I'm just looking for some background information or a place where I can learn more about this.
Here's the problem:
The web site runs on a dedicated Apache server. There's 2 SSL certificates installed, one for e-commerce for https://www.mysite.com and one to help with the administrative interface for https://admin.mysite.com. I run a custom php application that forces the web page from http://www.mysite.com to https://www.mysite.com when going to an e-commerce page.
Generally everything runs Ok but a few times this year there has been a problem where the php application points to https://www.mysite.com/ecom.php but instead it gets https://admin.mysite.com/ecom.php and gets a page not found.
In discussing this with my web hosting company they claim they haven't changed anything but they do manage to fix the problem and get the web site working correctly again.
I generally figure that the web hosting company has done some type of maintenance on the web server and messed-up the dns entries or something for the SSL part of the web site but this is really outside my area of experience. I'm trying to understand what went wrong and where the entries are that determine when going to SSL which SSL certificate/URL is used.
# Untrusted Network interface(s); all traffic on defined interface will be# subject to all firewall rules. This should be your internet exposed# interfaces. Only one interface is accepted for each value.IFACE_IN="venet0"IFACE_OUT="venet0"
==================================
when i finish it and restart my apf its shows me like this ???
PHP Code:
[root@box ~]# apf -sapf(3107): {glob} activating firewallapf(3149): {glob} determined (IFACE_IN) venet0 has address 127.0.0.1apf(3149): {glob} determined (IFACE_OUT) venet0 has address 127.0.0.1apf(3149): {glob} loading preroute.rulesiptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295apf(3149): {resnet} downloading http://r-fx.ca/downloads/reserved.networksapf(3149): {resnet} download of http://r-fx.ca/downloads/reserved.networks failedapf(3149): {glob} loading reserved.networksapf(3149): {glob} SET_REFRESH is set to 10 minutesapf(3149): {glob} loading bt.rulesapf(3149): {dshield} downloading http://feeds.dshield.org/top10-2.txtapf(3149): {dshield} download of http://feeds.dshield.org/top10-2.txt failedapf(3149): {sdrop} downloading http://www.spamhaus.org/drop/drop.lassoapf(3149): {sdrop} parsing drop.lasso into /etc/apf/sdrop_hosts.rulesapf(3149): {sdrop} loading sdrop_hosts.rulesapf(3149): {glob} loading common drop portsapf(3149): {blk_ports} deny all to/from tcp port 135:139apf(3149): {blk_ports} deny all to/from udp port 135:139apf(3149): {blk_ports} deny all to/from tcp port 111apf(3149): {blk_ports} deny all to/from udp port 111apf(3149): {blk_ports} deny all to/from tcp port 513apf(3149): {blk_ports} deny all to/from udp port 513apf(3149): {blk_ports} deny all to/from tcp port 520apf(3149): {blk_ports} deny all to/from udp port 520apf(3149): {blk_ports} deny all to/from tcp port 445apf(3149): {blk_ports} deny all to/from udp port 445apf(3149): {blk_ports} deny all to/from tcp port 1433apf(3149): {blk_ports} deny all to/from udp port 1433apf(3149): {blk_ports} deny all to/from tcp port 1434apf(3149): {blk_ports} deny all to/from udp port 1434apf(3149): {blk_ports} deny all to/from tcp port 1234apf(3149): {blk_ports} deny all to/from udp port 1234apf(3149): {blk_ports} deny all to/from tcp port 1524apf(3149): {blk_ports} deny all to/from udp port 1524apf(3149): {blk_ports} deny all to/from tcp port 3127apf(3149): {blk_ports} deny all to/from udp port 3127apf(3149): {pkt_sanity} set active PKT_SANITYapf(3149): {pkt_sanity} deny inbound tcp-flag pairs ALL NONEapf(3149): {pkt_sanity} deny inbound tcp-flag pairs SYN,FIN SYN,FINapf(3149): {pkt_sanity} deny inbound tcp-flag pairs SYN,RST SYN,RSTapf(3149): {pkt_sanity} deny inbound tcp-flag pairs FIN,RST FIN,RSTapf(3149): {pkt_sanity} deny inbound tcp-flag pairs ACK,FIN FINapf(3149): {pkt_sanity} deny inbound tcp-flag pairs ACK,URG URGapf(3149): {pkt_sanity} deny inbound tcp-flag pairs ACK,PSH PSHapf(3149): {pkt_sanity} deny inbound tcp-flag pairs ALL FIN,URG,PSHapf(3149): {pkt_sanity} deny inbound tcp-flag pairs ALL SYN,RST,ACK,FIN,URGapf(3149): {pkt_sanity} deny inbound tcp-flag pairs ALL ALLapf(3149): {pkt_sanity} deny inbound tcp-flag pairs ALL FINapf(3149): {pkt_sanity} deny outbound tcp-flag pairs ALL NONEapf(3149): {pkt_sanity} deny outbound tcp-flag pairs SYN,FIN SYN,FINapf(3149): {pkt_sanity} deny outbound tcp-flag pairs SYN,RST SYN,RSTapf(3149): {pkt_sanity} deny outbound tcp-flag pairs FIN,RST FIN,RSTapf(3149): {pkt_sanity} deny outbound tcp-flag pairs ACK,FIN FINapf(3149): {pkt_sanity} deny outbound tcp-flag pairs ACK,PSH PSHapf(3149): {pkt_sanity} deny outbound tcp-flag pairs ACK,URG URGapf(3149): {pkt_sanity} deny all fragmented udpapf(3149): {pkt_sanity} deny inbound tcp port 0apf(3149): {pkt_sanity} deny outbound tcp port 0apf(3149): {blk_p2p} set active BLK_P2Papf(3149): {blk_p2p} deny all to/from tcp port 1214apf(3149): {blk_p2p} deny all to/from udp port 1214apf(3149): {blk_p2p} deny all to/from tcp port 2323apf(3149): {blk_p2p} deny all to/from udp port 2323apf(3149): {blk_p2p} deny all to/from tcp port 4660:4678apf(3149): {blk_p2p} deny all to/from udp port 4660:4678apf(3149): {blk_p2p} deny all to/from tcp port 6257apf(3149): {blk_p2p} deny all to/from udp port 6257apf(3149): {blk_p2p} deny all to/from tcp port 6699apf(3149): {blk_p2p} deny all to/from udp port 6699apf(3149): {blk_p2p} deny all to/from tcp port 6346apf(3149): {blk_p2p} deny all to/from udp port 6346apf(3149): {blk_p2p} deny all to/from tcp port 6347apf(3149): {blk_p2p} deny all to/from udp port 6347apf(3149): {blk_p2p} deny all to/from tcp port 6881:6889apf(3149): {blk_p2p} deny all to/from udp port 6881:6889apf(3149): {blk_p2p} deny all to/from tcp port 6346apf(3149): {blk_p2p} deny all to/from udp port 6346apf(3149): {blk_p2p} deny all to/from tcp port 7778apf(3149): {blk_p2p} deny all to/from udp port 7778apf(3149): {glob} loading log.rulesapf(3149): {glob} virtual net subsystem disabled.apf(3149): {glob} loading main.rulesapf(3149): {glob} opening inbound tcp port 20 on 0/0apf(3149): {glob} opening inbound tcp port 21 on 0/0apf(3149): {glob} opening inbound tcp port 22 on 0/0apf(3149): {glob} opening inbound tcp port 25 on 0/0apf(3149): {glob} opening inbound tcp port 53 on 0/0apf(3149): {glob} opening inbound tcp port 80 on 0/0apf(3149): {glob} opening inbound tcp port 110 on 0/0apf(3149): {glob} opening inbound tcp port 143 on 0/0apf(3149): {glob} opening inbound tcp port 443 on 0/0apf(3149): {glob} opening inbound tcp port 465 on 0/0apf(3149): {glob} opening inbound tcp port 993 on 0/0apf(3149): {glob} opening inbound tcp port 995 on 0/0apf(3149): {glob} opening inbound tcp port 8443 on 0/0apf(3149): {glob} opening inbound udp port 37 on 0/0apf(3149): {glob} opening inbound udp port 53 on 0/0apf(3149): {glob} opening inbound udp port 873 on 0/0apf(3149): {glob} opening outbound tcp port 20 on 0/0apf(3149): {glob} opening outbound tcp port 21 on 0/0apf(3149): {glob} opening outbound tcp port 22 on 0/0apf(3149): {glob} opening outbound tcp port 25 on 0/0apf(3149): {glob} opening outbound tcp port 53 on 0/0apf(3149): {glob} opening outbound tcp port 37 on 0/0apf(3149): {glob} opening outbound tcp port 43 on 0/0apf(3149): {glob} opening outbound tcp port 80 on 0/0apf(3149): {glob} opening outbound tcp port 113 on 0/0apf(3149): {glob} opening outbound tcp port 443 on 0/0apf(3149): {glob} opening outbound tcp port 465 on 0/0apf(3149): {glob} opening outbound tcp port 873 on 0/0apf(3149): {glob} opening outbound tcp port 5224 on 0/0apf(3149): {glob} opening outbound udp port 53 on 0/0apf(3149): {glob} opening outbound udp port 873 on 0/0apf(3149): {glob} opening inbound icmp type 3 on 0/0apf(3149): {glob} opening inbound icmp type 5 on 0/0apf(3149): {glob} opening inbound icmp type 11 on 0/0apf(3149): {glob} opening inbound icmp type 0 on 0/0apf(3149): {glob} opening inbound icmp type 30 on 0/0apf(3149): {glob} opening inbound icmp type 8 on 0/0apf(3149): {glob} opening outbound icmp all on 0/0iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295apf(3149): {glob} resolv dns discovery for 207.218.192.38iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295apf(3149): {glob} loading postroute.rules
I've never used SSL on any of my websites and I've never really understood how the certificates work.
I understand that SSL is used as a secure connection protocol (https://) and that it needs a valid certificate so that the encrypted data transfer can be committed.
OK makes sence, but why do some websites seem to have such difficultly setting up valid certificates?
You can setup SSL by with Apache + OpenSSL, but why do website hosting providers still allow you to purchase SSL certificates (isn't it supposed to be free)?
Finally, is it possible to setup SSL for a multiple-domain (Victual Host) server?
I have a client who requested me to do a website for his credit union company.
Some of the pages are forms that require customers to enter crucial information ie ssn etc etc. I told him that this can be broken into..and therefore he would need a secure way of transmitting this information. Therefore would the SSL certificate work for this issue? Where do i get one? We have a dedicated server and do i need to configure anything on that? Where can i get a trusted SSL Certificate, and ofcourse help to install it.
if you could recommend a place to get a certificate... I have seen many people talking about that you could get a rapidSSL for $15 +/- , but I was not able to find any sites that low.
A year ago I bought a Geotrust quick SSL vertificate from my dedicated server host for about 299.
Now I see companies like server tastic selling the same Geotrust cert for $79 ehen Geotrusts website is still $299. How can that be? what am I missing here.
My server with APF (firewall script) with BFD logs over 1215 events today of some hack user or bot trying to login to my server from various of IP trying many kind of usernames...
Is it possible to customize BFD to automatically ban the IP directly if the username they try to login with it was wrong 2 times?
For example the username is qwerty The hack is trying with many usernames john, root, master, boot, etc...
A friend of mine has a server that the provider claims is a Core2Duo, but looking at /proc/cpuinfo, the cpu is shown as:
Intel(R) Pentium(R) D CPU 000 @ 1.86GHz
What would cause this? I'm not saying the host is lying, I've just never seen this before and I haven't found anyone else with this problem on google. The processor is supposed to be a e6300, so the 1.86GHz speed is right. Also, this has happened on 2 different linux distros.
I've been told by a few people that something's wrong with my nameservers. But I'm not sure what it is that's wrong.
the site => www.visualpoetry.ca
the DNSs: ns1.visualpoetry.ca / ns2.visualpoetry.ca
a zone check says:
Quote:
---- warning ---- w: Nameservers are all part of the same AS
* Adv: ZoneCheck
To avoid loosing all connectivity with the autoritative DNS in case of a routing problem inside your Autonomous System, it is advised to host the DNS on different AS.
* All the nameservers are part of the same Autonomous System (AS number 30058), try to have some of them hosted on another AS.
* generic
w: Host doesn't reply to ICMP requests (firewall?)
I have bought a dedicated server with FDC servers and installed a script. Initially everything was working fine but now the site is not accessible. Everything is alright with the script installed but looks like there is some issue with the DNS settings. When I ping the IP address (it's dedicated ip address) it gives me an error. When I Ping the domain name, it just closes the window after few mins. Can someone experienced with WHM help me to fix the DNS settings? Of course, I am ready to pay for your help (though i might not have a very higher budget)
I have a mysql-only server and the server is constantly > 30 in server load. I'm ousted as to what is wrong with mysql and what can be done to optimize it. Using mysql report to generate the following:
Quote:
MySQL 4.1.22-standard uptime 0 0:22:30 Thu Feb 22 07:14:45 2007
__ Key _________________________________________________________________ Buffer used 30.93M of 256.00M %Used: 12.08 Current 60.41M %Usage: 23.60 Write ratio 0.891 Read ratio 0.001
I purchased an EV SSL Cert, and all is fine. Installed via cPanel, and I get the green address bar in Firefox, but not in IE.
Comodo (the vendor) have an Auto-Enhancer feature which automatically tells IE to give me a green bar. They state in their FAQ the following instructions to install the feature:
Replace the bundle file that is in use for the web site.
Use the 'SSLCertificateChainFile' directive instead of the 'SSLCACertificateFile'/'SSLCACertificatePath' directives.
I have download a .CA-BUNDLE file from them.
Please tell me, now what do I do? I am at a lost at their instuctions, and going by my dealings with them, I think I can get help from you guys more accurately and quickly.
The server runs WHM/cPanel 11 with Apache 2 with mod_ssl. Full root access, but I am a Linux newbie.
I do web hosting (reseller); how much, in USD per year, do you think is a "reasonable" fee to charge clients for a shared SSL connection ?
The SSL is going to cost me $$ per year and I may have some use for it, but if clients want a shared SSL, instead of buying their own, I need to apportion the costs I incur somehow, and (maybe) make some small profit. I see the shared SSL as more of a service, but clients should pay _some_ $$ if they want to use one.
My website is currently running on http and the plesk control pannel is running on https
However the certificate for https for the plesk panel is out of date and self signed therefore web browsers promit its not valid.
I want to get a valid SSL certificate for https for Plesk, Client/Billing area and the main website.
I want to do it as easy as possiable (as I'm not one for technical stuff but if it was resoniable I could give it a go)
I dont want a self signed and want to try to go for something free or very cheap.
Any got any suggestions? I've looked around and come up with companys wanting alot of money I did come across another which was free but it was self signed.
I currently have a reseller accounts from Thawte, Comodo, and RapidSSL, but have realized that I can purchase Comodo and Geotrust SSL certificates cheaper from Namecheap.com and Enom.com
Namecheap.com support is (as always) superb. Any opinions from Enom.com support?
What about Resellerclub.com? I know that they recently started to sell Thawte certs at very good prices. How good is their support?
To cut costs I'm planning on eliminating my VPS and will just host the few sites that I have on my home-office network. However I have 1 site that requires a SSL certificate. Is there an inexpensive solution for doing this that doesn't cost into the thousands per year?
I am continuously getting this error message in my error_logs Invalid method in request x16x03x01
I searched and found out that it is something to do with httpd.conf configurations and SSL. So I asked my provider to check it and solve. First they acknowledge that it was SSL issue but later I was told
Quote:
Since cPanel controls how the virtualhosts are configured this error most likely cannot be fix since cPanel will just revert the change. ..... The SSL connection with the selfsigned cert works beyond kicking out the error, but again cPanel controls the httpd.conf and how the * virtualhosts are configured.
So my question is, Is it common to have this error message with a cPanel VPS? Is there any solution?
I think I hit this error every time when I login to WHM or cPanel of every domain. Should this be fixed or it's not exactly an issue.
I am trying to add some new features to my hosting business and have a couple of questions. I have cpanel/whm and clientexec. I would like to offer shared ssl to my customers but don't know how to set that up. Also, how do this hosting companies offer free ad credits to yahoo and google? Is that something you talk to yahoo and google about setting up or what?
I've been using a single VeriSign SSL for years, of course renewing it! Now I need to get SSL on a few other servers for secure WCF services (Windows IIS web sites). I see there are several SSL cert vendors out there from very cheap to very expensive. VeriSign being on the expensive side, then there's geotrust, thawte, etc. Are they all the same in the end, or is there a catch to these cheaper ones?
