:
abcd:com:/abcd
xyz.com:/xyz
It's hard to interpret what you mean by these examples. What full URL
would your user use and what would the server do with it?
I think an understanding of Apache Virtual Hosts or knowing that they
exist might help.
https://httpd.apache.org/docs/2.4/vhosts/
--
Jim
don't think it is unless
there's a condition you want to meet outside of the URL path. However,
If the above doesn't work try:
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/REDFOOK/
RewriteRule ^/REDF00K/(.*)$ /$1 [R=301,NC,L]
(note... I didn't test any of this).
--
Jim Albert
.
Know that important configuration documentation will be located at
https://httpd.apache.org/
--
Jim Albert
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h
On 1/29/2022 10:42 PM, Praveen Gattu wrote:
I am trying to setup IP restriction for the phpmyadmin of my site.
However, it's not working. Here's the apache.conf file for phpmyadmin.
Any ideas what I am missing?
# phpMyAdmin default Apache configuration
Alias /padm
ne of them and I still don't
know where it is being set or by which page.
Thanks for the help and the knowledge increment!
John
=
On Tue, 2022-01-18 at 18:33 -0500, Jim Albert wrote:
On 1/18/2022 3:36 PM, John wrote:
These are default cookies from somewhere; my code doesn't set or
m
On 1/18/2022 3:36 PM, John wrote:
These are default cookies from somewhere; my code doesn't set or
manage them.
Focusing on this portion of your response:
"These are default cookies from somewhere; my code doesn't set or manage
them."
... using your browser's Developer Tools (F12), look at
With regard to:
reverse proxy --> HTTP --> back-end server
and in respect to the sensitivity of your requests and responses, you
might want to consider any security implications or if this violates any
compliance requirements depending on the proximity of your proxy to your
back-end server.
httpd as a reverse proxy.
You eventally need to install same SSL certificates (but you don't
have to necessarily) on both the reverse proxy and the internal
service, enable SSLProxyProtol on your VHs and send the traffic to
HTTPS via your ProxyPass.
--
Jim Albert
nfigs?
Outside of those thoughts, are the directories listed in the log configs
writable by root assuming root starts Apache?
Jim
On Jan 4, 2022, at 5:20 PM, Jim Albert wrote:
On 1/4/2022 8:11 PM, James Coyle wrote:
I recently added PHP and MySql to my Apache setup, and now notice
that the a
...@httpd.apache.org
It would help if you provide some more information such as relevant
Apache log configs such as:
CustomLog
ErrorLog
Search for those settings throughout your Apache config files.
Perhaps by reviewing those settings the answer will become apparent.
--
Jim Albert
On 10/19/2021 7:43 AM, Mason Hayes wrote:
Hi, All
When Apache is accessed via a CDN (Akamai), I would like to record the
IP of the accessing client in the Apache logs.
In order to display the True-Client-IP header sent by Akamai in the
access log like X-Forward-For, do I have to change the
On 9/7/2021 5:18 PM, Dave Wreski wrote:
Hi,
I have an apache-2.4.48 server on fedora34 and would like to enable
mod_status to be able to obtain server status information. However,
the docs appear to say the only way to access it is over port 80, not
SSL. Is that correct?
Chrome is also
reference to SSL. The other tool we use is fail2ban but I am pretty
sure that's not causing this either.
Still slightly baffled as how to progress!
Thanks, Paul
On 26/08/2021 15:35, Jim Albert wrote:
On 8/26/2021 6:16 AM, Paul Claridge wrote:
Hi Team,
I am trying to configure recommendations
On 8/26/2021 6:16 AM, Paul Claridge wrote:
Hi Team,
I am trying to configure recommendations from a pentest with regard to
excluding weak ciphers.
My ssl labs report shows the following:
Protocols
TLS 1.3 Yes
TLS 1.2 Yes
TLS 1.1 No
TLS 1.0 No
SSL 3 No
SSL 2 No
Cipher
I've found facebook pretty much keeps me logged in for a very long time,
if not indefinitely unless I clear cookies... so I'd expect your concern
to mostly be a non issue from having their own FB account.
If I really wanted to attempt what you want to do, I'd write some socket
code and see
You probably want to read some good information on XSS such as:
https://owasp.org/www-community/attacks/xss/
Jim
On 7/19/2021 5:27 AM, Jim Albert wrote:
X-XSS-Protection is just an HTTPD response header that instructs the
browsers that respect the header to not make a request from the
content
X-XSS-Protection is just an HTTPD response header that instructs the
browsers that respect the header to not make a request from the content
of the page that appear to be an XSS attack.
Based on the page below, I don't think X-XSS-Protection offers much.
/2021 11:25 AM, Pavel Heimlich, a.k.a. hajma wrote:
Basically yes. It was this hack that redirected users to https when
they tried http. But it stopped working when I tried to drop TLSv1.1
čt 24. 6. 2021 v 15:31 odesílatel Jim Albert <mailto:j...@netrition.com>> napsal:
215 is c
On 6/24/2021 4:25 AM, Pavel Heimlich, a.k.a. hajma wrote:
čt 24. 6. 2021 v 3:56 odesílatel Jim Albert <mailto:j...@netrition.com>> napsal:
Have you attempted from more than one client?
yes. Firefox and wget. Both behave identically.
Expand more, please on what you hav
On 6/23/2021 8:06 PM, Pavel Heimlich, a.k.a. hajma wrote:
st 23. 6. 2021 v 23:06 odesílatel Otis Dewitt - NOAA Affiliate
napsal:
Check your Openssl ciphers to see if it supports TLS 1.2
Try:
SSLProtocol -ALL -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 +TLSv1.2
SSLCipherSuite
On 6/16/2021 9:05 PM, Will Fatherley wrote:
Hi All,
I have been using A2 for a few years now, but I've not really needed
to implement any deny/black-listing because I simply have no
meaningful security/traffic constraints. In moving forward with
development on top of A2 which does have
Some HTTP load balancers perform additional duties such as acting as a
web application firewall (WAF). The load balancer/WAF helps to weed out
attacks (and balance load) leaving the back end servers focusing on what
are seen as legitimate requests... each portion of the reverse proxy
On 5/15/2021 10:21 AM, Jason Long wrote:
Hello,
Is proxy to proxy improving the security? For example:
The Internet --> Reverse Proxy Server --> Reverse Proxy Server --> Web Site
It really depends on what functions your proxies are performing. For
example, are the reverse proxies simply
On 4/29/2021 11:11 AM, Liwei wrote:
On Thu, 29 Apr 2021 at 22:36, Liwei wrote:
On Thu, 29 Apr 2021 at 21:06, Rob Emery wrote:
-- 8< Snip 8< -
Yeah we actually already have that enabled in our access logs and we can
see that the clients in question are using TLS1.2 when successful
On 4/29/2021 9:06 AM, Rob Emery wrote:
Hiya Jim
Thanks for the reply.
If not already included, you could include %{SSL_PROTOCOL}x
%{SSL_CIPHER}x in your request log and see if there is any commonality
in requests assuming the communication is open long enough for the
logging to occur or if
On 4/29/2021 8:25 AM, Rob Emery wrote:
Hello,
We have a problem where intermittently users are getting a plaintext
400 Bad Request response in the middle of the TLS handshake (always
the 6th packet in the TCP stream); it happens about 1 in 40K requests
at current. As far as we can tell, there
On 4/21/2021 3:56 PM, @lbutlr wrote:
On 20 Apr 2021, at 13:20, Jim Albert wrote:
On 4/20/2021 2:56 PM, @lbutlr wrote:
Right, and I am running the current version of OpenSSL which, for example,
doesn't support SSLv3 or TLSv1.1.
I'd be surprised if that were true.
If you run 'openssl ciphers
On 4/20/2021 2:56 PM, @lbutlr wrote:
On 20 Apr 2021, at 09:45, Jim Albert wrote:
On 4/20/2021 9:48 AM, @lbutlr wrote:
If I define SSLCipherSuite DEFAULT will apache show the ciphers that are
defined by openSSL and will be used?
Is this the best way to go, or should I specifically list
On 4/20/2021 9:48 AM, @lbutlr wrote:
If I define SSLCipherSuite DEFAULT will apache show the ciphers that are
defined by openSSL and will be used?
Is this the best way to go, or should I specifically list TLSv1.2 and TLS1.3?
The complete list of ciphers that openssl supports numbers 60 and
On 3/30/2021 8:51 AM, A.J. Gatlin wrote:
On Tue, Mar 30, 2021 at 2:42 AM Jim Albert <mailto:j...@netrition.com>> wrote:
Have you checked your request logs at the time of restart for any
request activity associated with the restart?
Yes, I did have a look at th
On 3/29/2021 8:45 AM, A.J. Gatlin wrote:
Hi there,
I'm running some PHP-based sites on CentOS 8, which uses version
2.4.37 of Apache. Apache is set to use MPM Event mode, which is also
the default.
Once per day during a quiet period, logrotate rotates the Apache logs
by doing a graceful
On 3/15/2021 8:48 AM, Jason Long wrote:
Thank you.
I guess something is wrong!
I put my IP address in "tor-ip.conf" file and restarted my Apache service, then
visit my website and checked the log file, but the IP address in the log file Vs. my IP
address!!!
For example, the
On 3/15/2021 7:25 AM, Jason Long wrote:
Thanks.
Thus, Apache can't help me about it? I need something like Clustering or...
On Monday, March 15, 2021, 02:14:55 AM GMT+3:30, Daniel Ferradal
wrote:
Perhaps you are looking to configure orchestration of some kind in
your infrastructure,
On 10/12/2020 9:09 AM, Jason Long wrote:
Thank you.
I want when a user enter my server IP address in his\her browser then it forward to
"https://mywebsite.com;.
Most users will not enter an IP address, but rather a domain name. For
those that enter a domain name (https://mywebstie.com) first
s
purpose is and how it can affect content of a web page.
Start with the links above.
The content you no longer see might come from a source not allowed by
your CSP. Your browser's dev tools console will confirm if that is true.
Jim
On Sunday, September 27, 2020, 05:29:51 PM GMT+3:30,
On 9/27/2020 2:50 AM, Jason Long wrote:
Hello,
For a website with the name "my-example.net", what is the correct syntax of:
Header set Content-Security-Policy "default-src 'self';"
?
Thank you.
Which header are you asking about?
Strict-Transport-Security (your email subject) - indicates
On 9/17/2020 4:17 PM, Jim Albert wrote:
On 9/17/2020 3:27 PM, Jason Long wrote:
Hello,
When I added "Header set Content-Security-Policy "default-src
'self';"" to "httpd.conf" then my website style and some graphical
features are disable.
Why?
Thank you.
On 9/17/2020 3:27 PM, Jason Long wrote:
Hello,
When I added "Header set Content-Security-Policy "default-src 'self';"" to
"httpd.conf" then my website style and some graphical features are disable.
Why?
Thank you.
Use your browser's developer tools (usually F12) to view your console
On 8/11/2020 10:44 AM, Nick Kew wrote:
On 11 Aug 2020, at 08:52, MEjaz wrote:
Bad Request
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
Read the
On 8/11/2020 3:00 AM, MEjaz wrote:
Hello,.
I have requirement to redirect the url. Whoever typed my site
http://newtraffic.cyberia.net.sa , it should redirect to
https://newtraffic.cyberia.net.sa
I am bit struggling to achieve this. please assit
Ejaz
As long as the request is staying
On 7/29/2020 6:34 PM, Jim Albert wrote:
In Apache 2.2 I could set up an .htaccess file and establish simple
and easily maintainable access control such as:
require user jim joe
require user jim joe
order deny,allow
deny from all
allow from 10.10.0.1
allow from 10.10.0.2
require valid
In Apache 2.2 I could set up an .htaccess file and establish simple and
easily maintainable access control such as:
require user jim joe
require user jim joe
order deny,allow
deny from all
allow from 10.10.0.1
allow from 10.10.0.2
require valid-user
order deny,allow
deny from all
On 7/11/2020 6:10 AM, Holger Schramm wrote:
Am 11.07.20 um 00:32 schrieb Jack M. Nilles:
The apache error logs all quit at the point just before I restarted
it. User and group permissions for the SSL files are all root, as
before.
Jack
have you checked the files? sometime there are missing
Check your Apache error log. It's unlikely anything in your mysql log
will be useful here. Apache will print any STDERR messages to the Apache
error log. You shouldn't need your Apache logging at anything other than
the default logging level to be useful to debug your Perl CGI issue.
Jim
On
On 5/14/2020 3:04 PM, Jim Albert wrote:
On 5/14/2020 2:55 PM, Suresh Kumar wrote:
Hi, I am not an expert in Apache.
I have a synology DS918+ NAS (some kind of flavor of linux kernel
4.4) and using their package center installed apache 2.2, perl etc.
The webroot is working for php (I believe
On 5/14/2020 2:55 PM, Suresh Kumar wrote:
Hi, I am not an expert in Apache.
I have a synology DS918+ NAS (some kind of flavor of linux kernel 4.4)
and using their package center installed apache 2.2, perl etc.
The webroot is working for php (I believe they use nginx) along with
Mariadb at
On 3/19/2020 4:50 PM, Stormy wrote:
Jim -- tnx -- see below
On 2020-03-19 4:05 p.m., Jim Albert wrote:
On 3/19/2020 3:48 PM, Stormy wrote:
I have, on Apache 2.4.7:
https://mysite.com/ which runs a Perl/Mysql based application perfectly
and a parallel "staff only" accessed (now) o
look into some secure remote access solutions
to access private servers across a vpn.
Jim Albert
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
an idea about what could be the issue here or have
experienced a similar error?
Are you positive your apache server doesn't sit behind a Web Application
Firewall perhaps not configured for port 80?
Sounds like something other than apache providing that content.
Jim Albert
On 9/13/2019 5:07 PM, William A Rowe Jr wrote:
On Fri, Sep 13, 2019 at 3:46 PM Jim Albert <mailto:j...@netrition.com>> wrote:
In use of CentOS7 servers and the included apache, I'm moving to
Apache/2.4.6
It appears something related to ErrorLog has changed.
I'm usi
In use of CentOS7 servers and the included apache, I'm moving to
Apache/2.4.6
It appears something related to ErrorLog has changed.
I'm using what I have always used:
ErrorLog "logs/error_log"
and I do see messages going to logs/error_log such as start/stop and
certain types of errors such as
On 3/28/2019 12:11 PM, Darryl Philip Baker wrote:
Gentlefolk,
I had an incident yesterday where the Apache web server host had a
load average of over 170 and was performing very slowly. Stopping the
web server did fix the issue but when I restarted the daemons the load
started to increase
On 9/13/2018 8:27 AM, Vandana Sakamuri wrote:
Hi,
I compile Apache on one server and install the same on multiple
servers in different domains. I am currently working on moving from
HTTP to HTTPS. Can someone help me on what sort of SSL certificate I
need to include so that it works on all
that rewriting an SSI is not possible, so perhaps that is
the definitive answer.
Thank you.
Jim Albert
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
On 3/13/2015 7:54 PM, el kalin wrote:
On Fri, Mar 13, 2015 at 7:36 PM, Jim Albert j...@netrition.com
mailto:j...@netrition.com wrote:
On 3/13/2015 7:17 PM, el kalin wrote:
if i have this in the
Directory /server/doc/root
Order allow,deny
which
your Apache server sits, but iptables will do it.
--
Jim Albert
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
On 10/30/2013 4:35 PM, el kalin wrote:
i did. it said it's normal but my server gets bogged down on it... i
think.
all the examples on line have an ip number (at least 127.0.0.1) in front
too. mine doesn't..
On Wed, Oct 30, 2013 at 4:00 PM, Eric Covener cove...@gmail.com
On 7/9/2013 5:21 PM, Jerry K wrote:
configure a local VPN, and only allow access from the VPN IP range is
one possible Plan B.
Reviewing my own log files, its amazing how many malware hits there are
for this particular software product.
What ever you do, be as safe/secure as you can.
Good
On 7/9/2013 5:46 PM, Jim Albert wrote:
On 7/9/2013 5:21 PM, Jerry K wrote:
configure a local VPN, and only allow access from the VPN IP range is
one possible Plan B.
Reviewing my own log files, its amazing how many malware hits there are
for this particular software product.
What ever you do
On 6/27/2013 11:34 AM, Pi Dizayn wrote:
On Thu, Jun 27, 2013 at 4:57 AM, Jim Albert j...@netrition.com
mailto:j...@netrition.com wrote:
On 6/26/2013 1:02 PM, Pi Dizayn wrote:
Here is a simple form from that server.
Sorry I forgot to send the link of the form
On 6/26/2013 9:50 AM, Pi Dizayn wrote:
Update; When I make
meta http-equiv='Content-Type' content='text/html;
http-equiv='Content-Type' content='text/html; charset=utf-8'
it works. But
meta http-equiv='Content-Type' content='text/html; charset=iso-8859-9'
doesn't work.
My apologies...
On 6/26/2013 1:02 PM, Pi Dizayn wrote:
Here is a simple form from that server.
Sorry I forgot to send the link of the form.
http://medyab.com/formtest2.php
Have you checked to see that the browser is submitting the request?
Check your apache access logs.
The firefox httpfox addon
On 6/25/2013 1:34 PM, Pi Dizayn wrote:
Dear Apaches :) ,
I'm moving a website to another server. In the new server when I submit
a form with æ or ß the browser says The connection was reset. This
never happened before. The OS is CentOS. PHP or CGI forms are the same.
--
Boray Eris
On 6/18/2013 9:51 PM, Kevin A. McGrail wrote:
Hello All,
We are protecting server-status and info with basic auth using a config
block similar to the following:
Location /server-info
SetHandler server-info
#Order deny,allow
#Deny from all
#Allow from .example.com
On 4/27/2013 10:28 AM, Angela Barone wrote:
On Apr 27, 2013, at 7:18 AM, Martin Hasicek wrote:
Just put allow from all to the bottom of configuration. You have order deny,
allow so your config should look same :-)
Hi Martin,
Thank you for your reply. I'm pretty sure I had tried
I expect the interfaces would have been detected and configured during
the linux install, but check:
/etc/sysconfig/network-scripts
for files looking like ifcfg-eth* (probably ifcfg-eth0 if only one NIC)
as those would be your network interface configurations.
On 4/13/2013 9:49 AM, georg
at first depending on the level of
support you first reach, but if the IP addresses of your DNS servers
have changed, then your glue records must be updated.
--
Jim Albert
-
The official User-To-User support forum of the Apache HTTP
On 2/10/2012 2:17 PM, Jim Albert wrote:
On 2/10/2012 5:48 AM, Dr. Sunil M. Dogra wrote:
Hi John,
the Ips of CDRSTDU.EDU.IN http://CDRSTDU.EDU.IN, TIER-3.CDRSTDU.EDU.IN
http://TIER-3.CDRSTDU.EDU.IN has changed so that's why its is not
working.
Now I wanted to make a webpage working if you
want changed in DNS and the new IP addresses.
The DNS address given to you by your ISP would be irrelevant in this
matter. That would be a DNS resolver that you can use for resolving
domains to IP addresses.
Jim Albert
commands, e-mail: [EMAIL PROTECTED]
--
Jim Albert
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED
based on how
you are using IndexIgnore.
--
Jim Albert, Software Development
Netrition.com - The Internet's Premier Nutrition Superstore!
http://www.netrition.com/
-
This message is intended only for the named recipient. If you
10 seconds before responding to any request.
Thanks,
Jim Albert
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail
Jim Albert wrote:
T. Devergranne wrote:
I have a lot of theses (Apache internal dummy connection),
but I can't
get rid of them, I don't know where they come from. Any hints ?
192.168.1.20 - - [09/Mar/2006:08:42:40 +] GET / HTTP/1.0 200
15545 - Apache (internal dummy connection
is Linux 2.6.16-1.2133_FC5smp
--
Jim Albert
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED
.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Jim Albert
-
The official User-To-User support forum of the Apache HTTP Server Project.
See
75 matches
Mail list logo
