[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More


Apache Web Server





The Apache HTTP Server is a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. Typically Apache is run on a Unix-like operating system, but it is available for a wide variety of operating systems, including Linux, Novell NetWare, Mac OS-X and Windows. Released under the Apache License, Apache is open-source software.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have updated a website that has been around for a while. I checked to see what the url looks like if I search for it on Google and it is www as opposed to not having www. I wanted to keep that but also force a redirect to https as the site was http. I have added a SSL certificate so it should be https.

I have done this in the root .htaccess file, bearing in mind this is a php MVC structured project (just mentioning in case that matters at all).

<IfModule mod_rewrite.c>
 RewriteEngine on
 RewriteCond %{HTTPS} off 
 RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
 RewriteRule ^$ public/ [L]
 RewriteRule (.*) public/$1 [L]

Open in new window

So, this works fine if I click on the link from the google search results and if I type www.mysite.com directly into the browser url.

But, if I just type in mysite.com then it loads the site but doesn't force the www and some things on the site do not work anymore.

Console gives me a bunch of these errors:

has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource

So, firstly, what is the best way to fix this and secondly, am I not meant to choose a preferred version and somehow state that via a canonical tag or something along those lines. I am concerned google will think there is duplicate content if both www and non www sites work or is that not an issue?

Any advice would be appreciated.
OWASP: Forgery and Phishing
LVL 12
OWASP: Forgery and Phishing

Learn the techniques to avoid forgery and phishing attacks and the types of attacks an application or network may face.

I'm just starting to learn Docker, and I think I have some of the basic concepts of creating containers down.  My intention is to have multiple containers on my server, each serving one unique website.

Now, here's my question.  I don't know how to handle the ports if there are multiple containers all set to respond to port 80.  Won't it cause some sort of problem if there are multiple containers, each running their own instance of apache, each reacting to port 80?  Is there some sort of internal IP addressing then that needs to take place to handle that?

I've got a pretty decent idea how the routing/responding through Apache works on a single server - but isn't this conceptually multiple servers all tied together with the same IP?
301 page redirect

I am wanting to re direct

www.xxxxx(whatever)/sales to

Foe SEO benefits.

I have an apache server
What would be the 301 redirect code and where on my server would it go?

ie where to upload it to?
Resolved most of the errors and stuck with this last one.

08-Oct-2018 21:42:28.333 INFO [main] org.apache.catalina.core.ApplicationContext.log Initializing Spring root WebApplicationContext
08-Oct-2018 21:42:32.109 SEVERE [main] org.apache.catalina.core.StandardContext.listenerStart Exception sending context initialized event to listener instance of class [org.springframework.web.context.ContextLoaderListener]
 java.lang.ArrayIndexOutOfBoundsException: 2420
      at org.springframework.asm.ClassReader.readClass(Unknown Source)
      at org.springframework.asm.ClassReader.accept(Unknown Source)
      at org.springframework.asm.ClassReader.accept(Unknown Source)
      at org.springframework.core.type.classreading.SimpleMetadataReader.<init>(SimpleMetadataReader.java:54)
      at org.springframework.core.type.classreading.SimpleMetadataReaderFactory.getMetadataReader(SimpleMetadataReaderFactory.java:80)
      at org.springframework.core.type.classreading.CachingMetadataReaderFactory.getMetadataReader(CachingMetadataReaderFactory.java:101)
      at org.springframework.core.type.classreading.SimpleMetadataReaderFactory.getMetadataReader(SimpleMetadataReaderFactory.java:76)
      at org.springframework.context.annotation.ConfigurationClassBeanDefinitionReader.checkConfigurationClassCandidate(ConfigurationClassBeanDefinitionReader.java:300)
      at org.springframework.context.annotation.ConfigurationClassPostProcessor.processConfigBeanDefinitions(ConfigurationClassPostProcessor.java:172)
      at …
Hi All,

How to copy some rows of data from excel sheet to new excel sheet in mac using java and if possible throw mail with the attachment of new excel sheet?

Note: Mac office 2011

I need to enable mod_rewrite for Linux 2 on an AWS instance.  I have a vhost file in which I want to put the rewrite rules.  I have tested it with this simple command
RewriteRule ^.*$ http://www.wordpress.org/ [R]

Open in new window

and nothing happens

here is my httpd.conf concerning the document directory for all of the websites

<Directory "/data/www">
   AllowOverride All
    # Allow open access:
    Require all granted
        Options Indexes
        Options FollowSymLinks

Open in new window

Each virtual directory starts with /data/www/ then the name of the respective website such as /data/www/abc.com

Here is my vhost file for https://abc.com

  <Directory /data/www/abc.com>
                        Require all granted
                        RewriteEngine On
RewriteRule ^.*$ http://www.wordpress.org/ [R]
RewriteCond %{QUERY_STRING} controller=cms [NC]
RewriteCond %{QUERY_STRING} id_cms=([0-9]+)\%3F [NC]
RewriteRule ^/?index\.php$ /index.php?controller=cms&id_cms=%1 [NC,R=301]

RewriteCond %{QUERY_STRING} controller=product [NC]
RewriteCond %{QUERY_STRING} id_product=([0-9]+)\%3F [NC]
RewriteRule ^/?index\.php$ /index.php?controller=product&id_product=%1 [NC,R=301]

                        RewriteRule ^/webmedia/(.*) / [R=301,L]

Open in new window

Please help me to get rewrite working properly.
I am trying to reverse proxy to a another proxy. The trouble is its redirecting me to the url. I want the original url to stay about without subfolders.

server {
  server_name admin.example.com;

  location / {
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header Host $host;
    proxy_pass http://www.example.com/thisfolder/anotherfolder;
    proxy_redirect off;

Open in new window

I would like admin.exable.com to stay in the address bar and display what's in www.example.com/thisfolder/anotherfolder

Many thanks for any help.
Getting error message when testing website contact form (phpmailer) in localhost:

"Warning: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in C:\xampp\htdocs\phpmailer\class.smtp.php on line 368"

This website is an old project that was never published, but I remember that the contact form was working when I last tested it in localhost. I think its got an older version of PHPmailer, but I'm not really sure how check that.

And I understand that this is a certificate error and updating it may fix the problem, but I don't really know how to do that. Please advise.
i've an error appeared after i installed vmware vrealize business for cloud ( but i get this error in the attach. i also have vmware vrealize operation V (Version Build 6163035), so how can i fix it?
Hi Expert
I need to debug some issues related to redirect rules.

for example:
rewritecond  request_uri /xxx

so In the above condition I am passing request_uri . is their anyway to print or echo and capture request_uri incoming data .

this helps to capture values and analyse log.
Introduction to Web Design
LVL 12
Introduction to Web Design

Develop a strong foundation and understanding of web design by learning HTML, CSS, and additional tools to help you develop your own website.

Here is my configuration for protecting one of my directories using mod_authn_dbd...
<VirtualHost *:80>

DBDriver mysql

DBDParams host=,port=3306,dbname=myDB,user=root,pass=*****

DBDMin  4
DBDKeep 8
DBDMax  20
DBDExptime 300

<Directory "/path/to/ProtectedDir">
AuthDBDUserPWQuery "SELECT encrypt(passwd) AS password FROM myTable WHERE user_name = %s AND DUE_DATE>=CURDATE()"
  AuthType Basic
 AuthName "CurrentIssue"
 Require valid-user
 AuthBasicProvider socache dbd

    ServerName www.mySite.com
    ServerAlias mySite.com
    DocumentRoot /Server/WebSites/mySite
    ErrorLog /Server/WebSites/mySite/error.log
    CustomLog /Server/WebSites/mySiterequests.log combined

<Directory "/Server/WebSites/mySite">
    AllowOverride None
    Require all granted


Open in new window

My question is how do I protect another Directory using a different mysql DB?

I've tried adding
DBDParams host=,port=3306,[u]dbname2[/u]=myDB,user=root,pass=*****

Open in new window

<Directory "/path/to/ProtectedDir2">
AuthDBDUserPWQuery "SELECT encrypt(passwd) AS password FROM myTable2 WHERE user_name = %s "
  AuthType Basic
 AuthName "Admin"
 Require valid-user
 AuthBasicProvider socache dbd

Open in new window

As expected this breaks both Directories.
Any ideas on how I would accomplish this?
Is there any way to use mod_authn_dbd with htaccess?
Dear Experts
We are having CRM application which is web-based runs on LAMP stack. the operation team reports between specific time period user get time out when they save the records or convert the records or retrieve the records, can you please suggest on how to capture log files which occurs during that time for example 5pm to 6pm, only during this time I would like to capture a following log files.
1) /var/log/mysql.log
3) /var/log/slowquerylog
please help with steps on above 1 to 4 log capture during specific time period , this will be helpful to investigate , thank you very much.

I have created a web project using PHP and c++. In brief what it does is connects to an remote Exchange server and gets the data from it. The website functions properly, but it requires some changes to be made to the PHP.ini file (enabling LDAP, COM, etc). I am using XAMPP.
The issue I'm facing is that the changes made to the php.ini file is not taking effect. I have created a c++ console application which runs in hidden mode and modifies the php.ini file. When I open and check the ini, the changes are there in it but when I run the website trough XAMPP it does not pick up the changes made to ini. I have tried restarting the Apache service, restarting XAMPP, restarting machine as well, nothing worked.

Though the problem is not concerning exchange server, any help would be greatly appreciated.
is there any free open source gui for modsec managment and monitoring?
Is there a way to achieve the following -

We have a RANK field in each document, and essentially, I would like my score to be influenced by this RANK as follows -

score = (score * 0.1) + RANK

How can I achieve this with function queries or through some other mechanism

Solr Version # 7.4.0

I have Apache 2.4 installed on a Windows 2012 server with an external certificate.  I have internal DNS setup to direct the external domain name to the correct server.

I am trying to redirect all internal web traffic to the external web name.  I currently redirect all HTTP hits on the server for the internal name to the external name successfully.  However, I am not able to redirect all HTTPS hits on the server for the internal name to the external name:

http://WEBSITE/                              Redirects to                        https://WEBSITE.External.com/
https://WEBSITE/                              DOES NOT Redirect to            https://WEBSITE.External.com/
http://WEBSITE.Internal.local/            Redirects to                        https://WEBSITE.External.com/
https://WEBSITE.Internal.local/            DOES NOT Redirect to            https://WEBSITE.External.com/
http://WEBSITE.External.com/            Redirects to                        https://WEBSITE.External.com/

Is it possible to redirect HTTPS traffic and rewrite the URL to another HTTPS URL?  What am I missing?

Many thanks in advance!

How can I disable cache from the ubuntu server with php and plesk control panel?
I have ubuntu 14.04 server with plesk web admin on it.
I am facing a problem with all my hosted services:
- when I access a php web service sometimes they dont work, and after recalling it it work perfectly.
- when I download a file on server form http, it freuqet get disconnected.
Any idea on how to solve these issues?
I want to map the name of an actual folder to a dummy folder name used in php / html, using htaccess file.

So on the server I have this real folder called 'mydata' which contains many php files and subfolders.

When I retrieve data from this folder, in php or html files, I want to write the path as 'somedata', instead of 'mydata'; for example: /somedata/mydatafile.php instead of /mydata/mydatafile.php. So the 'mydata' folder name will be always hidden from users for security reasons. 'somedata' is just a name, there isn't an actual folder on the server.

I have a few addon domains beside the main domain, and the same mydata folder exists on each add-on domain too. The structure in cPanel is:


where mysite.com is the main domain and the others are addons.

The htaccess file should map 'somedata' folder name to 'mydata' folder name, in any path in any domain and addon-domain, so I would place it in the root (is root considered where public_html, mysite2.com and mysite3.com sites are?) I prefer to do it without redirect, the simplest way possible for the server.

With RewriteEngine On, I tried the following:

Alias /somedata /mydata

RewriteRule ^mydata/(.*)$ /somedata/$1 [NC,L]

RewriteCond %{REQUEST_URI} ^/somedata
RewriteRule .* /mydata/ [NC,L]

I'm stuck because of the syntax, can we make at least one work...?
Protecting & Securing Your Critical Data
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

On my domain, the .htaccess file looks like this:

RewriteRule ^ not-exists.php

Open in new window

A request for /just-something results in "Not Found". However, this:

RewriteRule ^ not-exists/not-exists.php

Open in new window

results in an Internal Server Error. Why? What is the difference? If both examples would give same result, then I would understand it, but now I don't understand it. So what iexactly is the difference between these two results?

I'm having a cross user session problem in a Java Enterprise application where SSO is implemented via Site Minder. A user who attempts to re-login on his session timed-out window, is logged in as some other user who's session is active with Site Minder.
The fact is that the session id that is active with the second user is given to the first user henceforth he is active with the wrong session id.

This is not reproducible. Any thoughts are appreciated.
I am confused about Nessus Scan vulnerability for Apache Tomcat. My confusion is this is a Workstation and not a server. I do not see Apache Tomcat installed on the Machine.

How does Apache Tomcat work on a PC/workstation ? Program is installed. Where would I find the program to delete or upgrade tomcat?

Apache Tomcat Default File

Description: The default error page, default index page, example JSPs, and/or example servlets are installed on the remote Apache Tomcat server. These files should be removed as they may help an attacker uncover information about the remote Tomcat install or host itself.

Solution: Delete the default index page and remove the example JSP and servlets. Follow the Tomcat or OWASP instructions to replace or modify the default error page.
I have created several ipsets broken up by country.  I need to list the names of the ipsets I have built and I need to know how to have the ipsets persist after a reboot.  I am on a Linux 2 Amazon Apache 2.4 instance.
I recently updated to Apache Flex 4.16.1 AIR30 I can no longer do HTTP requests.

Error Message:
  body = ""
  clientId = "DirectHTTPChannel0"
  correlationId = "83285769-41EE-7618-7833-CD43BB74BE6B"
  destination = ""
  extendedData = (null)
  faultCode = "Server.Error.Request"
  faultDetail = "Error: [IOErrorEvent type="ioError" bubbles=false cancelable=false eventPhase=2 text="Error #2032: Stream Error. URL: http://localhost:37813/Webessentials/webessentials/api/version?hostport=" errorID=2032]. URL:"
  faultString = "HTTP request error"
  headers = (Object)#1
    DSStatusCode = 0
  messageId = "DF5A526F-6F62-6D11-F9BD-CD43BC442000"
  rootCause = (flash.events::IOErrorEvent)#2
    bubbles = false
    cancelable = false
    currentTarget = (flash.net::URLLoader)#3
      bytesLoaded = 0
      bytesTotal = 0
      data = ""
      dataFormat = "text"
    errorID = 2032
    eventPhase = 2
    target = (flash.net::URLLoader)#3
    text = "Error #2032: Stream Error. URL: http://localhost:37813/Webessentials/webessentials/api/version?hostport="
    type = "ioError"
  timestamp = 0
  timeToLive = 0
I am on an AWS instance running Linux 2.  I log in to the server via ssh as ec2-user and then sudo -i.  When I try to upload as ec2-user I keep getting permissions denied errors from WinSCP 5.  All of the wordpress files are apache:apache.  I added in ec2-user to the group apache and to the group root.  However, I keep getting the same error it is denied.  I then changed the directory for plugins which is /data/web/abc.com/wp-content/plugins to 777 but still got the same error.

I know that I can change everything upstream to 777 but I don't want to do that.  It seems to me that WinScp is supposed to have an sudo command but the default which I have tried to use isn't what I use on my server.  Once I login via ssh I use sudo -i and then I have root privileges and can do anything.

Please show me how to change the default sudo command in WinSCP to sudo -i? Or, is there another way to upload the files?  If I need to switch to FileZilla I am open to that to if it will permit me to upload to my site.

Apache Web Server





The Apache HTTP Server is a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. Typically Apache is run on a Unix-like operating system, but it is available for a wide variety of operating systems, including Linux, Novell NetWare, Mac OS-X and Windows. Released under the Apache License, Apache is open-source software.