Apache :: Secure Page Can Be Cached
Dec 18, 2013
When running OWASP ZAP web security tool, I get the following flag: Secure page can be cached in browser. Cache control is not set in HTTP header nor HTML header. Sensitive content can be recovered from browser storage.
I was surprised since i had the no cache header in both html code and httpd header.
After investigating the flag, i noticed that the response was a generic 302 found error response from Apach (located in apache/src/modules/http/http_protocol.c).
I have added a patch to code when adding the cache-control & pragma html headers with no-cache - and that had solved the security flag (patch attached).
full response given:
header:
HTTP/1.1 302 Found
Date: Sat, 30 Nov 2013 10:44:40 GMT
Server: Apache
X-Frame-Options: DENY
Location: https://*****
Content-Length: 376
Content-Type: text/html; charset=iso-8859-1
body:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://******">here</a>.</p>
<hr>
<address>Apache Server at 10.209.0.81 Port 443</address>
</body></html>
In conclusion:
Issue is "Secure page can be cached in browser." (found by owasp zap) for https page response "302 Found" from Apache.
View 1 Replies
ADVERTISEMENT
Jan 5, 2015
I want to permanent redirect some .html page from subdomain to main domain WordPress page,Redirect permanent /cat/FSBO76.URL....
View 1 Replies
View Related
Jun 1, 2007
I am having an issue where I have a server that Directadmin is installed on. I go to the a url that is on the server and all i see is the default page of apache saying congrats, it is installed. Although there is no file like that in the public_html any longer and I can see my files in the public_html folder of that specific site.
View 6 Replies
View Related
Sep 8, 2007
Is anyone have a ebook or article about secure linux server and apache .
I want to secure own server and my vps customer
my linux system : Centos
also i have cpanel control panel
View 3 Replies
View Related
May 17, 2009
way to secure apache from ddos attack's on centos 5.3.
View 7 Replies
View Related
Dec 20, 2007
you can find a article to "20 ways to Secure your Apache Configuration" in this link:
[url]
I have a problem after change permissions :
chown -R root:root /usr/local/apache
chmod -R o-rwx /usr/local/apache
after run above commands when I trying to restart apache show me this error:
Warning: SuexecUserGroup directive requires SUEXEC wrapper.
View 0 Replies
View Related
Aug 24, 2007
I have a dedicated server with 1gb ram, now I see 468.02 MB used for Cached memory, this is the first time. Why could this be? I have not changed any settings except for turning off safe mode for an account.
View 6 Replies
View Related
May 28, 2009
We renewed our SSL certificate about two weeks before it expired, and pushed the new one to our servers.
All has worked well, but a very small percentage of users are complaining that they're seeing errors that the certificate is expired.
Is there some browser or something that would cache the old certificate client-side even past its expiry?
View 2 Replies
View Related
Feb 8, 2007
Using version 0.9.5 with the default settings. The cache fills up the shared memory in less than a day. I noticed the cached script is stuck at 176, what happens after this? Will it cache content to disk in the temporary folder (/tmp/eaccelerator/) when the shared memory is full?
View 0 Replies
View Related
May 26, 2009
I have bough a dedicated server with 2GB Ram, i have installed Hypervm and so surpise when my server is using most of my memory.
I type cat /proc/meminfo
[root@srv ~]# cat /proc/meminfo
MemTotal: 1784832 kB
MemFree: 47576 kB
Buffers: 62976 kB
Cached: 1454172 kB
SwapCached: 84 kB
Active: 251024 kB
Inactive: 1347412 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 1784832 kB
LowFree: 47576 kB
SwapTotal: 2097144 kB
SwapFree: 2096988 kB
Dirty: 96 kB
Writeback: 0 kB
AnonPages: 81324 kB
Mapped: 26076 kB
Slab: 62488 kB
PageTables: 8844 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
CommitLimit: 2989560 kB
Committed_AS: 416152 kB
VmallocTotal: 34359738367 kB
VmallocUsed: 2252 kB
VmallocChunk: 34359735799 kB
Is this normal when Cached: 1454172 kB?
View 3 Replies
View Related
Aug 7, 2008
I recently reorganized my music site, putting my songs in their own directory (off of public_html), and now a couple of search engines are generating a boatload of 404 errors.
Can I redirect the file requests to the new location and, if so, how?
View 3 Replies
View Related
Dec 24, 2007
Our servers Shared IP seems to be loading the first domain name in the httpd.conf file as the servers default page.
I want to change the default page to either our main domain or to the apaches "success!" default webpage.
We're using cpanel. I'm unsure why it's loading the first domain when you load the IP.
It used to load properly but for some odd reason stopped working. I suspect a cpanel update was the culprit.
View 2 Replies
View Related
Mar 19, 2007
Sometime Apache Test Page opened insted to Home page of website, also sometime Network TCP/IP error occured to same site.
I didn't change any setting of httpd.conf last period. also because this problems manily happened in countries which access internet via proxy I check site via [url] and it's working fine
View 4 Replies
View Related
Mar 23, 2009
As many of you may know mod_cache does not cache directory index
files, this can be fixed with mod_rewrite but the index page of the domain (the homepage) seems to be impossible to cache it. The following rules cache the folders but not the homedir (this means that www.thedomain.com/folder is cached but www.thedomain.com is not):
DirectorySlash Off
RewriteEngine On
RewriteCond %{REQUEST_URI} ([^.*])
RewriteCond "%{DOCUMENT_ROOT}%{REQUEST_URI}/index.htm" -f
RewriteRule "^(.*)$" "$1/index.htm" [NC,L]
RewriteCond %{REQUEST_URI} ^([^.*])$
RewriteCond "%{DOCUMENT_ROOT}%{REQUEST_URI}/index.html" -f
RewriteRule "^(.*)$" "$1/index.html" [NC,L]
RewriteCond %{REQUEST_URI} ^([^.*])$
RewriteCond "%{DOCUMENT_ROOT}%{REQUEST_URI}/index.php" -f
RewriteRule "^(.*)$" "$1/index.php" [NC,L]
Note that DirectorySlash should be off (or mod_dir not loaded) in
order to work also with URL that end with no slash
As I said before this will work for any folder but it does not work for public homedir
directory. So when a user visit [url] it does not
work (unless you type the name of the index file: [url]
For me it is critical to make this work in someway, the index homepage
is the main page that needs to be cached in my case (and in many
others).
Do you know any solution for this? I found the first message about
this in the Internet in 2002 but I'm using last version of apache
httpd and still does not work.
If you have no idea about how to fix it, maybe you know some other easy alternative. Lighttpd + mod_cache + mod_deflate are not compatible: "mod_cache can be used in conjunction with other lighttpd plugins (except mod_deflate and mod_secdownload)"
View 0 Replies
View Related
Mar 5, 2008
Im using AJAX on my site and i need to access a seperate server instance on a different port. AJAX wont allow me to do that so i want to use Apache as a proxy but only for one page.
View 4 Replies
View Related
Nov 15, 2008
I am just checking apache status page in WHM
View 1 Replies
View Related
Feb 19, 2014
I'm trying to get code to go in a .htaccess file that when a specific IP tries to get a specific page, he/she is redirected to another page.
I have tried many variants of this code below ...
Code:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} ^12.345.678.90$
RewriteCond %{REQUEST_URI} /requested-page.html$
RewriteRule .* /redirect-to-this-page.html [R=301,L]
... and nothing works. My webserver gets hosed, and my otherwise working system gives me an error when I try to get a page from it. I am, by the way, using Mac 10.6.8, with Apache 2.2 on both server and client.
What will work??
View 6 Replies
View Related
Mar 18, 2014
There is a page on a separate SharePoint environment, under http://domain.edu/yyy/yyy/yyy/yyy. We have a subdomain called http://123.domain. edu . We need the home page of http://123.domain,edu to point to the SharePoint site, so when users type http://123.domain.edu , they are redirected to http://domain.edu/yyy/yyy/yyy/yyy.
The trick is this - we need all sub-directories NOT to redirect. So, whatever is under http://123.domain.edu/subdirectory should not redirect at all. Is this doable? Also, if it is, I have no clue where to go to make any changes, so any instructions would be great. So far, I have found the text file httpd.conf that I can edit, but I have no clue about the rest.
View 1 Replies
View Related
Mar 13, 2015
I want to add an advertising banner to every web page served.
The problem is I cannot seem to make the OutputSed command recognise absolute paths. I can make it work with a relative path for both the image and the <a> href, but not absolute, which is awkward as the webite wiill have different directories for content created by FTP for hosting results of different tournaments.
This is what I have in my vhost.conf file for the banner image:
Code:
<Directory "/var/www/fencing-results.co.uk">
Options Indexes FollowSymLinks
AllowOverride all
Order allow,deny
Allow from all
AddOutputFilter Sed htm
OutputSed "s/<body>/<body><img src="/var/www/fencing-results.co.uk/banner.jpg">/g"
</Directory>
View 5 Replies
View Related
Aug 20, 2005
I'm hoping to redirect visits to any page in an old directory to the index page of a new directory.
In other words, redirect:
[URL] ....
[URL] ....
Is this possible? If so, how could I do it?
In my .htaccess I currently have:
Code :
RedirectPermanent /facts/ http://www.domain.com/newfacts/
but this only redirects the index page.
View 19 Replies
View Related
May 9, 2013
I can't access to some alias page by URL....
(getting 403 - Forbidden) but i can by https - [URL] ....
Code:
<VirtualHost 10.7.10.10:80>
ServerName mydomain.com
ServerAlias www.mydomain.com
DocumentRoot "c:/Apache24/htdocs"
Alias /static "d:/static"
[Code] .....
Code:
<VirtualHost 10.7.10.10:443>
DocumentRoot "C:/Apache24/htdocs"
ServerName domain.com
ServerAlias www.domain.com
SSLEngine on
[Code] .....
What could be wrong as the config is exactly the same for both VirtualHosts
View 3 Replies
View Related
May 12, 2015
Wordpress installation (WPML with 3rd level domain es. site. com, fr. site. com).I need to redirect page from old subdomain to a new subdomain
Example:
esp.site.com/oldpage -> es.site.com/newpage (different subdomain)
esp.site.com/oldpage1 -> es.site.com/newpage
esp.site.com/oldpage2 -> es.site.com/newpage
Source site is very chaotic (static pages + wp pages) and there are no clear rule for redirection (no regex ).So I need to redirect every single page but syntax:
Redirect 301 esp.site.com/oldpage http:// es.site.com/newpage doesn't work!I think "esp.site.com" in source page is not acceptable syntax..which is the correct syntax ? Can I manage all from one .htaccess file in main root (www) or should I create "esp" directory (and point old subdomain to it - one for every language) and put .htaccess in every directory with redirection ?
View 1 Replies
View Related
Jun 5, 2013
Server version: Apache/2.2.22 (Unix)
Server built: Dec 9 2012 18:57:18
OS/X 10.8.4
I am trying to run a shell program to generate a web page. When I enter it as test.cgi, it does exactly what I expect. When I enter it as test.sh
View 2 Replies
View Related
Nov 10, 2014
a question on mod_proxy. We're using mod_proxy as a simple reverse proxy (ProxyPass & ProxyPassReverse) to reverse-proxy various back-end PHP and Mono/.NET apps.
One problem we see is that when the back-end PHP app suffers an error (e.g. a 404 or 500) , then mod_proxy ignores the nicely-formatted custom error page served up by our PHP app, and instead serves a very plain generic mod_proxy 404 or 500 error page back to the client. Is there a way to configure mod_proxy to serve up the 500/404 error page content which is created by the back-end app ?
(We thought ProxyErrorOverride might work, but it seems to be intended for the opposite scenario, where I want to *ignore* the 404 page content from the back-end and show a mod_proxy-defined error page instead.We're using apache 2.2 on 64-bit CentOS 6.5 ( httpd-2.2.15-31.el6.centos.x86_64 )
Config like:
...
ProxyPass /abc/ http://server4/abc/
ProxyPassReverse /abc/ http://server4/abc/
View 1 Replies
View Related
Apr 10, 2015
I need to create a redirect to a non existing page.
Here is my code and the site is on shared hosting
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteRule ^index2.php#!(.*)$ /index2.php/$1 [R=301,L]
</IfModule>
This would be [URL] ....
I would like to redirect Every request with "#!string" to new url (same page) - [URL] ....
I know that the code above needs
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
to be added but it doesnt even makes the redirect to 404. The url doesn't change.
View 8 Replies
View Related
Mar 1, 2013
I am using Apache 2.2.22 on Windows Server 2003 64 Bit, using PHP 5.2.17. System Specs are 4 x 2.0 Ghz processor, 4 GB of Ram.
I'm noticing when I load my website [URL] .... there is about a 2000ms delay before the page starts to load.
How can I make Apache load faster?
View 1 Replies
View Related
Dec 14, 2014
I have the following code in my .htaccess file to block an IP from accessing a file on my site and it works fine.
<Files mypage.html>
Order Deny,Allow
Deny from XXX.XXX.XXX.XXX
</Files>
Is there a way to block an IP from accessing a page (e.g., mydomain.com/mypage/)?
View 3 Replies
View Related
Feb 16, 2014
I'm looking for a way to add a script in the header tag of a web page without using a CMS or anything like that.it should be the first script that is running when the page is rendered.I'm running Apache 2.2.25 and Tomcat 7.0.50 - both Win32 versions.
There are two reasons for an approach like that.
(1) - I expect it to work regardless the CMS I'm working with; the same expectation is for Tomcat and Java applications.
(2) - I'm able to start this as early as possible => includes monitoring the performance of the CMS itself.
View 6 Replies
View Related
Apr 30, 2015
I recently configured a Centos 6.5 server with Java JDK1.8 and the bundled Tomcat server X64 application. I confirmed the web server port is not already in use and also installed the Tomcat APR libraires. The application starts fine and all the logs show no severe errors however when I navigate to te URL I see a blank page. All the configuration files are in tthe correct place and whether I use just :8080 or /licenseserver the page is still blank. If I run the element inspector in the browser it shows 404 file not found.
View 2 Replies
View Related