Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x

Apache Web Server

19K

Solutions

14K

Contributors

The Apache HTTP Server is a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. Typically Apache is run on a Unix-like operating system, but it is available for a wide variety of operating systems, including Linux, Novell NetWare, Mac OS-X and Windows. Released under the Apache License, Apache is open-source software.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have a Centos 6.9 machine with Apache 2.2.15 and OpenSSL 1.0.1e which according to my research supports SNI.
I have "NameVirtualHost *:443" defined in the main httpd.conf file.

The difestyle certificate is a purchased one. The one for darksidediving was created using the letsencrypt certbot tool and it created the additional configuration file for the darkside ssl config .

The issue I am having is that when I go to the darkside https page I get a certificate warning and looking at it I am being given the divestyle certificate instead of the darkside one. I tried the ssllabs tools just to make sure it was not my browser.

divestyle.conf
# live site
<VirtualHost *:80>
  ServerName www.divestyle.co.uk
  ServerAlias divestyle.co.uk
  DocumentRoot /var/www/htdocs
  <Directory "/var/www/htdocs">
    AllowOverride all
    Order allow,deny
    Allow from all
  </Directory>
</VirtualHost>

# live secure site
<VirtualHost *:443>
  ServerName www.divestyle.co.uk
  ServerAlias divestyle.co.uk
  DocumentRoot /var/www/htdocs
  SSLEngine on
  SSLProtocol All -SSLv3 -SSLv2
  SSLCipherSuite HIGH:MEDIUM:!SSLv2:!LOW:!EXP:!aNULL:@STRENGTH
  SSLCertificateFile /etc/httpd/conf.d/ssl/www_divestyle_co_uk.crt
  SSLCertificateKeyFile /etc/httpd/conf.d/ssl/www_divestyle_co_uk.key
  SSLCACertificateFile /etc/httpd/conf.d/ssl/www_divestyle_co_uk.int.crt
  <Directory "/var/www/htdocs">
    AllowOverride all
    Order allow,deny
    Allow from all
  </Directory>
</VirtualHost>

Open in new window


darkside-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
  ServerName darksidediving.co.uk
  ServerAlias www.darksidediving.co.uk
  DocumentRoot /var/www/www.darksidediving.co.uk
  <Directory "/var/www/www.darksidediving.co.uk">
    AllowOverride all
    Order allow,deny
    Allow from all
  </Directory>
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/darksidediving.co.uk/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/darksidediving.co.uk/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/darksidediving.co.uk/chain.pem
</VirtualHost>
</IfModule>

Open in new window

0
What does it mean to be "Always On"?
LVL 4
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Hello experts,

I have a site where I need to add 300  301redirects.

Will that many redirects slow down a site?   Personally, I do not think so. But I thought I should ask the experts here first.

Would there be any other issues with so many redirects in an Htaccess file that I should be aware of?

Thanks!

Rowby
0
I had to change the filenames of most pages for my site from .html to .php.
Offhand I see 2 snags with this:
1.  SEO:  Does anyone have an example of the code to do 301 Redirects on all .hmtl pages to help pass Google SEO credit thru to the .php files of the same name?
2.  EXISTING EXTERNAL LINKS:  Does this 301 redirect ALSO forward Browser Users to the new .php page, or do I need to handle that separately so that the hundreds of eternal .html links do not 404 ?
0
Hello  

My saturday seems to be filled with htaccess issues :)  BTW this is a different site than my earlier question today.

I have a client who needs to have a few generic php and html files in the root of the server.  The existing Htaccess file apparently is disallowing files to be in the root -- which gives a 404 errors -- even though the physical files exist in the root (/public_html)

The files mainly have htm and php extensions, but there may be jpg, gifs and perhaps swf extensioins.

It''s a Joomla site, and I'm thinking it might be a security feature.  (His old joomla site let him have these kinds of files in the root.  But I guess Joomla hyped up the security and is not letting them be viewed by the public.

Please look at the htaccess file and let me know if indeed there is a rule prohibiting this, and how I can eliminate that rule.  BTW there is nothing in the code that will identify the actual site.....)
### ===========================================================================
### Security Enhanced & Highly Optimized .htaccess File for Joomla!
### automatically generated by Admin Tools 3.5.1 on 2015-05-15 14:49:25 GMT
### Auto-detected Apache version: 2.2 (best guess)
### ===========================================================================
###
### The contents of this file are based on the same author's work "Master
### .htaccess", published on http://snipt.net/nikosdion/the-master-htaccess
###
### Admin Tools is Free Software, 

Open in new window

0
Hi htacess Exoerts!

I would like to write an htaccess rule that does the following example:

If the url is /17-the-mobile-experience-conference
It would do an automatic redirect to.  /the-mobile-experience-conference

Specifically a global rule where if ANY url starts with a /17-       It would “remove “ the 17-     and do a redirect.

Thanks,

Rowby
0
I keep getting this error:

https://gyazo.com/e42f6ac2d15e502aec32cbb0588408a8

I have reloaded the software twice now.

I am on a Bitnami Debian stack.

This is a new test site.
0
Hi Experts,

Please let me know why my mod-security module is not detecting xss cross script issue

I am using red hat with Apache 2.2 .Do we need to change any conf file?
0
Hi experts,

I am trying to edit my hosts file C:\Windows\System32\drivers\etc\hosts  but it won't let me save it and tells me it is being used by another program.  I have no other apps open, and apache is stopped.

When I try to delete the file (I have a copy waiting) I am told that the file is being used by system.

Any ideas on how I can edit and save the file please?

Cheers
0
Dear Team,

Tomcat is throwing below when trying to start.
Could not load the Tomcat server configuration at \Servers\Tomcat v8.0 Server at localhost-config. The Servers project is closed.
0
Hello

I am running Nginx version 1.10.2 on Centos 6.9 for a long time. Nginx serves as a reverse proxy to Glassfish 3 running some application.

Today when I rebooted my machine and I opened the URL to Nginx I got Bad Gateway. The error logs show following:

2017/10/01 05:28:48 [crit] 11408#0: *5 SSL_do_handshake() failed (SSL: error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small) while SSL handshaking to upstream, client: 123.456.789.123, server: mydomain.net, request: "GET /apex/f?p=123 HTTP/1.1", upstream: "https://127.0.0.1:9191/apex/f?p=123", host: "www.mydomain.net", referrer: "http://www.mydomain.net/"

Open in new window


I am able to access Glassfish with https://Hostname:9191/apex ... without a problem.

I am not sure what to do to fix this issue.

OpenSSL version is following:

-bash-4.1# rpm -qa openssl*
openssl098e-0.9.8e-20.el6.centos.1.x86_64
openssl-devel-1.0.1e-57.el6.x86_64
openssl-1.0.1e-57.el6.x86_64

Open in new window


I will be really thankful if someone can help.
0
Technology Partners: We Want Your Opinion!
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Am looking for 2FA solution meeting these requirements:

1. 2 FA but with one-time authentication per device.

2. On the same device, prompted only once to present both sets of credentials.

3. That device is no longer prompted for all time.

Is there an Apache solution for this? I have looked at a few things like google auth but not sure it would work well with these requirements.
0
Hi All,

just now we installed MOD security module on Apache
after that we are getting bellie error.

ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "810"] [id "920350"] [rev "2"] [msg "Host header is a numeric IP address"] [data "x. x. x. x:81"] [severity "EMERGENCY"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag

 "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "x. x. x. x"] [uri "/health/check.sh"] [unique_id 

please assist
0
Pretty odd one here I cannot wrap my mind around. I was in the middle of testing a page with a POST form when I discovered that, along with the POST, it was creating a GET query string. I started eliminating JavaScript, etc., until I was down to a basic HTML page structure with no other markup than the form. Still having the problem, I started eliminating things in the form (even the submit button as type="submit") until I came up with the following. This is the entire page:

 
     <!DOCTYPE html>
    <html lang="en-gb">
    <head>
        <title>Title</title>
        <meta charset="utf-8">
    </head>
    <body>
        <form>
            <input type="hidden" name="foo" value="foo" />
            <button name="Button">Send Message</button>
        </form>
   </body>
   </html>

Open in new window

As you can see, this form should not even submit. Yet, pressing the button will create a url query string in the address bar. This is my dedicated server. My thought is that there must be a MITM listener at work here. This has been tested in different versions of IE, FireFox and Chrome on 5 different computers and one Android phone. The only other possibility that makes sense to me is my network or my ISP. Whatever it is, there has to be something listening somewhere to submit a form that isn't really a legal form. I have not experienced this except on domains on my server.

I should add that there are several domains on this server an I ran this test file on several of them with the same results.
0
Trying to figure out the best Apache/Php configuration (installed on windows to use for my wordpress site. (currently it gives me err connection reset/ out of memory/ Maximum execution time reached etc..)

my current configuratio

Apache
<IfModule mpm_winnt_module>      
      ThreadsPerChild 150
      ListenBackLog   100
      MaxRequestsPerChild 0
    ###ThreadsPerChild          1500
    ###MaxConnectionsPerChild   10000
</IfModule>

PHP
max_execution_time = 1000
max_input_time = 300
memory_limit = 512M
0
Wordpress whenever I try to approve multiple comments it gives me err connection reset. Started happening after wordpress upgrade.
0
Hi

I am using .htaccess to display my web address as so

https://mywebsite.com/fr/paul

part 1: the domain name
part 2: the language which will default in the language of the users computer additionally default to fr if the user is in the province of quebec.
part 3: alphanumeric id which is automatically redirected to users.php (I use php here to detect the last part of the URI in this case paul to get the records in my db with id=paul

if the following address is entered: https://mywebsite.com/fr/
it will view any page on the website in french eg: Home, contact, about, etc etc

if this page is entered https://mywebsite.com/fr/paul
it would basically doing: https://mywebsite.com/fr/users.php?id=paul

except I want to hide ?id=paul and posting the variable is not really the route I want to go because I want people to be able to book mark https://mywebsite.com/fr/paul

my current htaccess file looks like this but not quite working the way I need it too
RewriteEngine on

# Force www:
RewriteCond %{HTTP_HOST} !^$
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# Force SSL:
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L,NE]

# Languages
RewriteRule ^en/(.*)$ $1 [L]
RewriteRule ^fr/(.*)$ $1 [L]
RewriteRule ^sp/(.*)$ $1 [L]
RewriteRule ^it/(.*)$ $1 [NC,L]

RewriteRule	^home/?$	index.php    [NC,L]
RewriteRule	^contact/?$	contact.php    

Open in new window

0
This is Apache 2.2.17 and it was complied into its own directory.
The Openssl version on the server was 1.0.0.
I installed a newer version 1.0.1g.

Configured the new version to be used by the OS. 'openssl version' and 'which openssl' both show the new version.

However, when I try to add the new security from OpenSSL in the httpd.conf I get this error:

SSLProtocol: Illegal protocol 'TLSv1.2'

...showing that it is still not using updated OpenSSL.
Per Redhat. httpd2.2.17 should support this:

https://access.redhat.com/solutions/65030
RHEL 6: TLS v1, v1.1, & v1.2 support

You must have at least openssl-1.0.1e-15.el6, httpd-2.2.15-39, and mod_ssl-2.2.15-39 to have support for TLSv1, v1.1, & v1.2.
TLS v1.1 & v1.2 support added to OpenSSL with release of openssl-1.0.1e-15.el6 from RHBA-2013:1585, first shipped in RHEL 6.5.
The ability to specify TLSv1.1 & v1.2 in Apache with SSLProtocol was included in httpd-2.2.15-39, released in RHBA-2014:1386-1.

What needs to be done to do this other than recompiling Apache?
0
I can't get the rewrite rule correct in order to create pretty url's with pagination.

This is my current rule for listing products within a category:

RewriteRule ^product-category/([a-zA-Z-]+)$ category.php?slug=$1 [NC,L]

Open in new window

The result is something like mysite.com/product-category/shirts

I want the pagination url after clicking on "2" for example, to be

mysite.com/product-category/shirts/page/2
I tried this but it doesn't work and just looks wrong:

RewriteRule ^product-category/([a-zA-Z-]+) category.php?slug=$1/page/([a-zA-Z-]+)$ pagination?=$1 [NC,L]

Open in new window

I get an internal server error.
0
I have a Tomcat 8.5 service on a Windows server and I have noticed that Tomcat service does not restart on server reboot so I have to go in and restart it manually. it is very strange as the Startup Type is set to Automatic.

Can anyone please help me diagnose and fix the issue?
0
New feature and membership benefit!
LVL 10
New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

I suddenly can't seem to access my local websites on my Mac via MAMP. My ddns.log file contains the following:

mamp_dyndns[41389:21445531] DynDNS: [no update] empty username and/or password

Open in new window


I do have my DynDNS username and password stored properly in the MAMP interface, and my DynDNS account is in good standing and is configured as it's always been.

Any help on figuring this out would be appreciated.

Thanks,
Jon
0
HI,

I installed/built apache 2.2.x on a Ubuntu, but I want to completely remove Apache now, but having a hard time.   There is an "apache2" folder in "/usr/local/apache2".    Is it simple as just deleting this folder?  If not, what steps can I take to do this?

I've attached an image/screenshot showing the steps I took to install it if that helps.  I haven't configured or modified anything so I do not need to backup anything at all.  I just want it completely gone if possible.
steps.JPG
0
I have been using wamp server with windows 10 for months without a problem, I don't have skype and IIS is disabled.  It's been working fine until today, now the icon is yellow and it is apache that is not working.  I tried to start it manually and checked again that port 80 is free.  Any ideas what could be causing this?
0
hi guys

So I am going to be installing an SSL certificate on a Linux Amazon EC2. I created the CSR on this instance so I will need to apply the SSL to it to complete the installation.

It is a wildcard SSL certificate. So then I will need to export this SSL certificate and install it on another instance and turn off the other machine. On Windows I know how to export it as a .pfx and install it on another instance, but I don't know how to do this on a Linux machine. It is an amazon EC2 instance.

Are you able to help me accomplish this? What commands do I have to run to export this and then install it again on the new instance?

Thanks for helping
Yashy
0
Hi Experts,

I'm wondering how to best log access-logs on Apache while using ProxyPass based on <Location>.

Here are 3 things I have in mind that I'm trying to implement:

  1. I would like to be able to identify the STATUS code Apache received from our application server (ProxyPass) and the STATUS code Apache sent to end-user. I'm not 100% sure how to identify these separate status codes as of now based on %s "<" or ">" redirection possibility on documentation.
  2. I would like to know if it is possible to log the server IP (application server) that processed the request on the backend (ProxyPass), where the response is coming from.
  3. Any recommendation on how to log full headers from REQUEST and RESPONSE headers, including POST data?

This is my current log format:

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%v\" %D \"%{UNIQUE_ID}e\"" custom

And the VHOST has the following config:

ProxyVia Full
ProxyRequests Off
ProxyPreserveHost On

<Location /admin/>
ProxyPass http://10.23.132.10:/admin/
ProxyPassReverse http://10.23.132.10:/admin/
Order deny,allow
Allow from all
</Location>

On the above ProxyPass IP (10.23.132.10), that IP is a server pool from haproxy load balancer, it has 4 servers, so for each request, I can land on a different server in that pool.

Apache version: 2.2.15

Thank you!
0
hi guys

I'm trying to access an apache web server that I just took a copy of. The external IP is: 34.252.113.239. If you put that into a web browser, then you literally get a 'www' put in front of that IP address.

It's a linux server running apache. I'm not a developer, but could you guide me into looking at where the actual redirect might be occurring and take it out so that putting in the external IP will redirect it to the correct place? I.e. if I put in http://34.252.113.239 then that's exactly where it needs to forward to without a www. coming in front of it.

Thanks for helping
Yashy
0

Apache Web Server

19K

Solutions

14K

Contributors

The Apache HTTP Server is a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. Typically Apache is run on a Unix-like operating system, but it is available for a wide variety of operating systems, including Linux, Novell NetWare, Mac OS-X and Windows. Released under the Apache License, Apache is open-source software.