When I try to login to any accounts on my server via FTP the responce is:
[20/03/2008 15:41:15] 331 User restore OK. Password required COMMAND:>[20/03/2008 15:41:15] PASS [20/03/2008 15:41:16] 530 Login authentication failed
I can login to their cPanel accounts fine using the exact same password so I'm not sure what the problem is. I've tried restarting the FTP server and syncing the ftp passwords using WHM -> cPanel -> Synchronize FTP Passwords but still no luck. I've tried changing the account password but I can still login to cPanel with the new password but not ftp.
I try connect to the ftp server via the IP address and domain (ftp.domain.com) but again, no luck.
I have installed red5 war version at my tomcat webapps directory
which I have installed using easyapache 3, demos/porttester works great but I am unable to login to admin panel at [url] I get tyhe server address as well as username password panel but none of the passwords I try gets accepted, also in this type of installation I was unable to find register.html to create a login,
I have a webserver using apache 2.4.4 and 2 application servers with tomcat 7 on windows server 2008 R2 which uses VMWare ESX5.
I use juvmroute to load balance between these 2 application servers. but with no error in apache and tomcat log files, it can not connect to application servers. and i have to restart the apache service. and it crashes after almost 5 minutes.
This is the part of the access.log file where the crash started:
[Mon Aug 05 00:02:51.980503 2013] [mpm_winnt:notice] [pid 1036:tid 292] AH00422: Parent: Received shutdown signal -- Shutting down the server. [Mon Aug 05 00:02:54.008507 2013] [mpm_winnt:notice] [pid 3416:tid 200] AH00364: Child: All worker threads have exited. [Mon Aug 05 00:02:54.024107 2013] [mpm_winnt:notice] [pid 1036:tid 292] AH00430: Parent: Child process 3416 exited successfully. [Mon Aug 05 00:08:12.932936 2013] [mpm_winnt:notice] [pid 2648:tid 296] AH00455: Apache/2.4.4 (Win64) configured -- resuming normal operations
Issue: Upgraded to Apache 2.4.4 and Tomcat 7.0.33. Accessing the website via HTTPS produces "Object not found" error. The error logs (server,tomcat,apache) show no errors. It was working with Apache 2.2
Server OS: Windows 2008 Apache: version 2.4.4 Tomcat: version 7.033 JRE: version 1.6.0_43 Httpd.conf
We want to implementing the load balancing for our domain, if the traffic is heavy and 8080 (i.e. currently integrated with apache) doesn''t serve more that time the apache will call 8081 and serve to the request without any problem.
We want to access our site www.domain.com (i.e. run on port 80). Please guide us it is possible or not?
I have an Apache Server (2.4.3) and a Tomcat Server (7.0.36) and have some Java Applications deployed.Everything works fine, but when we start a quite long Ajax process, I see in my Java Application, that a Ajax request is received and starts processing - everything fine. But during processing of the first request, I see a second request starts after 5 minutes.
My configuration is Apache 2.2.3 using Tomcat - AJP with mod_proxy_ajp, mod_ssl.We have configured Kerberos but some users are getting an error - Size of a request header field exceeds server limit.
Users with headers above 8K are getting this error, users less than 8K can get in fine. How can I increase this header limit in Apache/Tomcat? I have tried multiple suggestions found on google and other sites.
Here is what I tried:
Adding the following to the http.conf LimitRequestFieldSize 65536 ProxyIOBufferSize 65536
Adding the following to server.xml packetSize="65536"
editing a workers.propeties file, but we dont have any files on the server with that name.
I would to use: htdigest -c filename.htpasswd Group usernamein file batch to insert a set of users with password.I can use it without having to enter the password from the keyboard?I tried echo pass| htdigest -c filename.htpasswd Group username but it does not work.
Is this possible to log username and password passed by GET request for basic authentication?I generate link to some part of my website by [URL] ....
It works without any problems for 90% users but some of them got information that there is password mismatch.So I would like to log all request with information about passed login and password in text plain.
I have been trying to get password protected directories working on my Linode server. It works / behaves in a desktop browser somewhat but not like I am used to with hostmonster. Also for some reason my phone (windows phone just loads the page in the protected directory without prompting for a password. So I imagine there is some security thing I am missing that none of the info I have found searching talks about. Here is what I have done. I have created a password file and set the permissions correctly on that and it works on the desktop. However when I close the browser or open a private browsing session I am never prompted for a password again. It just feels insecure. Plus my windows phone just loads the page with no prompt. With hostmonster if I closed the browser window it would ask me for the username and password again. I also tested hostmonster directory passwords on my phone and it prompts for a username/password.
Here is what I have added to the apache2.conf file. The rest is pretty much default. There is no .htaccess file for that directory.
<Directory "/var/www/protected"> AllowOverride All AuthType basic AuthName "Enter Login" AuthUserFile /etc/htpasswd/.htpasswd Require valid-user Order deny,allow Allow from user1 </Directory>
It may be worth noting that I have two virtual sites / domain names running on this server at the moment however the one that is being used for this is the primary domain name.
In web application we are facing high vulnerability issue based on the session validation.
We can download the files from the server whenever we are passing the link even without login. The links are directly hit into the server and download the files any type of files extension such as .txt, .xml, .zip and so on.
Need the solution for this issue: How will we resolve the issue using validate the session in apache side?
Scenario as below:
When user manually passing the request if user logged they should access the files When user manually passing the request if user is not login they shouldn't access the files
Here both the scenarios they can access the files but we want to restrict when the request is coming to apache without login.
EX: [URL] ....
When i tried above link I can able to view the file in browser. Even able to download all different fies extension which are having in the under tomcat webapps dir.
How we can restrict this in apache code or any other files in apache side or is there any way to validate the request is logged one or not?.
I'm trying to set up password protection on an Apache HTTP server, and it's not working.
First, the environment: Apache 2.4.4 installed with XAMPP Control Panel 3.2.1 under Windows 7 Professional.
http.config says "AllowOverride All."
The .htaccess file in the protected directory says:
Code: htpasswd -c .htpasswd samples
htpasswd prompted me for the password twice, and I entered it twice. When it quit I had a file named .htpasswd in the subsidy directory. I typed it and its contents looked correct according to the examples I've seen.
Then I restarted Apache and tried to load a page from the directory. The browser simply prompted me for the username and password over and over.
The Apache error log says, "AH01617: user samples: authentication failure for "/subsidy/filename.html": Password Mismatch."
I deleted the .htpasswd file and ran htpasswd again, specifying a different (very simple) password. I also confirmed that caps lock was not on both before and after. I restarted the server, tried to load a page, and got the same problem.
Apache seems to think I'm entering the wrong password, but that seems impossible when I've just defined it myself -- and I've tried twice, intentionally choosing a very simple password the second time. If the message means what it says, the cause must be something very different from the obvious one.
I am using mod_auth_form.For security reasons, I would like to ensure that users are ALWAYS redirected to the page specified in AuthFormLoginSuccess Location after a successful login. Therefore, I would like to disable processing of the httpd_location form parameter.
The best I can do seems to be to use AuthFormLocation to set the field name to a hard-to-guess value, e.g. AuthFormLocation "32 b63 a#ve"