PHP Cannot Include File Only When Accessed With Https
My PHP script has an include statement. All works fine when I access the script using http. HOWEVER, when I access the exact same page using https, PHP complains that it fails to open the include file. I've checked and the include_path lists the correct dirs in both cases.
View Complete Thread with Replies
Sponsored Links:
Related Forum Messages:
How Use Php Include On Windows Server!
I am running a Windows 2003 with PLESK on it which has php support. But i am not able to "include" .php pages into my .html pages or .php into .php. Like on Linux servers we use phpinclude() to include .php pages n .html, but its not working on Windows server for me.
View Replies!
View Related
Include .html Into .php (PLESK)
I have a server running PLESK 8.2 (latest version). With PHP4 and 5 support. I want to include .php files into .html (which work fine on LINUX CPANEL but on on WINDOWS PLESK). Please can anyone suggest how can i make my WINDOWS server work so that it includes .php into .html. (.php included in .php works fine). ALSO i tried to add (application/x-httpd-php in IIS MIME TYPES to extension .html and even .php but it did not work.)
View Replies!
View Related
HTTPS Not Processing .php .html
I've just set up HTTPS on Apache (CentOS). However if I try to access the HTTPS site I just get prompted with the save as dialog to download either the .php file or .html. How do I get it to show (and process) it instead, like when accessing normally (non-ssl).
View Replies!
View Related
Links Files In Linux (file.txt For File.php)
Today I found some cstomer on the servers make a link for named it file.txt and link it to other customer php file. so that customer have the ability to show the other custoer file content when visiting the url because it is a text wile originally it is a php file. the php file was a config file, so now he know the database password , and because he is in the same server he can use that databse. the question , how to avoide this prolem in the future? notes , the SuExec is rnning and the open_basedir protection is enabled, but the problem still exists.
View Replies!
View Related
Strange PHP File On My VPS. (oxb.php)
I found a strange PHP file in a strange folder on a VPS I am using to host a few sites. I've looked through the logs but can't figure out how it got there and I've look at the code and can't make any sense of it. Can somebody take a look at the code and tell me what they think of it: .....
View Replies!
View Related
SSH Can Not Be Accessed And Restarted. CPanel/WHM
We are having this problem with ecatel, as they still have not helped us after 4 days of asking to help improve on the problems we are having right now with SSH. Problem: SSH can not be accessed. It can not be restarted in WHM. Firewall has been disabled just incase it's the one blocking it. Retarting SSH in cPanel returns the message Restarting SSH Daemon Waiting for sshd to restart..............finished. sshd (/usr/local/cpanel/whostmgr/bin/whostmgr ./ressshd) running as root with PID 6537 sshd (/usr/sbin/sshd) running as root with PID 6567 Apr 24 08:14:15 server1 sshd[5778]: Received signal 15; terminating. sshd has failed, please contact the sysadmin. I tried running [url]It just brought me this message Requesting script ... Done. Executing script ... Attempting to locate sshd binaries installed on the system ... Located /usr/sbin/sshd Done. Killing exisiting sshd processes... Stopping sshd: [ OK ] Done. configuring sshd to run on port 22 /usr/sbin/sshd successfully started! root 5778 0.0 0.0 7132 1132 ? Rs 08:00 0:00 /usr/sbin/sshd -f /var/cpanel/safe_sshd Done. The message says it OK. But it isn't. When I access SSH, is still not accessible. Restarting it causes the same error message as above. I updated cPanel, software and RPMs to latest stable. I know reinstalling "forcibly" SSH rpms could help, but cPanel 11 does not have that option.
View Replies!
View Related
PHP File Upload
I think I messed php config and I can't upload anything with php now Dir is chmoded on 777 and File_Uploads = On in php.ini I'm running lsphp5 with suhosin, when I try to import db via phpmyadmin I get error: Uploading is not allowed and when I try to upload some file via php script I can't
View Replies!
View Related
Php File Corruption
I have a Linux VPS with Liquidweb which is working fine except for one problem: On one domain I have a shopping cart (a highly modded CubeCart). A number of the files are encrypted php files (part of the extensive mods). For several weeks all will work fine, then out of the blue, the cart will stop working because a number of the encrypted files have become corrupt. The result is either a totally blank page or a 'checksum error'. Uploading the files from a local backup fixes things for another few days or weeks. I have no idea why this is happening, or what triggers it, so if anyone can point me in the right direction to find out what is behind the problem, I would greatly appreciate it. The server uses PHP 5.2.x
View Replies!
View Related
Cron: How To Run Php File
My server with cPanel, I'd like run file http://domain.com/file.php at 0h00 everyday, I have set the Cron Job in cPanel : Code: 0 0 * * * /usr/bin/ehpwget http://domain.com/file.php but The cron is not working well Code: /bin/sh: /usr/bin/ehpwget: No such file or directory Can any one please let me know how to run a php file with cron. (as user or root)
View Replies!
View Related
[php] <defunct> - What File Generating That ?
On my server, i have one user ho create load on my server. user 29508 22.0 0.0 0 0 ? Z 15:18 0:00 [php] <defunct> That user has more site added with addons from cpanel. How can I found witch site is generating that high load ? Also some time, I have php index.php ( and that don't help me very much ) The server run php as cgi module.
View Replies!
View Related
PHP Permissions (file Owner)
I have setup an ftp user which can upload files to /home/ftp/upload and obviously it assigns the ftp user as the owner when it uploads. Now, I want PHP to be able to rename those files, but getting a permission denied, presumably because apache aint the owner or doesnt have permission to do that, so how do I grant it the right permission(s)?
View Replies!
View Related
PHP File Change String
I currently have this code in my Image Upload script which changes the file name into sets of numbers and letters Quote: $new_file_name = "uploads/" . md5($_FILES['selector']['name'] . time()) . "." . $extension; How can i make it so its smaller than an md5, about 6 or 7 numbers and letters.
View Replies!
View Related
What Is Managed Vps Include
I see some hosts provide fully managed VPS. If that's the case, what does that mean exactly? Does it mean the host manages updates and backups and that kind thing? what other maintenance does full managed VPS can provide besides updates and backups?
View Replies!
View Related
Function.include Error
Ive searched google and this forum for hours and have not found any solution to this below error on a site of mine. I am using php 5.2 Warning: include() [function.include]: URL file-access is disabled in the server configuration in /home/comosabe/public_html/footer.php on line 5
View Replies!
View Related
Mod_rewrite - Changing Paths In The Php File?
I am using mod_rewrite to create "pretty" urls but some of my files contain paths such as this: <img src="images/blah.jpg"> Meaning if the user visits a page where the file does not physically exist then it won't work. I want to know if it is possible to pick this up and rewrite the path. I.e.: change: <img src="images/blah.jpg"> to: <img src="../images/blah.jpg"> or <img src="../../images/blah.jpg"> As I don't want to create physical files with relative urls for every trunk of my url. For example: www.mydomain.com/directory/directory/directory/ Would need 3 different files in three different directories to display properly.
View Replies!
View Related
Prevent PHP Files Used For File Uploading
It appears that some people like to take advantage of those files for online web applications such as Wordpress which have php files with permissions set to 777. They use those as a means of creating an upload file. The upload files that they create then have access to the whole server somehow... Is there anyway of preventing this from happening?
View Replies!
View Related
Chmod Choices With Php Writing To A File
My account has been hacked with every index.php page defaced. I've cleaned up and my shared wehost is pointing at me saying there shouldn't be any 777 permissions for any files in there. I used 777 to allow php to add records in a txt file and in an xml file. Is there a better / more secure chmod code I can use? Those are the only two instances where I need php to write to a file and those files shouldn't be served to anyone, I do not want anyone to be able to access them. How can I secure them while letting php write in them?
View Replies!
View Related
Php.ini And .htaccess File Permissions
I'm on a shared FreeBSD server, running Apache with Drupal, and vBulletin. I had to create a local php.ini file in my public_html folder for Drupal, and another in my forum folder for vBulletin. Now my question is, what should I set the permissions of these files to? Also, what should I set .htaccess permissions to as well? I'd like to keep them invisible to the public. But, I don't want any problems with Drupal, or vBulletin ether. I'm used to using Linux and I know how permissions work on a desktop. I just don't know what they do when used on a server. I'm guessing 640, but I'd like to make sure before I change anything.
View Replies!
View Related
Strip Whitespace From Each Line Of PHP File
I have a load of PHP files that need trimming down, so for example Code: <html> <?php $loads_of_stuff = 1231231; ?> </html> change to Code: <html> <?php $loads_of_stuff = 1231231; ?> </html> There are 000's of lines, so some awk command or something similiar would be great to execute on each file.
View Replies!
View Related
How To Prevent People Upload Unwanted .php File
I have a 777 cmod folder open. It needed to be writable so that legitimate users can upload their picture. However, i do not want people to upload .php or .php.pjepg etc to the server. There are times that they do not use the form in my site to upload the php file. How can they do that? via perl command? And how to prevent such thing from happending?
View Replies!
View Related
How To Secure Your Php.ini File Safe Mode ; Disable_functions ; Etc
what are the most important issues for secure php.ini file like when you turn your SAFE_MODE ON or OFF? or please who every read this topic to post his important disable_functions in php.ini ... and if some functions disable to post it ... let's make this subject for the most important issues for secure your php.ini from script-kids as we can ... here i have some important question's for anyone has or controlling a server ; vps .... #0x01 ; what the most important disable_functions for the php.ini? #0x02 ; is the safe_mode should be enabled? or disable? and this depend on what exacly? #0x03 ; what the functions or any trick to control the nobody ( attacker on the server or shell ) FROOZ .... didn't move ? or make any command in the server ... #0x04 ; i saw in some secure server ( as they say ) they changed the Server : discribe to them name[s] like Server : SECURE BY US .COM OR SECURE SERVER .. uname -a : Linux secure.secure.com 2.6.9-023stab040.1 #1 Mon Jan 15 23:24:32 MSK 2007 i686 athlon i386 GNU/Linux sysctl : linux 2.6.9-023stab040.1 Server : SECURE BY US ! < [THIS WHAT I MEAN HOW COULD WE CHANGE IT IN PHP.ini ?] id : uid=99(nobody) gid=99(nobody) groups=99(nobody) <[how can we cannot make this nobody to have the host id ! everyhost in the server should have his own name and php.ini ?] pwd : /home/host/public_html/ #0x05 ; how can we hide the uname -a on the shell [ the attacker upload it to our customer site !] #0x06 ; how can we hide the sysctl to view to anyone like [ attacker ] ... #0x07 ; how can we rewrite on he Server Type the display for our secure message?Server : SECURE BY US ! #0x08 ; how can we give evey site and customer his php.ini file in his public_html? and how can we give him [ JUST HIS PERMISSION TO HIS SITES FOLDER AND NOT OTHER PATHS AND PERMISSION!] these question every one had a server ; vps , need to know and secure his box from other ... and anyone would like to publish any new [secure or not] idea please let us know what you would like to say ....
View Replies!
View Related
Simpleish PHP/flat Files - Create File, Edit, Save
Display some text in a web browser from a file called text.txt text.txt will have many lines and some of them I do not want users to be able to modify and overwrite. config_item_1=user can edit config_item_2=user should see but not edit (could be on any line) config_item_3=user can edit config_item_4=user can edit The user has made their changes in the web browser and clicks submit. I then need this info to be saved as the text.txt file however some checking needs to be done first. Anything matching config_item_2 should be removed. This could be on any line. Anything not matching should be permitted and added.
View Replies!
View Related
Using Vhost.conf To Override Suexec Directive In Httpd.include
I need to change the server configuration on Plesk such that the SuexecUserGroup directive is removed, so the user's cgi scripts run as the apache user (www-data), rather than as the user specified in that directive (the domain user), as on an unshared (non-VPS) server. I don't care about security from other domains because only one domain runs on it anyway, so making the user domain-specific is irrelevant from a security point of view and stops some of the user's code working. This directive is found in /var/www/vhosts/domainname.com/conf/httpd.include and is: SuexecUserGroup user psacln (this line appears twice, for ports 443 and 80) I understand that this file can't be modified, as it may be overwritten by Plesk. Therefore additional directives must go in the vhost.conf file. Will the following vhost.conf file do the trick and override the directives in httpd.include? <VirtualHost domainIP:443> SuexecUserGroup www-data www-data </VirtualHost> <VirtualHost domainIP:80> SuexecUserGroup www-data www-data </VirtualHost>
View Replies!
View Related
Http To Https
Currently I have a URL that has HTTP. This has been given to the public. There is no doubt that they have added this URL to their favorites. In about 2 weeks, I will be applying an SSL certificate that would add an ‘S’ to the HTTP (e.g. https) My questions is: After applying this SSL certificate, which adds an “S”, will the link saved in my users’ favorites still work? Or do I have to add some HTML code that will redirect them?
View Replies!
View Related
Https Instead Http
I have installed SSL for the domain abc.com, for security reason I'd like make [url]is default for all access, that mean if the visitor type [url]on the browser, it will auto forward to[url]
View Replies!
View Related
Https And Http
I am maintaining a site that is totally on a secure folder. I have been asked to make only the things like the cart to be secure and to make the rest of the site non-secure. there is an https and an http folder on the server all of the site is now on the https folder. I thought all I needed to do is move the pages I wanted to be non-secure to the http folder and then use an absolute address when I needed to refer betweem them. I called my hosting people (the people who originally developer the site and made it all secure before handing to it me) and asked them about what all I need to do. they said its very complicated because I am dealing with 2 different root directories and didn't offer me much info on how to do it myself instead they just said if I can't figure it out they will do it for a price.
View Replies!
View Related
Can I Redirect To Https:
I just installed a RapidSSL cert on www.mysite.com Works fine if a user types [url] But what I'd like is if a user types [url] it shows up as secure. I tried a redired 301 in my .htaccess file but that doesn't seem to work.
View Replies!
View Related
SSL Certificates Https
My website is currently running on http and the plesk control pannel is running on https However the certificate for https for the plesk panel is out of date and self signed therefore web browsers promit its not valid. I want to get a valid SSL certificate for https for Plesk, Client/Billing area and the main website. I want to do it as easy as possiable (as I'm not one for technical stuff but if it was resoniable I could give it a go) I dont want a self signed and want to try to go for something free or very cheap. Any got any suggestions? I've looked around and come up with companys wanting alot of money I did come across another which was free but it was self signed.
View Replies!
View Related
Using Htaccess To Redirect From Http To Https
if there is anyway to redirect my users to https no matter what page they are on using htaccess? I really don't fancey using full url extentions and changing them on every link on my site. I can get the homepage to redirect to https but not any other. If there is no way to do this does anyone know the shortest hyperlink to use the redirect?
View Replies!
View Related
SSL With Links In Https Pages...
I have an SSL cert installed to have a secure commerce area. Some of the pages have external links to non-secure sites like say [url]The padlock icon breaks and warns that there's unauthorized content. The hosting provider says it's because the external links need to be https links. Obviously that can't be done to a non-secure external site. So the question is: do external http links break security on a secure https page? If so, is there a work around other than removing external links?
View Replies!
View Related
HTTPS Problem On Deasoft Server
I have a reseller account on a Deasoft server (called NS2). Some of my clients can't open a secure connection for cPanel. After I'd made many suggestions (none of which helped) I took my PC to a user's home and tried and sure enough there was no response to the initial packet sent by the PC. This PC works fine at my home. I then tried accessing another Deasoft server (called NS1) using both my PC and the user's PC and had no problems with either. So it looks like the problem is due to a difference with the setup of these servers rather than a user PC issue. A trace (using EtherSnoop) showed no response to any attempted https access on NS2. But we had no problems with http or ftp to either server so I doubt it's a firewall block based on the user's address. One possibly significant difference between my connection at home and the users' connections is that I have a fixed IP address and they don't. The forum software here prohibits me from including URLs here so I've had to record them below in a slightly obscure fashion. I asked on the local forum and submitted a support ticket but both have been fruitless so far. The URLs are : [url] [url] Access to NS1 is fine but not NS2.
View Replies!
View Related
Intermittent Timout On HTTPS - Rackspace Baffled
We are running RHEL4 over at Rackspace, customers are experiencing occasional timeouts when browsing https Firefox reports: The connection has timed out The server at mydomain.com is taking too long to respond. I have had this happened to myself while I had an SSH session on the server and nothing appears in any of the logs (checked all relevent) http is still browsable at the time and my SSH session did not drop.
View Replies!
View Related
SSL / HTTPS Causing Error On My Server
i have wrong procedure doing to enable my SSL/HTTPS services in my vps. First i noticed the HTTPS in my services is not running, now i'm looking to google, i found openssl website, then download the latest version and install it into my server and following the instructions, after that, i try to recompile the apache becuase i have a new updates, i found an error ssl and cannot continue to compile because of my last installation i suspect.
View Replies!
View Related
Https Page Hangs For MAC User
We have recently launched a new website with a SSL homepage which houses our login. Our website moved to a new IP address, therefor we moved the certificate to the new server as well. Thus far, we have had NO problems with the site with the exception of 2 MAC users who's browser hangs when they try to navigate to the site now. They can access other HTTPS sites, and they can access pages on OUR site that are NOT HTTPS, but when trying to browse to our HTTPS Page, the browser hangs. This is not just ONE browser on their MAC, it's EVERY broswer on their machine (Firefox, IE, Safari). It connects, but then doesn't load anything onto the screen. We tried clearing their DNS cache on their machines with no avail. To this point, we are stumped. We have identical machines, with idential OS and browser versions and everything tests fine. It is obviously something on their machine, but we don't know what it is. We have run out of ideas. Any MAC users that can lend a hand here? Is there a way to delete the certificate on the MAC and have it redownload to the user?
View Replies!
View Related
Inspect HTTPS Traffic With IDS/IPS
Is it possible to perform IDS/IPS on traffic that is SSL encrypted? I am setting up a secure Apache reverse proxy with a CISO ASA and a Citrix Netscalers in front of the reverse proxy. Here's a "diagram" of my environment: Client --SSL--> Firewall --> Load Balancer --> Reverse Proxy [url] --SSL--> Portal Server [url] I am trying to find a way to add additional security before traffic reaches the Portal Server. Also is it possible to add mod_security to the reverse proxy, since the traffic to the backend server is encrypted?
View Replies!
View Related
HTTPS Not Working - Cpanel Based Site
Today, I've purchased a RapidSSL Certificate for my site with Cpanel and https:// access did not work. What I did was :- 1) Generate a Private Key 2) Create a CSR Request Certificate 3) Submit that and installed the Certificate in WHM for the site. The site is running on a dedicated IP and it works as http:// but not with the https:// . I checked and Cpanel did include the SSL directive for the site in httpd.conf and have rebooted the server and restarted httpd but to no avail. I also had OpenSSL 0.9.8.3a installed and update WHM. The Apache 1.x was installed with OpenSSL Support too. Is there a SSL Server or something which may not be active ?
View Replies!
View Related
|
TRACKER
