Apache :: Unable To Bypass Mod Auth For Just One URL

Apr 10, 2014

I'm trying to get exception from auth (.htpasswd ) for one specific URL, but seems, that it does not work with my Rewriting rules. Disabling RewriteEngine solving auth problem. My .htaccess:

Code:

SetEnv APPLICATION_ENV development

# Rewrite
RewriteEngine On
RewriteBase /

# ZEND
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d

[Code] .....

View 1 Replies


ADVERTISEMENT

Apache :: Bypass Client Cert Requirement For Localhost?

Feb 20, 2013

I just setup an intranet wiki running apache2.2 on ubuntu 12.04. The server currently requires two-way certificate authentication (i.e. a server cert AND client certs).In <VirtualHost *:80>, Redirect permanent / https://<intranetSite>

Everything works dandy, except now that I'd like to find a way to bypass the client cert check for localhost so that I can run some maintenance scripts via cron on the server. Or perhaps it's possible to bypass SSL entirely, just for localhost?

View 2 Replies View Related

Apache :: Basic Auth User Not Logged In Common Log File

Jul 18, 2013

I use Basic Auth to limit access to a web site. This seems to work ok. I noticed though in the logs that the logged in user is not logged:

80.....188 - - [16/Jul/2013:09:56:29 +0200] "GET ..." 200 1844 "...." " ...

I would expect the second - to be replaced by the logged in user. The doc says, the user is logged if the document is protected. I do protect the whole directory using directory match. Without log in I fail to retrieve the document in question.

View 4 Replies View Related

SSH Key Auth Instead Of Password Auth

Feb 17, 2007

Anyone using SSH key authentication only, instead of password authentication only for server connections?

Reason I ask is, cPanel are now recommending it as opposed to password connections, as it should defeat / prevent brute-force attacks.

View 7 Replies View Related

Can Cookie's Be Set Manually To Bypass Security

Aug 24, 2007

I have put an Access database inside an access_db folder on Godaddy and written some .asp pages that query it. I am trying to make sure that I take necessary precautions against hackers reading or even writing to the database. Maybe someone can give some remarks about whether any of these concerns are realistic, and if so, why and what I could do about it?

1) Could someone somehow navigate directly to the database and read or write to it (the access_db folder seems to have no read/write permissions as set by default by Godaddy, but how secure is that?)

2) I permit entry through use of a a userid and password that are looked up in an mdb in the same folder (not listed in the html itself). If there’s a match, I store the userid as a session cookie. Then, to visit any other pages, each page first checks to see if the cookie is empty before proceeding. Is it possible for someone to set the cookie themselves and thus break through (can a cookie be set manually?) If so, would it help if I mandated that the cookie be set to something specific (right now it just has to be non-blank) or can they find out what the cookie should be set to as well?

View 3 Replies View Related

Mod_security Functionality Bypass Through .htaccess Issue

May 5, 2007

I accidently found that it could be available to de-activate mod_security in a certain directory by using a .htaccess like that...

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

I believe it's something related to the "AllowOverride" directive from apache but im not exactly sure, the available arguments for this directive are "AuthConfig, FileInfo, Indexes, Limit, Options", I've tried hardly to find a way to not to disable the usage of .htaccess files and keep it's functionality but also to prevent it from being able to modify through it the functionality of mod_security.

I'm sure Anyone here could help me in this issue as it's a big pain for any server running apache in a shared vhosting environment.

View 13 Replies View Related

Access Folders In Root / Bypass Wordpress

Jul 23, 2009

My blog is set up to display in the root of my domain, although the files on the server sit within their own folder:

i.e

Server files

Public_html/wordpressfiles/

Broswer displays

www . mydomain . com/

(disaplys pages from /wordpressfiles)


The problem I have is that I can't access individual directories within the root, unrelated to wordpress.

e.g

I have

Public_html/folder2/...
Setup on the server, but if I enter the path in my browser:

www . mydomain . com/folder2

wordpress thinks I want to access:

www . mydomain . com/wordpress/folder2

...which doesn't exist.

How can I re-gain access to folders in the root, without wordpress interfering?

View 2 Replies View Related

How To Stop This Attack [Bypass Safe_mode & Openbase Dir]

Feb 6, 2008

Recently, some of our Linux/cPanel servers got hacked (not rooted) by using the following code (method)

#!/usr/bin/perl
symlink ("/home/USER/config.php","/home/USER2/test.txt");

The hacker just execute the perl file , and then he called the "test.txt" file through internet explorer , and its done , he can read the file easily !

We tried to :

1- run php as CGI module.
2- run SUPHP module.
3- run php as apache module.
4- enable open_basedir and safe_mode.

But the hacker still can bypass the system!

the only solution is to disable /usr/bin/perl , chmoded it to 700 . but thats caused a broken cpanel!

as it requires it to be at 755 for proper operation, since it is used by customers as well when it suexec into the user when they log into cPanel. and so we cannot change it to that setting (700), since it breaks the entire system.

So is there any way to stop the "symlink" perl function?

any way to stop this attack method?

View 14 Replies View Related

Disable/Bypass Suexec Per Vhost Domain

Oct 12, 2007

I am running on;

Plesk versionpsa v8.0.1_build80060613.20 os_CentOS 4.2
Operating systemLinux 2.6.9-023stab033.6-smp
License key numberPLSK.00170782.0006

I need to be able to access cgi between vhost domains. In particular one frequently updated file located 'centrally' in the cgi-bin of one of the vhost domain.

I would like to be able to have other vhost domains be able to access this file but suexec won't let that happen. I have searched around and tried to following;

Created vhost.conf file in the conf directory of one of the domains.

The vhost.conf file contained (with no #):

# <IfModule mod_suexec.c>
# SuexecUserGroup userid psacln
# </IfModule>

I ran;

/usr/local/psa/admin/bin/websrvmng -u --vhost-name=<domain name>

Then reboot.

The result was all the vhosts stopped working. I reset the websvrmng, things returned to normal.

Then I tried updating the httpd.include file adding (with no #);

# <IfModule mod_suexec.c>
# SuexecUserGroup userid psacln
# </IfModule>

Then reboot.

The result was the same, all vhosts stopped working.

Does anyone have an idea how I can achieve this? I know I can disable suexec all together but that wreaked a little havoc with the cgi app when I tried that.

View 2 Replies View Related

Apache :: Unable To Rewrite URL

Sep 24, 2013

I'm trying to rewrite the following URL, and the rewrite seems to work, but doesn't forward to the rewritten page.

From: domain.com/index.php?random

To: domain.com/random

RewriteRule ^random$ /index.php?random [L]

View 2 Replies View Related

Apache :: Unable To Set Subdomains In 2.4

Apr 22, 2013

trying to find a working solution for setting up a subdomain for my Apache server.

Here is my setting:

(1) I have two virtual hosts defined in httpd-vhosts.conf: domain1.com and domain2.com. Included NameVirtualHost *:80 both into httpd-vhosts.conf and httpd.conf.

(2) Settings in httpd-vhosts.conf:

Quote:

# domain1.com virtual host.
ServerAdmin info@domain1.com
DocumentRoot "d:/Websites/domain1_com/www"
ServerName domain1.com:80
ServerAlias *.domain1.com

[Code] ....

So far, everything works perfectly.

(3) Now, I added a virtual host for subdomain:

Quote:

# sub.domain2.com virtual host.
ServerAdmin info@sub.domain2.com
DocumentRoot "d:/Websites/sub_domain2_com/www"
ServerName sub.domain2.com:80

[Code] ...

4) Here the problem comes. When I enter sub.domain2.com into browser, it shows domain1.com content.

(5) Based on some suggestions, I removed asterisks from ServerAlias lines. This made the subdomain working, but messed up the other two servers, which became unavailable or broken down.

View 8 Replies View Related

Unable To Compile Apache Under Ubuntu

Jan 4, 2007

A little background on what I'm doing here...

I'm setting up a Linux machine specifically for use as a VNC here at work.

The IT Manager said he'd used Ubuntu before but left the distro up to me.

I set up my test machine with Ubuntu but need to compile Apache for portions of it to work. I've never had any problems building Apache before, but this is what I'm getting here. I have a feeling that, since I've not used Ubuntu before, that I'm just missing a step. I also noticed that the "make" command doesn't work. Does that need to be installed and compiled as well?

=========================================
root@vnc01:/etc/httpd-2.2.3# ./configure /usr/local/apache
configure: WARNING: you should use --build, --host, --target
configure: WARNING: invalid host type: /usr/local/apache
checking for chosen layout... Apache
checking for working mkdir -p... yes
checking build system type... /usr/local/apache
checking host system type... /usr/local/apache
checking target system type... /usr/local/apache

Configuring Apache Portable Runtime library ...

checking for APR... reconfig
configuring package in srclib/apr now
configure: WARNING: you should use --build, --host, --target
configure: WARNING: invalid host type: /usr/local/apache
checking build system type... /usr/local/apache
checking host system type... /usr/local/apache
checking target system type... /usr/local/apache
Configuring APR library
Platform: /usr/local/apache
checking for working mkdir -p... yes
APR Version: 1.2.7
checking for chosen layout... apr
checking for /usr/local/apache-gcc... no
checking for gcc... no
checking for /usr/local/apache-cc... no
checking for cc... no
checking for cc... no
checking for /usr/local/apache-cl... no
checking for cl... no
configure: error: no acceptable C compiler found in $PATH
See `config.log' for more details.
configure failed for srclib/apr
root@vnc01:/etc/httpd-2.2.3#

The config.log file doesn't honestly show any errors that I can see pertaining to any compile errors.

View 5 Replies View Related

Apache :: Unable To Access VPS Through Browser

Apr 14, 2014

i signed up for vps from vps.me and i got ssh credential i logged in ssh using token2shell but when i put my server ip "10.223.1.157" in google chorome but then it says unable to find even i am not able to access ftp through filezilla also

View 3 Replies View Related

Apache :: Unable To Use URL Rewrite On Server?

Aug 15, 2014

after I install my apache 2.4 on my notebook, I install it using PHP and it's successful, but when I use .htaccess

View 2 Replies View Related

Apache :: Unable To Start Service

Feb 19, 2013

I have been using Apache 2.2.23 VC9 ssl 0.98 on my windows 7 32 bit PC. I decided to remove the 2.2.23 release and install 2.4.3 VC9 version yesterday. After installation, I was able to run Apache by running httpd.exe from command line. I can also install Apache service using "httpd -k install" with no problem. However, when I tried to start Apache service using "httpd -k start", it didn't work for me. Starting Apache from apachemonitor also failed. I checked error.log and found the following output:

Starting the Apache2.4 service
[Mon Feb 18 19:00:33.498207 2013] [mpm_winnt:crit] [pid 7564:tid 376] (OS 1053)The service did not respond to the start or control request in a timely fashion. : AH00378: Apache2.4: Failed to start the service process.

View 1 Replies View Related

Apache :: Unable To Serve More Requests

May 25, 2015

I have a little problem (on my Raspberry) with the maximum concurrent connections.When I open multiple tabs of a webpage which keeps persistent connections, apache is unable to serve more requests.Here is the (shortened) mod_info output (which also takes some time till there is a process kind enough to serve the request):

Code:
Server Version: Apache/2.4.10 (Raspbian) OpenSSL/1.0.1k
Server MPM: prefork
5 requests currently being processed, 9 idle workers

.___W____WWW_..W_...............................................
................................................................
......................

Srv PID Acc M CPU SS Req Conn Child Slot Client VHost Request

[Code] ....

When I understood it correctly, apache should spawn new processes (up to MaxRequestWorkers=150)

But there are idle???? processes, so it wont add new ones?

I dont think it has to do with mod_proxy (used for the webpage) since the mod_info output is affected as well...

View 1 Replies View Related

Apache :: Unable To See Symlink From Other Computers

May 12, 2015

I installed Apache2. In the the folder "var/www/html" I created a symlink to a different HDD that holds a number of movie files. My thinking is that it would be easy to access the movies through a browser from any computer on my local network.

I used the following command string while in the html directory, and created the symlink:

ln -sd /media/guy/movie1/Movies test

While sitting at the server, when I click on "test" it opens the correct directory and exposes the files. If I surf to apache from another machine it does not show the symlink.

Here the permissions on the symlink

lrwxrwxrwx 1 root root 24 May 11 19:56 test -> /media/guy/movie1/Movies

Excerpt from Apache access log:

192.168.1.158 - - [12/May/2015:08:40:07 -0400] "GET /favicon.ico HTTP/1.1" 404 502 "-" "Mozilla/5.0 (X11; Linux i686; rv:24.7) Gecko/20140802 Firefox/24.7 PaleMoon/24.7.1"
192.168.1.158 - - [12/May/2015:08:40:07 -0400] "GET /favicon.ico HTTP/1.1" 404 502 "-" "Mozilla/5.0 (X11; Linux i686; rv:24.7) Gecko/20140802 Firefox/24.7 PaleMoon/24.7.1"
192.168.1.158 - - [12/May/2015:08:40:07 -0400] "GET /favicon.ico HTTP/1.1" 404 502 "-" "Mozilla/5.0 (X11; Linux i686; rv:24.7) Gecko/20140802 Firefox/24.7 PaleMoon/24.7.1"
192.168.1.158 - - [12/May/2015:08:50:38 -0400] "GET / HTTP/1.1" 200 584 "-" "Mozilla/5.0 (X11; Linux i686; rv:24.7) Gecko/20140802 Firefox/24.7 PaleMoon/24.7.1"
192.168.1.158 - - [12/May/2015:08:50:39 -0400] "GET /icons/blank.gif HTTP/1.1" 304

View 1 Replies View Related

Apache :: Unable To Open Or Move Log Files

Dec 4, 2012

We have three virtual hosts on our Apache 2.2 installation on Windows Server 2003. For some reason, I'm unable to open log files (error.log and each virtual hosts-specific log), even though I have full administrator rights. (The log folder is full access to admins.) Every time I try to open the file or even copy it to another location, it just says "Access Denied." I temporarily solved the issue for one of the logs by adding BufferedLogs On

View 1 Replies View Related

Apache :: Unable To Proxy To A Sharepoint Directory

Jul 18, 2013

I am having an issues with a link in share point which is like

[URL]...

This %20 resolves to a black space and to avoid issues the url is appeneded with %20

Unable to map this directory in httpd.conf file like below

ProxyPass /Shared Documents/Forms/ [URL]...

ProxyPassReverse /Shared Documents/Forms/ [URL]...

I get the below error message

Syntax error on line 1882 of /etc/httpd/conf/httpd.conf:
Invalid ProxyPass|ProxyPassMatch parameter. Parameter must be in the form 'key=value'.

View 6 Replies View Related

Apache :: Unable To Match Checksums For 2.2.29 Download

Oct 28, 2014

After downloading httpd-2.2.29-win32.zip and generating SHA1 and SHA256 checksums from the file, they do not match the checksums posted on the download page.

View 4 Replies View Related

Apache :: Script Not Found Or Unable To Start

Nov 8, 2012

A newby to web hosting, I get a lot of "script not found or unable to stat:" errors. Should I be concerned? The web site seems to be working fine. The entire error message looks like this: script not found or unable to stat: /home/coin99/public_html/cgi-bin/cq/undefined, referer: URL...

The public_html/cgi-bin/cq/ directory contains the main Perl script for my site. It is called 'coins' (no extension). There is no file or directory called 'undefined.' The referer is a page on my site.

View 1 Replies View Related

Apache :: Unable To Locate MSI Install Package For 2.4.12

May 18, 2015

I am unable to locate the MSI install package for 2.4.12.

View 2 Replies View Related

Apache :: Unable To Open Logs On Restart

Jan 19, 2015

Sometimes when I try to restart Apache 2.4 using the supplied ApacheMonitor.exe I get this error. Then, I have to "taskkill /f /im httpd.exe" or wait like 30 sec before trying to start Apache again.

View 1 Replies View Related

Apache :: Unable To Start As Service - Windows 8

Jan 6, 2013

Installed Apache Server 2.4.3 (no PHP, etc.) and it was working beautifully for a week or so. Yesterday, I restarted my laptop (nothing changed... no updates that install automatically, etc.) and now Apache won't start. Here are some things I've found out on my quest on figuring out what's wrong:

1. Apache Error Log:
[Sat Jan 05 14:18:36.745977 2013] [mpm_winnt:notice] [pid 4116:tid 372] AH00455: Apache/2.4.3 (Win64) configured -- resuming normal operations
[Sat Jan 05 14:18:36.745977 2013] [mpm_winnt:notice] [pid 4116:tid 372] AH00456: Server built: Aug 18 2012 14:13:48
[Sat Jan 05 14:18:36.745977 2013] [core:notice] [pid 4116:tid 372] AH00094: Command line: 'C:Apache24inhttpd.exe -d C:/Apache24'
[Sat Jan 05 14:18:36.747979 2013] [mpm_winnt:notice] [pid 4116:tid 372] AH00418: Parent: Created child process 3436
[Sat Jan 05 14:18:37.335418 2013] [mpm_winnt:crit] [pid 4116:tid 372] AH00419: master_main: create child process failed. Exiting.

2. Nothing else is using port 80 (or 443, for that matter).

3. Apache will start and stay running if I run httpd.exe from the DOS prompt or double-click it from within Windows just fine.

4. Will not run when launched from within the Services or Apache Service Monitor app.

5. Windows Event Error displays the following error:
Faulting application name: httpd.exe, version: 2.4.3.0, time stamp: 0x502f863e
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2bcac
Exception code: 0xc0000417
Fault offset: 0x0000000000070468
Faulting process id: 0x13d8
Faulting application start time: 0x01cdeb8eefaec475
Faulting application path: C:Apache24inhttpd.exe
Faulting module path: C:WindowsSYSTEM32MSVCR100.dll
Report Id: 2deab70b-5782-11e2-be94-00247e17b5d9
Faulting package full name:
Faulting package-relative application ID:

6. I've tried fixing/reinstalling the C+ redistribution files about 3 times now, to no avail (thinking the error in the event file was caused by a bad/corrupt MSVCR100.DLL).

7. The exception code in the event error is:
0xc0000417 = STATUS_INVALID_CRUNTIME_PARAMETER =
An invalid parameter was passed to a C runtime function. (But again, reloading the files didn't solve anything).

8. I have tried removing Apache completely, reloading with default settings, etc. and still having the same issue.

9. Out of desperation, I even tried a registry cleaner (CCClean) and CHKDSK on the drive. Both of those didn't fix anything.

This is it... not sure what else to do/try. Again, everything was fine one moment, and it all stopped working after rebooting my system. I've wasted hours into this issue, and have come up empty handed. I'm beyond frustrated at the moment.

EDIT: The download I used for the server is located here: [URL]...

View 1 Replies View Related

Apache :: Unable To Set Up Password Protection On HTTP Server

Apr 24, 2014

I'm trying to set up password protection on an Apache HTTP server, and it's not working.

First, the environment: Apache 2.4.4 installed with XAMPP Control Panel 3.2.1 under Windows 7 Professional.

http.config says "AllowOverride All."

The .htaccess file in the protected directory says:

Code:
htpasswd -c .htpasswd samples

htpasswd prompted me for the password twice, and I entered it twice. When it quit I had a file named .htpasswd in the subsidy directory. I typed it and its contents looked correct according to the examples I've seen.

Then I restarted Apache and tried to load a page from the directory. The browser simply prompted me for the username and password over and over.

The Apache error log says, "AH01617: user samples: authentication failure for "/subsidy/filename.html": Password Mismatch."

I deleted the .htpasswd file and ran htpasswd again, specifying a different (very simple) password. I also confirmed that caps lock was not on both before and after. I restarted the server, tried to load a page, and got the same problem.

Apache seems to think I'm entering the wrong password, but that seems impossible when I've just defined it myself -- and I've tried twice, intentionally choosing a very simple password the second time. If the message means what it says, the cause must be something very different from the obvious one.

View 1 Replies View Related

Apache :: Unable To Get Multiple GUN Groups To Have Access To Directories

May 24, 2013

I'm trying to get multiple GUN groups to have access to certain directories.

Access to transport, delete

When you go to access transport or delete you get prompted for user name and password when entered you get in. However when I add GUNtest10 in the required ldap group. It doesnt accept your user name and password.

######ACL Directives######

LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
<Directory /bills/>
AuthType Basic
AuthBasicProvider ldap
AuthName "1Login with your Windows ID and password"

[Code]....

View 1 Replies View Related

Apache :: 2.2.22 - Unable To Send HTTP PUT Command In Windows

Apr 19, 2013

I have installed Apache 2.2.22 in Windows Server 2008 R2 Operating System. I want to upload a file using HTTP put command to "uploadtest" folder of the server

1. I have configured "uploattest" folder to accept file without any authentication (Anonymous_NoUserID On)

<IfModule alias_module>
Alias uploadtest G:DataImportSvcUploadTest
</IfModule>
<Directory "G:DataImportSvcUploadTest">
<FilesMatch ".(enc|xml|zip)$">

[Code] ....

We are using .enc files so I allowed that file type

2. "uploadtest" folder has right permission to everybody.

3. We are using WindowsCE client to send file using HTTP put command . Use HttpOpenRequest to send files with lpszVerb = PUT

HINTERNET WINAPI HttpOpenRequest(
HINTERNET hConnect,
LPCTSTR lpszVerb,
LPCTSTR lpszObjectName,
LPCTSTR lpszVersion,
LPCTSTR lpszReferrer,
LPCTSTR* lplpszAcceptTypes,
DWORD dwFlags,
DWORD dwContext
);

4. We are getting error as "Method Not Allowed"

TTP/1.1 405 Method Not Allowed
Date: Thu, 18 Apr 2013 07:26:25 GMT
Server: Apache/2.2.22 (Win32) DAV/2
Allow: GET,HEAD,POST,OPTIONS,TRACE
Content-Length: 241
Content-Type: text/html; charset=iso-8859-1

5. I tried enable WebDav in Apache and tried with BitKinex WebDav client and still gives the same error

I just wondering PUT may be barred by any other allowed module. Please find the modules allowed.

LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so

[Code] .....

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved