I want to run an HTML webpage that accesses an MP3 resource that's also on my website. However, I only want the webpage to have access to the file and block access from those attempting to access the file directly. That leaves me with two options:
1. Block access through the Apache configuration so that only my Webserver can access the resource, or
2. Hide the URL in the code.
How I can go about doing this?
I made the idiotic move of not making a backup of the default configs and now I can't access my http website externally. ssl works fine, but I need http to work too.
View 3 Replies View RelatedI'm currently struggling with an issue on our Apache 2.2.24 home-rolled installation on an OEL 6.2 x64 linux server that front-ends for a Glassfish cluster via proxypass.The httpd.conf manages 4 virtual hosts with each virtual host entry rewriting to HTTPS.
Anyone trying to access the HTTP address redirects to HTTPS just fine.The issue is that anyone using the HTTPS address gets redirected to the Document Root defined in Apache instead of being proxypassed to Glassfish.
I had set up a dummy DocumentRoot with a simple index.html meta redirect and what happens is that anyone directly accessing HTTPS will hit the index.html file which redirects to the the https site. At this point it simply loops to infinity.
I have an Ubuntu server and have installed AMP. The server is behind a router (2wire).
I have a static IP address which i use for the webserver. I have enabled the router firewall to allow all the typical webserver ports. When I am on the network (in the vicinity of the network) i am able to connect wirelessly to the server via ssh and also access the domains via my web browser.
But when i connect to the net via another router I am unable to gain ssh access or access the websites from a browser.
When i initiate a connection with putty all i get is a black screen and when i connect to the website i get
Quote:
The operation timed out when attempting to contact www.globalexpatservices.com.
I want to block all http requests coming to my website via proxy. Is there any way/script to achieve this on the server?
View 5 Replies View RelatedI moved a tomatocart website with its database, www-root. + keeping all its file and folder permissions.The username on the new server is the same, same id same name same permissions ect. The database name is the same the passwords are the same, location of www-root server same.
The website works it fetches and stores in the mysql database.At the old server with the same tomatocart website you could browse to example domain. ex/1-catagory-bananas and you would see a nice grid of bananas you can order. But there is no folder 1-catagory-bananas on the old or new server you just stay on the index.php but the url goes exampledomain.ex/1-catagory-bananas and the viewed website reloads
On the new server with the same URL i get a "NOT FOUND /1-catagory-bananas ect."so the website works perfeclty on the new server?
production looking to use latest version of apache from apache lounge:
Apache 2.4.7 Win64
Which version of PHP is recommend?
Which version of WinCache is recommended?
Which version of mysql is recommended?
I've looked into WinCache how to install it and hook it up to php, but i'm guessing you add the extensions in the php.ini?
I have a series of web services that are exposed to the world via IIS. The problem is I only want users to have HTTPS access to these.
At the moment everything is working fine, however users can access services via HTTP (port 80) and HTTPS (port 443). Using the IIS manager I have attempted to remove port 80, however it will not allow me to do this.
So the question is, how can I close of HTTP access within IIS?
I've setup a dedicated server that is currently running with a domain bound to it. However this time I want to setup a centos 5.1 + latest apache 2 + bind 9 server that can only be connected to by IP address and doesn't have a domain name. So what do I need to modify in the below files to do so:
First of all will I even need bind at all? I already have it setup and (mis-)configured but I guess if I don't need it I can just take if off of autostart and stop the process "named".
Named.conf
options {
pid-file "/var/named/chroot/var/run/named/named.pid";
directory "/var/named/chroot/var/named";
query-source address * port 53;
allow-query { any; };
allow-transfer { };
recursion no;
notify no;
version "unknown";
};
logging {
category default { null; };
};
zone "server.domain.com" { type master; file "server.domain.com.db"; };
I don't even want the zone have domain.com in its name but that's just there so I could show you how I'd include server.domain.com.db.
server.domain.com.db
$TTL 14400
@ IN SOA ns1.domain.com. root.server.domain.com. (
2007052503
14400
3600
1209600
86400 )
server.domain.com. 14400 IN NS ns1.domain.com.
server.domain.com. 14400 IN NS ns2.domain.com.
localhost 14400 IN A 127.0.0.1
www 14400 IN A 78.129.174.164
I'm not sure what to do about those references to domain.com here, they shouldn't be needed but without them I don't know what to put here. ^^
Obviously I can't use those nameservers...
resolv.conf
nameserver 127.0.0.1
nameserver 78.129.143.155
nameserver 87.117.198.200
nameserver 87.117.196.200
The only thing missing from this file is "search domain.com" at the top, is that needed even though I won't really have any domains used by this server?
/etc/hosts:
# Do not remove the following line, or various programs
# that require network functionality will fail ....
I have been searching for a non web UK proxy. I need to view UK search results and ads
Should I just use ssh tunneling? If so any suggestions on a cheap UK shell account?
On a webserver (apache, mysql, php), which values comes to your mind can have bigges impact on a website load time?
we talking about webserver which host like 100 websites, mostly a classic wordpress blog.
I have keep alive turned on. Now i want to do some test playing with various values of apache, php...
Exist a domain (domain.fm), this domain receives constant DDoS attacks and the webmaster of domain.fm has pointed the domain to my server and the DDOS attack has been redirected to me.
Is it possible to block this domain?
I noticed that the webmaster of domain.fm only points the domain to
my server when attacked.
Yesterday my apache has been down for several hours.
I would like to block access to my servers from the domain domain.fm
I recently looked at my secure and mesaages log and have been getting a lot of failed SSH root login attempts. So I thought I better do something about it.
Ideally I want to allow SSH login from just 3 remote public IP's, and block all others from even trying
How would you go about implementing this?
I have tried using IPTables, but I think im getting the rule wrong somewhere.
Here is what I have:
Code:
## Access to SSH from Pre-approved IP Addresses ONLY ##
iptables -I INPUT 1 -p tcp --dport 22 -s 123.123.123.123 -j ACCEPT
iptables -I INPUT 2 -p tcp --dport 22 -s 123.123.123.124 -j ACCEPT
iptables -I INPUT 3 -p tcp --dport 22 -s 123.123.123.125 -j ACCEPT
iptables -I INPUT 4 -p tcp --dport 22 -s 0.0.0.0 -j DROP
However this still lets me login from IPs not in the list above?
if it is possible to block external access to Cpanel through port 2082?
View 7 Replies View RelatedI've seen a number of exploit attemps on the default website which I believe has come via direct access via ip address i.e http://xxx.xxx.xxx.xxx.I have tried to block with .htacess but it seems to be being ignore (possibly by parallels or nginx configuration).how I can block access to the default site to all but 127.0.0.1, server external ip and my ip?
View 19 Replies View RelatedServer Version: Apache/2.2.22 (Unix)
On our production service, we've been getting numerous malformed POST requests to some of our CGI scripts that are showing up as 500 errors in our logs. They are malformed in the sense that the actual content length doesn't match the Content-Length specified in the request.
Here's the most trivial example I can come up with that reproduces the problem for us:
POST /some_valid_alias HTTP/1.1
Host: example.org
User-Agent: Arbitrary/1.0
Content-Type: multipart/form-data; boundary=---------------------------41184676334
Content-Length: 769
-----------------------------41184676334
In addition to the 500 error in the access log, we see the corresponding error in the error log:
(70014)End of file found: Error reading request entity data
Based on the nature of the POST request and the error response, it does appear that Apache is doing the right thing here.
The POST never actually makes it as far as the script being targeted (/some_valid_alias in the above example); in other words, Apache returns 500 to the client, writes the error to the error log and never executes the script.
Is there a way to capture/avoid internal Apache errors like 70014, and return some other HTTP status besides 500 (like 403)? It's particularly annoying in our case, because our server sends us an email for all 500 errors.
So far, our best "defense" against these 500 errors is to disallow POST for these aliases, which normally just ignore the POST data anyway (when the request is not malformed):
RewriteCond %{REQUEST_METHOD} ^POST$
RewriteRule ^/(some_valid_alias)(.*)$ $1$2 [R]
But this won't work for all our scripts, because in some cases we do want to permit POST.
Someone seems to be flooding our HTTP server somehow. We use the latest version of Apache on Windows.
Is there any Windows modules that can filter the total amount of IP connections, or something built into Windows that could filter this?
I'm in the process of trying to pin down a couple errors I've been running into, and after installing and configuring SSL I have occasionally been receiving the following error:
View 2 Replies View RelatedSuddenly on a particular website (possibly following an easyapache php minor version update) if I specify a folder rather than a specific file I get a 503 response.
If I do the same on https it's ok. But http always gets a 503.
If I specify a file it's fine, but the folder always hits a 503.
I have removed the htaccess file and php.ini to rule that out and indeed they weren't factors - it seems like it goes wrong before reading the htaccess file.
I have two domains that are sharing one IP address. One site is meissenation.com and the other is mifbody.com.
My httpd.conf file looks like this: ...
Does anyone know if there is an Apache directive where you can have Apache call a script on HTTP PUTs to a specific location and also for HTTP GETs?
View 0 Replies View RelatedI keep hearing that redirecting from http to https is not very secure [non-SSL to SSL]. Among other reasons, one reason is that the browser may continue to think it is communicating with non secure server and may not encrypt the data. Is it true? I hope not, I am using the following -
<VirtualHost 12.34.567.89:80>
ServerName www.mysite1234.com:80
Redirect / https://www.mysite1234.com/
</VirtualHost>
its possible to do a P2V migration of a Apache http server 2.2
Present environment:
Windows 2003
Apache http server 2.0.63
There are 2 webservers (running Apache) for load balancing. The backend server runs an application which uses an oracle database. Is a P2V migration of the web servers possible?
I was trying to set up a JBoss cluster with apache httpd mod cluster in windows.I was able to start the apache using the command 'httpd. exe'. But when I tried to access it using localhost:6666/mod_cluster_manager , the page was not accessible.I have the entry 127.0.0.1 localhost in my hosts file.
The http.conf contains lines as given below:
# MOD_CLUSTER_ADDS
# Adjust to you hostname and subnet.
<IfModule manager_module>
Listen 127.0.0.1:6666
ManagerBalancerName mycluster
<VirtualHost 127.0.0.1:6666>
[code]....
I'm using a turnkey image for smallmachineforum system, installed on amazon aws instance.
In the default configuration I can't use the http version of the site, only the https.
It does not seem to be a network issue, a telnet on port 80 opens.
The server is apache version 2.2.22, on a Debian 3.2.57-3+deb7u2 x86_64
I am trying to find out if redirecting an https URL to an http URL will still provide the security of the original https? Should the page information for the redirected http page show it as being unencrypted or shouldn't it have the same encryption as the original https?
View 3 Replies View RelatedI have a regular visitor from 1999521.videos-for-your-business.com/ and I am aware this is spam from semalt.com, the trouble is I have tried blocking this but it keeps coming back the number 1999521 changes frequently
I have the following in my htaccess file
## STOP REFERRER SPAM
RewriteCond %{HTTP_REFERER} semalt.com [NC,OR]
RewriteCond %{HTTP_REFERER} best-seo-offer.com [NC,OR]
RewriteCond %{HTTP_REFERER} videos-for-your-business.com [NC,OR]
RewriteCond %{HTTP_REFERER} semaltmedia.com [NC,OR]
RewriteCond %{HTTP_REFERER} best-seo-solution.com
RewriteRule .* - [F]
I installed apache, mysql, php on my windows vista laptop, and want to test http downloading. This means when selecting a file (for example, contact.php) from a page, and then click download, it will be downloaded to my desktop.
Do we need to install any other softwares to do that?