However, when I put the extra code at the end of my redirect in .htaccess I get "Bad flag delimiters" and the internal server error page.I am using Apache 2.4 with PHP 5.4.11 on Windows.
I am using 2.2.29 in Windows.Trying to remove one cookie in a request header before passing the request to the application, but having trouble. The cookie is in the middle of the request header.
On our production service, we've been getting numerous malformed POST requests to some of our CGI scripts that are showing up as 500 errors in our logs. They are malformed in the sense that the actual content length doesn't match the Content-Length specified in the request.
Here's the most trivial example I can come up with that reproduces the problem for us:
In addition to the 500 error in the access log, we see the corresponding error in the error log:
(70014)End of file found: Error reading request entity data
Based on the nature of the POST request and the error response, it does appear that Apache is doing the right thing here.
The POST never actually makes it as far as the script being targeted (/some_valid_alias in the above example); in other words, Apache returns 500 to the client, writes the error to the error log and never executes the script.
Is there a way to capture/avoid internal Apache errors like 70014, and return some other HTTP status besides 500 (like 403)? It's particularly annoying in our case, because our server sends us an email for all 500 errors.
So far, our best "defense" against these 500 errors is to disallow POST for these aliases, which normally just ignore the POST data anyway (when the request is not malformed):
I've been asked to put an Apache Reverse Proxy in place as per guidance from SAP - [URL] - but have come across an issue where the CSS file is not rewritten by the reverse proxy. The below is the Virtual Hosts entry from the test httpd.conf that i'm running to get it working. I'll be moving this to vhosts entries when it eventually works (optimism slowly vanishing! ).
Listen 443 <VirtualHost *:443> SSLEngine On SSLProxyEngine On ProxyRequests Off ProxyPreserveHost On SSLProxyCheckPeerCN off SSLProxyCheckPeerName off AllowEncodedSlashes On SSLCertificateFile /Apache24/conf/FILE.crt SSLCertificateKeyFile /Apache24/conf/KEYFILE.key SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown ServerName Gateway.External.co.uk ProxyPass / http://SAPGateway.Internal:8010/ nocanon ProxyPassReverse / http://SAPGateway.Internal:8010/ ErrorLog "C:/Apache24/logs/error.log" TransferLog "C:/Apache24/logs/access.log" </VirtualHost>
Each post I come across with a similar issue mentions the trailing '/' on the ProxyPass entries, unfortunately - for me - they're there!
I'm looking to pass the entries to a web form, via Apache, to an external process (listening on a port say 4321) running on the same host as Apache.Is there a way to "coerce" Apache into doing this?
ways to utilize dynamic merging of CSS/JS files so that the browser only has to download one file for each type. I have a solution for how I would implement this solution on a non-CMS site. What complicates this is that most of the sites I manage are based on the Joomla! CMS.
Quite often, a webpage that has been extended with 3rd party extensions can have as many as 10-12 CSS/JS files. My problem is that I haven't found a way to suppress the links from being added to the page without having to hack every single extension being used.
One thought I had was to use mod_rewrite with the Forbidden flag for all of the CSS and JS files being requested except for the combined ones I created. My question is: Will this save much load time since the browser will still need to make the same number of requests? I am assuming it will be at least marginally better since nothing is being downloaded but wasn't sure if it would be noticeable.
I'm not sure if this is the right forum, or if anyone can suggest a message board where I might get support on this.
This is what I have. I have Apache and IIS both running on Windows 2k3.
Apache is running in reverse Proxy mode sending multiple domains/virtual hosts to IIS.
Code:
ProxyRequests Off <VirtualHost *:80> ProxyPreserveHost On ProxyPass / http://localhost:8080 ProxyPassReverse / [url] ServerName mydomain.com
</VirtualHost> Now, if I type in [url]everything works great and IIS (listening on 127.0.0.1:8080) serves the page. However, I am doing custom error trapping, so when I type in [url](and /mydirectory doesn't exist on IIS) I need to fire ASP code (via custom error messages/handling) on the IIS server and then present a data driven page.
However, Apache is returning A 502 error:
Code: Proxy Error The proxy server received an invalid response from an upstream server. The proxy server could not handle the request GET /mydirectory.
Reason: DNS lookup failure for: localhost:8080mydirectory Is there a way for me to setup Apache to pass all error checking to IIS while using it as a reverse proxy?
I started out with a reseller account at Webkore.net. Great company, I outgrew their services and moved to Innohosting over a year ago.
Before I moved to InnoHosting, I sent in a cancellation request (they use WHMCS)...but nothing was every canceled in their system and I kept getting invoices from them. I simply ignored them. Fair enough, right?
Now, as I've said...I've been with Inno for over a year now. In that past year Webkore.net seems to have been acquired by eCommerce Discovery.
Here is the weird problem. My account on their server was never deleted! I, as a reseller had WHMCS installed was using cron jobs to automatically send emails.
A few weeks ago, I started recieving cron job reports from cpsev1.wirednoc.net, a domain owned by eCommerce Discovery. I really wouldn't care too much, but apparently the whole WHMCS system is still active and is sending my clients emails (Invoice reminders, domain renewal reminders, etc etc...).
This is obviously something that needs to be dealt with as it's getting a little out of hand. I only had 35 clients in WHMCS when I was with them...all of which are still with me.
I've called the number at this page: [url] multiple times only to be forwarded to a voice message. I just now actually left my voice message. Emails to Webkore.net have gone unanswered for 6 months, so I'm not even going to bother with that.
What I don't understand is how my account, over a year old and unpaid, is still not only ON the server...but ACTIVE, unsuspended, and running cron jobs. I'm going to shoot eCommerce Discovery an email shortly and will update this thread if they reply, although...chances don't look good.
I use a persistent and session cookie in order to help track return visitors, latent conversions and keyword tracking. My problem is that my hosting company, BlueHost, does not allow me to write the cookie data to my raw access log which would enable me to analyze this information.
Does anyone have any experience with using a script in order to get around this issue and write the cookie data to my log file....or as an alternative can people recommend a good hosting company which enables this functionality?
BlueHost has generally worked fine, so a work-around would be preferred, but if needed I may switch.
I have put an Access database inside an access_db folder on Godaddy and written some .asp pages that query it. I am trying to make sure that I take necessary precautions against hackers reading or even writing to the database. Maybe someone can give some remarks about whether any of these concerns are realistic, and if so, why and what I could do about it?
1) Could someone somehow navigate directly to the database and read or write to it (the access_db folder seems to have no read/write permissions as set by default by Godaddy, but how secure is that?)
2) I permit entry through use of a a userid and password that are looked up in an mdb in the same folder (not listed in the html itself). If there’s a match, I store the userid as a session cookie. Then, to visit any other pages, each page first checks to see if the cookie is empty before proceeding. Is it possible for someone to set the cookie themselves and thus break through (can a cookie be set manually?) If so, would it help if I mandated that the cookie be set to something specific (right now it just has to be non-blank) or can they find out what the cookie should be set to as well?
I have a disk in raid, but it seems raid is not working correctly. I took it out, and plug into another server without raid. However, fdisk shows error
Quote:
#fdisk /dev/sdb device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel Building a new DOS disklabel. Changes will remain in memory only, until you decide to write them. After that, of course, the previous content won't be recoverable.
The number of cylinders for this disk is set to 20023. There is nothing wrong with that, but this is larger than 1024, and could in certain setups cause problems with: 1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs (e.g., DOS FDISK, OS/2 FDISK) Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite)
Command (m for help):
Should I correct the partition table now, or should I put it in another raid for checking?
One of my clients has two members of staff each with their own email addresses and mailboxes, working in separate locations. What they would like is to share incoming email enquiries to both of their addresses, so each sees the others mail. I'm thinking in cPanel I can set this up with forwarding so for example email to fred@widgets.com is forwarded to tom@widgets.com and vice versa, but will this set up a feedback loop? Or will cPanel know not to forward mail again that's already been forwarded?
My second question is that they also need some method of knowing if the other person has already dealt with an enquiry, so they don't end up both responding to the same email. They don't mind doing this manually by dragging messages into a separate "dealt with" folder when answered or suchlike, as long as they both can see what the other has dealt with. Does anyone know how to achieve this? They both use Outlook as their clients.
I would like to know how to allow customers to use their own php.ini file. I have had hosts in the past that allowed you to use a custom php.ini file so long as you put it in every directory that you would need to use it.
I was just trying to figure out how this is done as I am new to all of this and trying to learn.
I'm using CentOS 5, Cpanel/WHM with php as cgi, when i try to put a php.ini file to to custom php for one account and it overwrite main setting on our server, someone use this bug to run c99 and try local attack other account, i've try fix this problem by edit /opt/suphp/etc/suphp.conf and set phprc_paths to /usr/local/lib/. But when i do this, php.ini in my custom account doesnt work any more... How can i custom php for one account and it not effect to main setting to prevent local attack?
I have a reseller account on a server, and I have a client who needs to used a custom php.ini file to set the session.save_path variable. He has created this file and placed in the public_html folder, but this path still comes up as 'No Value' and the Configuration File Path still reads '/usr/local/Zend/etc/php.ini '.
What do I need to do to get this site to read from the correct php.ini file? I tried setting this in the .htaccess file, to no avail.
We just got a dedicated server, my first time messing with anything dedicated though I've had WHM before. I have 4 domains I'd like to setup to point to this. But I'd prefer our company URL to host the name servers. Domains are registered through enom who will allow me to setup the name servers.
I'm trying to use the "Nameserver IPs" section in WHM to setup the name servers but it just sits and "works" but never actually finishes. Does my company URL need to be pointing to the server before doing this?
