Security :: URL (Not URI) In Apache Access Log?
Mar 6, 2010
I happened to be looking at my Apache-2.2.8 log on an Ubuntu LTS 8.04.4 system, and noticed a few lines like this:
Code:
61.160.212.242 - - [06/Mar/2010:07:04:41 -0800] "GET http://218.30.115.246/ HTTP/1.1" 200 295 "-" "-"
61.160.212.242 - - [06/Mar/2010:07:05:29 -0800] "GET http://218.30.115.246/ HTTP/1.1" 200 295 "-" "-"
xxx.xxx.xxx.xxx - - [06/Mar/2010:07:56:15 -0800] "GET http://218.30.115.246/ HTTP/1.1" 400 290 "-" "-"
(The third line is me telnetting to the server and trying to issue the same request. Note that I got a 400 error response, while the guy coming from 61.160.212.242 got 200s. Also, if you just open the http://218.30.114.246/ URL, you get back "hello" (nothing else, just 5 characters). I'm presently putting together a bootable CD with chkrootkit to run on the machine. (I found a thread that mentioned in passing that this was related to PHP, which I have running on that Apache server, but my Google-fu isn't strong enough to track down the original thread.) (After checking with chkrootkit: nothing unusual found.)
View 10 Replies
ADVERTISEMENT
Jun 30, 2010
I'm about to have a web server at home for the first time. I've always missed having full control and not having to contact my hosting company when I need to do some specific changes - and some changes they won't do for you at all.I've chosen the non-GUI Ubuntu Server with LAMP, and nothing more is installed really except for a couple of command line tools from the repository. The LAMP software has been locked down as good as I can by following some guides on the net and using common sense. Like Apache 2 don't have access to the file system except for the www folder, and setting the headers to Prod. MySQL has skip-networking and I've commented out the listen string to localhost. PHP has a truckload of functions that I've disabled in the php.ini, also by following some guides on the net, among some other security enhancing php.ini editing.
The only thing the server will serve is a well known PHP forum and some html docs, and that's all. Nothing advanced or complicated stuff, and I'm definitely not programming PHP myself or letting anyone do it for me.But I do want to sleep well at night knowing that my server is always on and sitting on the edge of my home network! And can I do that? I've heard that you don't need to be worried about getting your Linux server box hacked, but you should be worried about anyone getting root access to it. But is it really that simple? Ubuntu is shipped without root account and you must have the sudo password, right? What's the odds for anyone to get full access to my system?An issue: I've heard that Apache never must run as root. When I do a ps -ef, I see that there are several www-data processes running apache, but there's one root process running apache too. Is this normal and is it safe?An issue: I've heard that PHP can fail pretty easily. But isn't PHP running under apache 2 and limited by the www-data filesystem access?An issue: MySQL is running as a MySQL user, and I guess that's an unprivileged user right?
View 9 Replies
View Related
Apr 2, 2010
I have one requirement i.e I want to call the java file from the php function using shell_exec command , i am using the chroot jail concept , if i using this command i am getting the empty file because java environment is outside the chroot jail,so how to access the the files those are out side the chroot jail.
View 3 Replies
View Related
Aug 9, 2011
I'm about to create a CSR and was reading this page in the Ubuntu docs: [URL] A couple of things:
* There's no date on the article. The documentation needs DATES because this information gets out of date! Check MySQL docs, for instance -- they are organized by version.
* The instructions for generating a cert only specify 2048 bits. I believe that's kind of out of date? The verisign site has big red warnings saying you need 2048 if you want your cert to last past 2013 -- and that article is 4 years old!
* The instructions are confusing when discussing the passphrase. We enter a passphrase only to remove it immediately. We need some clarity here. Why do this?
How to understand the current best practices for generating an HTTPS cert for apache and/or mail access?
View 6 Replies
View Related
Jan 20, 2011
I am installing Big Brother on a CentOS 5.2 running the default Apache 2.2.3. When I try to access any web page I get the following error: Forbidden You don't have permission to access /bb/ on this server. Apache/2.2.3 (CentOS) Server at fmsubbnix Port 80 So far I have:
1) Set the Directory options to FollowSymLinks
2) Verified all directory and file permissions are at 755
3) Set permissions temporarily to 777 and received same error so I am assuming the issue is in a config file somewhere
4) in hhtpd.conf verified <Files ~ "^.ht"> is correct
5) verified the "default" directory is correct (/var/www/html)
I have read and tried several ideas in posts listed on the web but to no avail and am at a loss as to what to look for next..
View 3 Replies
View Related
Feb 6, 2010
We are trying to define an appliance based on Suse for an application server and Web server Apache, so we would like to know configuration best practices for network and security, is there any paper/doc about best practices?
View 3 Replies
View Related
Jun 26, 2009
Im trying to config my intranet to be accessible from inside the network (lan) without need of password and ask for a passwd for those who are viewing from Wan ....
Today my intranet can only be accessed from Lan, external access give me an Unauthorized message, I took look around, try #irc and still can get the appropriated help, I hope that someone here could help me on that...
A piece of my config:
Code:
View 4 Replies
View Related
Aug 18, 2010
Has anyone used the mod_auth_remote module to delegate authentication? I have two apache2 servers. One is a content server and the other one is the sso/auth server. When the content server receives a request for a resource protected by basic authentication, the request is forwarded to the sso server for authentication. So far so good. But, the sso server should return a http 200 to the content server and granting access to the user. However, the sso server always returns a http 301 to the content server. So I appear to be stuck in an authentication loop.
Content server config:
<Directory /var/www/html/secure/>
AuthType Basic
AuthName "Content server"
AuthRemoteServer sso.intra
AuthRemotePort 80
AuthRemoteURL /auth
[Code]...
Or perhaps you have a better way of accomplishing apache sso across multiple servers?
View 1 Replies
View Related
Jan 29, 2016
I have a host system which is running Ubuntu and a guest system which is running Debian_squeeze on qemu VM. I need to send created traffic from Ubunto to Apache2 web server which is running on Debian. I made a bridge, and I can access internet from Debian, but this access is limited! I can just open some URLs not all of them! My question is how I can access the webserver from ubuntu?
View 1 Replies
View Related
Apr 6, 2010
how can i make apache to run in runlevel2
View 1 Replies
View Related
Jun 7, 2011
I've setup the Uncomplicated Firewall (UFW) on Ubuntu 10.04 LTS and blocked an IP address. UFW status shows that the firewall is active and the IP in question is denied. The issue is that I'm seeing the blocked IP address in my Apache logs.
View 1 Replies
View Related
Sep 2, 2010
The actual file didn't exist. I am confident it came through a site but I am more curious what settings in apache affect the ability to do this?
View 2 Replies
View Related
Mar 18, 2010
I have set up a hostname on dyndns.com and configured my router to forward port 8181, but I cannot view it from the internet (FF says "can't establish a connection to the server"). The DNS is ok, is just the apache webserver that doesn't work.
I can acces my webserver from
http://localhost:8181 (loopback)
http://192.168.1.1:8181 (in the LAN)
BUT NOT <hostname>.dyndns.com
Here is my site configuration
[Code]...
So, what's the matter? How can I reach my apache from the internet? Also, I read about routers loopback errors, but this seems not related to it, since I tried to get it through a proxy server, and it failed
View 1 Replies
View Related
Sep 1, 2010
just switched our company from windows server to linux and everything is going good except we have 4 vpn connections though out the country coming to our server. All giving the client machines ip addresses of 192.168.x.x based on where they are located 192.168.1.x for the main location 192.168.2.x for a second location etc, and IIS could see the clients ip instead of the wan ip and was setup to block all ips except 192.168.x.x ip's and this worked great.
So i set up apache the same way, to allow only 192.168 ip's but i guess it doesn't work that way in apache for connections coming though vpn? 2 out of our 4 VPN connections are not static IP's, so the 2 that are I just add that ip to the allow list and that worked.But i don't think we should HAVE to get static ips for the other 2, that's one of the benefits of using VPN, especially if our old windows server didnt need it.Is there any way for apache to see the clients ip address for access or is there something somewhere else that needs changed for this?
View 8 Replies
View Related
Feb 15, 2011
I can access dirac.org from inside my network; I can't access it from outside my home network. Apache is running on a Ubuntu box named "satan": 192.168.0.2 and I'm testing it from a MS Windows machine named "lucifer": 192.168.0.3. My ISP is optimum online, which does not filter port 80.
0. router
The router is a Netgear WNDR3700. All computers on my LAN receive their IP addresses via DHCP, but I've reserved all the IP addresses, so they are essentially static (satan is always 192.168.0.2, lucifer is always 192.168.0.3, etc). The router is set up to pass packets destined for port 80 to satan (192.168.0.2), which is where Apache runs.
1. tcpdump
Using tcpdump when accessing dirac.org from within the LAN (this is what works):
# tcpdump -i eth0 host ool-18bda2d2.dyn.optonline.net and tcp port 80
ool-18bda2d2.dyn.optonline.net.2826 > satan.www: Flags [S], seq 3934453911, win 65535, options [mss 1460,nop,nop,sackOK], length 0
[Code].....
View 2 Replies
View Related
Apr 11, 2011
I'm having a problem when I try to connect to my apache2 server from any client in my network using the .local address with the firewall on. I opened the port 5353 UDP but I still can't connect. The only way I can connect is disabling the firewall which I don't like to do on the server. What I'm doing wrong?
View 9 Replies
View Related
Jul 4, 2011
Sounds a bit odd but I'll try explain.My files I want to use in my apache folder now tell me I dont have permission to access them. When I change the permissions again, they just go back to blocked again.
I have Ubuntu 11.04
View 1 Replies
View Related
Nov 9, 2010
I have a Name-based virtualhost website in Apache, what i want to do is to disable direct ip access to the site and allow only through web address (www.mysite.com, and not through xxx.xxx.xxx.xxx). Or at least show a default page / not found page
I presume this can be acomplished with Mod_Rewrite and .htaccess but i just wanted to know if there is a more global option for this
I have googled this a lot but i can only find posts related to ip host restriction rules, which is not what i want
View 3 Replies
View Related
Dec 26, 2010
I have web server apache on linux Centos. I can access it successfully by typing on the address bar http://localhost, 127.0.0.1 or 192.168.0.150 from the local computer server and the site loads normally with graphic. When I access the site from another computer in the same local network, I don't get the correct website. I see the site like html as text not graphic. Please see below text file output from the browser: Also I can only access the site by typing 192.168.0.150 IP address in the address bar. When I type http://localhost or 127.0.0.1, the site does not come up. Do you see what I did wrong? How can I fix this problem.
View 7 Replies
View Related
Mar 26, 2010
i have already configured a domain in my server. now i have configured multiple local ip addresses,can i configure a domain for each local ip address. is it possible. if possible how can i access the web page through apache.Because already i am accessing the web page for a pre-configured domain from the path /var/www. if i able to create new domain.From where the apache fetches that index.html file, when requested through browser.
View 5 Replies
View Related
May 13, 2009
Once the mod_security module gets loaded to apache, autoindexing stops to work. In a folder without index.html the server says: 403 Forbidden You don't have permission to access /TheFolder/ on this server. I was trying to find something to comment out in the /etc/httpd/modsecurity.d and in the modsecurity.conf files .. but couldnt find anything relevant. how to have mod_security on with haveing autoindexing on aswell?
View 3 Replies
View Related
Jun 13, 2010
What would be the effect of setting ProFTPd's user and group to the same user and group that Apache use? Are there any security risks in doing this, or is this safe to do?
View 4 Replies
View Related
Oct 3, 2010
Lately i just installed Ubuntu 10.10 and get my Squid installed.It work much superior than Polipo for cache but i do not understand why i got Apache installed after i installed Squid.Is there any co-relation between Apache and Squid?Does it gonna make me run my own web server?
View 4 Replies
View Related
Jul 6, 2011
I know how to assign file permissions and other tasks like user to group, but I'm stuck with a situation in how I should set up my system.So I have a LAMP server set up. I'm not the only developer so I created a group called "developers" for my other users "Mike," "Alex," and "Cindy," which are developers (I'm Mike by the way). I know that "www-data" is the user and group Apache uses.This is good because only I have permission to update the production site, but for the dev site, it's a different story.
View 3 Replies
View Related
May 21, 2010
I will be setting up Apache web server in DMZ and Oracle web server (Windows) in LAN. The requirement is to allow logged in visitors to view / change their details via the web site. What is the best way to configure this. Is simply allowing web server's ip to communicate with oracle server's ip (and the oracle port) is secure enough or is there a way to do this more securely?
View 6 Replies
View Related
Aug 29, 2010
Basically, this is not the first time it happened, but the third I would say. My trouble and concern is with this massive downloading targeting a test file of mine/client file of mine. Since my server couldn't support that many connections child process spawns, my apache server crashed.
I managed to solve it by closing the client's account, preventing the attack from continuous download. Another way I could solve it was by replacing the file they attempted to attack with 0 byte file.
I'm wondering if there is a possible solution to prevent such issue in future. I'm also not very sure what kind of attack this is. Could it be DDOS? But from what I've asked, some said it wasn't DDOSed, if it was, my whole server would go down, not only apache.
What I was curious was how these attacker found out the files that were stored on the server. These files were not leaked outside, nor there could be a possibility to access that folder because it was protected by .htaccess which deny everyone.
View 4 Replies
View Related
Jan 25, 2011
recently my Apache server crashes very often; by watching the error log,I've notice several signs of intrusion.So, I think the problem can be a denial of service attack against my machine.My distribution is Debian Lenny.
View 2 Replies
View Related
Mar 6, 2010
I am running an apache server thru webmin, on a 8.04 install. Attempting to install awstats I have realized that access.log stopped writing some months ago. Went back thru the error logs and found I had deleted the virtual server, and started a new one. Everything else works fine, it never even occurred to me that logging would not also be restarted. I would just like to get it going again, any clues???
View 5 Replies
View Related
Nov 20, 2009
I am getting this error whenever I access the page:
Code:
PHP Warning: fgets(): supplied argument is not a valid stream resource
Any idea whats all about?
I explored and found it permission issue.
I want to put a user call paul in apache group.Any idea how can I do that?
View 6 Replies
View Related
Oct 18, 2009
I have been following the steps mentioned at [URL] Now I want to add authentication through .htaccess.
View 1 Replies
View Related
