Security :: Apache2 Access Restriction In Location
Jan 22, 2010
I've got this in my Apache2 config (on a Ubuntu 9.10 server):
Code:
<VirtualHost _default_:443>
DocumentRoot /srv/svn
<Location /repos>
DAV svn
[Code]....
When I comment out the "allow from" line, I have no access to this server at all, but when "Allow from 127.0.0.1 172.23.120" is activated, I can also access that location from other IP's (I can even access it from the internet).
What I really want is access limited to the IP's in "Allow from" because I don't want anyone accessing our subversion repo's from anywhere else.
View 5 Replies
ADVERTISEMENT
Nov 9, 2010
I have a Name-based virtualhost website in Apache, what i want to do is to disable direct ip access to the site and allow only through web address (www.mysite.com, and not through xxx.xxx.xxx.xxx). Or at least show a default page / not found page
I presume this can be acomplished with Mod_Rewrite and .htaccess but i just wanted to know if there is a more global option for this
I have googled this a lot but i can only find posts related to ip host restriction rules, which is not what i want
View 3 Replies
View Related
Apr 29, 2010
cannot restrict share access to a single user. I've played with the security and valid users options in the smb.conf and I can get it to mount if I remove the valid users option, but this does not provide the access restriction I need. I also left it open and tried making the folder permissions rwx for backupadmin only and that didn't work. I'm using a credentials file which I include below, but I've tried manually entering them in the command too.
[root@aaphst02 /]# mount -t cifs //aapsan01/aapxen01 /mnt/aapxen01 --verbose -o credentials=/root/smbcreds
mount.cifs kernel mount options: unc=//aapsan01aapxen01,ip=10.0.1.34,user=backupadmin,ver=1,rw,credentials=/root/smbcreds,pass=********
[Code].....
View 3 Replies
View Related
May 5, 2011
when I nmap -sV domain I can see my chrooted apache2 banner how can I do not even show the banner even if is chrooted.
View 1 Replies
View Related
Aug 24, 2009
I am trying to access log file which located in /etc/log/apache2. I could get into the directory using `su`. I was able to run ls command under the directory and everything was file. I could run a command,
ls -d /var/log/apache2/*
However after I switched to my account, I got an error. sudo ls -d /var/log/apache2/* ls: cannot access /var/log/apache2/*: No such file or directory
I want to use this command in a bash script to get a list of log files. Should I write the script as root and run it as root?
View 3 Replies
View Related
Nov 12, 2010
I have installed LAMP server, I cant access any image files though Apache2.
All other, text document are showing, html, and php etc.
View 1 Replies
View Related
Jan 24, 2011
I've just installed LAMP. http://localhost/ page works fine. I need to create some virtual hosts. Localhost page is situated in /var/www/. It's normal for me, and I wanted to created virtualhost (in /var/www/vhost1) But it doesn't open in browser. Where is my mistake?
/etc/apache2/ports.conf
Code:
NameVirtualHost *:80
Listen 80
<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
[Code]...
View 7 Replies
View Related
Feb 24, 2011
After install LAMP, apache2 can't access php files; I can see the info from the phpinfo(); but when I create a php file in /var/www and try to access the file (via web browser), the page is blank. If I change the extension to html I can acces without problems. I checked everythig but I can't understand why any web browser access a blank page. Nothing appears when I'm cheking the error.log file (apache2)
View 12 Replies
View Related
Jan 22, 2010
I have some perl Web Interfaces for some project tools running on a Linux (Ubuntu) machine, they're in the /var/www directory and I want to view them from other computers on our network.
I have backed up then edited the /etc/apache2/sites-available/default file from:
</Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
[Code]....
View 2 Replies
View Related
Oct 25, 2010
Code:
sudo iptables -A INPUT -i eth1 -p tcp --dport 22 -m state --state NEW -m recent --set
sudo iptables -A INPUT -i eth1 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --
[code].....
View 9 Replies
View Related
Mar 3, 2011
my computer is often very slow, to the point of stalling. I tty'd in and when I ran ps -ef I noticed about 10 /usr/sbin/apache2 -k start I dont even want 1 apache running. Any suggestions why these are running, or how to stop it? Well, I can stop it with a sudo killall, but how can I make sure it doesnt happen again?
View 5 Replies
View Related
Jan 14, 2010
I configured my apache2. On my Intrepid I had apache2.0 while on my Karmic I have a apache2.2. Aftere configuring I tested it and got a an error page when I tested it in my web browser. I looked into the log file that showed the following error "[client 127.0.0.1] (13)Permission denied: access to /my_dir/ denied".
It appears apache2.2 can't access directories in my home folder. File system rights for the files and folders are correct. There is no AppArmor profile for Apache. User settings in "/etc/apache2/apache2.conf" file are correct. The inaccessible folder in "/etc/apache2/sites-available/default" looks as follows:
[Code]...
A trick using symbolic links didn't work either. On my previous Intrepid with Apache 2.0 my pages worked like a charm. Now on my current Karmic (before apache2.conf was pre configured, now it's not) with Apache 2.2 my pages are wrecked. how I can make Apache2.2 access folders in my home folder and which settings are needed in default file for that?
View 8 Replies
View Related
Jul 3, 2010
I bought a mlb.tv to watch baseball game online and they have blackout for local teams. I try to use proxy sock to bypass the blackout, but for some reason they know my location because I'm getting blackout. I check to see if they were just checking for proxies and I went and I try to watch other games not in my area and I was able to watch it. I use this command on the ssh client "ssh -D 9090 user@domain.com" and I change the setting on my network. I do a ip lookup and the ip address is from the server location. I dont want you guys to tell how to bypass, I just want to understand how they know my location.
View 1 Replies
View Related
Dec 1, 2010
I installed Ubuntu 10.04 only be dismayed to find ${HOME}/bin FIRST IN THE PATH. I blogged about it at my blog (I sudo an xterm rather than just sudoing to get a different background for the sudo'd xterm): [url]
I agree that some new user should probably not be logging on as root. But if the replacement for 'ls' is in their ${HOME}/bin/ the sudo'd shell inherits the same PATH, umask, and everything else! In general I take a dim view of a sudo only way of doing things. It seems to cause more problems than it solves for disciplined, knowledgeable users. In the case of Ubuntu it caused me to create a /root folder for root to reset the umask back from 077 which is what I use over to 022 which is what root should use. The /root/.profile of course made sure there is no /home/me/bin in the sudo'd PATH. It didn't matter because somebody is not just SETTING the file perms and is instead calculating them based off of modifications to the umask. JUST SET THEM! I ran into a problem with GRUB getting things fouled up because I was having to remove the new kernels and instead of using the command line option (much prefereable) used Synaptic Manager instead: [url]
In fhe case of an infection living in a user's file space you really should want to go in to clean it out as some other user than the user that is infected. Having said that the hackers seem to be going for the whole enchilada right off the bat. A WARNING is in order here. DO NOT USE A ROOT ACCOUNT OR SUDO FOR NORMAL TASKS! But please put ${HOME}/bin last in the PATH or preferably don't even put it in the PATH at all. Let users add it themselves if they want it. Also once hackers figure out that hijacking a sudo tty (from what I just read else-where here I would say several hackers are working on doing that right now - sendmail my ****) is a dandy way of doing things you really will need to provide for ways of cleaning a user infestation out by going at it some other way than through that infected user. A lot of Ubuntu users have only one login account, the one they created when they set the machine up.
View 9 Replies
View Related
Jan 4, 2010
Quote:
alexander@osiris:~$ uname -a
Linux osiris 2.6.31-14-generic #48-Ubuntu SMP Fri Oct 16 14:04:26 UTC 2009 i686 GNU/Linux
I tried to change the sys_call_address to another location in memory. The result was an OOPS!
sys_call_address is of course not exported, so I found it using:
Quote:
grep sys_call_table /boot/System.map-2.6.31-14-generic
c0577150 R sys_call_table
My kernel prog looks like:
Code:
#include <linux/string.h>
#include <linux/smp_lock.h>
#include <linux/init.h>
#include <linux/module.h>
[Code].....
View 5 Replies
View Related
Nov 9, 2010
I'm quite new to ssh tunneling but I now want to make one of my machines at home accessible to my lan network here. I used the following command to make it available trough 127.0.0.1:5555(lo interface):
ssh -L 5555:192.168.0.15:80 me@xx.xx.xx.xx -N
now I want to make it available to eth0 on 192.168.1.40:5555 How do I do this?
View 3 Replies
View Related
May 5, 2011
We have setup a separate partition to keep our audit files, but I am at a loss to figure out how to redirect the log files to be stored there instead of the default.
I am sure it is a simple matter but I have been unable to locate the information.
View 1 Replies
View Related
Apr 12, 2011
I am implementing hard drive encryption. I wish to pass a key file to the crypttab from an NFS mounted location. But I could see that the disk encryption process starts very early during the booting process, before fstab is run. I could not find which script, in rc5.d, starts this service. And I am confused on how nfs mount are performed from fstab, as the network service starts at a very later stage than after fstab is called to mount the local partitions/disks. In my case, I have to wait until the nfs is mounted and then call the /dev/mapper mount (in fastab) to mount the encrypted partition.
View 2 Replies
View Related
Feb 21, 2011
I've set up ssh passwordless logins using keygen etc.before so I know the routine.
The problem I'm currently having is setting passwordless logins when I don't have write permission to my "root" of the remote machine. More specifically the slice provided by a commercial web hosting provider. I can ssh and sftp just fine keying in the password manually but since I'm unable to create a .ssh directory in my "root" I'm unsuccessful in scripting logins. What I'm wondering is if the .ssh directory and associated security files can be placed in an alternate location such as the httpdocs directory and pass that location to ssh in a command line parameter.
View 8 Replies
View Related
Aug 23, 2010
On a modern system--Lucid, SATA 3.0--does the location of a file on the physical disk make an appreciable difference to its access speed? If so, is there a (safe) way to put a file in a particular place on the disk?
I ask because I would like to reserve some space on disk to remain unused without messing with the partition table. My thought was to do this by using dd to create some large files (4 Gb each, or so) containing zeros.But obviously I would like to put them on the slowest part of the disk, as they won't be used for anything.
View 2 Replies
View Related
Feb 24, 2011
I want to backup some data on my Fedora box to a external Hard Disk (USB). I mounted the external HD on my box. I wrote a bash script to do that and I scheduled a cronjob to execute the script. When I am online the script executes as planned. However when I am logged out the copy does not work. I also tested this with a cifs mount (via fstab) and that does not work either. I set the script to generate some output at the end and that is OK so the script does run when I am offline. I suppose the mounted locations are not reachable while logged out, is that correct? Is there a workaround so I can reach the mounted locations while logged out?
View 2 Replies
View Related
Nov 19, 2010
I have suse10 64 bit installed. I am setting up a svn server on it. After installation and adding the modules ,while reloading the apache2 it's throwing the error as: HTML Code: httpd2-prefork: Syntax error on line 113 of /etc/apache2/httpd.conf: Syntax error on line 31 of /etc/apache2/sysconfig.d/loadmodule.conf: Cannot load /usr/lib64/apache2/mod_dav_svn.so into server: /usr/lib64/libsvn_subr-1.so.0: undefined symbol: apr_memcache_add_server
View 9 Replies
View Related
May 4, 2010
I'm setting up a server with Jaunty Jackalope version. I'm trying to test setting up a basic iptables rules... No matter which command I put in, it is failing on the first command when I run iptables-restore < file location (the first rule always fails). I'm doing this on the root user and first typing in the iptables rules in a test file. I've tried the first command starting with % sudo, iptables and -A. All have the same result. I've also tried letting the HTTP rule be first with the same result.
[Code]...
View 2 Replies
View Related
Dec 9, 2009
I am getting this error
Starting web server: apache2[Wed Dec 09 15:36:40 2009] [warn] NameVirtualHost XX.XX.XX.XXX:80 has no VirtualHosts(99)Cannot assign requested address: make_sock: could not bind to address 68.178.232.100:80
no listening sockets available, shutting down Unable to open logs failed!
also what is 68.178.232.100
View 1 Replies
View Related
Jul 22, 2011
usb devices, such as external hdd, memory stick and mp3 player, when I connect them to USB, they show up in Nautilus, but when I click on them, Nautilus is unable to mount them and returns the following error: Unable to mount location Error mounting: mount exited with exit code 1: helper failed with:mount: wrong fs type, bad option, bad superblock on /dev/sdc1, missing codepage or helper program, or other error in some cases useful info is found in syslog - try dmesg | tail or so
View 3 Replies
View Related
Sep 23, 2010
This is my problem,i need to give some user from other machine to my machine where they can get my data,but i want to give them only one dir where they can download file and i'm trying to use scp to this solution
Code:
[root@malick ~]# ssh -V
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
View 9 Replies
View Related
May 16, 2009
I ma porting an application from SUSE 10 Professional 64-bit to CentOS 5.3 x64 version. We have set the /etc/php.ini as in old server and set the maximum memory limit to 5GB (yes! We have ample of memory) for the process.It was working fine in old server but in new server, the Apache log always showed that it failed to allocate more memory for the application.We noticed that the error coming out while the application uses up to 1GB memory.Just wish to ask if the PHP in CentOS 5.3 has any restriction on memory usage?
View 1 Replies
View Related
May 6, 2010
Is it possible to prevent the panel from expanding to where the -ox buttons appear on a full sized window. I use the panel hide pref with the panel not fully extended to the width of the scree. If the panel gets too big then it drops down each time I click to close the window. I would like to limit the overall length of a panel. Is it possible?
View 3 Replies
View Related
Jul 7, 2011
I just launched an instance on EC2, and everything seems work except the IP restriction by .htaccess. My .htaccess is only:
Order deny,allow
Deny from all
Allow from 88.246.163.6
And it doesn't restrict access.. What am i missing?
View 3 Replies
View Related
Jun 1, 2011
recently i was raised my question about external and internal emailing using one domain name.Now i have another question about restriction.I can able to set email account and permit only local and external
now my question this kind of setup external and internal one thing i've noticed is that using prinzz1@domain.com(local only) was able to receive email from outside.is it possible to block all outside email if the prinzz1@domain.com is local only?
View 11 Replies
View Related
