Someone seems to be flooding our HTTP server somehow. We use the latest version of Apache on Windows.
Is there any Windows modules that can filter the total amount of IP connections, or something built into Windows that could filter this?
Server Version: Apache/2.2.22 (Unix)
On our production service, we've been getting numerous malformed POST requests to some of our CGI scripts that are showing up as 500 errors in our logs. They are malformed in the sense that the actual content length doesn't match the Content-Length specified in the request.
Here's the most trivial example I can come up with that reproduces the problem for us:
POST /some_valid_alias HTTP/1.1
Host: example.org
User-Agent: Arbitrary/1.0
Content-Type: multipart/form-data; boundary=---------------------------41184676334
Content-Length: 769
-----------------------------41184676334
In addition to the 500 error in the access log, we see the corresponding error in the error log:
(70014)End of file found: Error reading request entity data
Based on the nature of the POST request and the error response, it does appear that Apache is doing the right thing here.
The POST never actually makes it as far as the script being targeted (/some_valid_alias in the above example); in other words, Apache returns 500 to the client, writes the error to the error log and never executes the script.
Is there a way to capture/avoid internal Apache errors like 70014, and return some other HTTP status besides 500 (like 403)? It's particularly annoying in our case, because our server sends us an email for all 500 errors.
So far, our best "defense" against these 500 errors is to disallow POST for these aliases, which normally just ignore the POST data anyway (when the request is not malformed):
RewriteCond %{REQUEST_METHOD} ^POST$
RewriteRule ^/(some_valid_alias)(.*)$ $1$2 [R]
But this won't work for all our scripts, because in some cases we do want to permit POST.
Well I've tried Staminus and Awknet and they both just seem to rate-limit if I get like 300MBIT SYN, is there any provider that won't just rate-limit but will actually filter the attack for around $200/mo?
View 7 Replies View RelatedI have been faced with a packet flooding issue.
Quick scenario, I run a few public game servers, and we have had a member go insane.
This member has been using a piece of software, to do a simple DDoS attack, and when they perform this attack, it laggs everybody out, and takes down the individual game server.
While this is occurring, I have been watching with a network analyzer program, and noticed the packets go sky high (from 4.4k to 150k+).
So, I am in need of a quick, piece of software that can block flood attacks, or whatever is going on.
my new server performs strange
I checked /var/log/messages
there are full of these messages
possible SYN flooding on port 80. Sending cookies.
kernel: printk: 84 messages suppressed.
kernel: nf_conntrack: table full, dropping packet.
my site is a huge site, thousands of ppl online
I think i am not been attacked, but kernel think so.
How to resovle this problem.
How can I stop netfilter from kernel
kernel:@2.6.22.1-32.fc6
2 xoen 2.8g, 2gb ram, 73gb scsi hd
I'm in the process of trying to pin down a couple errors I've been running into, and after installing and configuring SSL I have occasionally been receiving the following error:
View 2 Replies View RelatedSuddenly on a particular website (possibly following an easyapache php minor version update) if I specify a folder rather than a specific file I get a 503 response.
If I do the same on https it's ok. But http always gets a 503.
If I specify a file it's fine, but the folder always hits a 503.
I have removed the htaccess file and php.ini to rule that out and indeed they weren't factors - it seems like it goes wrong before reading the htaccess file.
My website has been under a constant Syn Flood DoS attack for the past few days. However, the attack originates from a single IP address that changes every few hours (Possibly a syn flood script with IP spoofing capabilities).
The Syn Flood attack isn't creating any spike whatsoever in my usage graphs, however, its still rather annoying. What firewall should I use to combat the DoS attack?
I have two domains that are sharing one IP address. One site is meissenation.com and the other is mifbody.com.
My httpd.conf file looks like this: ...
Does anyone know if there is an Apache directive where you can have Apache call a script on HTTP PUTs to a specific location and also for HTTP GETs?
View 0 Replies View RelatedI keep hearing that redirecting from http to https is not very secure [non-SSL to SSL]. Among other reasons, one reason is that the browser may continue to think it is communicating with non secure server and may not encrypt the data. Is it true? I hope not, I am using the following -
<VirtualHost 12.34.567.89:80>
ServerName www.mysite1234.com:80
Redirect / https://www.mysite1234.com/
</VirtualHost>
its possible to do a P2V migration of a Apache http server 2.2
Present environment:
Windows 2003
Apache http server 2.0.63
There are 2 webservers (running Apache) for load balancing. The backend server runs an application which uses an oracle database. Is a P2V migration of the web servers possible?
I made the idiotic move of not making a backup of the default configs and now I can't access my http website externally. ssl works fine, but I need http to work too.
View 3 Replies View RelatedI was trying to set up a JBoss cluster with apache httpd mod cluster in windows.I was able to start the apache using the command 'httpd. exe'. But when I tried to access it using localhost:6666/mod_cluster_manager , the page was not accessible.I have the entry 127.0.0.1 localhost in my hosts file.
The http.conf contains lines as given below:
# MOD_CLUSTER_ADDS
# Adjust to you hostname and subnet.
<IfModule manager_module>
Listen 127.0.0.1:6666
ManagerBalancerName mycluster
<VirtualHost 127.0.0.1:6666>
[code]....
I'm using a turnkey image for smallmachineforum system, installed on amazon aws instance.
In the default configuration I can't use the http version of the site, only the https.
It does not seem to be a network issue, a telnet on port 80 opens.
The server is apache version 2.2.22, on a Debian 3.2.57-3+deb7u2 x86_64
I am trying to find out if redirecting an https URL to an http URL will still provide the security of the original https? Should the page information for the redirected http page show it as being unencrypted or shouldn't it have the same encryption as the original https?
View 3 Replies View RelatedI made a thread about this in programming as I was trying to figure it out but I ended up tweaking dos deflate a lil and got it working. Tried and tested as well during low bandwidth syn flood. Keep in mind if you are having massive syn attacks then most of it will have to be filtered on the network level. I have filtering from staminus on my server, this is just for the low bandwidth stuff that gets through.
Syn-deflate is just a name I came up with as it is based on dos-deflate, only a few changed features. I dont know how medialayer would feel about me modifying their script this way I know they got lisence and copywrite on it. Guess I will talk to them about that before any official release.
especially about the csf version.
So I always have used some dos deflate features to monitor dos in my servers, just the netstat command. This one:
Code:
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
Today, got a syn flood coming through, low bandwidth, etc. Each ip connecting under the tracking limit for csf. So I tweaked the netstat command a lil bit and I was able to see what ips were sending syn and how many times.
Like this:
Code:
netstat -ntu | grep SYN_RECV | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr
So I figured it would be very handy to ban ips sending over so many SYN_RECV connections at once. So I took dos deflate and tweaked it a lil. Made this to work with csf. Only problem on csf is there is no unban command, only whitelist so I just had it do csf -d again on the unban command, This would give an error and would not unban the ip but you really dont need to unban it so soon.
With apf it works perfectly on unbanning. Works just like dos deflate but bans syn flooders not connection flooders. You could even use this along with dos deflate. I am using it along side of csf and the connection tracking feature no problem.
I plan on releasing some what of an official version too along with some other tools to monitor and stop dos. So whoever is interested or can offer some advice let me know.
For those who wanna give it a try:
For the CSF version:
To install:
Code:
wget[url]
To uninstall
Code:
wget [url]
For the Apf and Generic Iptables version:
To install
Code:
wget [url]
To uninstall
Code:
wget [url]
uninstall.synd ; ./uninstall.synd
I didnt get to try the apf version out much but have used the csf version all day with no issues
Note to makers of dos-deflate: Im not too keen on all this licensing stuff or what I am supposed to do when I modify someone else script so let me know what I need to do to keep from making anyone mad.
I installed apache, mysql, php on my windows vista laptop, and want to test http downloading. This means when selecting a file (for example, contact.php) from a page, and then click download, it will be downloaded to my desktop.
Do we need to install any other softwares to do that?
We are getting the below message produced in error.log when accessing from mobile application. Even I have updated apache from 2.4.9 to 2.4.10 also. Still facing the same error like below.
[Thu Jul 31 15:27:10.934564 2014] [ssl:error] [pid 12000:tid 6520] AH02032: Hostname teampark3.sogeti.com. provided via SNI and hostname teampark3.sogeti.com provided via HTTP are different
How to resolve the issue?
The problem is that HTTP file download speed is nearly 10 times lower than FTP download speed. What could be limiting it? It's about 7Mb for FTP and 70-100Kb for HTTP. Strangely, download speed is OK when browsing from the server itself (e.g. via RDP)
View 2 Replies View RelatedI have an Xitami server and am migrating to apache httpd. I have the regular server working fine. I tried configuring ssl, but no requests are coming through. I know 443 is open on the router because it works fine under Xitami. I checked the logs and it si starting fine. I am attaching my httpd.conf and the startup log. If I try to access the website using https, it just times out and nothing goes in the log file. I replaced my domain with domain.com. I have tried many different examples, but cannot get it to work and am not sure what to do.
View 5 Replies View RelatedI want to run an HTML webpage that accesses an MP3 resource that's also on my website. However, I only want the webpage to have access to the file and block access from those attempting to access the file directly. That leaves me with two options:
1. Block access through the Apache configuration so that only my Webserver can access the resource, or
2. Hide the URL in the code.
How I can go about doing this?
I have to create a structure in which there is a client, a server and an authentication authority.
The authentication authority verifies the identity of both the client and server before they can communicate, so that the client can access the content offered by the server. Everything must be made using HTTP with SSL (HTTPS).
For now I have installed xampp on my pc with ubuntu, I performed the initial configuration and was able to view a test page locally hosted by entering the URL of the virtual server "www.server.it" (added to the configuration of apache2).
I have a custom software that runs it's own webserver. I then found instructions on how to use apache2 as a proxy that will enable ssl for that site. (long story short, my custom software doesn't support ssl and it's not an option)
View 2 Replies View RelatedI recently got a SSL-certificate for my website. Now the old links to my website (using only http) doesnt work, the visitors just getting redirected to my index page. How can I change my .htaccess so both http and https works, but keep https as the preferred? Or even better, redirect old http links to https? I'm not using www.
My current .htaccess:
RewriteCond %{HTTPS} off
RewriteRule (.*) https ://%{HTTP_HOST}%{REQUEST_URI}
i want to redirect main domain http //, www request to https://
i added this code
RewriteCond %{HTTPS} off# First rewrite to HTTPS:# Don't put www. here. If it is already there it will be included, if not# the subsequent rule will catch it.RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]# Now, rewrite any request to the wrong domain to use www.RewriteCond %{HTTP_HOST} !^www.RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Apache2.4.6
apr-1.4.8
openssl-1.0.1c
arm-linux-gcc4.4.4
Recently I cross compiled Apache2.4.6 to run in my ARM cpu, and I found that http can work well if only it's own port such as 80 is listened, but if add one more port to be listened in conf file, http fails. That means http is good, but after https is on, http stop working and https is good. At the same time, I built the same apache2.4.6 in X86 gcc4.6.1, http and https can both work well. In addition, I also tried apache1.3.33 in the same ARM system, http and https can work well too. It seems like that in apache2.4.6, http can't work well if there is one more port listened in ARM system. Actually http port is listening and is established when using netstat to monitor it.
root@freescale /usr/local/apache/bin$ netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 :::www :::* LISTEN
tcp 0 0 :::443 :::* LISTEN
tcp 0 0 (null):www (null):3705 ESTABLISHED
tcp 0 0 (null):443 (null):3720 ESTABLISHED
I am using an apache reverse proxy :
httpd -version
Server version: Apache/2.2.15 (Unix)
Server built: Oct 16 2014 14:48:21
In front of an internet liferay server, I m forcing https connexion and my reverse proxy is the SSL endpoint, and it is working fine.
But inside the liferay page there are "http" link to other webserver, and browser are refusing to load them because they are http and not https.
Is there a way in the reverse proxy to rewrite "on the fly" "http" link to "https" so that everything would be load on the browser ?
I was thinking mod_proxy_html but it doesn't seams to do what I want.
I want to rewrite my all site urls from http to https and also preserve URL canonicalation like all url redirected to http://www. How to achieve this goal?
View 1 Replies View RelatedI'm trying to set up password protection on an Apache HTTP server, and it's not working.
First, the environment: Apache 2.4.4 installed with XAMPP Control Panel 3.2.1 under Windows 7 Professional.
http.config says "AllowOverride All."
The .htaccess file in the protected directory says:
Code:
htpasswd -c .htpasswd samples
htpasswd prompted me for the password twice, and I entered it twice. When it quit I had a file named .htpasswd in the subsidy directory. I typed it and its contents looked correct according to the examples I've seen.
Then I restarted Apache and tried to load a page from the directory. The browser simply prompted me for the username and password over and over.
The Apache error log says, "AH01617: user samples: authentication failure for "/subsidy/filename.html": Password Mismatch."
I deleted the .htpasswd file and ran htpasswd again, specifying a different (very simple) password. I also confirmed that caps lock was not on both before and after. I restarted the server, tried to load a page, and got the same problem.
Apache seems to think I'm entering the wrong password, but that seems impossible when I've just defined it myself -- and I've tried twice, intentionally choosing a very simple password the second time. If the message means what it says, the cause must be something very different from the obvious one.