 9:01 AM, David Guerra imdavidgue...@gmail.com wrote: Try this format: Files wp-login.php order deny,allow Deny from all allow from xx.xxx.xx.xx allow from xx.xxx.xx.xx /Files On Wed, Jun 12, 2013 at 11:52 AM, motty cruz motty.c...@gmail.comwrote: Hello David, this is the content on .htaccess # BEGIN WordPress IfModule mod_rewrite.c RewriteEngine On RewriteCond %{REQUEST_METHOD} POST RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC] RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR] RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$ RewriteRule ^(.*)$ - [R=403,L] RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] /IfModule FilesMatch wp-login.php Order Deny,Allow Deny from all Allow from 192.169.8.4 /FilesMatch # END WordPress but no success! On Wed, Jun 12, 2013 at 8:43 AM, David Guerra imdavidgue...@gmail.com wrote: Flop Allow and Deny so that your IP is whitelisted after the Deny from all. On Wed, Jun 12, 2013 at 11:20 AM, motty cruz motty.c...@gmail.comwrote: Hello, I am trying to block a directory from being access except my IP but I had being unsuccessful in doing so, please help: First I place this in httpd.conf Directory /usr/local/www/apache22/data Options Indexes FollowSymLinks Options ALL -Indexes IndexIgnore * AllowOverride None Order allow,deny Allow from all RewriteEngine On RewriteBase / RewriteCond %{REQUEST_METHOD} POST RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC] RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR] RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$ RewriteRule ^(.*)$ - [R=403,L] RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR] RewriteCond %{QUERY_STRING} (\|%3C).*script.*(\|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\|%3C).*iframe.*(\|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) RewriteRule ^(.*)$ index_error.php [F,L] RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] RewriteRule ^my-admin$ wp-login.php [L,NC,QSA] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] /Directory I also tried this : on the / directory .htaccess FilesMatch wp-login.php Order Allow,Deny Allow from 192.168.8.4 Deny from all /FilesMatch Is the wp-admin or wp-login.php script that I'm trying to protect from brute force attacks, Thanks, Motty
Re: [users@httpd] maximize Apache services
Hi Mike, Thanks for your replied; I'm using FreeBSD 9.1, here is the list of modules Loaded Modules: core_module (static) mpm_prefork_module (static) http_module (static) so_module (static) authn_file_module (shared) authn_anon_module (shared) authn_default_module (shared) authn_alias_module (shared) authz_host_module (shared) authz_groupfile_module (shared) authz_user_module (shared) authz_dbm_module (shared) authz_owner_module (shared) authz_default_module (shared) auth_basic_module (shared) auth_digest_module (shared) file_cache_module (shared) cache_module (shared) disk_cache_module (shared) dumpio_module (shared) reqtimeout_module (shared) include_module (shared) filter_module (shared) charset_lite_module (shared) deflate_module (shared) log_config_module (shared) logio_module (shared) env_module (shared) mime_magic_module (shared) expires_module (shared) headers_module (shared) usertrack_module (shared) unique_id_module (shared) setenvif_module (shared) version_module (shared) mime_module (shared) dav_module (shared) status_module (shared) autoindex_module (shared) asis_module (shared) info_module (shared) cgi_module (shared) dav_fs_module (shared) vhost_alias_module (shared) negotiation_module (shared) dir_module (shared) imagemap_module (shared) actions_module (shared) speling_module (shared) userdir_module (shared) alias_module (shared) rewrite_module (shared) php5_module (shared) Syntax OK On Fri, Jun 7, 2013 at 4:09 PM, Mike Rumph mike.ru...@oracle.com wrote: Hello Motty, You can adjust any number of performance directives as in the following link: - http://httpd.apache.org/docs/**2.2/mod/mpm_common.html#**maxclientshttp://httpd.apache.org/docs/2.2/mod/mpm_common.html#maxclients And here is a link for Apache HTTP Server performance tuning in general: - http://httpd.apache.org/docs/**2.2/misc/perf-tuning.htmlhttp://httpd.apache.org/docs/2.2/misc/perf-tuning.html What operating system and what MPM are you running? Thanks, Mike On 6/7/2013 12:39 PM, motty cruz wrote: Hello All, it seems that every time some one like 80legs or any other crawler craws my website my server goes down. do you k now hot to maximize the number of child server on Apache to avoid turning off my machine? my Apache server is running latest Mysql, PHP and Apache22 virtual machine 2028MB of RAM Thanks in advance --**--**- To unsubscribe, e-mail: users-unsubscribe@httpd.**apache.orgusers-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] maximize Apache services
Thank you very Much Tom, I was able to re-install Apache22 with MPM option, at this point I am monitoring the server but thus far is working fine. Thanks for all your help! -motty On Mon, Jun 10, 2013 at 9:52 AM, Tom Evans tevans...@googlemail.com wrote: On Mon, Jun 10, 2013 at 5:49 PM, Tom Evans tevans...@googlemail.com wrote: 1) run worker or event MPM instead of prefork And to do so on FreeBSD: # cd /usr/ports/www/apache22 # make WITH_MPM=worker clean all deinstall reinstall clean Cheers Tom - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] maximize Apache services
Hello All, it seems that every time some one like 80legs or any other crawler craws my website my server goes down. do you k now hot to maximize the number of child server on Apache to avoid turning off my machine? my Apache server is running latest Mysql, PHP and Apache22 virtual machine 2028MB of RAM Thanks in advance
Re: [users@httpd] Apache 2.2 + php 5.2 wordpress
Hello Igor, here is the mysql logs: 130128 13:38:42 mysqld_safe Starting mysqld daemon with databases from /var/db/mysql 130128 13:38:49 [Note] Plugin 'FEDERATED' is disabled. 130128 13:38:53 InnoDB: Started; log sequence number 0 44243 130128 13:38:55 [Note] Event Scheduler: Loaded 0 events 130128 13:38:55 [Note] /usr/local/libexec/mysqld: ready for connections. Version: '5.1.48' socket: '/tmp/mysql.sock' port: 3306 FreeBSD port: mysql-server-5.1.48 130305 12:16:37 [Note] /usr/local/libexec/mysqld: Normal shutdown 130305 12:16:48 [Note] Event Scheduler: Purging the queue. 0 events 130305 12:16:49 InnoDB: Starting shutdown... 130305 12:16:57 InnoDB: Shutdown completed; log sequence number 0 44243 130305 12:16:57 [Note] /usr/local/libexec/mysqld: Shutdown complete 130305 12:16:59 mysqld_safe Starting mysqld daemon with databases from /var/db/mysql 130305 12:16:59 [Note] Plugin 'FEDERATED' is disabled. 130305 12:17:00 InnoDB: Started; log sequence number 0 44243 130305 12:17:00 [Note] Event Scheduler: Loaded 0 events 130305 12:17:00 [Note] /usr/local/libexec/mysqld: ready for connections. Apache Logs: [Tue Mar 05 12:15:54 2013] [error] child process 28029 still did not exit, sending a SIGKILL [Tue Mar 05 12:15:54 2013] [error] child process 28031 still did not exit, sending a SIGKILL [Tue Mar 05 12:15:54 2013] [error] child process 28033 still did not exit, sending a SIGKILL [Tue Mar 05 12:15:54 2013] [error] child process 28034 still did not exit, sending a SIGKILL [Tue Mar 05 12:15:54 2013] [error] child process 28036 still did not exit, sending a SIGKILL [Tue Mar 05 12:15:54 2013] [error] child process 28037 still did not exit, sending a SIGKILL [Tue Mar 05 12:15:54 2013] [error] child process 28038 still did not exit, sending a SIGKILL [Tue Mar 05 12:15:54 2013] [error] child process 28045 still did not exit, sending a SIGKILL [Tue Mar 05 12:15:54 2013] [error] child process 28046 still did not exit, sending a SIGKILL [Tue Mar 05 12:15:54 2013] [error] child process 28049 still did not exit, sending a SIGKILL [Tue Mar 05 12:15:54 2013] [error] child process 28050 still did not exit, sending a SIGKILL please help! Thanks, On Tue, Mar 5, 2013 at 4:37 PM, Igor Cicimov icici...@gmail.com wrote: On 06/03/2013 7:38 AM, motty cruz motty.c...@gmail.com wrote: Hello, I'm have one instance of Wordpress running on a FreeBSD machine with php 5.2 install using Apache Web Server 2.2. Every time the webmaster edit pages I get the following error: 12:15:36 2013] [error] child process 27973 still did not exit, sending a SIGKILL [Tue Mar 05 12:15:54 2013] [error] child process 28050 still did not exit, sending a SIGKILL server crash and have to be restarted. I have to re-start apache and mysql; after re-starting both application the server start running fine again, any suggestions? I do not have any other errors messages Thanks! It is tough to say much in this case without knowing anything about your configuration. Any errors in mysql logs?
[users@httpd] Apache 2.2 + php 5.2 wordpress
Hello, I'm have one instance of Wordpress running on a FreeBSD machine with php 5.2 install using Apache Web Server 2.2. Every time the webmaster edit pages I get the following error: 12:15:36 2013] [error] child process 27973 still did not exit, sending a SIGKILL [Tue Mar 05 12:15:54 2013] [error] child process 28050 still did not exit, sending a SIGKILL server crash and have to be restarted. I have to re-start apache and mysql; after re-starting both application the server start running fine again, any suggestions? I do not have any other errors messages Thanks!