you can find a article to "20 ways to Secure your Apache Configuration" in this link:
[url]
I have a problem after change permissions :
chown -R root:root /usr/local/apache
chmod -R o-rwx /usr/local/apache
after run above commands when I trying to restart apache show me this error:
Warning: SuexecUserGroup directive requires SUEXEC wrapper.
Is anyone have a ebook or article about secure linux server and apache .
I want to secure own server and my vps customer
my linux system : Centos
also i have cpanel control panel
way to secure apache from ddos attack's on centos 5.3.
View 7 Replies View RelatedWhen running OWASP ZAP web security tool, I get the following flag: Secure page can be cached in browser. Cache control is not set in HTTP header nor HTML header. Sensitive content can be recovered from browser storage.
I was surprised since i had the no cache header in both html code and httpd header.
After investigating the flag, i noticed that the response was a generic 302 found error response from Apach (located in apache/src/modules/http/http_protocol.c).
I have added a patch to code when adding the cache-control & pragma html headers with no-cache - and that had solved the security flag (patch attached).
full response given:
header:
HTTP/1.1 302 Found
Date: Sat, 30 Nov 2013 10:44:40 GMT
Server: Apache
X-Frame-Options: DENY
Location: https://*****
Content-Length: 376
Content-Type: text/html; charset=iso-8859-1
body:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://******">here</a>.</p>
<hr>
<address>Apache Server at 10.209.0.81 Port 443</address>
</body></html>
In conclusion:
Issue is "Secure page can be cached in browser." (found by owasp zap) for https page response "302 Found" from Apache.
I recently bought a VPS from [url].. Probably about a week and a half ago. The VPS runs great, everything's going fine, but I'm wondering what is up with their company... I can't access billing, and their frontpage has been replaced with this message:
Quote:
I am sorry to see no website. We are redoing alot of things with our company. If you need any support do so by emailing us We can get them. At [url]or [url]We you are a customer and need support you can do so by emailing and one of our techs will get back to you.
If you're a company, don't you think you should notify your customers in a more professional manner than just putting a small message up on your website?
I've tried emailing support to ask them what's going on because honestly I don't feel too comfortable putting my files on this VPS and not knowing if it will exist tomorrow... It's been 24 hours since my email and I haven't received a response yet. 2 weeks ago when I looked into this company I received responses from Sales within minutes and now all of a sudden nothing at all..?
I colocate a server in a nearby datacentre. It's a CentOs+Cpanel server. The problem is my server 2 hard disk is used with no backup. I am thinkin of doing the backup manually myself by walking in the datacentre every weekend with my desktop cpu with new hard drive.
Is there a possible way I can store backup that way?
How would/do you make use of commodity (generally a few years old) servers? At any scale, from 1 to 1,000 of them? Especially things you could sell?
View 6 Replies View RelatedI compiling a list of ways that vps accounts differ from normal shared hosting, both for myself and other vps newbies (will be published as an article)
I realise not all of these are limitation on all shared hosting accounts or indeed availabale on all vps accounts, but they represent the general rules for each.
So far I have:-
i) high or unlimited number of simaltanious processes.
ii) self setting process time out
iii) high or unlimited simaltanious pop3 account access
iv) guarenteed ram, process access and connectivity
v) high or unlimited email sending allowance (subject to usual spam policies)
vi) unlimited domains
vii) resource allocation per domain
anything else...speciaically im looking for way that shared hosting account are usually limited (like with the above mentioned simaltanious processes) that is not normal for vps accounts.
Is there no possible way I can slave just a few tables in mysql? instead of slaving the entire table on the main database server.
View 1 Replies View RelatedI have 3 servers and use cPAnel which I will continue to do so as I see they have the greatest lifespan compared to the rest.
However, could anyone advise what will be the most resource-saving and easiest way to backup all customers data in case of failure?
How often do you guys backup?
Care to share your experience?
I've often hunted for a dedicated server that needed to have certain criteria, and it's usually overwhelming comparing servers from different companies. For example, if I need 4GB, one may come with 4GB RAM, while another has 2GB standard with the option of getting another 2GB for a small extra fee.
Is there a site that lets you enter your criteria, and it will list servers that meet your needs? For example, you could have it list servers with at least 8GB of RAM, or servers with 500+GB hard drive and 1000GB transfer/month, etc.
Someone had mentioned a way to use virtual apache configs, this way you wouldn't have to reboot apache each time you add a new domain to your box.
Can you tell me what dso I need to use?
Also is there a conversion tool to grab the configs you have now, and migrate them to the external files?
my server there it one site
but this site His alexa ranking of 7.000
i need Apache Global Configuration
StartServers = ?
and this
MinSpareServers = ?
and this
MaxSpareServers = ?
and this
MaxClients = ?
and this
MaxRequestsPerChild = ?
browsing heavily on the site, which lead to stoppage of the Apache
Server Information
Intel Core 2 Quad Q9550 2.83GHz
8GB Ram
Is there any way to dump all of the current configuration parameters that apache is operating with?
I am clear on setting them in apache's config file. What I would like to do is view every parameter apache is operating with.
I am trying to troubleshoot what is believed to be an apache issue on one of my servers.
I have a couple of directories on my server that require authentication (MySQL DBD and AuthUserFile). Both work fine with SSL off. When I use SSL on directories without authentication that also works fine. However, when I put the 2 together, authentication is by-passed. I cannot seem to get the configuration right to do both. Here is my VH conf file (sanitized):
Code:
LoadModule dbd_module modules/mod_dbd.so
LoadModule authn_dbd_module modules/mod_authn_dbd.so
<VirtualHost *:80>
DocumentRoot "/var/www/html"
ServerName myhost.mydomain.com
ServerAdmin mailman-owner@mydomain.com
ErrorLog "/var/log/httpd/myhost_error_log"
CustomLog "/var/log/httpd/myhost_access_log" combined
[Code] .....
I was recently inroduced to lighttpd being able to run on apache with a different port. So I setup my lighttpd that way.
lighttpd.conf
Code:
server.modules = (
"mod_access",
"mod_fastcgi",
"mod_cgi",
"mod_accesslog" )
server.document-root = "/var/www/vhosts/domain.com/httpdocs/lighttpd/"
server.errorlog = "/var/log/lighttpd/error.log"
index-file.names = ( "index.php", "index.html",
"index.htm", "default.htm" )
and my httpd.conf
Code:
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /lighttpd http://0.0.0.0:81/
ProxyPassReverse / http://0.0.0.0:81/
Now when I created a folder on my server's httpdocs /lighttpd/
everything runs smooth so I got the lighty to work for me.
Okay now that i figure it works I wanted to run one of my subdomain on lighty so that I can reduce the load on the server. Does anyone know how I can setup one of my subdomain to open with lighttpd and keep everything else on apache?
I want to set the Timeout value bigger for a specific folder.
View 5 Replies View RelatedAfter installing Zend with /scripts/installzendopt on a cPanel server I am getting the following:
Code:
root@comet [~]# apachectl start
/usr/sbin/apachectl: Apache 1.3 configuration directives found
/usr/sbin/apachectl: please read /usr/share/doc/httpd-2.0.52/migration.html
Virtualhosts look like this:
Code:
<VirtualHost [IP]>
ServerAlias [www.domain.com]
ServerAdmin webmaster@[domain.com]
DocumentRoot /home/fohrmann/public_html/[username]
ServerName [domain.com]
User [user]
Group [group]
BytesLog /usr/local/apache/domlogs/[logfile]
CustomLog /usr/local/apache/domlogs/[logfile] combined
ScriptAlias /cgi-bin/ /home/[username]/public_html/gb/cgi-bin/
</VirtualHost>
In my computer (Windows 7 Ultimate) I host my sites with Apache 2.2.25 - mod_fcgid-2.3.6-win32-x86 and PHP 5.4.28. In "httpd-vhosts.conf" file from Apache I have my domain set as follows and work fine (http://www.example.com or http://example.com):
Code:
<VirtualHost *:80>
ServerAdmin webmaster@example.com
DocumentRoot "D:/Apache22/vhosts/Example"
ServerName example.com
ServerAlias www.example.com *.example.com
[Code] ....
And I set up a subdomain as follows:
Code:
<VirtualHost *:80>
ServerAdmin director@example.com
DocumentRoot "D:/Apache22/vhosts/DirectorExample"
ServerName director.example.com
ServerAlias www.director.example.com *.director.example.com
[Code] .....
But when I tried to access the page: http://www.director.example.com or http://director.example.com, I was redirected to the page http://www.example.com.
I have DNS configured for "example.com" and "director.example.com". This sites is live in another server.
Error.log files for "director.example.com" and Apache is empty. How can I configure the subdomain to work?
I'm trying to run Web Blast 2.2.28+ locally trough Easy PHP Dev Server 13.1 (Apache 2.2, Windows 7), but when I click on search it shows ERROR 403 when I open it within my site or the following message appears (blast.cgi content), when I use directly the blast.html page:
#!/bin/csh -f # # $Id: blast.cgi,v 1.1 2002/08/06 19:03:51 dondosha Exp $ # echo "Content-type: text/html" echo "" #setenv DEBUG_COMMAND_LINE TRUE setenv BLASTDB db ./blast.REAL
I'm trying to run Web Blast 2.2.28+ locally trough Easy PHP Dev Server 13.1 (Apache 2.2, Windows 7), but when I click on search it shows ERROR 500 couldn't create child process: 720002: blast.cgi
View 1 Replies View RelatedI am trying a webpage siremis whenever i try to login i am getting below error in error log of apache [client 192.168.137.7:4758] AH01630: client denied by server configuration: /opt/siremis-4.0.0/siremis/.htaccess
in httpd.conf following is the rule
Alias /siremis "/opt/siremis-4.0.0/siremis"
<Directory "/opt/siremis-4.0.0/siremis">
Options Indexes FollowSymLinks MultiViews
[code]....
i am using apache 2 and php 5.5.1 and mysql 5.6.12.
I want to setup a password for a website running on Ubuntu server, and find Apache can be used. It is implemented by config httpd.conf file and .htaccess file.
So I want to ask:
1. In this case, the password is setup for a path on the server configured in httpd.conf file. Like in the following example:
Code: <Directory "/var/www/html/MySite">
The password is setup for the path to Mysite,right?
2. If my content of website is not stored under /var/www folder, I cannot use this way to setup a password for website, right? May use PHP instead?
production looking to use latest version of apache from apache lounge:
Apache 2.4.7 Win64
Which version of PHP is recommend?
Which version of WinCache is recommended?
Which version of mysql is recommended?
I've looked into WinCache how to install it and hook it up to php, but i'm guessing you add the extensions in the php.ini?
I have to modify the two apache settings LimitRequestLine and LimitRequestFieldSize. Strangely, the setting has to be made to the first VirtualHost that gets loaded and it will then be changed for all virtual hosts. I don't understand why that's the case, but I was able to verify it works on a local test server.
But how do I find out which virtual host is loaded first? I tried with default of course, but that one isn't it.
Or how to make the setting to apache?
I run Plesk Panel 11.5 on Debian 7
So here's my situation: I have a rented vent server, that I wanted to point vent.mydomain.com to the IP of said vent server. I put an A record in the dns pointing to the server and all is well. When I type vent.mydomain.com into a browser it take me to the cPanel/WHM page saying "Great Success, Apache is working". Is it possible that I can somehow have that get redirected to the main site or no?
Basically if Im connecting with the vent client, I want it forwarded to the vents IP, otherwise I want to have it redirected to mydomain.com.