Hello experts,

I have a site where I need to add 300  301redirects.

Will that many redirects slow down a site?   Personally, I do not think so. But I thought I should ask the experts here first.

Would there be any other issues with so many redirects in an Htaccess file that I should be aware of?

Thanks!

Rowby

Hello  

My saturday seems to be filled with htaccess issues :)  BTW this is a different site than my earlier question today.

I have a client who needs to have a few generic php and html files in the root of the server.  The existing Htaccess file apparently is disallowing files to be in the root -- which gives a 404 errors -- even though the physical files exist in the root (/public_html)

The files mainly have htm and php extensions, but there may be jpg, gifs and perhaps swf extensioins.

It''s a Joomla site, and I'm thinking it might be a security feature.  (His old joomla site let him have these kinds of files in the root.  But I guess Joomla hyped up the security and is not letting them be viewed by the public.

Please look at the htaccess file and let me know if indeed there is a rule prohibiting this, and how I can eliminate that rule.  BTW there is nothing in the code that will identify the actual site.....)

### ===========================================================================
### Security Enhanced & Highly Optimized .htaccess File for Joomla!
### automatically generated by Admin Tools 3.5.1 on 2015-05-15 14:49:25 GMT
### Auto-detected Apache version: 2.2 (best guess)
### ===========================================================================
###
### The contents of this file are based on the same author's work "Master
### .htaccess", published on http://snipt.net/nikosdion/the-master-htaccess
###
### Admin Tools is Free Software, 

Select all Open in new window

…

I keep getting this error:

https://gyazo.com/e42f6ac2d15e502aec32cbb0588408a8

I have reloaded the software twice now.

I am on a Bitnami Debian stack.

This is a new test site.

Hi experts,

I am trying to edit my hosts file C:\Windows\System32\drivers\etc\hosts  but it won't let me save it and tells me it is being used by another program.  I have no other apps open, and apache is stopped.

When I try to delete the file (I have a copy waiting) I am told that the file is being used by system.

Any ideas on how I can edit and save the file please?

Cheers

Hello

I am running Nginx version 1.10.2 on Centos 6.9 for a long time. Nginx serves as a reverse proxy to Glassfish 3 running some application.

Today when I rebooted my machine and I opened the URL to Nginx I got Bad Gateway. The error logs show following:

2017/10/01 05:28:48 [crit] 11408#0: *5 SSL_do_handshake() failed (SSL: error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small) while SSL handshaking to upstream, client: 123.456.789.123, server: mydomain.net, request: "GET /apex/f?p=123 HTTP/1.1", upstream: "https://127.0.0.1:9191/apex/f?p=123", host: "www.mydomain.net", referrer: "http://www.mydomain.net/"

Select all Open in new window

I am able to access Glassfish with https://Hostname:9191/apex ... without a problem.

I am not sure what to do to fix this issue.

OpenSSL version is following:

-bash-4.1# rpm -qa openssl*
openssl098e-0.9.8e-20.el6.centos.1.x86_64
openssl-devel-1.0.1e-57.el6.x86_64
openssl-1.0.1e-57.el6.x86_64

Select all Open in new window

I will be really thankful if someone can help.

Am looking for 2FA solution meeting these requirements:

1. 2 FA but with one-time authentication per device.

2. On the same device, prompted only once to present both sets of credentials.

3. That device is no longer prompted for all time.

Is there an Apache solution for this? I have looked at a few things like google auth but not sure it would work well with these requirements.

Pretty odd one here I cannot wrap my mind around. I was in the middle of testing a page with a POST form when I discovered that, along with the POST, it was creating a GET query string. I started eliminating JavaScript, etc., until I was down to a basic HTML page structure with no other markup than the form. Still having the problem, I started eliminating things in the form (even the submit button as type="submit") until I came up with the following. This is the entire page:

 
     <!DOCTYPE html>
    <html lang="en-gb">
    <head>
        <title>Title</title>
        <meta charset="utf-8">
    </head>
    <body>
        <form>
            <input type="hidden" name="foo" value="foo" />
            <button name="Button">Send Message</button>
        </form>
   </body>
   </html>

Select all Open in new window

As you can see, this form should not even submit. Yet, pressing the button will create a url query string in the address bar. This is my dedicated server. My thought is that there must be a MITM listener at work here. This has been tested in different versions of IE, FireFox and Chrome on 5 different computers and one Android phone. The only other possibility that makes sense to me is my network or my ISP. Whatever it is, there has to be something listening somewhere to submit a form that isn't really a legal form. I have not experienced this except on domains on my server.

I should add that there are several domains on this server an I ran this test file on several of them with the same results.

Wordpress whenever I try to approve multiple comments it gives me err connection reset. Started happening after wordpress upgrade.

This is Apache 2.2.17 and it was complied into its own directory.
The Openssl version on the server was 1.0.0.
I installed a newer version 1.0.1g.

Configured the new version to be used by the OS. 'openssl version' and 'which openssl' both show the new version.

However, when I try to add the new security from OpenSSL in the httpd.conf I get this error:

SSLProtocol: Illegal protocol 'TLSv1.2'

...showing that it is still not using updated OpenSSL.
Per Redhat. httpd2.2.17 should support this:

https://access.redhat.com/solutions/65030
RHEL 6: TLS v1, v1.1, & v1.2 support

You must have at least openssl-1.0.1e-15.el6, httpd-2.2.15-39, and mod_ssl-2.2.15-39 to have support for TLSv1, v1.1, & v1.2.
TLS v1.1 & v1.2 support added to OpenSSL with release of openssl-1.0.1e-15.el6 from RHBA-2013:1585, first shipped in RHEL 6.5.
The ability to specify TLSv1.1 & v1.2 in Apache with SSLProtocol was included in httpd-2.2.15-39, released in RHBA-2014:1386-1.

What needs to be done to do this other than recompiling Apache?

I have a Tomcat 8.5 service on a Windows server and I have noticed that Tomcat service does not restart on server reboot so I have to go in and restart it manually. it is very strange as the Startup Type is set to Automatic.

Can anyone please help me diagnose and fix the issue?

I suddenly can't seem to access my local websites on my Mac via MAMP. My ddns.log file contains the following:

mamp_dyndns[41389:21445531] DynDNS: [no update] empty username and/or password

Select all Open in new window

I do have my DynDNS username and password stored properly in the MAMP interface, and my DynDNS account is in good standing and is configured as it's always been.

Any help on figuring this out would be appreciated.

Thanks,
Jon

I have been using wamp server with windows 10 for months without a problem, I don't have skype and IIS is disabled.  It's been working fine until today, now the icon is yellow and it is apache that is not working.  I tried to start it manually and checked again that port 80 is free.  Any ideas what could be causing this?

Hi Experts,

I'm wondering how to best log access-logs on Apache while using ProxyPass based on <Location>.

Here are 3 things I have in mind that I'm trying to implement:

1. I would like to be able to identify the STATUS code Apache received from our application server (ProxyPass) and the STATUS code Apache sent to end-user. I'm not 100% sure how to identify these separate status codes as of now based on %s "<" or ">" redirection possibility on documentation.
2. I would like to know if it is possible to log the server IP (application server) that processed the request on the backend (ProxyPass), where the response is coming from.
3. Any recommendation on how to log full headers from REQUEST and RESPONSE headers, including POST data?

This is my current log format:

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%v\" %D \"%{UNIQUE_ID}e\"" custom

And the VHOST has the following config:

ProxyVia Full
ProxyRequests Off
ProxyPreserveHost On

<Location /admin/>
ProxyPass http://10.23.132.10:/admin/
ProxyPassReverse http://10.23.132.10:/admin/
Order deny,allow
Allow from all
</Location>

On the above ProxyPass IP (10.23.132.10), that IP is a server pool from haproxy load balancer, it has 4 servers, so for each request, I can land on a different server in that pool.

Apache version: 2.2.15

Thank you!