Apache User Authentication Logic ...
May 11, 2009
I'd appreciate if you can point out some links, or if anyone is willing to help me for a fee, we can talk about it.
I have a web application called MyApp
- Each MyApp user has 5gb hosting, and a web interface to manage their files.
- Therefore MyApp user gets a user account on linux machine and has access to only one directory /repo/usr/<user_id> and nowhere else. (suexec?)
- If that MyApp user creates a subdomain from any folder inside his home folder (he can do that using web interface), that folder is readable by www-data user not writable.
- That myapp user is able to mount/unmount his own ftp drives using curlftpfs.
- In short, users can only mess with their own files and they have no access nor rights to any other file that is outside of their home dir.
In short, this is a kind of hosting company server setup. Right now, we will have to manage all this from -only- one powerful server.
View 2 Replies
ADVERTISEMENT
Oct 1, 2014
Is it possible to verify client certificate based on username?If possible, How can we implement it in our httpd-ssl.conf file.
View 1 Replies
View Related
Dec 17, 2013
I have several applications that use authentication and expect REMOTE_USER to be set by Apache for authentication/authorization.
I am putting a reverse proxy, with shibboleth in front of these applications, on a separate server.
Currently, REMOTE_USER is not sent. I have tried a few things, and I am currently sending it inside another header, but I have some applications that are closed sources and this will not work.
Is this possible to do? I am running this with Apache 2.4.7, I believe, on the Windows platform.
View 2 Replies
View Related
Feb 21, 2008
I'm starting a community ISP.
The users will connect by wireless signal and I want anybody in the neighborhood to be able to access it, free of charge.
Only issue is I want they to register and login before they can start visiting websites. To avoid liability issues I think identifying each user is a good idea.
So I want to create a login mechanism, like the user connects to the wireless network. Then he tries to open any website but it will actually open the authentication page instead.
My first obstacle is how to redirect every web request of non-authenticated users to my web server? Should I do it in the DNS level pointing every domain to my internal IP or should I do it in IP level somehow?
I have seen other ISPs using this authentication method, but unfortunately I didn't bother looking at how they accomplished it...
I think they used the DNS method. But how to setup a dns daemon (be it bind, djbdns or even maradns) to resolve all requests to a certain IP?
View 3 Replies
View Related
Jun 24, 2015
Two days ago we have upgrade a Plesk Panel 11.5 to 12.0.18. It have been working properly until today. Lots of mailboxes doesn't work with the error
Jun 24 13:30:12 hosting2 plesk_saslauthd[19704]: No such user 'mailbox@domain.tld' in mail authorization database
Jun 24 13:30:12 hosting2 plesk_saslauthd[19704]: failed mail authenticatication attempt for user 'mailbox@domain.tld' (password len=10)
The /usr/local/psa/admin/bin/mail_auth_view show only a few mailboxes.
The /usr/local/psa/admin/sbin/mchk --with-spam does´t fix the problem.
If we change the password of one of the crashed mailbox, it works until the /usr/local/psa/admin/sbin/mchk command is executed.
If we try to clear a new mailbox in one of the domains that doesn't work, we adquire the error "mailmng-outgoing failed"...
View 2 Replies
View Related
Apr 23, 2009
I have a machine at home running the UniformServer wamp package on Win2K3 Standard server and I'm hosting a simple family picture gallery using Gallery 2.3. I put the gallery in a subdirectory of root so I could have a public homepage and a gallery that is password protected. I did this using .htaccess and .htpasswd.
My issue is when I browse to mydomain.com and click the link to the gallery [url], the password box pops up, and when I enter the appropriate credentials, the domain name reverts to the IP and another password box pops up. If I log in a second time, I'm fine. If I cancel that second login, it still lets me in, but prompts me to login that second time for every click going forward until I authenticate.
View 1 Replies
View Related
Apr 14, 2014
I have been trying to set ssl client authentication with Apache.I basically have a server certificate issued by a recognized CA. For the normal ssl authentication I use the following configuration (and it works fine):
View 1 Replies
View Related
Dec 3, 2014
I have a couple of directories on my server that require authentication (MySQL DBD and AuthUserFile). Both work fine with SSL off. When I use SSL on directories without authentication that also works fine. However, when I put the 2 together, authentication is by-passed. I cannot seem to get the configuration right to do both. Here is my VH conf file (sanitized):
Code:
LoadModule dbd_module modules/mod_dbd.so
LoadModule authn_dbd_module modules/mod_authn_dbd.so
<VirtualHost *:80>
DocumentRoot "/var/www/html"
ServerName myhost.mydomain.com
ServerAdmin mailman-owner@mydomain.com
ErrorLog "/var/log/httpd/myhost_error_log"
CustomLog "/var/log/httpd/myhost_access_log" combined
[Code] .....
View 2 Replies
View Related
Oct 6, 2013
I am implementing OpenERP service + Apache on Ubuntu server. The connection to the server need to be HTTPS.
Here is what I does:
a. For HTTP side, forward connection to HTTPS side.
View 2 Replies
View Related
Jun 18, 2007
i am trying to setup a VPS with:
Apache Suexec, so that each VHosts runs under there own username
FTP for each of the vhosts.
I have made a username aplushost and FTP works fine when i login, however when i try and get Suexec to work it shows a 403 permision dined, even know the whole directroy path is with correct permsions.
"/home/aplushost/www"
However if i chown the directroy "aplushost" to apaches username , currently "nobody" i have tried with "apache" and many others the page is displayed correctly.
The weird thing is that the www directroy can still be set to the aplushost username and files work inside.
However due to changing the privalages of the folder aplushost ftp now fails to login due to the folder not being owned by the ftp user "aplushost".
So im stuck between only having one item working at a time.
i have put some content of my config files.
----------httpd.conf vhosts------------------
<VirtualHost 87.117.196.247>
DocumentRoot "/home/aplushost/www"
ServerName aplushost.co.uk
SuexecUserGroup aplushost aplushost
<Directory "/home/aplushost/www">
allow from all
Options +Indexes
</Directory>
</VirtualHost>
---------------passwd file----------------
aplushost:x:500:99::/home/aplushost/www:/sbin/nologin
(Have tried with many different shells, no difference, also tried with home directroy as just /home/aplushost)
View 6 Replies
View Related
Mar 22, 2015
I have some questions about the LDAP authentication module.I have a LDAP authentication with this config:
<AuthnProviderAlias ldap ldap-account>
AuthLDAPBindDN "CN=directory search,OU=Service-User,DC=company,DC=ch"
AuthLDAPBindPassword "xxxxx"
AuthLDAPURL "ldap://ldap.company.ch/ou=Users,dc=company,dc=ch?sAMAccountName?sub?(objectClass=*)"
</AuthnProviderAlias>
If a User logs in with username only, all works correct. If a user use the DomainUsername format, the login is rejected with "user not found".Should it not work with both login styles ? Or is there a option to reformat or rewrite the username before authentication without the "Domain part ?
View 1 Replies
View Related
Apr 23, 2015
Is this simple authentication or SASL Digest MD5, ..)?
we are able to specify only the 'authbasicprovider ldap' ldap url, bind username and password in the apache httpd configuration file.
Can LDAP SASL (Digest MD5, GSSAPI,…) mechanism be specified in the Apache configuration during authentication?
If so, how to specify the LDAP SASL mechanism?
View 4 Replies
View Related
Dec 2, 2013
I was wondering if there's a simple way to implement some kind of authencation bruteforce protection in apache for windows? Right now my authentication never stops asking if user inputs the wrong credentials, this makes me think i'm vounrable for bruteforce attacks which could eventually get through if given the time.
View 4 Replies
View Related
Oct 6, 2013
I have to create a structure in which there is a client, a server and an authentication authority.
The authentication authority verifies the identity of both the client and server before they can communicate, so that the client can access the content offered by the server. Everything must be made using HTTP with SSL (HTTPS).
For now I have installed xampp on my pc with ubuntu, I performed the initial configuration and was able to view a test page locally hosted by entering the URL of the virtual server "www.server.it" (added to the configuration of apache2).
View 1 Replies
View Related
Nov 18, 2014
In web application we are facing high vulnerability issue based on the session validation.
We can download the files from the server whenever we are passing the link even without login. The links are directly hit into the server and download the files any type of files extension such as .txt, .xml, .zip and so on.
Need the solution for this issue: How will we resolve the issue using validate the session in apache side?
Scenario as below:
When user manually passing the request if user logged they should access the files
When user manually passing the request if user is not login they shouldn't access the files
Here both the scenarios they can access the files but we want to restrict when the request is coming to apache without login.
EX: [URL] ....
When i tried above link I can able to view the file in browser. Even able to download all different fies extension which are having in the under tomcat webapps dir.
How we can restrict this in apache code or any other files in apache side or is there any way to validate the request is logged one or not?.
View 3 Replies
View Related
Oct 29, 2014
I am setting up apache 2.4 as a service locally through localhost on a windows 2008 R2 standard server. I have set up SSL listening on port 443 and works correctly, however I am having trouble figuring out how to get apache to authenticate my CAC card.
I have downloaded the DOD certs and put them into various types of files including pem, base 64, der etc and I have yet to figure out a way to get the client certificates validated.
I have left out the information about the SSLCertificateChainFile, SSLCACertificateFile and SSLCARevocationPath as I am sure this must be where my problem is.
Is it possible to get this done through localhost. Here is the error I am getting in the error log.
[Wed Oct 29 11:37:05.675491 2014] [ssl:error] [pid xxxx:tid xxx] [client 127.0.0.1:59282] AH02039: Certificate Verification: Error (20): unable to get local issuer certificate
I am using a self created self signed server ceritficate. Here are some details from my httpd-ssl.conf file:
Code:
<VirtualHost _default_:443>
DocumentRoot "${SRVROOT}/htdocs"
ServerName localhost:443
ServerAdmin admin@example.com
ErrorLog "${SRVROOT}/logs/jtdi.log"
TransferLog "${SRVROOT}/logs/jtdi-Transfer.log"
[Code] ....
View 1 Replies
View Related
Jan 16, 2014
I am running apache currently on my QNAP server, and have enabled webserver and LDAP. We have set up users on LDAP. I have created a landing page for access from the internet. I want to configure Apache to authenticate the users using LDAP before granting access to the landing directory.
I have started this with the apache configuration below: My apache config file -
Code:
LogLevel debug
CustomLog "logs/access_log" combined
ErrorLog "logs/error_log"
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
ServerName MyServer
LDAPTrustedMode NONE
LDAPVerifyServerCert Off
[Code] ....
When I access my page, I get the authentication prompt. But when I enter my LDAP login and password, I get thrown out of the system with the error:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, admin@NAS and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Looks like my apache configuration is a problem as I am able access my LDAP and everything with LDAP seems to be working fine except Apache configuration to authenticate against LDAP.
View 1 Replies
View Related
Nov 5, 2012
We have a website running on Apache ver 2.2.3.
A couple of directories on the website need authentication against LDAP. The setup has been working for many years and all of a sudden is giving some issues.
The page asks for authentication and once login details are entered, either it throws an error "Page has moved" or "Please refresh your browser or reload the page".
As far as I am aware no configuration has been changed for LDAP or for Apache. The website runs on Windows Server 2003.
I am very much new to Apache and cannot seem to find any errors logged.
View 2 Replies
View Related
Jan 10, 2014
Im having a problem where local authentication will not work when when the configured LDAP server is unavailble. When the ldap server is online I can authenticate fine against ldap and local file. However, when the ldap server is offline, I cannot authenticate with the user1 account. The browser just sits at a blank screen.
Ive searched a lot on this and found many examples, all very similar to my config below, but I still cannot failback authentication to local file when ldap is unavailable. Im running Apache/2.2.10. I have also tested this on 2.2.16 with the same results.
=======.htaccess==========================
AuthName "Server Access"
AuthType Basic
AuthBasicProvider file ldap
AuthUserFile /etc/apache2/htpasswd
AuthzLDAPAuthoritative off
AuthLDAPURL ldap://ldap.domain.com:389/OU=Users,DC=domain,DC=com?sAMAccountName
[Code]...
View 3 Replies
View Related
Apr 28, 2015
I have a class project that we are working on where we have to configure and implement an Apache server with ssl using ldap for authentication. I have documentation of literally everything I have done in the configuration. Everything seems to be fine with the config that I can tell. The client gets a prompt for username and password when they access the server ip address. However, once the correct username and password are entered, then the client receives a 500 internal server error message instead of the webpage: "Internal Server Error...The server encountered an internal error or misconfiguration and was unable to complete your request.
View 1 Replies
View Related
Dec 7, 2006
my setup to start:
I've got two servers is two different locations.
one of them, the master server ( we'll call server A ), runs a large web site with a lot of content and a mysql server.
I've setup another server ( we'll call server B ), that is completely in sync with server A, both mysql and all data using mysql replication and rsync for data.
also I've setup round robin dns, which is also working correctly.
Now, my question is:
if server A goes down, and server B picks up after it.
how can i get those changes that were made on server B back in sync with server A when it comes back up. example, a use uploads files, or posts/edits/deletes data from mysql.
how should i handle this?
any ideas would be great, I'm sort on stuck on this one for the moment.
View 2 Replies
View Related
May 2, 2007
If I want to apply a rule if (Condition A and (Condition B OR Condition C)) is true, will the following work?
RewriteCond Condition A
RewriteCond Condition B [OR]
RewriteCond Condition C
Or will the following?
RewriteCond Condition B [OR]
RewriteCond Condition C
RewriteCond Condition A
Or neither? Or both?
View 2 Replies
View Related
Mar 13, 2008
I found this forum from a friend at DP. I told her what was happening to me, and she suggested that I lay it all out here.
I wanted to try to make a site maybe 3-4 months ago, so I looked for a web host. I chose [url]
All was well until maybe 2 weeks ago. Every page that relied on a mysql database began loading very slowly. These are WP blogs. I waited a few days and contacted support @ Start Logic. They said it would have to go to level 2 tech support, but they would get an answer/ fix within 24 hours.
After 4 days, I had not heard from them. So I went to their online chat tech support for an answer. After 1.5 hours of waiting, I reached customer service. The lady began by telling me that I needed to mail them some screen shots of the problem. Then she put me on hold and came back with this auto response:
Harriet Anderson: I apologize for any inconvenience this has caused you.
Harriet Anderson: Our Network Operations team is aware of the MySQL issues which is responsible for the slow running Web site. To find a fast alternative, we have already set-up a new team of Engineers who will only be monitoring the load on the MySQL servers.
Harriet Anderson: Upgrades could be the best alternative, but we are actually trying to find the reason behind the cause of the issue. You might have a question about why did it take so long to get this settled. The team had to search each server to trap the account which was using high amount of server resources. We have now found the cause of the issue and it was only because of few customers the load on our MySQL server was very high.
Harriet Anderson: These customers were utilizing very high amount of the server resources. Now that we have deactivated the scripts and accounts of these customers, you will not find irregular disturbance while accessing your Web site. To improve the performance, we will be adding more hardware which should actually help the current servers in boosting the server performance.
I told her that I needed someone with particular knowledge to contact me. I told her that my sites that use the databases are now worthless, and that it is not getting better. It is now taking 20 seconds to 4 minutes to load a page that is on a database.
For pages that aren't, they load in less than a second. That was maybe 3 days ago, and no one from start logic has contacted me.
My friend at DP is a computer guru. She says that StartLogic is full of *hit taking 2 weeks to find the cause of my msql being slow. I don't know one way or the other.
Please tell me: does something not seem right? I'm not happy at all, and I feel like I am being cheated. 2 weeks ago all was well. Now I'm screwed, and they are not responding with solutions. What do I do?
The effected domains are in my sig.
View 17 Replies
View Related
Jul 22, 2008
About one year ago, I decided to setup a wiki for a speech and debate club. Being a complete rookie, I fell for one of the fake review sites and chose start logic. After all... the ad said that the web hosting plans were mediwiki compatible.
With a lot of learning on my part, I managed to get mediawiki installed only to find out that light usage by just myself and my daughters would cause the website to stop working due to a "max number of querries exceeded" error. There was no way that this could be used for an entire club! Support from Start Logic was slow and basically limited to... "yup, that's the limit"... might I offer you a VPS?
My wife had already set up the club website using Start Logic, so I did not want to move her to new technology so qiuckly. So I purchased a separate VPS... but with known host, because I was not going to reward a Start Logic for what I felt was false advertising.
Support from Known Host has been fast and understanding, even as I'm learning and ask some ocassionaly clueless questions. In a year of usage, I have not had any downtime and performance has been great.
One year later, I have taught my wife to use a new web authoring package for the club web site... and canceling my Start Logic account.
Known Host - Two thumbs up!
Start Logic - Two thumbs down!
View 4 Replies
View Related
Jan 22, 2007
Has anyone done any comparisons between these companies.
I've tried reaching out to each and plan to do follow-ups .
3 calls, 2 phone convos with Postini and the local rep still has not called me back to discuss their offerings.
View 1 Replies
View Related
Aug 1, 2007
Its now 8 days and Newista (Some Logic Inc) is neither providing any support nor ending downtime of my sites.
Tickets submitted but no reply at all.
Is there any alive representative of above sucked web hosting company to answer ?
Newista -[url]
Some Logic - [url]
View 6 Replies
View Related
Apr 3, 2014
I have opensuse 13.1 on my server and i folow this tutorial: URL....but as you see this is for opensuse 12.2, but i manage to run everythink only apache2 server.Well i get this error, but i run vhost.No user or group set - set suPHP_UserGroup..Well apache2 is rurning as every other thinks on server only web page dont show and i get error: Server error!
The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there was an error in a CGI script.
View 1 Replies
View Related
Jun 5, 2009
I've run into a wall trying to run apache with multiple websites allowing users to use FTPd to manage files.
I'm running FreeBSD 7.1 on Apache 2.2.x
The issue is that Apache runs as www:www but FTPd writes the files as username:client. When performing some scripts that edit back-end files, this obviously can cause errors.
The data for each directory is stored in /home/username/www
I looked into some apache directives I could use. I tried putting User and Group directives into the vhost configuration for each vhost, but that did not work. I even found the perchild module and it looked like it can do the job but was a bit scared and turned off by the fact that it states it is beta at the top of the page. (I cannot link to it because I do not have enough posts.)
View 2 Replies
View Related
Jul 27, 2008
APache is running under the "nobody" user/group as default in CPanel servers
as a suggestion I should change it to another user/group to improve security!
But in CPanel servers its hard to do that because you must edit some scripts and files to prevent the backing to nobody when running some scripts such
PHP Code:
/scripts/chownpublichtmls/scripts/enablefileprotect
or when create a new account
Some sites says "the secret of changing the user/group is in the UID/GID of nobody < 100 !"
so I found a solution :
1 - delete the user/goup nobody
2 - recreate it with GID/UID > 30000
3 - run /scripts/chownpublichtmls
so the question is that solution improve security or i should change the user/group to another one! like "www"?
View 3 Replies
View Related
