Apache :: Secure Page Can Be Cached

Dec 18, 2013

When running OWASP ZAP web security tool, I get the following flag: Secure page can be cached in browser. Cache control is not set in HTTP header nor HTML header. Sensitive content can be recovered from browser storage.

I was surprised since i had the no cache header in both html code and httpd header.

After investigating the flag, i noticed that the response was a generic 302 found error response from Apach (located in apache/src/modules/http/http_protocol.c).

I have added a patch to code when adding the cache-control & pragma html headers with no-cache - and that had solved the security flag (patch attached).

full response given:
header:
HTTP/1.1 302 Found
Date: Sat, 30 Nov 2013 10:44:40 GMT
Server: Apache
X-Frame-Options: DENY
Location: https://*****
Content-Length: 376
Content-Type: text/html; charset=iso-8859-1

body:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://******">here</a>.</p>
<hr>
<address>Apache Server at 10.209.0.81 Port 443</address>
</body></html>

In conclusion:
Issue is "Secure page can be cached in browser." (found by owasp zap) for https page response "302 Found" from Apache.

View 1 Replies


ADVERTISEMENT

Apache :: Redirect Some HTM Page To WordPress Page Without Path And Query String

Jan 5, 2015

I want to permanent redirect some .html page from subdomain to main domain WordPress page,Redirect permanent /cat/FSBO76.URL....

View 1 Replies View Related

Installed Apache And PHP Only Seeing Default Apache Page

Jun 1, 2007

I am having an issue where I have a server that Directadmin is installed on. I go to the a url that is on the server and all i see is the default page of apache saying congrats, it is installed. Although there is no file like that in the public_html any longer and I can see my files in the public_html folder of that specific site.

View 6 Replies View Related

Secure Apache Server

Sep 8, 2007

Is anyone have a ebook or article about secure linux server and apache .

I want to secure own server and my vps customer

my linux system : Centos

also i have cpanel control panel

View 3 Replies View Related

How Do I Secure Apache From Ddos Attack's

May 17, 2009

way to secure apache from ddos attack's on centos 5.3.

View 7 Replies View Related

20 Ways To Secure Your Apache Configuration

Dec 20, 2007

you can find a article to "20 ways to Secure your Apache Configuration" in this link:
[url]

I have a problem after change permissions :
chown -R root:root /usr/local/apache
chmod -R o-rwx /usr/local/apache

after run above commands when I trying to restart apache show me this error:
Warning: SuexecUserGroup directive requires SUEXEC wrapper.

View 0 Replies View Related

Cached Memory

Aug 24, 2007

I have a dedicated server with 1gb ram, now I see 468.02 MB used for Cached memory, this is the first time. Why could this be? I have not changed any settings except for turning off safe mode for an account.

View 6 Replies View Related

Users With Old SSL Certificates Cached

May 28, 2009

We renewed our SSL certificate about two weeks before it expired, and pushed the new one to our servers.

All has worked well, but a very small percentage of users are complaining that they're seeing errors that the certificate is expired.

Is there some browser or something that would cache the old certificate client-side even past its expiry?

View 2 Replies View Related

Eaccelerator Cached Scripts

Feb 8, 2007

Using version 0.9.5 with the default settings. The cache fills up the shared memory in less than a day. I noticed the cached script is stuck at 176, what happens after this? Will it cache content to disk in the temporary folder (/tmp/eaccelerator/) when the shared memory is full?

View 0 Replies View Related

Cat /proc/meminfo Cached Value Too High

May 26, 2009

I have bough a dedicated server with 2GB Ram, i have installed Hypervm and so surpise when my server is using most of my memory.

I type cat /proc/meminfo
[root@srv ~]# cat /proc/meminfo
MemTotal: 1784832 kB
MemFree: 47576 kB
Buffers: 62976 kB
Cached: 1454172 kB
SwapCached: 84 kB
Active: 251024 kB
Inactive: 1347412 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 1784832 kB
LowFree: 47576 kB
SwapTotal: 2097144 kB
SwapFree: 2096988 kB
Dirty: 96 kB
Writeback: 0 kB
AnonPages: 81324 kB
Mapped: 26076 kB
Slab: 62488 kB
PageTables: 8844 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
CommitLimit: 2989560 kB
Committed_AS: 416152 kB
VmallocTotal: 34359738367 kB
VmallocUsed: 2252 kB
VmallocChunk: 34359735799 kB

Is this normal when Cached: 1454172 kB?

View 3 Replies View Related

Redirect Cached Search Engine To New Dir

Aug 7, 2008

I recently reorganized my music site, putting my songs in their own directory (off of public_html), and now a couple of search engines are generating a boatload of 404 errors.

Can I redirect the file requests to the new location and, if so, how?

View 3 Replies View Related

Apache Default Page

Dec 24, 2007

Our servers Shared IP seems to be loading the first domain name in the httpd.conf file as the servers default page.

I want to change the default page to either our main domain or to the apaches "success!" default webpage.

We're using cpanel. I'm unsure why it's loading the first domain when you load the IP.

It used to load properly but for some odd reason stopped working. I suspect a cpanel update was the culprit.

View 2 Replies View Related

Apache Test Page

Mar 19, 2007

Sometime Apache Test Page opened insted to Home page of website, also sometime Network TCP/IP error occured to same site.

I didn't change any setting of httpd.conf last period. also because this problems manily happened in countries which access internet via proxy I check site via [url] and it's working fine

View 4 Replies View Related

Mod_cache Does Not Cache The Homepage But The Rest Is Cached

Mar 23, 2009

As many of you may know mod_cache does not cache directory index
files, this can be fixed with mod_rewrite but the index page of the domain (the homepage) seems to be impossible to cache it. The following rules cache the folders but not the homedir (this means that www.thedomain.com/folder is cached but www.thedomain.com is not):
DirectorySlash Off
RewriteEngine On
RewriteCond %{REQUEST_URI} ([^.*])
RewriteCond "%{DOCUMENT_ROOT}%{REQUEST_URI}/index.htm" -f
RewriteRule "^(.*)$" "$1/index.htm" [NC,L]
RewriteCond %{REQUEST_URI} ^([^.*])$
RewriteCond "%{DOCUMENT_ROOT}%{REQUEST_URI}/index.html" -f
RewriteRule "^(.*)$" "$1/index.html" [NC,L]
RewriteCond %{REQUEST_URI} ^([^.*])$
RewriteCond "%{DOCUMENT_ROOT}%{REQUEST_URI}/index.php" -f
RewriteRule "^(.*)$" "$1/index.php" [NC,L]

Note that DirectorySlash should be off (or mod_dir not loaded) in
order to work also with URL that end with no slash

As I said before this will work for any folder but it does not work for public homedir
directory. So when a user visit [url] it does not
work (unless you type the name of the index file: [url]

For me it is critical to make this work in someway, the index homepage
is the main page that needs to be cached in my case (and in many
others).

Do you know any solution for this? I found the first message about
this in the Internet in 2002 but I'm using last version of apache
httpd and still does not work.

If you have no idea about how to fix it, maybe you know some other easy alternative. Lighttpd + mod_cache + mod_deflate are not compatible: "mod_cache can be used in conjunction with other lighttpd plugins (except mod_deflate and mod_secdownload)"

View 0 Replies View Related

Apache: Setup A Proxy For One Page

Mar 5, 2008

Im using AJAX on my site and i need to access a seperate server instance on a different port. AJAX wont allow me to do that so i want to use Apache as a proxy but only for one page.

View 4 Replies View Related

Checking Apache Status Page In WHM

Nov 15, 2008

I am just checking apache status page in WHM

View 1 Replies View Related

Apache :: IP And Page Specific Redirect?

Feb 19, 2014

I'm trying to get code to go in a .htaccess file that when a specific IP tries to get a specific page, he/she is redirected to another page.

I have tried many variants of this code below ...

Code:

RewriteEngine On
RewriteCond %{REMOTE_ADDR} ^12.345.678.90$
RewriteCond %{REQUEST_URI} /requested-page.html$
RewriteRule .* /redirect-to-this-page.html [R=301,L]

... and nothing works. My webserver gets hosed, and my otherwise working system gives me an error when I try to get a page from it. I am, by the way, using Mac 10.6.8, with Apache 2.2 on both server and client.

What will work??

View 6 Replies View Related

Apache :: Set Redirects For Home Page Only

Mar 18, 2014

There is a page on a separate SharePoint environment, under http://domain.edu/yyy/yyy/yyy/yyy. We have a subdomain called http://123.domain. edu . We need the home page of http://123.domain,edu to point to the SharePoint site, so when users type http://123.domain.edu , they are redirected to http://domain.edu/yyy/yyy/yyy/yyy.

The trick is this - we need all sub-directories NOT to redirect. So, whatever is under http://123.domain.edu/subdirectory should not redirect at all. Is this doable? Also, if it is, I have no clue where to go to make any changes, so any instructions would be great. So far, I have found the text file httpd.conf that I can edit, but I have no clue about the rest.

View 1 Replies View Related

Apache :: How To Add Advertising Banner To Every Web Page

Mar 13, 2015

I want to add an advertising banner to every web page served.

The problem is I cannot seem to make the OutputSed command recognise absolute paths. I can make it work with a relative path for both the image and the <a> href, but not absolute, which is awkward as the webite wiill have different directories for content created by FTP for hosting results of different tournaments.

This is what I have in my vhost.conf file for the banner image:

Code:

<Directory "/var/www/fencing-results.co.uk">
Options Indexes FollowSymLinks
AllowOverride all
Order allow,deny
Allow from all
AddOutputFilter Sed htm
OutputSed "s/<body>/<body><img src="/var/www/fencing-results.co.uk/banner.jpg">/g"
</Directory>

View 5 Replies View Related

Apache :: How To Redirect All Pages To One Page Of New Directory

Aug 20, 2005

I'm hoping to redirect visits to any page in an old directory to the index page of a new directory.

In other words, redirect:

[URL] ....

[URL] ....

Is this possible? If so, how could I do it?

In my .htaccess I currently have:

Code :

RedirectPermanent /facts/ http://www.domain.com/newfacts/

but this only redirects the index page.

View 19 Replies View Related

Apache :: VirtualHosts - Can't Access Some Alias Page

May 9, 2013

I can't access to some alias page by URL....

(getting 403 - Forbidden) but i can by https - [URL] ....

Code:

<VirtualHost 10.7.10.10:80>
ServerName mydomain.com
ServerAlias www.mydomain.com
DocumentRoot "c:/Apache24/htdocs"
Alias /static "d:/static"

[Code] .....

Code:

<VirtualHost 10.7.10.10:443>
DocumentRoot "C:/Apache24/htdocs"
ServerName domain.com
ServerAlias www.domain.com
SSLEngine on

[Code] .....

What could be wrong as the config is exactly the same for both VirtualHosts

View 3 Replies View Related

Apache :: Redirect Every Single Page From Old Subdomain

May 12, 2015

Wordpress installation (WPML with 3rd level domain es. site. com, fr. site. com).I need to redirect page from old subdomain to a new subdomain

Example:
esp.site.com/oldpage -> es.site.com/newpage (different subdomain)
esp.site.com/oldpage1 -> es.site.com/newpage
esp.site.com/oldpage2 -> es.site.com/newpage

Source site is very chaotic (static pages + wp pages) and there are no clear rule for redirection (no regex ).So I need to redirect every single page but syntax:

Redirect 301 esp.site.com/oldpage http:// es.site.com/newpage doesn't work!I think "esp.site.com" in source page is not acceptable syntax..which is the correct syntax ? Can I manage all from one .htaccess file in main root (www) or should I create "esp" directory (and point old subdomain to it - one for every language) and put .htaccess in every directory with redirection ?

View 1 Replies View Related

Apache :: Shell Downloads Instead Of Creating A Web Page

Jun 5, 2013

Server version: Apache/2.2.22 (Unix)
Server built: Dec 9 2012 18:57:18
OS/X 10.8.4

I am trying to run a shell program to generate a web page. When I enter it as test.cgi, it does exactly what I expect. When I enter it as test.sh

View 2 Replies View Related

Apache :: Mod Proxy - Error Page Handling

Nov 10, 2014

a question on mod_proxy. We're using mod_proxy as a simple reverse proxy (ProxyPass & ProxyPassReverse) to reverse-proxy various back-end PHP and Mono/.NET apps.

One problem we see is that when the back-end PHP app suffers an error (e.g. a 404 or 500) , then mod_proxy ignores the nicely-formatted custom error page served up by our PHP app, and instead serves a very plain generic mod_proxy 404 or 500 error page back to the client. Is there a way to configure mod_proxy to serve up the 500/404 error page content which is created by the back-end app ?

(We thought ProxyErrorOverride might work, but it seems to be intended for the opposite scenario, where I want to *ignore* the 404 page content from the back-end and show a mod_proxy-defined error page instead.We're using apache 2.2 on 64-bit CentOS 6.5 ( httpd-2.2.15-31.el6.centos.x86_64 )

Config like:
...
ProxyPass /abc/ http://server4/abc/
ProxyPassReverse /abc/ http://server4/abc/

View 1 Replies View Related

Apache :: Create Redirect To Non Existing Page

Apr 10, 2015

I need to create a redirect to a non existing page.

Here is my code and the site is on shared hosting

<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteRule ^index2.php#!(.*)$ /index2.php/$1 [R=301,L]
</IfModule>

This would be [URL] ....

I would like to redirect Every request with "#!string" to new url (same page) - [URL] ....

I know that the code above needs

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d

to be added but it doesnt even makes the redirect to 404. The url doesn't change.

View 8 Replies View Related

Apache :: 2.2.22 - Delay Before Page Starts To Load

Mar 1, 2013

I am using Apache 2.2.22 on Windows Server 2003 64 Bit, using PHP 5.2.17. System Specs are 4 x 2.0 Ghz processor, 4 GB of Ram.

I'm noticing when I load my website [URL] .... there is about a 2000ms delay before the page starts to load.

How can I make Apache load faster?

View 1 Replies View Related

Apache :: Block IP From Accessing A Certain Page On Website

Dec 14, 2014

I have the following code in my .htaccess file to block an IP from accessing a file on my site and it works fine.

<Files mypage.html>
Order Deny,Allow
Deny from XXX.XXX.XXX.XXX
</Files>

Is there a way to block an IP from accessing a page (e.g., mydomain.com/mypage/)?

View 3 Replies View Related

Apache :: Addin A Script To Header Tag Of A Page

Feb 16, 2014

I'm looking for a way to add a script in the header tag of a web page without using a CMS or anything like that.it should be the first script that is running when the page is rendered.I'm running Apache 2.2.25 and Tomcat 7.0.50 - both Win32 versions.

There are two reasons for an approach like that.

(1) - I expect it to work regardless the CMS I'm working with; the same expectation is for Tomcat and Java applications.
(2) - I'm able to start this as early as possible => includes monitoring the performance of the CMS itself.

View 6 Replies View Related

Apache :: Website Showing Blank Page?

Apr 30, 2015

I recently configured a Centos 6.5 server with Java JDK1.8 and the bundled Tomcat server X64 application. I confirmed the web server port is not already in use and also installed the Tomcat APR libraires. The application starts fine and all the logs show no severe errors however when I navigate to te URL I see a blank page. All the configuration files are in tthe correct place and whether I use just :8080 or /licenseserver the page is still blank. If I run the element inspector in the browser it shows 404 file not found.

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved