Server :: Apache 2.2 Configuration - Arbitrary Domains Redirection Allowed
Oct 20, 2010
I try to fix bugs on my web server. The remote web server allows redirects to arbitrary domains. Description : The remote web server is configured to redirect users using a HTTP 302, 303 or 307 response. However, the server can redirect to a domain that includes components included in the original request. A remote attacker could exploit this by crafting a URL which appears to resolve to the remote server, but redirects to a malicious location.
View 1 Replies
ADVERTISEMENT
Mar 25, 2011
I'm running a server with Ubuntu 10.04 installed. I recently set up a VirtualHost (I'll call it my.website.com), like I have in the past without any problems. But this time, I'm stumped. When I connect to my.website.com, it should hit port 80, right? It doesn't; rather, it hits port 8000. I don't have any rewrites/redirections (I checked wherever possible) and checked apache2.conf (httpd.conf is empty).
View 5 Replies
View Related
Feb 25, 2011
I'm in a bit dilemma on how to set IP based forwarding to specific URL. I have internal staff from 207.173.4.xxx going to www.domain.com. I would like to forward them to www2.domain.com when they are offsite and working remotely from different IP address range. Is there way to achieve this with Apache? If not, is there a software solution to achieve this effect?
View 6 Replies
View Related
Jan 6, 2010
Here my setup of Apache :
I have two virtual hosts on separate IP and on both I am using port :80 one is main website domain.name and another webmail.domain.name. And to get full link path I am using index.html with redirection derectives. My question how I can setup each Vhost to he is own redirection directive to set two full link like:
when type webmail.domainname -----> redirect to webmail.domainname/horde/imp/file.php
and www.domainname ------> redirect to www.domainname/csr/
Right now working only one of this Vhosts, just problem to separate them when I type www.domainname -----> apache redirect to webmail.domainname.
index.html
<html>
<head>
<title>WebSite</title>
<meta http-equiv="REFRESH" content="1;url=http://www.domainname/csr/"></HEAD>
<BODY>REDIRECTION</BODY>
</HTML> .....
View 8 Replies
View Related
Sep 29, 2010
We are using a webserver and application server for our portal. When my JBoss application is down on the application server, a maintenance page is shown to the user when the user tries to access the portal. When the JBoss application on the application server is up, the webserver redirects the request to the JBoss application server. Now, while the JBoss application is up and I replace the contents of index.html page in apache with the maintenance page contents.
Still the webserver redirects the request to the JBoss application server and the contents of index.html are not shown to the user. I am not able to find out any configurations for this automatic redirection in webserver. By automatic, I mean if the JBoss application is up, then redirect the request to the application server, else show maintenance page. What I want to do is show maintenance page even when my JBoss application is up.
View 1 Replies
View Related
Jun 2, 2011
I've been for a while trying to configure my apache to host 5 domains as virtualhosts in the same IP address, but seems that neither one makes it through... it always takes first one, because it is the default:
NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin xxxxxxx@xxxx.net
[code]....
As you can see I tried the ServerName with the http://, in quotes, without it...
View 11 Replies
View Related
Dec 29, 2010
I'm in the process of starting a migration from an old postfix server to nice shiney new exim server however there are a few things i'm really not clear on and i'm hoping that some one here could point me in the correct direction. Okay the postfix server at the moment does the follwoing ( i'll try and keep this simple ):
* accepts incoming mail for users on multiple domains and puts the mail in the users mailbox ( external -> internal )
*accepts mail from users on multiple domains to pass on to the outside world ( internal -> external )
Obviously the POP and Imap functions are handled by other daemons.. I'd like to replicate this sort of setup on the new exim box, however the guides i can find only help with configuring the exim system for incoming mails ( external -> internal ) for multiple domains and i cant seem to find a guide that would indicate how to do both ( internal -> external and external -> internal ) on one box. I'm guessing i may have to do some sort of auth to get exim to accept and then handle the internal -> external side of things?
View 1 Replies
View Related
Apr 26, 2011
So I am brand new to the Ubuntu Server realm and Linux in general (15 years MS development utilizing MS Servers), and so far have been able to tackle some of the most pain in the butt installs and configs ever (VMWare Server being the worst and least stable, but running good now). I have done the site search thing to find out if there were similar issues surrounding Apache and if the answers were found within those posts.
The issue that I am having is in utilizing Apache as a proxy server for redirecting web traffic on one external IP to multiple internal IP addresses. I have multiple virtual servers and I need apache to act as a pass through / redirection proxy for web traffic. So far, it worked for a bit, then it becomes flaky and starts failing randomly while clicking through some of my sites. The worst offender being my SharePoint site.I rebooted the linux server, and when I try to access one of my pass-through sites, all I received was an error message about server difficulties and possibly too much traffic. After some time had passed, and few refreshes later, I finally received the authentication prompt from my windows web server, but this whole configuration is still unreliable. I sometimes get the password prompt several times where it does not allow me to login with my proper credentails, etc, and other times it just fails to display the page full stop.This is an externally facing SharePoint site.
So there's the Windows side. I also have a WordPress site that has similar issues. With WordPress it's even more odd as I have set the WP site settings to not include the directory /wordpress/ and setup my Proxy to point to the http://xxx.xxx.xxx.xxx/wordpress/ landing. Yet on some actions (i.e. browsing themes) it decides to throw in the wordpress directory causing it to 404, and in other sections it doesn't. This actually sounds more likely a WordPress bug than a Apache bug. file: Default (from available sites):
Code:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
[code]....
View 2 Replies
View Related
Jul 31, 2011
I am using Squessze and Gnome. When I try to use the gui System>Administration>Network or Users and Groups I get the error The configuration could not be loaded. You are not allowed to access the system configuration.Everything was working before. I read around a bit. In some cases,it was caused by mismatching group and password files after using the gui. I do not know how to check if they are matching. Of course I do not know for sure that is the problem in my case.
View 14 Replies
View Related
Feb 21, 2011
I setup apache server in order to gain access for the smokeping network monitoring system.
I am accessing the system using [URL]
But I want this page access using [URL]
My httpd.conf file looks like :
Alias /smokeping/ "/usr/local/smokeping/htdocs/"
<Directory /usr/local/smokeping/htdocs/>
AllowOverride AuthConfig
DirectoryIndex smokeping.cgi
Options -Indexes ExecCGI
</Directory>
View 1 Replies
View Related
Jan 12, 2010
I am having a problem with apache's virtualhost directive hosting multiple domains on a single IP with Apache 2.2 on Fedora 11. For example i have domaina.com and domainab.com pointing to the same IP address and have my httpd.conf configured like so:
NameVirtualHost *:80
<VirtualHost *:80>
DocumentRoot /www/domainA
[code]....
The problem is when i navigate to either domaina.com or domainb.com i get the default Apache page. Its like it is only accepting the default DocumentRoot directive.
View 3 Replies
View Related
Mar 21, 2011
I have install Mandriva 2009 and install apache server but its not strating on default configuration file . What I should do for starting apache . i have tried /etc/init.d/httpd start but apache is not running .
View 1 Replies
View Related
Aug 15, 2010
I am configuring apche on rhel5, I got default page successfully, and virtual page too, when I keep only one file index.html in virtual folder it goes well, that file opens correctly, but when I keep other html files except index.html server shows default page again.
View 2 Replies
View Related
Mar 20, 2010
I have apache running on my server, and also Zoneminder, a surveillance system running on the same machine. Both services runs without glitches, and I think apache's config as well as ZM's config are fine. I am not sure I understand how apache (not to mention the whole thing zoneminder, apache, web browser...) works. Pretty hard to manage when you dont know what you are doing. Also, when I try the supposed to work zoneminder webpage in my web browser, I get nothing (a blank page), or sometimes a "Not found" error message. The latest seems to be from apache because it is the same font as the "It works!" message when I try http://localhost:80
The only bit of information I have so far is in the apache error log (/var/log/httpd/error_log) and it says:
Code:
[Sun Mar 21 00:35:14 2010] [error] [client 192.168.0.100] script '/srv/httpd/htdocs/zm.php' not found or unable to stat
[Sun Mar 21 00:46:04 2010] [error] [client 127.0.0.1] File does not exist: /srv/httpd/htdocs/zm
It seems that the "zm.php" is missing.... That would be why Apache cant find the page?
View 14 Replies
View Related
Apr 28, 2010
If any one knows about Apache-Tomcat installation.
View 5 Replies
View Related
Sep 30, 2010
i have several sites hosted on one machine (Apache 2.2 on Debian). They are configured at /etc/apache2/sites-available/ with this configuration (part of it):
RewriteMap lowercase int:tolower
RewriteRule ^(.+) ${lowercase:%{SERVER_NAME}}$1 [C]
RewriteRule ^(([^./]+.)?site1.com)/(.*) /www/site1.com/www/root/$3 [L]
RewriteRule ^(([^./]+.)?site2.com)/(.*) /www/site2.com/www/root/$3 [L]
RewriteRule ^(([^./]+.)?site3.com)/(.*) /www/site3.com/www/root/$3 [L]
RewriteRule ^(([^./]+.)?site4.com)/(.*) /www/site4.com/www/root/$3 [L]
[Code]...
View 1 Replies
View Related
Aug 16, 2010
CentOS 5.5 + Apache 2.2(httpd.conf) + SSL confiuguration(ssl.conf) gives following error in FireFox.Secure connection failed.An error occured during a connection to localhost.SSL received a record that exceeded the maximum possible length.Errorcode:s_error_rx_record_too_longThe page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
View 1 Replies
View Related
Apr 17, 2010
I have recently installed Debian 504 AMD64, when I try to access "System" --> "Administration" --> "Users and groups" logged in as root, I get the following message:
"The configuration could not be loaded. You are not allowed to access the system configuration."
The system does not even ask for a password and the result is the same if I log in as a normal user.
I have installed from a single ISO DVD downloaded from the internet and read the DVDs of my previous Debian distro to install packages not included on DVD 1 of Debian 504 although I do not think this unusual approach can have any effect on the installation. I suspect I'll have to boot in single user mode but I have never done any troubleshooting at the command line.
(/etc/passwd and /etc shadow look OK).
View 3 Replies
View Related
May 26, 2011
I have installed latest Nagios and Nagios plugins. Nagios is working properly, but when I go to the browser n write the www.server-name.com/nagios, it gives
Not Found
The requested URL /nagios/ was not found on this server. How can I tell Apache to open Nagios on adding /nagios in my URL.
View 2 Replies
View Related
Mar 4, 2011
I need to tune the mysql and apache server for the comparatively busy webserver. My scenario is like this.
1. The Web request is around 2000 request at a time or more.
2. Each web request will generate one mysql query.
3. The query to database is all read.
4. This server load will be at peak for around 3-4 hours after that the load will subside. As the task will be published, around 300,000 will be viewing the page.
5 quad servers are deployed, load is balanced via DNS but performance is not as expected. Centos 5.5 is used as OS. Top command shows The mysql process is around 185%!
View 3 Replies
View Related
Dec 16, 2010
I created VirtualHost in apache configuration file.
Code:
NameVirtualHost 77.79.13.20:80
<VirtualHost 77.79.13.20:80>
DocumentRoot "/var/www/host"
ServerName host.t2p.lt
</VirtualHost>
[Code]...
View 1 Replies
View Related
May 6, 2011
I have two machines running SQUEEZE, both installed and configured within the same week (not simultaneously). Both get the users info from a NIS server. In one of the machines (named "corona"), users cannot login, neither locally nor by ssh, in the other one ("xxlager") there is no problem. Both mount the users home directories by NFS. I have not found much useful info in the web. /etc/passwd, /etc/group/, /etc/shadow, are equally configured. The only difference I have found is when I use getent. Using "getent passwd isaenz" on xxlager yields:
isaenz:x:1001:1001:User Name,,,:/home/isaenz:/bin/tcsh
but on corona the result is
isaenz:x:1001:1001:User Name,,,:/home/isaenz:
so the shell info is empty.
Checking /var/log/auth.log I see a message saying:
"User isaenz not allowed because shell does not exist"
But "ypmatch isaenz passwd" returns complete information for isaenz, both on xxlager and corona.
View 3 Replies
View Related
Mar 15, 2011
I have server with Debian and Apache installed. Webpage content located in /var/www folder. For failserver I have Windows server 2003, which runs Mysql service thats needed for library software. And on this machine theres Inetpub/wwwroot with library webcontent. Sofar its only accessible localy. How can make Apche webserver to take content from this local server machine and show it publicly.
View 14 Replies
View Related
Apr 2, 2011
I have to run multiple instances of apache on the same physical machine, as we have different OAM policies for different domains.is in the httpd.conf file can I have ServerName same in two instances of apache, like
ServerName: prod_machine (actual machine name)
In the vhconf files I do have different servernames for virtual hosts. Apache instances are running on same IP but different ports. I am including various vhost files in the main httpd.conf file. Can I skip servername in the main httpd.conf file and include different servernames in the virutal hosts configs. OS: Solaris10
View 1 Replies
View Related
Feb 18, 2010
Just setup an Apache2 server, and I would like to setup a login. I also wanted to use the same method that is setup for vsftpd For vsftpd I've created a mysql database.... structured as:
Code:
mysql> use vsftpd
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> describe accounts;
[Code]...
View 2 Replies
View Related
May 28, 2010
While reading some papers on securing apache with selinux, I have tried to bind httpd to port 3000 expecting to be blocked by the selinux, since port tcp 3000 isn't on the http_port_t list. However I was able to start the service...
I'm preety sure selinux is enforcing. Also, if I bind httpd to tcp 81 selinux denies the start of the service, as expected!Did I miss something? Why is httpd allowed to start binded to a port that's not explicitly allowed?
View 12 Replies
View Related
Oct 30, 2015
How to best manage both http and https pages on the same apache-server without conflicts. For example, if i have both 000-default.conf and 000-default-ssl.conf pointing to mydomain.com, and don't want users who visit mydomain.com without specifically type the https-prefix to be redirected to the https-page - how to handle users using browserplugins such as https-everywhere etc?
Another option would be to create a subdomain ssl.mudomain.com and have users who want to reach the ssl site to have to type ssl. I have tested several things with https everywhere enabled in my own browser, and it seems really hard to make this working the way i want, in one way or another i always end up getting redirected to the ssl-site automatically.
The reason i need this to work is because i run one site that i don't care much about SSL, that is the "official" part of that site, and i also host some things for friends and family on the SSL-part. This would not have been a problem if it wasn't that i use self-signed certificates for my ssl-site and the major user become afraid when a certificate-warning pops up in their browser and therefor leave the site.
View 2 Replies
View Related
Nov 5, 2010
Let me start off by saying I am experienced with computers, though my knowledge of Linux and networking is limited. I've just recently started setting up a Ubuntu 10.04 server to be a SMTP server. I've followed this guide by the letter: [URL] What I've attempted, to test the server, is the following:
telnet localhost 25
ehlo localhost
(this returns all the desired information) I then do a MAIL FROM my domain which is accepted, and try to do a RCPT TO an external mail server (gmail) to test sending an email. I am then told 'Relay Access Denied'. I'm sure that there's something fundamental that I'm either not understanding or not doing correctly. I simply want an SMTP server that can send to other domains. What do I need to do?
View 1 Replies
View Related
Apr 9, 2010
Anyone can point me to a document, page, or something that will tell me exactly how to implement DNS step by step. I don't mean just the concept, i.e. you'll need two name servers, and to download BIND, etc. NO, I mean command line commands and all. Step 1, step 2, how to register the name servers, how to resolve different domains, etc.
I'd really appreciate it, as I need to implement internal DNS and external DNS for my company soon. Our set up is pretty standard: Firewall, DMZ, Solaris/Linux/Windows servers, and Windows clients, etc.
View 4 Replies
View Related
Jul 29, 2010
I want to restrict the access to my local web server by IP address. Im in a LAN (192.168.200.xx) so i have this:
[code]....
But when i try to connect from 192.168.200.4 it says i don't have permission to access
View 1 Replies
View Related
