Apache Web Server

19K

Solutions

14K

Contributors

The Apache HTTP Server is a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. Typically Apache is run on a Unix-like operating system, but it is available for a wide variety of operating systems, including Linux, Novell NetWare, Mac OS-X and Windows. Released under the Apache License, Apache is open-source software.

Share tech news, updates, or what's on your mind.

Sign up to Post

I am on an Amazon Linux 2 AMI running Apache 2 and I need a software solution for security.  I have been told mod_security isn't a good choice.  So does anyone have experience with the AWS Waf?  If so, what rules are you using?

Or, do you have another idea altogether?

On my previous instance I used fail2ban but I found the bots could outsmart fail2ban so hopefully someone will have a better choice.

Let me clarify my biggest  problems are postfix issues, stopping ddos, bots running up and down my site stealing bandwidth, clicking on every link and having numerous disk i/o's which I have to pay for.

By the way, I am not interested in using another AMI due to the complexity of my existing AMI.
0
Introducing Cloud Class® training courses
LVL 12
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

I have installed apache tomcat 7.0.90 on my windows 8 64bit system. This is how I have configured my tomcat-users.xml -

<?xml version='1.0' encoding='utf-8'?>
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->
<tomcat-users>
<!--
  NOTE:  By default, no user is included in the "manager-gui" role required
  to operate the "/manager/html" web application.  If you wish to use this app,
  you must define such a user - the username and password are arbitrary. It is
  strongly recommended that you do NOT use one of the users in the commented out
  section below since they are intended for use with the examples web
  application.
-->
<!--
  NOTE:  The sample user and role entries below are intended for use with the
  examples web application. They 

Open in new window

0
I've been given a task that is a bit far above my brain's capacity. Write a mod_rewrite that will do this:

to switch urls that look like this
https://www.oursite.com/blog/2018/6/americas-cornucopia-of-summer-fruits-and-veggies.html
to call something like this on the back end:
https://www.magickitchen.com/cart/cgi/mini_blog.cgi?no=01 (each blog post will have a different number).

I am in way over my head, Can anyone help? Not just the rewrite, but an explanation too, if you would. I did read: https://stackoverflow.com/questions/20563772/reference-mod-rewrite-url-rewriting-and-pretty-links-explained  and https://www.elated.com/articles/mod-rewrite-tutorial-for-absolute-beginners/  but I haven't delved any deeper.

Thanks in advance.
0
I have two websites according to my Google console (see attachment) but I only have one according to Dreamweaver called index.php  

I understand that this is not good.  What should I do?
0
I need to upload a Wordpress theme and I am getting the message that I am exceeding the max_filesize.  I have change php.in, restarted Apache and still I get the same error.

These are the settings I have changed:

upload_max_filesize=122M
post_max_size=168M
memory_limit=512M
file_uploads = On
max_execution_time=290

Open in new window


Please tell me what to fix.

Thanks,

Randal
0
Hello,
I have wamp version  3.1.3  i have multiple website and everything work fine ....
i want to enable lets encrypt certificate on on of website:
i do the following steps:
on httpd:
oadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
on vhsot file:
<VirtualHost *:80>
 ServerName mydomain.com
 ServerAlias www.mydomain.com
 DocumentRoot "c:/mywebsites/www.mydomain.com"
 <Directory  "c:/mywebsites/www.mydomain.com/">
  Options Indexes FollowSymLinks
        AllowOverride all
        Order Deny,Allow
        Allow from all
        Require all granted
 </Directory>
 ErrorLog "logs/mydomain.com-error.log"
 CustomLog "logs/mydomain.com-access.log" common
 Alias /.well-known c:/mywebsites/www.mydomain.com/.well-known
</VirtualHost>
and download the last package of  letsencrypt-win-simple
the run the letsencyprt file as admin
press m the 1 then mydomain.com then  4  then 1
its give me validation plugin not found or not created
create certificate failed
i try to brows http://mydomain.com/.well-known
its give me:The requested URL /.well-known was not found on this server.
so where is the problem ?
is there any other way to get i certificate ?
thanks.
0
hi,

I want to use imagemagick on the cloud, i have a Bluehost account that says it's available https://my.bluehost.com/hosting/help/imagemagick

I have very limited experience in unix (or whatever the operating system is?) and I'm unable even to find out how to get to a command line to test this.

This question is just to get me kicked in the right direction, so any of the following would be a good start:
1. getting onto a command line and verifying the statements form the link above
2. creating a simple script file that i can run on the server somehow
3. a dummies summary of how imagemagick could work on bluehost

Attached screenshot of some of the bluehost advanced options.

Thanks

Related question resolved:
https://www.experts-exchange.com/questions/29103444/Using-a-google-script-to-process-a-jpeg-image.html
0
Hi,

I would like to request an assistant.

I would like to make a redirect using .htaccess .

The condition that i would like to combined are as follows :

1. redirect any access from /supporttickets.php to https://support.domain.com

2. redirect any access from  /submitticket.php to  https://support.domain.com/Tickets/Submit

3. redirect any access from   /contact.php to https://www.domain.com/contact.php

4. redirect any access to "billing" folder to https://billing.domain.com

5. IGNORE all above rules if the access file are "fpx_indirectcallback.php" or "fpx_directcallback.php"


Appreciates anybody assistant on this issue.
0
I have a curl error 77
Update Failed: Download failed. cURL error 77: error setting certificate verify locations: CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none

Open in new window

whenever I try to update my plugins in wordpress.

The site is www.thefrugallife.com

I have an Apache 2.4 instance running Linux 2 from Amazon.

I have recently moved the site and switched it to https.  My site certificate is showing it gets a B on SSL Labs using ipv4.

I can't update anything on the site till this error goes away.  Please let me know how to get rid of that error.

Thanks,
0
I designed an API that looks like this:

Items:
http://mysite.com/subfolder/api.php?resource=items&action=getAll   (get all items)
http://mysite.com/subfolder/api.php?resource=items&action=getById&id=1234   (get item by id)

Open in new window


Orders:
http://mysite.com/subfolder/api.php?resource=orders&action=getAll
http://mysite.com/subfolder/api.php?resource=orders&action=getById&id=678

Open in new window


Desired Re-Write
http://mysite.com/subfolder/api/items/getAll
http://mysite.com/subfolder/api/items/getById/1234

http://mysite.com/subfolder/api/orders/getAll
http://mysite.com/subfolder/api/orders/getById/678

Open in new window


Is this impossible because they use the same names???

I have no experience using re-write with Apache.

Thanks for looking.
0
Cloud Class® Course: Python 3 Fundamentals
LVL 12
Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

Hello i'm configuring the Owncloud X Appliance and have some questions that i can't find answer

1- It’s now accesible from the web by here
https://owncloud.domain/ownCloud
but user can still access this page
https://owncloud.domain/univention/portal/#category=software
Is there a way to deny access to this page https://owncloud.domain/univention/portal/#category=software and just have access to https://owncloud.domain/ownCloud


2- How can i change owncloud url to : https://owncloud.domain/ instead of https://owncloud.domain/ownCloud
i found this link https://doc.owncloud.org/server/10.0/admin_manual/installation/changing_the_web_route.html but it don't seem to be relate to the appliance

3- If i want to increase space on the appliance once ive add more space on my lun what other step i need to do

Thanks for helping me !
0
I have recently set up a proxy server using apache. However I randomly receive this message "502 Proxy error : Error reading status line from remote server".
What is supposed to be the proper way to solve this issue?. I mean, I prefer not using fixes like the ones I had to include to getr rid of this error temporally

        SetEnv force-proxy-request-1.0 1
                SetEnv proxy-nokeepalive 1
                SetEnv proxy-initial-not-pooled 1

Open in new window


This is my configuration:

<VirtualHost *:443>
        ServerName subdomain.mydomain.com
        ProxyHCExpr ok234 {%{REQUEST_STATUS} =~ /^[234]/}
        <Proxy *>
               AddDefaultCharset off
               Order deny,allow
        </Proxy>
        <Proxy balancer://hostingCluster>
               BalancerMember http://server1:80 timeout=10 retry=3 hcmethod=HEAD hcexpr=ok234 hcinterval=10
               BalancerMember http://server2:80 timeout=10 retry=3 hcmethod=HEAD hcexpr=ok234 hcinterval=10
               ProxySet lbmethod=byrequests
               ProxySet stickysession=PHPSESSID

                SetEnv force-proxy-request-1.0 1
                SetEnv proxy-nokeepalive 1
                SetEnv proxy-initial-not-pooled 1

        </Proxy>
        <Location /manager>
                SetHandler balancer-manager
                AuthType Basic
                Require valid-user
                AuthUserFile /var/www/.htpasswd
                AuthName "Authorization Required"
        </Location>

Open in new window

0
I need to disable the POODLE vulnerability.  I have Centos 7.5 and
OpenSSL 1.0.2k-fips  26 Jan 2017

Open in new window

and I have ran yum update openssl and nothing qualifies.  I added the line
SSLProtocol All -SSLv2 -SSLv3

Open in new window

in
/etc/httpd/conf.d/ssl.conf

Open in new window

- I then restarted httpd.

Yet when I run my cert against https://www.ssllabs.com free ssl checker I still show a POODLE vulnerability.

Please tell me how to get rid of this vulnerability.

Thanks,
0
I'm migrating my website to a secure server, and there is an issue with a page which isn't loading all the content.  Google Chrome Developer Console reports an "uncaught DOMException".  I'm not a programmer, and don't know how to interpret or correct this.  I've uploaded a screen shot.

The website is under development on a server which is not open to the public.  If you are sufficiently interested in visiting the page in question, the Windows hosts file would need to be modified by adding "199.168.187.45  mauitradewinds.com www.mauitradewinds.com secure.mauitradewinds.com   m.mauitradewinds.com".  In that case, the page with the issue could be visited at https://mauitradewinds.com/RezEasy/mobile/0001/cl0001.html    Otherwise, perhaps the screen shot is adequate for you to provide some guidance for me.  Thank you. Screenshot of DOMException error
0
I am managing  a very old XAMPP installation (1.7.3) which has been absolutely rock-solid for years.  Now, unfortunately, the company that provides a payment gateway that the system has been connecting to has decided to upgrade from TLS1.0 to TLS1.2 (for obvious reasons).  The version of PHP running on the install is 5.3.1 which comes with CURL 7.19.6

This version of CURL does not support TLS 1.2 encryption, the earliest version that does is CURL 7.34.0

As a quick fix, I've tried to upgrade the PHP installation to the latest one (7.26 I think) however, both methods I've tried result in Apache failing to restart - does anyone have any suggestions as to how I can upgrade the CURL or PHP?  Failing that, is there any alternative to CURL which will encrypt the data correctly, i.e. to TLS1.2 standard.

The XAMPP is running on Windows 7 64 bit
0
We have a local area network. We have a WiFi Router that’s capable of DNS Masquerading. A library website with hyperlinks pointing to an intern server resources. E.g http://ebook.myuniversity.elib/ebook_immanuel_kant_critique_of_pure_reason.pdf Our internal ip address where the resource is located is 192.168.0.200

This local domain ebook.myuniversity.elib points to the ip 192.168.0.200
The Masquerading works just fine, if users are in the internal local network. Our external IP for example is 10.10.10.200, this ip is binded to the local server 192.168.0.200 There is need to provide users with access via the internet. Users can only access via a link imbedded to the external web site. Which points to the 10.10.10.200.

The issue we have now is that the resource could not open because the ISPs could not resolve the link http://ebook.myuniversity.elib/ebook_immanuel_kant_critique_of_pure_reason.pdf

My question is this. Is there a small change we can do on the external website to resolve the resource automatically? I.e. it should be able to detect that the users are not on the local network and point them to http://10.10.10.200/ebook_immanuel_kant_critique_of_pure_reason.pdf

p.s Our external website is based on php running on Apache
0
Dear Experts

We are using nextcloud which is on ubuntu 16.04 with php, mysql and apache until now we were using within the local network but now there is a requirement to enable this to external network that is from internet hence would like to procure ssl certificate and install the same,
1.  can you please suggest the good source to purchase the ssl certificates
2. at present users are using this solution  by installing the ssl certificates will it have any impact of not functioning or breaking down the system please suggest.
3. can you please help me how to install the ssl certificate in this server instance
0
This is to migrate the existing SuSE Linux Enterprise server 11 (think with SP1) to another newly-setup SuSE Linux Enterprise 11 with SP4. This existing server is hosting apache, and supporting an oracle via PHP. The main thing is, we also have to configure the new SuSE to have PHP supporting Oracle with the following working descriptions from the application owner as follows,

           - Apache connecting to PHP accessing a Oracle table through Oracle instant client

with this requirement:
1)      the PHP has to be compiled to enable Oracle instant client
2)      apache has to have the connector configured (not shown here ) and recompiled

So far, on this new SuSE, a apache and associated modules were installed. When typing "rpm -qa |grep apache", the results shows,

      apache2-prefork-2.2.10-2.18
      apache2-utils-2.2.10-2.18
      apache2-mod_python-3.3.1-147.19
      apache2-mod_php5-5.2.6-50.17
      apache2-2.2.10-2.18
      apache2-mod_perl-2.0.4-40.19

How should we proceed from here?

thanks in advance.
0
Running WampServer 2.2 on a Windows 7 platform, a problem has developed.  I am unable to start the WampApache service.  There are Event Viewer errors specifying a syntax error at the line which designates the documentroot, and the statement "DocumentRoot must be a directory".  The document root IS a directory, and I have not changed hppd.conf for many years.  WampServer worked fine until just now.  I experimented with the syntax, even changing the DocumentRoot to "C:\", and got the same errors.  I am inexperienced with this application, and would appreciate suggestions.
0
Cloud Class® Course: MCSA MCSE Windows Server 2012
LVL 12
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

PHP website using sessions.  We original started development on our Ubuntu Apache system.  After 99% was complete we uploaded to the intended hosting package and found that the session commands we used and worked fine on our Apache development system would not work on the hosting package.  We were getting header already sent errors, but only on the shared hosting package that we purchased.  So we dove a little deeper and in simple terms we moved the session_starts to the top of the files and that seemed to resolve that issue.  However, not that the code is changed, the website is having problems on our development box.  When we try to access our "ADMIN" section which requires a login, we receive too many redirect errors.  However, the same code works on the hosting package. In the Admin section the index.php (admin is in a subfolder off of the root of the site) it includes our "Navigation" file which is basically the top menu of all of the pages.  In that Navigation file, the line "if(!isset($_SESSION['views'])){header("location:index.php");}" seems to be what is causing the error "ERR_TOO_MANY_REDIRECTS" in the browser.   So there is a two fold question here.  What is the problem with this, and why would it work on our hosting package but not on our development box?   Any help would be GREATLY appreciated.
0
Hello Fellow Experts,

I'm trying to get PHP PDO to work with an MS SQL database.  PHP returns a "driver not found" error. I've tried copying the "sqlSvr" driver files to the extensions folder and editing the ini file as suggested by various forums and tutorial, but the error still shows up.  

This needs to be done both on my local Windows Xampp (PHP v5.6) installation and on the remote Linux server (PHP v5.3).  Niether works, what am I possibly missing?

Also, where do the extensions go on the Linux server? Can I just create an "ext" folder in the remote server's "root" folder?  The folder structure looks different on the remote server; there isn't an "ext" folder like in my Xampp environment.

Thanks.
0
I'm troubleshooting a site which resides on a secure server, not available to the public.   It would be helpful if my browser could access the cgi-bin directory, but this is apparently forbidden by default on an Apache server.  Is there a client-side solution to allow browser access, such as htaccess?  If so, could you provide code?
0
xampp and mono / .aspx pages

I have a working installation of xampp on windows and I need to start running .aspx pages
I have installed mono but the mod_mono does not appear in the module folder of the xampp apache server folder
Can I have a STEP by STEP guide on how to install and use mono on xampp for windows
0
I'm migrating my website to a secure server, and a certain cgi script is not being found when it is needed.  I've attached an excerpt from the server's error log, specifying what happened.  I don't know how to interpret this error log text, or how to remedy the issue.  The script which isn't being found is properly situated in the cgi-bin folder.Error-loading-SecureForm.txt
0
I'm migrating my website to a secure (https) server.  There is code in htaccess which is unintentionally redirecting browsers to the non-secure (http) website.  The purpose of this code was to redirect requests for mysite.com to www.mysite.com.   If possible, I'd appreciate code which would redirect requests for http://mysite.com or http://www.mysite.com  or https://mysite.com  to https://www.mysite.com   However, an exception must be made for a few pages which present a scrolling, panoramic view, because those pages don't perform correctly when there is a www. prefix...

Here is the code which is presently causing an unwanted redirect to the non-secure server...

# redirect entire site from non-www to www except Panoramic View pages
RewriteCond %{REQUEST_URI} !^/viewtriage.htm$
RewriteCond %{REQUEST_URI} !^/view.htm$
RewriteCond %{REQUEST_URI} !^/viewipad.htm$
RewriteCond %{REQUEST_URI} !^/viewother.htm$
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
0

Apache Web Server

19K

Solutions

14K

Contributors

The Apache HTTP Server is a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. Typically Apache is run on a Unix-like operating system, but it is available for a wide variety of operating systems, including Linux, Novell NetWare, Mac OS-X and Windows. Released under the Apache License, Apache is open-source software.