I seem to have a strange problem (I am hoping that if I fix this, it will fix another problem I am having).
For some reason (I most probably did by accident) when I run the command lsof -i tcp:80. The information that comes up says that my IP address xx.xxx.xxx.172 is being used to listen to port 80. Yet the IP address that was asignned to me is xx.xxx.xxx.171. I am wondering how I would go about removing wrong IP address so that the right one is listening to the correct port.
I am setting up apache 2.4 as a service locally through localhost on a windows 2008 R2 standard server. I have set up SSL listening on port 443 and works correctly, however I am having trouble figuring out how to get apache to authenticate my CAC card.
I have downloaded the DOD certs and put them into various types of files including pem, base 64, der etc and I have yet to figure out a way to get the client certificates validated.
I have left out the information about the SSLCertificateChainFile, SSLCACertificateFile and SSLCARevocationPath as I am sure this must be where my problem is.
Is it possible to get this done through localhost. Here is the error I am getting in the error log.
[Wed Oct 29 11:37:05.675491 2014] [ssl:error] [pid xxxx:tid xxx] [client 127.0.0.1:59282] AH02039: Certificate Verification: Error (20): unable to get local issuer certificate
I am using a self created self signed server ceritficate. Here are some details from my httpd-ssl.conf file:
What is apsc? I found an apsc.conf (in /etc/sw-cp-server/conf.d) the file contains the line "listen 6308 ssl;". So far that explains why sw-cp-server is listening on that particular tcp port.
Which service is provided by apsc? Can I change it to listen only to 127.0.0.1? I like my server to have a minimum of open ports to the public.
IP-Pair1 is supposed to host admin and customer access. = Plesk-admin-interface (lighhttpd?) on 80/443 instead of 8443 (ssh on 22, ftp ...)
IP-Pair2 is supposed to host visitor access. = Plesk webspaces (nginx/apache) on 80/443
So I want to stop nginx from grabbing ports 80/443 of IP-Pair1 and listen to IP-Pair2 addresses only. Then I want to set plesk-admin interface to listen to 80/443 on IP-Pair1 only.
I set this up for someone, and temporarily changed the email for the administrative account to my address.
I have since changed this back to the original email, but Plesk keeps sending the administrative emails to my account.
I've pretty much grepped through the entire server for my email in order to stop it sending me emails, but I can't for the life of me find out why it keeps sending these emails to me.
How do I make Plesk send these emails to the right email-account?
I am using csf to secure my server. I want to open the ssh port for certain ip only. So I edit csf.allow and add the following line:
tcp:in:d=22=192.168.0.100
Then restarted.
But I can still access the server from IP addresses other than 192.168.0.100. Anyone know how can I restruct certain IP address to access certain port?
I need to listen to two IP addresses supporting many domains.
It the pass we achieve this on the Data Centre firewall. This option is no longer available.
Traffic is been presented to Plesk 12.0.18 on
Eth0 – 192.168.0.2 Eth1 – 192.168.0.12
I set up 192.168.0.2 – all is working well
I installed NGINX – all is well and the websites are running faster.
Normally I would try to listen on two IP address in Apache. This option I could not get working as Plesk creates the Apache configuration files from the information entered through the panels. This in turn over rights any manual changes to the Apache configuration files.
I understand that I could use NGINX to achieve this. Is this correct how is it achieved?
I'm running Apache 2.2 on Windows 7. I'm a casual user of the Apache server, and the server I'm running is only used to develop a Silverlight application on the local machine, nothing more. The following problem is apparently a non-systematic error (sometimes the server can startup, sometimes it cannot. If it cannot, it sometimes can after a reboot (a service startup race condition?))
I get error when starting the server: "The requested operation has failed!"
When I run "http.exe" from a command prompt I get:
Quote:
httpd.exe: Could not reliably determine the server's fully qualified domain name, using 10.0.0.100 for ServerName (OS 10048)Only one usage of each socket address (protocol/network address/port) is normally permitted. : make_sock: could not bind to address 0.0.0.0:80 No listening sockets available, shutting down Unable to open logs
It does not write anything in the "error.log". It cannot? why? rights? but it could yesterday! anything changed from yesterday, no nothing!
I have tried to start the server many times today, and it has not written anything in error.log. Looking in the log there are many entries from yesterday, when the server probably worked!?
Okay there most be something using port 80 then!
Output from "netstat -o -n -a | findstr :80" is nothing! netstat says there is nothing listening on port 80.
I'm running SQL Server 2008 Express, and "Reporting Service" would be a prime candidate for listening on port 80, but netstat says it is not!
I'm using the ZoneAlarm firewall (the Apache server has been given full trust and permissions), and it has worked previously, I belive it cannot be the problem.
I'm using Avast anti-virus, but everything is disabled in it, and I'm only using it to run a virus check from time to time.
(I don't think it has anything to do with the "fully qualified domain name", because the setting it is complaining about has always been the same, also when the server is actually working, from time to time)
I built the system on Centos 6.5 with plesk 12 with a range of ips. I then (after the fact) copied the IPs of the old server to the new and moved all the domains to their IP's. This way today we flipped the routes and all should work.
The problem is that the domains only work when putting :7080 behind them. It seems like the httpd is only listening on the old IP and not the new ones. How to make plesk/httpd listen with the new IP's on port 80"
httpd.conf
#Listen 12.34.56.78:80 Listen 7080
I added all the other IP's and tried changing ports under Listen but that does not work either. So changing the listening port does not work.
Currently I am using Linux + cPAnel and using the port 25 for email sevrer. Currently we facing 1 problem is, some user's ISP is not support port. May I know how can I add additional port into server and allow users to send mail by different port?
I have an office internal website and I opened a port in the gateway of my office (7080) to this website (server )'s 80 port. That makes this website open to public as office has static IP. And then when I view the site from home . it's fine. But when I tried to login, the site is using a pop-up, I guess it's http authentciation, login, I was redirected to a url without my port number any more, that stops my access to the site as obviously I would.
My customer has an external facing Apache server that is acting as a reverse proxy to two internal applications. They have:
- external addresses for each app which resolve to different ip addresses, so app1.their_domain.com and app2.their_domain.com resolve to 77.3.170.10 and 77.3.170.11 respectively. - the Apache server has two network interfaces with ip addresses 192.168.10.10 and 192.168.10.11 - the external ip addresses resolve to the above internal addresses - the firewall between the Apache server and the internal app servers is configured to allow traffic from 192.168.10.10 to reach app_server1, and traffic from 192.168.10.11 to reach app_server2, both using port 7777.
I have configured a virtual host in httpd.conf for each ip, i.e.
This works fine in that the external address are being routed to the correct application, however the firewall is blocking requests to the second app as it appears the requests are coming from the Apache servers 'primary' ip address 192.168.10.10 instead of 192.168.10.11.
Is it possible to send requests using the ip address from the relevant VirtualHost?
I want to redirect a website to a particular URL so that the address bar shows the same URL and not the destination URL. I know it is possible via URL masking, however, I want it in such a way that whenever somebody clicks on any link in the website, the address bar should still show the original URL. To put it in simple words, Suppose I want to redirect [url] to [url]. Now if there is a link named contact/index.htm and somebody clicks on it the address bar should display [url]and not redirect to [url]
How can it be possible using URL Rewrite method in .htaccess file?
- I can't access the webserver - I'll try to restart httpd, and I'll get
Starting httpd: (98)Address already in use: make_sock: could not bind to address [::]:443
To fix this, I run
[root@www1 ~]# lsof -i tcp:443 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME perl 11307 apache 4u IPv6 476943447 TCP *:https (LISTEN)
There is always leftover process that is causing the restart to fail. Once i force kill the process, I am able to restart httpd properly.
Now it is ok if this just occurs once in a while, but this problem keeps repeating itself almost everyday at 4am server time (cron time?). What can I do to permanently fix this?
# Untrusted Network interface(s); all traffic on defined interface will be# subject to all firewall rules. This should be your internet exposed# interfaces. Only one interface is accepted for each value.IFACE_IN="venet0"IFACE_OUT="venet0"
==================================
when i finish it and restart my apf its shows me like this ???
PHP Code:
[root@box ~]# apf -sapf(3107): {glob} activating firewallapf(3149): {glob} determined (IFACE_IN) venet0 has address 127.0.0.1apf(3149): {glob} determined (IFACE_OUT) venet0 has address 127.0.0.1apf(3149): {glob} loading preroute.rulesiptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295apf(3149): {resnet} downloading http://r-fx.ca/downloads/reserved.networksapf(3149): {resnet} download of http://r-fx.ca/downloads/reserved.networks failedapf(3149): {glob} loading reserved.networksapf(3149): {glob} SET_REFRESH is set to 10 minutesapf(3149): {glob} loading bt.rulesapf(3149): {dshield} downloading http://feeds.dshield.org/top10-2.txtapf(3149): {dshield} download of http://feeds.dshield.org/top10-2.txt failedapf(3149): {sdrop} downloading http://www.spamhaus.org/drop/drop.lassoapf(3149): {sdrop} parsing drop.lasso into /etc/apf/sdrop_hosts.rulesapf(3149): {sdrop} loading sdrop_hosts.rulesapf(3149): {glob} loading common drop portsapf(3149): {blk_ports} deny all to/from tcp port 135:139apf(3149): {blk_ports} deny all to/from udp port 135:139apf(3149): {blk_ports} deny all to/from tcp port 111apf(3149): {blk_ports} deny all to/from udp port 111apf(3149): {blk_ports} deny all to/from tcp port 513apf(3149): {blk_ports} deny all to/from udp port 513apf(3149): {blk_ports} deny all to/from tcp port 520apf(3149): {blk_ports} deny all to/from udp port 520apf(3149): {blk_ports} deny all to/from tcp port 445apf(3149): {blk_ports} deny all to/from udp port 445apf(3149): {blk_ports} deny all to/from tcp port 1433apf(3149): {blk_ports} deny all to/from udp port 1433apf(3149): {blk_ports} deny all to/from tcp port 1434apf(3149): {blk_ports} deny all to/from udp port 1434apf(3149): {blk_ports} deny all to/from tcp port 1234apf(3149): {blk_ports} deny all to/from udp port 1234apf(3149): {blk_ports} deny all to/from tcp port 1524apf(3149): {blk_ports} deny all to/from udp port 1524apf(3149): {blk_ports} deny all to/from tcp port 3127apf(3149): {blk_ports} deny all to/from udp port 3127apf(3149): {pkt_sanity} set active PKT_SANITYapf(3149): {pkt_sanity} deny inbound tcp-flag pairs ALL NONEapf(3149): {pkt_sanity} deny inbound tcp-flag pairs SYN,FIN SYN,FINapf(3149): {pkt_sanity} deny inbound tcp-flag pairs SYN,RST SYN,RSTapf(3149): {pkt_sanity} deny inbound tcp-flag pairs FIN,RST FIN,RSTapf(3149): {pkt_sanity} deny inbound tcp-flag pairs ACK,FIN FINapf(3149): {pkt_sanity} deny inbound tcp-flag pairs ACK,URG URGapf(3149): {pkt_sanity} deny inbound tcp-flag pairs ACK,PSH PSHapf(3149): {pkt_sanity} deny inbound tcp-flag pairs ALL FIN,URG,PSHapf(3149): {pkt_sanity} deny inbound tcp-flag pairs ALL SYN,RST,ACK,FIN,URGapf(3149): {pkt_sanity} deny inbound tcp-flag pairs ALL ALLapf(3149): {pkt_sanity} deny inbound tcp-flag pairs ALL FINapf(3149): {pkt_sanity} deny outbound tcp-flag pairs ALL NONEapf(3149): {pkt_sanity} deny outbound tcp-flag pairs SYN,FIN SYN,FINapf(3149): {pkt_sanity} deny outbound tcp-flag pairs SYN,RST SYN,RSTapf(3149): {pkt_sanity} deny outbound tcp-flag pairs FIN,RST FIN,RSTapf(3149): {pkt_sanity} deny outbound tcp-flag pairs ACK,FIN FINapf(3149): {pkt_sanity} deny outbound tcp-flag pairs ACK,PSH PSHapf(3149): {pkt_sanity} deny outbound tcp-flag pairs ACK,URG URGapf(3149): {pkt_sanity} deny all fragmented udpapf(3149): {pkt_sanity} deny inbound tcp port 0apf(3149): {pkt_sanity} deny outbound tcp port 0apf(3149): {blk_p2p} set active BLK_P2Papf(3149): {blk_p2p} deny all to/from tcp port 1214apf(3149): {blk_p2p} deny all to/from udp port 1214apf(3149): {blk_p2p} deny all to/from tcp port 2323apf(3149): {blk_p2p} deny all to/from udp port 2323apf(3149): {blk_p2p} deny all to/from tcp port 4660:4678apf(3149): {blk_p2p} deny all to/from udp port 4660:4678apf(3149): {blk_p2p} deny all to/from tcp port 6257apf(3149): {blk_p2p} deny all to/from udp port 6257apf(3149): {blk_p2p} deny all to/from tcp port 6699apf(3149): {blk_p2p} deny all to/from udp port 6699apf(3149): {blk_p2p} deny all to/from tcp port 6346apf(3149): {blk_p2p} deny all to/from udp port 6346apf(3149): {blk_p2p} deny all to/from tcp port 6347apf(3149): {blk_p2p} deny all to/from udp port 6347apf(3149): {blk_p2p} deny all to/from tcp port 6881:6889apf(3149): {blk_p2p} deny all to/from udp port 6881:6889apf(3149): {blk_p2p} deny all to/from tcp port 6346apf(3149): {blk_p2p} deny all to/from udp port 6346apf(3149): {blk_p2p} deny all to/from tcp port 7778apf(3149): {blk_p2p} deny all to/from udp port 7778apf(3149): {glob} loading log.rulesapf(3149): {glob} virtual net subsystem disabled.apf(3149): {glob} loading main.rulesapf(3149): {glob} opening inbound tcp port 20 on 0/0apf(3149): {glob} opening inbound tcp port 21 on 0/0apf(3149): {glob} opening inbound tcp port 22 on 0/0apf(3149): {glob} opening inbound tcp port 25 on 0/0apf(3149): {glob} opening inbound tcp port 53 on 0/0apf(3149): {glob} opening inbound tcp port 80 on 0/0apf(3149): {glob} opening inbound tcp port 110 on 0/0apf(3149): {glob} opening inbound tcp port 143 on 0/0apf(3149): {glob} opening inbound tcp port 443 on 0/0apf(3149): {glob} opening inbound tcp port 465 on 0/0apf(3149): {glob} opening inbound tcp port 993 on 0/0apf(3149): {glob} opening inbound tcp port 995 on 0/0apf(3149): {glob} opening inbound tcp port 8443 on 0/0apf(3149): {glob} opening inbound udp port 37 on 0/0apf(3149): {glob} opening inbound udp port 53 on 0/0apf(3149): {glob} opening inbound udp port 873 on 0/0apf(3149): {glob} opening outbound tcp port 20 on 0/0apf(3149): {glob} opening outbound tcp port 21 on 0/0apf(3149): {glob} opening outbound tcp port 22 on 0/0apf(3149): {glob} opening outbound tcp port 25 on 0/0apf(3149): {glob} opening outbound tcp port 53 on 0/0apf(3149): {glob} opening outbound tcp port 37 on 0/0apf(3149): {glob} opening outbound tcp port 43 on 0/0apf(3149): {glob} opening outbound tcp port 80 on 0/0apf(3149): {glob} opening outbound tcp port 113 on 0/0apf(3149): {glob} opening outbound tcp port 443 on 0/0apf(3149): {glob} opening outbound tcp port 465 on 0/0apf(3149): {glob} opening outbound tcp port 873 on 0/0apf(3149): {glob} opening outbound tcp port 5224 on 0/0apf(3149): {glob} opening outbound udp port 53 on 0/0apf(3149): {glob} opening outbound udp port 873 on 0/0apf(3149): {glob} opening inbound icmp type 3 on 0/0apf(3149): {glob} opening inbound icmp type 5 on 0/0apf(3149): {glob} opening inbound icmp type 11 on 0/0apf(3149): {glob} opening inbound icmp type 0 on 0/0apf(3149): {glob} opening inbound icmp type 30 on 0/0apf(3149): {glob} opening inbound icmp type 8 on 0/0apf(3149): {glob} opening outbound icmp all on 0/0iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295apf(3149): {glob} resolv dns discovery for 207.218.192.38iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295apf(3149): {glob} loading postroute.rules
I'm just looking for some background information or a place where I can learn more about this.
Here's the problem:
The web site runs on a dedicated Apache server. There's 2 SSL certificates installed, one for e-commerce for https://www.mysite.com and one to help with the administrative interface for https://admin.mysite.com. I run a custom php application that forces the web page from http://www.mysite.com to https://www.mysite.com when going to an e-commerce page.
Generally everything runs Ok but a few times this year there has been a problem where the php application points to https://www.mysite.com/ecom.php but instead it gets https://admin.mysite.com/ecom.php and gets a page not found.
In discussing this with my web hosting company they claim they haven't changed anything but they do manage to fix the problem and get the web site working correctly again.
I generally figure that the web hosting company has done some type of maintenance on the web server and messed-up the dns entries or something for the SSL part of the web site but this is really outside my area of experience. I'm trying to understand what went wrong and where the entries are that determine when going to SSL which SSL certificate/URL is used.
My server with APF (firewall script) with BFD logs over 1215 events today of some hack user or bot trying to login to my server from various of IP trying many kind of usernames...
Is it possible to customize BFD to automatically ban the IP directly if the username they try to login with it was wrong 2 times?
For example the username is qwerty The hack is trying with many usernames john, root, master, boot, etc...
A friend of mine has a server that the provider claims is a Core2Duo, but looking at /proc/cpuinfo, the cpu is shown as:
Intel(R) Pentium(R) D CPU 000 @ 1.86GHz
What would cause this? I'm not saying the host is lying, I've just never seen this before and I haven't found anyone else with this problem on google. The processor is supposed to be a e6300, so the 1.86GHz speed is right. Also, this has happened on 2 different linux distros.
I've been told by a few people that something's wrong with my nameservers. But I'm not sure what it is that's wrong.
the site => www.visualpoetry.ca
the DNSs: ns1.visualpoetry.ca / ns2.visualpoetry.ca
a zone check says:
Quote:
---- warning ---- w: Nameservers are all part of the same AS
* Adv: ZoneCheck
To avoid loosing all connectivity with the autoritative DNS in case of a routing problem inside your Autonomous System, it is advised to host the DNS on different AS.
* All the nameservers are part of the same Autonomous System (AS number 30058), try to have some of them hosted on another AS.
* generic
w: Host doesn't reply to ICMP requests (firewall?)
I have bought a dedicated server with FDC servers and installed a script. Initially everything was working fine but now the site is not accessible. Everything is alright with the script installed but looks like there is some issue with the DNS settings. When I ping the IP address (it's dedicated ip address) it gives me an error. When I Ping the domain name, it just closes the window after few mins. Can someone experienced with WHM help me to fix the DNS settings? Of course, I am ready to pay for your help (though i might not have a very higher budget)
I have a mysql-only server and the server is constantly > 30 in server load. I'm ousted as to what is wrong with mysql and what can be done to optimize it. Using mysql report to generate the following:
Quote:
MySQL 4.1.22-standard uptime 0 0:22:30 Thu Feb 22 07:14:45 2007
__ Key _________________________________________________________________ Buffer used 30.93M of 256.00M %Used: 12.08 Current 60.41M %Usage: 23.60 Write ratio 0.891 Read ratio 0.001
