Apache Web Server

19K

Solutions

15K

Contributors

The Apache HTTP Server is a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. Typically Apache is run on a Unix-like operating system, but it is available for a wide variety of operating systems, including Linux, Novell NetWare, Mac OS-X and Windows. Released under the Apache License, Apache is open-source software.

Share tech news, updates, or what's on your mind.

Sign up to Post

Dear All

Preventing DoS attack on our Apache Web server is the most difficult and challenging problems we have ever faced.  I looked at different solutions on the website, they are all recommending to use IPTable to block such attack.  But I have come to a conclusion that IPTables has nothing to do with that.  I have done a lot of configuration on IPTables and listened to many advanced but with no concrete result.

There must be another way to prevent DoS attack.  I don't know if Apache configuration can prevent such attach.

Basically, I am getting hundreds of connection from a specific IP address, which drained out the server memory and kills it.  The current situation we are doing is to block that IP range.  which is not a solution.

If you believe this issue can be resolved from Apache, please let me know how to tweak the setting.  
We are a university, the web server we have is mainly for displaying information.  

I would really appreciate any advice.

Thanks in advance
0
How to redirect all http traffic to https on Ubuntu running Apache2.
Here is my sites conf file and I am not able to drive the traffic to https.

<VIRTUALHOST *:80>
        ServerName OldDomian.com
        ServerAlias www.OldDomian.com
        Redirect /  https://www.NewDomain.com
       	ServerName NewDomain.com
        ServerAlias www.NewDomain.com
        Redirect /secure https://www.NewDomain.com

	
</VIRTUALHOST>
<VIRTUALHOST *:443>
    ServerAdmin webmaster@localhost
    ServerName www.NewDomain.com
    ServerAlias NewDomain.com
    DocumentRoot /var/www/www.NewDomain.com/web
    SSLEngine on    
    SSLCertificateFile /etc/apache2/cert/359dc02304e01eae.crt    
    SSLCertificateKeyFile /etc/apache2/cert/hp.key
    #SSLCertificateFile /etc/apache2/cert/gd_bundle-g2-g1.crt
    <DIRECTORY />
        Options FollowSymLinks
        AllowOverride All
    </DIRECTORY>
    <DIRECTORY /var/www/www.NewDomain.com/web>
        Options +FollowSymLinks
        AllowOverride All
        #AuthType Basic
        #AuthName "Restricted Content"
        #AuthUserFile /etc/apache2/.htpasswd
        #Require valid-user

        # <IfModule mod_rewrite.c>
        # RewriteEngine On
        # RewriteBase /
        # RewriteCond %{REQUEST_FILENAME} -f [OR]
        # RewriteCond %{REQUEST_FILENAME} -d
        # RewriteRule ^.*$ - [S=40]
        # RewriteRule (.*)/(.*)/$ /index.php?page=$1&id=$2 [QSA,L]
        # RewriteRule (.*)/$ /index.php?page=$1 [QSA,L]
        # </IfModule>
      

Open in new window

0
i have a Ubuntu apache2 web server with ssl certificate .Every time when i restart apache ask password.
I found a script and work well .

SSLPassPhraseDialog exec:/path/to/passphrase-script

#!/bin/sh
echo "mypassphrase here"

Now certificate is old and got new certificate with new challange passord. Can you please explain me what do i need to do?  can i change my script easly or i need a new script ? or can i add new password under old one  like:

#!/bin/sh
echo "mypassphrase here"
echo "myNEWpassphrase here"



Thank you
0
I have a ubuntu apache2 server .I would like to my website security ans ssl https certificate creating.

can i free ssl certicate install if yes how ?please explain me.

Thank you
0
I am trying to enable SSL on my Ubuntu server running Apache2, but when I restart the Apache2 service it crashes silently.

I have a cloned copy of the Ubuntu server in my Dev location and I was able to apply this without any issues.

I made, what I think is the correct edits to the /etc/apache2/sites-enable/site-name.com.conf file.
Can someone please shed some light on this for me.

<VIRTUALHOST *:443>
    ServerAdmin webmaster@localhost
    ServerName www.contoso.com
    ServerAlias  contoso.com
    DocumentRoot /var/www/www.contoso.com/web
    SSLEngine on    
    SSLCertificateFile /etc/apache2/cert/contoso.crt
    SSLCertificateKeyFile /etc/apache2/cert/contoso.key
    SSLCertificateFile /etc/apache2/cert/gd_bundle-g2-g1.crt
    <DIRECTORY />
        Options FollowSymLinks
        AllowOverride All
    </DIRECTORY>
    <DIRECTORY /var/www/www.contoso.com/web>
        Options +FollowSymLinks
        AllowOverride All
        #AuthType Basic
        #AuthName "Restricted Content"
        #AuthUserFile /etc/apache2/.htpasswd
        #Require valid-user

        # <IfModule mod_rewrite.c>
        # RewriteEngine On
        # RewriteBase /
        # RewriteCond %{REQUEST_FILENAME} -f [OR]
        # RewriteCond %{REQUEST_FILENAME} -d
        # RewriteRule ^.*$ - [S=40]
        # RewriteRule (.*)/(.*)/$ /index.php?page=$1&id=$2 [QSA,L]
        # RewriteRule (.*)/$ /index.php?page=$1 [QSA,L]
        # </IfModule>
        # php_value auto_prepend_file 

Open in new window

0
Hi, My SEO team is having me create directories for certain keywords, like /affordable-meal-delivery/, so that the URL is mywebpage.com/affordable-meal-delivery/

The only way I know to do this is to create the directory and then have an index.html inside the directory. But I don't like having so many pages called index.html, for one thing I am afraid of overwriting one to another.

This site is able to do it without an index.html: www.freshnlean.com/gluten-free-meal-delivery/  - if I add index.html to that, it goes to a page not found.

We are on an Apache server. So it looks to me like this:



But I have ten or so of those directories with an index.html in each. How can I do this without the index.html. Ideally, I would want the page inside the directory to be affordable-meal-delivery.html. Can I use an htaccess file to do this?

Thanks.
0
I have a Linux ubuntu  Apache/2.4.7, OpenSSL/1.0.1 Server.

My Wildcard certificate(comodo) is expired. We have a New Wildcard(with Password ) certificate.
 I copied all files from comodo  
certificate.cabundle,
certificate.crt and  
certkey.key to my certificates Folder /etc/apache2/allcertificates/.

Folder allcertificates has root permission :  root:root

i changed lines  under /etc/apache2/sites-enabled/default-ssl.conf

SSLEngine on

SSLCertificateFile               /etc/apache2/allcertificates/certificate.crt
SSLCertificateKeyFile        /etc/apache2/allcertificates/certkey.key
SSLCertificateChainFile    /etc/apache2/allcertificates/certificate.cabundle

when i restart or start Apache2   : /etc/init.d/apache2 restart     ,i got  error  and also certificate Password ask not. must be asking isnt it?

error log Apache:

 [ssl:emerg] [pid 138] AH02204: Init: Pass phrase incorrect for key of mydomain.com:443
 [ssl:emerg] [pid 138] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
 [ssl:emerg] [pid 138] SSL Library Error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[ssl:emerg] [pid 138] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[ssl:emerg] [pid 138] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
 [ssl:emerg] [pid 138] SSL Library Error: error:04093004:rsa …
0
I have a Ubuntu apache2 server .I bought a ssl wildcard certificate from online .They send my new certificates zip format.
I have CERT.CABUNDLE and CERTIFICATE.CRT files in this zip.

before i used selfsigned certificate on my apache server.

please can you explain ,how can i install these new certificates on my apache server ?

Thanks
0
HI,

I have created a php script for individuals to add a url to their calendar application such as outlook/ google calendar.


 I have validated the output on https://icalendar.org/ and get a header warning about the content type being text/html

Validator

Problem is when i add
           header('Content-Type: text/calendar; charset=utf-8');
	//		header('Content-Disposition: inline; filename=calendar.ics');

Open in new window


i get

chrome -> ERR_INVALID_RESPONSE
firefox -> file not found
ie -> i get a download prompt that could not be downloaded if save is clicked

if i add the URL to outlook it throws an invalid url error

Not sure whats going on here because i had it working last night


i am using plesk on my centos 7 server
0
I have a problem with a .htaccess file.

I have a domainname (test1234.com for this example), and if visitors go to http://www.test1234.com everything works fine.
If they go to http://www.test1234.com/files/blablabla/nonexistingsfile.pdf they are redirected to the index.php file, but the path is not changed. So any files used in index.php which are referenced by a relative path "./cssfiles/main.css" for example are not found. Images which are included with "./graphics/logos/mylogo.png" are not shown.

I've attached my htaccess file. Anyone have any idea how to get this right?
htaccess_for_expertsexchange.txt
0
Hi All,

I have httpd with worker MPM. I do want to limit that to 1 process with root and only 3 child processes under my account (guest).

Sometimes, I could see 5 or 6 or 7 httpd child processes running on my box.

how to limit the child processes for httpd ?

How to configure/fix this ?

Thanks,
bvm
0
Hi everybody.
I'm writing the php backend for an Android native app developed by another team.
They are sending to the server in the http headers the value of user_token but I'm not able to get it. I used getllheaders() functions but it doesn't return it.
I have added to .htaccess following lines:
RewriteEngine on
RewriteRule .? - [E=user_token:%{HTTP:user_token}]

Open in new window

and then tried to find the value in the superglobal $_SERVER. the index is present but it is empty.

I performed several tests using https://www.hurl.it/ but with no success (

I really don't know how to solve this issue: any idea?
Thank you
0
is a shared webserver a good place to store .pdf or .doc files

if not linked to by using html, can search engine find.

i have robots.txt ask (not demand) that search engines shouldnt show but i know robots.txt is not a solution
0
I have the following JavaScript making a call to a PHP page:

	function callPhpAPI(youdata) {
	
		$.post( "http://www.utahkidsfoundation.com/recsoap.php", { mes: youdata } );
	
	}

Open in new window



PHP page:

<?php

$mes=$_REQUEST['mes'];


    $emailto = 'xxx@gmail.com';
    $toname = 'Tom';
    $emailfrom = 'xxxr@xxx.com';
    $fromname = 'xxx';
    $subject = 'activity on xxx detected:  ' + $mes;
    $messagebody = 'There was a page hit on xxx:  ' + $mes;
    $headers = 
        'Return-Path: ' . $emailfrom . "\r\n" . 
        'From: ' . $fromname . ' <' . $emailfrom . '>' . "\r\n" . 
        'X-Priority: 3' . "\r\n" . 
        'X-Mailer: PHP ' . phpversion() .  "\r\n" . 
        'Reply-To: ' . $fromname . ' <' . $emailfrom . '>' . "\r\n" .
        'MIME-Version: 1.0' . "\r\n" . 
        'Content-Transfer-Encoding: 8bit' . "\r\n" . 
        'Content-Type: text/plain; charset=UTF-8' . "\r\n";
    $params = '-f ' . $emailfrom;
    $test = mail($emailto, $subject, $messagebody, $headers, $params);
    // $test should be TRUE if the mail function is called correctly

    header("Location: http://xxx.com");

    die();
?>

Open in new window



The email IS being sent, but the PHP variable $mes that I am attempting to make use of has a problem.


The email when it arrives looks like this:

zero

What I expected was to see the following subject and message body:

subject: 'activity on xxx detected:  content of param passed in
message body: 'There was a page hit on xxx:  content of param passed in

If I remove the $mes PHP variable I am trying to append to the end of the subject and message body (above) -- the subject and message body come through GREAT, minus the custom message(which is the entire point of all this)

zero
0
Hi All,

I am trying to figure out how to get a 301 redirect in Wordpress to open in a new window?

I am using the Simple 301 Redirect tool with Wordpress

My website -- On the sidebar, I have a redirect in place for the Apply Now link. The only problem, is it opens in the same window, I'd like it to redirect to the new site in a new tab/window.  

Is this possible, and if so, how?
0
Hi, the server for my site is set to disallow frames. Site is https://   magickitchen.com.

Is it possible to use an htaccess file to allow iframes within one directory? If so, how? Thanks in advance
0
Is one way better than another for forcing site-wide https with the htaccess file? Here are a few methods suggested on different websites:

RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [L,R=301]

Does it make any difference which RewriteCond I use? It looks to me like all three RewriteConds are saying the same thing. Are they essentially interchangeable in achieving my purpose?

Also, the last two RewriteRules differ from the first. I'm assuming the syntax on the first ( ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} ) is correct for my purpose. Is this true?

Thanks!

Regards,
Jonathan
0
Hi,

I have a django application running on AWS server. It was working all good from past 2 one month. Suddenly now apache2 default page is coming up.

Can anyone please help me with this?

Thanks
0
I have XAMPP running on Windows 10. I am trying to setup a Virtual Host so that when I use "myapp.dev" as a domain I get directly to my public folder of laravel project.
Laravel is located at C:/xampp/htdocs/myapp/public.
By using http://localhost:8000/myapp/public/ i can access laravel index.php
So far i have tried the following:
http v-host.conf file
#this is the default address of XAMPP    
<VirtualHost *:8000>
   DocumentRoot "C:/XAMPP/htdocs/"
   ServerName localhost
</VirtualHost>


<VirtualHost *:8000>
    DocumentRoot "C:/xampp/htdocs/myapp/public"
    ServerName myapp.test
    SetEnv NS_ENV variable_value
</VirtualHost>

and in C:\Windows\System32\drivers\etc\host file

127.0.0.1 localhost
127.0.0.1:8000 myapp.test

and after restarting apache and typing myapp.test leads to iis homepage instead of index.php in public folder.
0
I have a website on a self hosted centos server. When doing a page speed test through google I get a message that it takes 5.8 seconds for the website server to respond where it is supposed to respond within 200ms. How do I get to the bottom of this load time?

We staged this website on another URL on a shared hosting server with much less resources but it performs much better.

WHM Centos Version : 68.0.36
Apache : 2.4.27
SQL : 5.6.38

Problem URL : www.luckystar.africa ( 5.8 server response )
Staging Server : www.madproducitons.co.za ( 800ms server response )
0
xampp:
I am running xampp on my windows pc and every time I access any website for the first time (using chrome) I get a notification that the page is not working and I get a blue "Reload" button"
When I hit the button the page loads and all the page links work within the websites as normal

It works ok in Firefox and Internet Eplorer
0
Hi Experts

i just installed nextcloud 13.0.1  on centos 7 it is working now

but i want our users to write in the browser  
https://nextcloud.domain.com           without /nextcloud    in the end i mean   not like this    https://nextcloud.domain.com/nextcloud

i know there is something i have to do on apache but i don't know where and how maybe in index.php   i am not sure and i don't know how

so please if you know give me step by step procedure

thanks
Sword
0
Hi, I'm using Dreamweaver and my site will post on my localhost just fine, but how I do connect to my remote site (company domain)?  What do I need to change my URLs to?  Thanks in advance :)
server folder: c:\xampp\htdocs\tester\
My web URL: http://localhost/tester/
0
Dear Experts, I got a website at domain: example.com, but when I typed it in a browser, it showed only IIS page. The website can only be displayed when I typed https://www.example.com

Can you please suggest? We 'd like to get the website when I typed www.example.com or example.com, not only https://www.example.com

Also, sometimes I could not access the website on a browser and not the others?
0
Hi,  truenasreseller dot com is the site, it's running the latest wordpress. I've got the leverage browser caching plugin installed, and htaccess shows it's there, see attached. But gtmetrix.com shows that browser caching is not enabled, they are still giving an F and a 0 rating. Why would that be so?

I'm hosted on Bluehost, with whom I'm very unhappy, but for the time being I want to get this grade up so that I can show them the issue is on their end. Thanks!
0

Apache Web Server

19K

Solutions

15K

Contributors

The Apache HTTP Server is a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. Typically Apache is run on a Unix-like operating system, but it is available for a wide variety of operating systems, including Linux, Novell NetWare, Mac OS-X and Windows. Released under the Apache License, Apache is open-source software.