Apache Web Server





The Apache HTTP Server is a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. Typically Apache is run on a Unix-like operating system, but it is available for a wide variety of operating systems, including Linux, Novell NetWare, Mac OS-X and Windows. Released under the Apache License, Apache is open-source software.

Share tech news, updates, or what's on your mind.

Sign up to Post

There seems to be some sort of mysterious redirection going on when i try to access the site at

A static file, such as http://fostamells.technojeeves.com/license.txt comes out fine but the attempt to access the homepage seems to land on a page of the company that hosts technojeeves.com. I really can't see why. Is it Wordpress doing this or what (after all it does say X-Redirect-By: WordPress)? I've attached a wget debug log of the attempt to get the homepage
OWASP: Threats Fundamentals
LVL 13
OWASP: Threats Fundamentals

Learn the top ten threats that are present in modern web-application development and how to protect your business from them.

MAMP Expires in one week?

I got a message that the full-working demo will expire...

What does that mean?

I really do not want to pay $69 for an installation I made as a simple test-bed for WordPress and PowerPress. I plan to host the podcast in a few weeks.

What will I not be able to do once this demo has expired?

Can I simply register?

I start by saying that I'm not an Apache expert, so I'll do my best for describe the strange (IMHO) thing happen.
Before all, here's the result of a telnet to the problematic site served by an Apache (IP & address are fantasy names):

telnet www.problematicsite.com 80


Connected to www.problematicsite.com.

Escape character is '^]'.

GET / HTTP/1.0

HTTP/1.1 302 Found

Server: Apache-Coyote/1.1

Set-Cookie: JSESSIONID=30A1322E0051FE076012575109C79528; Path=/; HttpOnly

Location: http://localhost:1701/problematicsite_library/libweb/action/feRedirect.do

Content-Type: text/html

Content-Length: 0

Vary: Accept-Encoding

Date: Mon, 03 Jun 2019 06:46:36 GMT

Connection: close

Set-Cookie: sto-id-%3FSaaS-A_prod%3FPMTEU02.prod.problematicsite.1701-sg=FGHIBAAK; Expires=Thu, 31-May-2029 06:46:37 GMT; Path=/

Connection closed by foreign host.

Open in new window

Regarding the feRedirect.do 'file' it is indeed not supposed to have any contents it only provides http headers to tell the browser to redirect to a different location using the below header:

Location: /problematicsite.com/libweb/action/search.do?vid=39UDN_VIEW

Theoretically it's all perfect but....in some (apparently random) client PCs I can't use the http://www.problematicsite.com url because these machines permits only the download of the zero-byte "feRedirect.do" file without a correct redirection!!
I've made some tests with the web admins and we're sure that the cause of this is NOT on the PCs clients  but in the Apache server.
Sadly the web admins doesn't understand the cause...any clue?
We're going to run a webservice to receive messages from one client. We are required to use mutual TLS. The client did send us the certificate he will use to connect to our webservice. (it needs to be this certificate) Our environment is Nginx+Apache+PHP.

My question is: what is the best way to do this? How can I let Nginx or Apache require a client certificate and trust this particular certificate? Or should I do this in PHP. What's the best approach?
Hi Experts,

I upgraded Apache 2.2 to 2.4, used as a proxy.

Here an example for one VH :

<VirtualHost *:80>
        Servername apps-dev.contoso.com

        <Location />
                Order Deny,Allow
                Include conf-ip/allowed-ip-contoso.conf

        ProxyPass /
        ProxyPassReverse /

Open in new window

How to have the correct syntax with the "require" command?  

I tried Required ip... but not working.
How can we replace "Include conf-ip/allowed-ip-contoso.conf" with the correct syntax?
I tried Required ip conf-ip/allowed-ip-contoso.conf... but not working.

EDIT1 : Include working! But the problem come from the allowed-ip-contoso.conf :

Order deny,allow

Deny from all

## ALLOW IP ##
Allow from
Allow from
Allow from
Allow from
Allow from

What is the correct syntax for 2.4?

Thank you
Win 10 64 bit
Apache 2.2
PHP v (unknown)
Microsoft SQL Serve 2008 r2 Express
Dreamweaver CC 2019

Ehem… I have little experience with PHP, but I can fumble around "reading" it, I can't program it.

Using Dreamweaver, I attempted to create a php test server with this locally hosted and previously functioning web back office.
I have since backed this out and will be attempting to use another machine on the network as the testing server.
Back office (web) comes with Point of Sale software. POS Software is functioning fine as WAS the back office until... my Dreamweaver experiment.

Since the attempted test server setup, and after a successful (not using Live View) Chrome localhost login I’m getting this:
"http://localhost/OCPOS/OCPOS/login.php" and the error of The requested URL /OCPOS/OCPOS/login.php was not found on this server.
The second "OCPOS" should not exist at all, and the file was never present to begin with, so why is it being requested?
I should be seeing a dashboard, and I'm not.

This login problem only happened after I mapped the files with Dreamweaver in site setup; again I have since backed this out.

Localhost – login file path:
C:\OCPOS\htdocs index.php - passes the request "header("location: OCPOS/login.php");"

login.php file path:
C:\OCPOS\htdocs\OCPOS - login.php (which looks to run a check on the user name and pword by a call to another "settings" file)
“login.php” also requests these
I have a php file that is excue a .sh command:
  echo exec('/var/www/html/disable.sh');

the .sh file command is:
sudo  cp /var/www/html/1.cfg /var/www/html/2.cfg

when I run it from ssh from root user account using
php /var/www/html/disable.php the /sh work fine
when I runt it from browser is not working !
so what I have to do ?
I try to use this guide https://github.com/zmartzone/mod_auth_openidc/wiki/Azure-OAuth-2.0-and-OpenID-Connect to enable authentification on a directory in Apache.

I have a Running site where SSL/PHP and everything else works.

A part of my .conf file for this site looks now like this.


OIDCProviderMetadataURL https://sts.windows.net/hiddenc123-5ahiddensds-b3f2-sds22/.well-known/open$
OIDCRedirectURI https://mysite.com/test2/

OIDCClientID hidden123123123
OIDCClientSecret Test
OIDCCryptoPassphrase hiddenasdasdasdasd

OIDCScope "openid email"

OIDCRemoteUserClaim email

<Location /var/www/mysite/html/test>
    SSLOptions +StdEnvVars

    AuthType openid-connect
    require valid-user

    Options Includes FollowSymLinks
    AllowOverride AuthConfig Limit
    Order allow,deny
    Allow from all

Then I did service apache2 restart
When I run apachectl configtest I get no error regarding mod_auth_openidc. So I think this module is correctly installed.

But no authentification is enabled on the folder that I would like to protect. Also no error messages appears in webbrowser.

I now have some questions:

I expect an error message when it not works? So it must be something wrong? Or somthing that is not correctly activated?

What is OIDCRedirectURI? Do I need some PHP code for this? Is that not the url that I would like to protect? (https://mysite.com/test2/)

Where can I …
I have included the following 2 pages in my index page:

This page has this line: include("includes/fusioncharts.php");

This page also has this line: include("includes/fusioncharts.php");

I get the following:
Fatal error: Cannot redeclare class FusionCharts in C:\xampp\htdocs\Development\Inventas\Sites\Charts\MyPHPDatabaseExamples\includes\fusioncharts.php on line 3

How can I avoid this error and get both includes showing on the index page
Upgrading Apache Tomcat on a Coldfusion 10 server.  Our company recently revived a security notification about a possible vulnerability. The vulnerability is called CVE-2019-0232 . The recommendation is to upgrade from our current Tomcat to Tomcat version 7.0.94

Does anybody know if doing a manual upgrade is possible on Coldfusion 10 on Windows? Or is it best to wait for Adobe to release a patch? I'm skeptical that Adobe will do much about this anytime soon.
Amazon Web Services
LVL 13
Amazon Web Services

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

I have a customer with an ecommerce Magento 1.9.x website.  We have discovered that our hosting package bandwidth usage has gone up considerably.  It appears that some of our product pictures on the site are victim of hotlinking.  I have found some references on how to stop the hotlinking or replace it image when hotlinked.  For example: https://alistapart.com/article/hotlinking/  However, I was wondering is there a way to give the user that viewed the "hotlinked" picture from the remote site, a link back to our site.  If their going to steal our pictures/bandwidth, then maybe we can redirect their visitors to our site??
I am trying to install and SSL certificate on a website after i've migrated it from Ubuntu to a CentOS server.
Everything is up and running but I can't get SSL working. Apache starts fine. My config test shows no errors. But when I try to connect to the server through ssl, in all browsers I get ERR_CONNECTION_REFUSED. I don't believe its an SSL issue but maybe a firewall. I don't know as im unfamiliar with CENTOS, Any ideas?
I host several websites with Dreamhost. Today, I shelled into my main user account and found a few dozen .txt files at the top level of my main user account that looked incredibly suspicious. They are named `logins.1234567890.txt` (the numerical portion being uniquely generated, it appears) and contain csv's showing apparent logins under this main username, including IP addresses and (variably) times/dates of the login. Most of them are my IP, but several are not, and some come from locations both near my home and business as well as outside the US (Canada was the only one I've seen so far).

Here's what I've found:

The files are generated at around the same time every week since last June (yeah, this is the first time I've noticed them – I'm not a frequent shell user). They appear to show logins with IP addresses and number of logins, along with dates and/or times. More often than not, it's my IP address, but sometimes it shows others.

Below I peeked inside a few of the files (with ls -l) to find out when they were created, in the order in which they appeared:

myuser@my_dreamhost_server:~$ ls -l logins-1554572892.txt
-r-------- 1 myuser pg17700 234 Apr  6 10:55 logins-1554572892.txt
ladot@ds11468:~$ ls -l logins-1553969843.txt
-r-------- 1 myuser pg17700 180 Mar 30 11:24 logins-1553969843.txt
ladot@ds11468:~$ ls -l logins-1553364634.txt
-r-------- 1 myuser pg17700 180 Mar 23 11:17 logins-1553364634.txt
ladot@ds11468:~$ ls -l logins-1552759601.txt

Open in new window

refer to attached:

are they affecting Apache httpd (ie web servers) 2.4.x  only
& other lower versions (eg: our Solaris 10's  Apache/2.0.63
is said to have been patched by our admin but I'm not sure)?

So versions 2.4.x running on Windows are not affected?

Can point me to where to get the patches for RHEL7/RHEL6
in Red Hat support portal??

I recently had an internal security scan and it highlighted access to Tomcat manager web app is possible using default credentials,
I have found the tomcat-users.xml file that contains the below, can I just change the password or will this stop something working?

- <tomcat-users>
  <role rolename="tomcat" />
  <role rolename="role1" />
  <role rolename="manager" />
  <role rolename="admin" />
  <user username="tomcat" password="tomcat" roles="tomcat" />
  <user username="both" password="tomcat" roles="tomcat,role1" />
  <user username="role1" password="tomcat" roles="role1" />
  <user username="admin" password="admin" roles="admin,manager" />
error when using dom pdf to generate pdf files from php records:
Unable to stream pdf: headers already sent

I have tried all the typical suggested solutions for this but I still get the error
I haven't posted any code yet because I am unsure of exactly what to post
I initially post this error in case anyone has a suggestion of whet the error is actually telling me / doing in terms of code
I am pretty sure it used to work on my server but I have not visited my code for some time so I just cannot remember if anything has changed
In my .htaccess file, there are references to favicon. I want to delete my graphics folder. Is it of to move any favicon files to the root of my site, not inside a folder?

#do things different on prod
<IfDefine prod>
RewriteRule ^favicon\.ico$ /graphics/live_favicon.ico [L]
<IfDefine !prod>
RewriteRule ^favicon\.ico$ /graphics/test_favicon.ico [L]

and where is "prod" defined? Is that an Apache thing? Sorry for the newbness, Im taking over for a departed employee and trying to sort things out.
Hi all

I would like to display a certain path in the URL but actually server content from another path. How can I achieve the following using my .htaccess Apache file please?

I want to have a URL with the word attachments

but actually serve the content located at /images/plots/

Thanks in advance, Neil

I have changed part of  an old Drupal Site to a Wordpress site in a subdomain.  

The main part of the Drupal site still exists, I have just taken the shopping cart portion and built it in a Wordress, which sits in a subdomain

I am trying to redirect the old product pages ot the new ones, but my htaccess code is ignored..

Options +FollowSymLinks
RewriteEngine on

Redirect 301  /cgi-bin/commerce.cgi?preadd=action&key=A30-E https://resources.beststart.org/a30-e-risks-of-cannabis/

Open in new window

I have tried writing the redirect a few ways, all are ignored..  Redirect, RedirectMatch 301, redirectPermanent, etc.

I do have a lor of products as well, it would be good if I could do a wildcard for all /cgi-bin/commerce.cg*
Rowby Goren Makes an Impact on Screen and Online
LVL 13
Rowby Goren Makes an Impact on Screen and Online

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.

I want any request that goes to mysite.com/index.html to be 301 redirected to mysite.com

Will the following mod_rewrite work in my htaccess file, is it comprehensive enough, and where would it need to be placed in the file?

RewriteCond %mysite.com/index.html HTTP [NC]
RewriteRule (.*)index.html$ /$1 [R=301,L]
I am trying to install Phpki on a SME-Server.   In the initial Setup screen I is asking the following.

"Storage Directory *
Enter the location where PHPki will store its files. This should be a directory where the web server has full read/write access (chown phpki ; chmod 700), and is preferably outside of DOCUMENT_ROOT (/opt/phpki/html). You may have to manually create the directory before completing this form. "

It gives the example of :


The server's Primary Dir has three  folders

Primary -  cgi-bin
               -  html
               -  folder  -  phpki-store

I was thinking  about putting  phpki-store under folder which is at the same level as the html folder,   I'm not sure what they are asking for.
Hi everybody.
So I'm using a cde in .htaccess to remove php extension from the url:
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteCond %{REQUEST_URI} ^(.+)\.php$
RewriteRule (.*)\.php$ /$1 [R=301,L]

Open in new window

It works fine. But I have some dynamic url I want to make SEO compliant. For instance, I would like that

Open in new window


Open in new window

So I looked around and I found this to put in my .htaccess
RewriteCond %{THE_REQUEST} \s/vinos\.php\?v=(\w+)\s [NC]
RewriteRule ^ /vinos/%1? [R=301,L]
RewriteRule ^vinos/(\w+)$ /vinos.php?v=$1 [L]

Open in new window

With this the url is rewritten as expected but in the page which is open php just doesn't work. And all css is lost...
Any idea about how can I remove the extension from the simple page and make dynamic urls seo friendly?
Thank you in advance for any suggestion :)
I have my domaing "www.myserver.com" and I got  customized my ".htaccess" file with the following rewrite rules:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/oculto/larespuesta.php$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www.myserver.com$ [NC]
RewriteRule ^(.*)$ https://www.myserver.com/$1 [L,R=301]

Open in new window

This set of lines allow me:
1.- redirect all calls of "http://" to "https://"
2.- redirect all calls of non "www" to "www"

I wanna know how to bybass of this rules using rewrite rules, subdomains in the same server? I tried with RewriteCond %{HTTP_HOST} !subdomain\.myserver1\.com$ [NC], but after I add that line I need to comment
   RewriteCond %{HTTP_HOST} !^www.myserver.com$ [NC]
   RewriteRule ^(.*)$ https://www.myserver.com/$1 [L,R=301]

Open in new window

Is there a way to add a bypass for my subdomains in my htaccess?
Difference between URL forwarding and re-routing?

I am curious what the difference is from an MVC .NET Framework perspective, if that makes any difference...

Hi Experts

Could you pont a way to obtain the volume of accesses to a customer portals (Apache/ MSSQLServer) ?

Accordingly to:
The customer enter on some site's pages with it's credentials, choosing it's name on a combo, etc...

Is it possible to obtain the access volume by using the Apache default features, f.e. ?

Thanks in advance!

Apache Web Server





The Apache HTTP Server is a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. Typically Apache is run on a Unix-like operating system, but it is available for a wide variety of operating systems, including Linux, Novell NetWare, Mac OS-X and Windows. Released under the Apache License, Apache is open-source software.