Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x

Apache Web Server

19K

Solutions

14K

Contributors

The Apache HTTP Server is a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. Typically Apache is run on a Unix-like operating system, but it is available for a wide variety of operating systems, including Linux, Novell NetWare, Mac OS-X and Windows. Released under the Apache License, Apache is open-source software.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have a Centos 6.9 machine with Apache 2.2.15 and OpenSSL 1.0.1e which according to my research supports SNI.
I have "NameVirtualHost *:443" defined in the main httpd.conf file.

The difestyle certificate is a purchased one. The one for darksidediving was created using the letsencrypt certbot tool and it created the additional configuration file for the darkside ssl config .

The issue I am having is that when I go to the darkside https page I get a certificate warning and looking at it I am being given the divestyle certificate instead of the darkside one. I tried the ssllabs tools just to make sure it was not my browser.

divestyle.conf
# live site
<VirtualHost *:80>
  ServerName www.divestyle.co.uk
  ServerAlias divestyle.co.uk
  DocumentRoot /var/www/htdocs
  <Directory "/var/www/htdocs">
    AllowOverride all
    Order allow,deny
    Allow from all
  </Directory>
</VirtualHost>

# live secure site
<VirtualHost *:443>
  ServerName www.divestyle.co.uk
  ServerAlias divestyle.co.uk
  DocumentRoot /var/www/htdocs
  SSLEngine on
  SSLProtocol All -SSLv3 -SSLv2
  SSLCipherSuite HIGH:MEDIUM:!SSLv2:!LOW:!EXP:!aNULL:@STRENGTH
  SSLCertificateFile /etc/httpd/conf.d/ssl/www_divestyle_co_uk.crt
  SSLCertificateKeyFile /etc/httpd/conf.d/ssl/www_divestyle_co_uk.key
  SSLCACertificateFile /etc/httpd/conf.d/ssl/www_divestyle_co_uk.int.crt
  <Directory "/var/www/htdocs">
    AllowOverride all
    Order allow,deny
    Allow from all
  </Directory>
</VirtualHost>

Open in new window


darkside-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
  ServerName darksidediving.co.uk
  ServerAlias www.darksidediving.co.uk
  DocumentRoot /var/www/www.darksidediving.co.uk
  <Directory "/var/www/www.darksidediving.co.uk">
    AllowOverride all
    Order allow,deny
    Allow from all
  </Directory>
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/darksidediving.co.uk/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/darksidediving.co.uk/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/darksidediving.co.uk/chain.pem
</VirtualHost>
</IfModule>

Open in new window

0
Technology Partners: We Want Your Opinion!
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Hello  

My saturday seems to be filled with htaccess issues :)  BTW this is a different site than my earlier question today.

I have a client who needs to have a few generic php and html files in the root of the server.  The existing Htaccess file apparently is disallowing files to be in the root -- which gives a 404 errors -- even though the physical files exist in the root (/public_html)

The files mainly have htm and php extensions, but there may be jpg, gifs and perhaps swf extensioins.

It''s a Joomla site, and I'm thinking it might be a security feature.  (His old joomla site let him have these kinds of files in the root.  But I guess Joomla hyped up the security and is not letting them be viewed by the public.

Please look at the htaccess file and let me know if indeed there is a rule prohibiting this, and how I can eliminate that rule.  BTW there is nothing in the code that will identify the actual site.....)
### ===========================================================================
### Security Enhanced & Highly Optimized .htaccess File for Joomla!
### automatically generated by Admin Tools 3.5.1 on 2015-05-15 14:49:25 GMT
### Auto-detected Apache version: 2.2 (best guess)
### ===========================================================================
###
### The contents of this file are based on the same author's work "Master
### .htaccess", published on http://snipt.net/nikosdion/the-master-htaccess
###
### Admin Tools is Free Software, 

Open in new window

0
Hi htacess Exoerts!

I would like to write an htaccess rule that does the following example:

If the url is /17-the-mobile-experience-conference
It would do an automatic redirect to.  /the-mobile-experience-conference

Specifically a global rule where if ANY url starts with a /17-       It would “remove “ the 17-     and do a redirect.

Thanks,

Rowby
0
I keep getting this error:

https://gyazo.com/e42f6ac2d15e502aec32cbb0588408a8

I have reloaded the software twice now.

I am on a Bitnami Debian stack.

This is a new test site.
0
Hi Experts,

Please let me know why my mod-security module is not detecting xss cross script issue

I am using red hat with Apache 2.2 .Do we need to change any conf file?
0
Hi experts,

I am trying to edit my hosts file C:\Windows\System32\drivers\etc\hosts  but it won't let me save it and tells me it is being used by another program.  I have no other apps open, and apache is stopped.

When I try to delete the file (I have a copy waiting) I am told that the file is being used by system.

Any ideas on how I can edit and save the file please?

Cheers
0
Hello

I am running Nginx version 1.10.2 on Centos 6.9 for a long time. Nginx serves as a reverse proxy to Glassfish 3 running some application.

Today when I rebooted my machine and I opened the URL to Nginx I got Bad Gateway. The error logs show following:

2017/10/01 05:28:48 [crit] 11408#0: *5 SSL_do_handshake() failed (SSL: error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small) while SSL handshaking to upstream, client: 123.456.789.123, server: mydomain.net, request: "GET /apex/f?p=123 HTTP/1.1", upstream: "https://127.0.0.1:9191/apex/f?p=123", host: "www.mydomain.net", referrer: "http://www.mydomain.net/"

Open in new window


I am able to access Glassfish with https://Hostname:9191/apex ... without a problem.

I am not sure what to do to fix this issue.

OpenSSL version is following:

-bash-4.1# rpm -qa openssl*
openssl098e-0.9.8e-20.el6.centos.1.x86_64
openssl-devel-1.0.1e-57.el6.x86_64
openssl-1.0.1e-57.el6.x86_64

Open in new window


I will be really thankful if someone can help.
0
Hi All,

just now we installed MOD security module on Apache
after that we are getting bellie error.

ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:host. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "810"] [id "920350"] [rev "2"] [msg "Host header is a numeric IP address"] [data "x. x. x. x:81"] [severity "EMERGENCY"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag

 "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "x. x. x. x"] [uri "/health/check.sh"] [unique_id 

please assist
0
Pretty odd one here I cannot wrap my mind around. I was in the middle of testing a page with a POST form when I discovered that, along with the POST, it was creating a GET query string. I started eliminating JavaScript, etc., until I was down to a basic HTML page structure with no other markup than the form. Still having the problem, I started eliminating things in the form (even the submit button as type="submit") until I came up with the following. This is the entire page:

 
     <!DOCTYPE html>
    <html lang="en-gb">
    <head>
        <title>Title</title>
        <meta charset="utf-8">
    </head>
    <body>
        <form>
            <input type="hidden" name="foo" value="foo" />
            <button name="Button">Send Message</button>
        </form>
   </body>
   </html>

Open in new window

As you can see, this form should not even submit. Yet, pressing the button will create a url query string in the address bar. This is my dedicated server. My thought is that there must be a MITM listener at work here. This has been tested in different versions of IE, FireFox and Chrome on 5 different computers and one Android phone. The only other possibility that makes sense to me is my network or my ISP. Whatever it is, there has to be something listening somewhere to submit a form that isn't really a legal form. I have not experienced this except on domains on my server.

I should add that there are several domains on this server an I ran this test file on several of them with the same results.
0
This is Apache 2.2.17 and it was complied into its own directory.
The Openssl version on the server was 1.0.0.
I installed a newer version 1.0.1g.

Configured the new version to be used by the OS. 'openssl version' and 'which openssl' both show the new version.

However, when I try to add the new security from OpenSSL in the httpd.conf I get this error:

SSLProtocol: Illegal protocol 'TLSv1.2'

...showing that it is still not using updated OpenSSL.
Per Redhat. httpd2.2.17 should support this:

https://access.redhat.com/solutions/65030
RHEL 6: TLS v1, v1.1, & v1.2 support

You must have at least openssl-1.0.1e-15.el6, httpd-2.2.15-39, and mod_ssl-2.2.15-39 to have support for TLSv1, v1.1, & v1.2.
TLS v1.1 & v1.2 support added to OpenSSL with release of openssl-1.0.1e-15.el6 from RHBA-2013:1585, first shipped in RHEL 6.5.
The ability to specify TLSv1.1 & v1.2 in Apache with SSLProtocol was included in httpd-2.2.15-39, released in RHBA-2014:1386-1.

What needs to be done to do this other than recompiling Apache?
0
Tech or Treat!
LVL 10
Tech or Treat!

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

I can't get the rewrite rule correct in order to create pretty url's with pagination.

This is my current rule for listing products within a category:

RewriteRule ^product-category/([a-zA-Z-]+)$ category.php?slug=$1 [NC,L]

Open in new window

The result is something like mysite.com/product-category/shirts

I want the pagination url after clicking on "2" for example, to be

mysite.com/product-category/shirts/page/2
I tried this but it doesn't work and just looks wrong:

RewriteRule ^product-category/([a-zA-Z-]+) category.php?slug=$1/page/([a-zA-Z-]+)$ pagination?=$1 [NC,L]

Open in new window

I get an internal server error.
0
I suddenly can't seem to access my local websites on my Mac via MAMP. My ddns.log file contains the following:

mamp_dyndns[41389:21445531] DynDNS: [no update] empty username and/or password

Open in new window


I do have my DynDNS username and password stored properly in the MAMP interface, and my DynDNS account is in good standing and is configured as it's always been.

Any help on figuring this out would be appreciated.

Thanks,
Jon
0
HI,

I installed/built apache 2.2.x on a Ubuntu, but I want to completely remove Apache now, but having a hard time.   There is an "apache2" folder in "/usr/local/apache2".    Is it simple as just deleting this folder?  If not, what steps can I take to do this?

I've attached an image/screenshot showing the steps I took to install it if that helps.  I haven't configured or modified anything so I do not need to backup anything at all.  I just want it completely gone if possible.
steps.JPG
0
hi guys

So I am going to be installing an SSL certificate on a Linux Amazon EC2. I created the CSR on this instance so I will need to apply the SSL to it to complete the installation.

It is a wildcard SSL certificate. So then I will need to export this SSL certificate and install it on another instance and turn off the other machine. On Windows I know how to export it as a .pfx and install it on another instance, but I don't know how to do this on a Linux machine. It is an amazon EC2 instance.

Are you able to help me accomplish this? What commands do I have to run to export this and then install it again on the new instance?

Thanks for helping
Yashy
0
hi guys

I'm trying to access an apache web server that I just took a copy of. The external IP is: 34.252.113.239. If you put that into a web browser, then you literally get a 'www' put in front of that IP address.

It's a linux server running apache. I'm not a developer, but could you guide me into looking at where the actual redirect might be occurring and take it out so that putting in the external IP will redirect it to the correct place? I.e. if I put in http://34.252.113.239 then that's exactly where it needs to forward to without a www. coming in front of it.

Thanks for helping
Yashy
0
Referring to above Struts vulnerability, would an encrypted DB have helped
prevent this data leak/loss?  

Does this Equifax & AXA dl come about by issuing an sql command?

There could be other unknown vulnerabilities yet to be discovered so
wud DB encryption had helped?
0
We noticed that when we change some data (images for example) in site that is in /var/www directory apache hesitate to apply thouse changes and for some time we see old images when accessing web site from browser. How to force Apache to apply changes immediately? May be the problem is in some Apache caching? If so - can it be disabled somehow?
0
I have a webapp written in PHP.
I am developing on my Mac, then running the website on my own Ubuntu server on AWS.

How should I be storing date/time in my mysql database???
Currently when I test on my mac all the times are right.... but when i run on my ubuntu server its an hour out.

Ubuntu Server is UTC timezone.

Im confused what I should do.
0
Hi,

I want to rewrite an entire directory using htaccess

Examples of original legacy URLs
website.com/app/group/index.php?group=id
website.com/app/group/settings.php?group=id
website.com/app/group/tasks/index.php?group=id
website.com/app/group/tasks/task.php?group=id&task=taskId
website.com/app/group/members/member.php?group=id&member=memberId
....

Open in new window



The new urls would be and rewrote to the original urls
website.com/app/group/id/ //with or without trailing slash
website.com/app/group/id/settings //settings file -> only get param is the group id
website.com/app/group/id/tasks/index.php //Tasks directory
website.com/app/group/id/tasks/task.php?task=taskId //Or website.com/app/group/id/tasks/task.php/taskId
website.com/app/group/id/members/member.php?member=memberId //OR website.com/app/group/id/members/member.php/memberId

Open in new window


There are about 10 -12 directories within the parent directory of "group"

I have successfully created a rewrite condition to accept
website.com/app/group/id/


using the following condition
RewriteCond %{REQUEST_URI} /app/group/
RewriteRule ^app/group/(\w+)/?$ /app/group/?group=$1 [L]

Open in new window


The problem becomes if i go to any other of the subdirectories within the parent directory of "group"

The group id ("group=id") will ALWAYS be needed with each page

Do i need to create a rewrite rule for each sub-directory?
Is there a way to extract only the group id and leave the remaining url intact (ex: website.com/app/group/id/tasks/task.php?task=5)?
0
Important Lessons on Recovering from Petya
LVL 10
Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Hi I'm attempting the access the TMDB API using PHP

using the sample script here on my localhost WAMP I get this error

cURL Error #:SSL certificate problem: unable to get local issuer certificate

Open in new window


Running it on a live site works but I don't want to be running test scripts on a website

I have 3 questions

1. How do I solve the SSL certificate problem:?
2. in the CURLOPT_URL line  how do I substitute 'Kate%20Hudson' for $Name?
3. In the output  how do I access the components? I thought it would be $id = $response->{results}{id};

CODE
<?php
error_reporting(E_ALL);
$curl = curl_init();
$Name= "Kate Hudson";
curl_setopt_array($curl, array(
  CURLOPT_URL => "https://api.themoviedb.org/3/search/person?include_adult=false&page=1&query=Kate%20Hudson&language=en-US&api_key=2c8a02fa36fb5299dcd97bbc84609899",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "GET",
  CURLOPT_POSTFIELDS => "{}",
));

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
  
  $id = $response->{results}{id};
  $name = $response->{results}{name};
  $profile_path = $response->{results}{profile_path};
  echo "<p>  id  [$id] name  [$name] profile_path [$profile_path]</P>";
}

Open in new window


RESPONSE


Open in new window

0
Apache2 quit working when I was messing with the config files and when I purged it and installed it, it quit working.

After I got it working again PHP wasn't working, so I removed it and reinstalled it and it's still not working.

Then I tried to remove PHP and then remove Apache2. I installed Apache2 then installed PHP and it's not working.

From the terminal

Setting up libapache2-mod-php7.1 (7.1.8-2+ubuntu16.04.1+deb.sury.org+4) ...
dpkg: error processing package libapache2-mod-php7.1 (--configure):
 subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
 libapache2-mod-php7.1
E: Sub-process /usr/bin/dpkg returned an error code (1)
0
I had my Apache2 running good on my development machine.

I changed some site configurations and started running the noip.com's client, even though this is a production machine, to see if I could access it from the world wide web.

I tried to install it in terminal and came across the following error

brian@brian-XPS-13:~$ sudo service apache2 start
[sudo] password for brian: 
Job for apache2.service failed because the control process exited with error code. See "systemctl status apache2.service" and "journalctl -xe" for details.
brian@brian-XPS-13:~$ sudo apt remove apache2
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages were automatically installed and are no longer required:
  apache2-data apache2-utils
Use 'sudo apt autoremove' to remove them.
The following packages will be REMOVED:
  apache2
0 upgraded, 0 newly installed, 1 to remove and 121 not upgraded.
After this operation, 501 kB disk space will be freed.
Do you want to continue? [Y/n] y
(Reading database ... 278612 files and directories currently installed.)
Removing apache2 (2.4.18-2ubuntu3.4) ...
Processing triggers for man-db (2.7.5-1) ...
Processing triggers for ufw (0.35-0ubuntu2) ...
brian@brian-XPS-13:~$ sudo apt purge apache2
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages were automatically installed and are no longer required:
  apache2-data apache2-utils

Open in new window

0
I am running apache 2.2.32 (openssl version 1.0.2k) version with php 5.2.12 (openssl version 0.9.8t ) setup on my server. I have extension=php_openssl.dll uncomment in php.ini ( on correct location of php.ini). I was not able to load the openssl module in phpinfo.

I tried to copy the following two libraries from \php\ext to \windows\system32 folder as well.
1. libeay32.dll
2. ssleay32.dll

Still I could see the openssl reference corresponding to apache where ever apache version is specified on loading but php openssl module is not showing up in phpinfo().

I tried to install latest openssl from openssl website and copy the relevant library folders in both apache and windows\system32 folder to resolve it but the module is not loading. I want to know if i can check if there is any compatibility issues with openssl or I am missing any steps in between.

Can anyone let me help me?

Thanks,
0
I recently upgraded to a new SSL certificate. My old used to include both the www and naked domains (e.g. https://www.chloedog.org and https://chloedog.org).  But the new certificate only includes the naked domain.  

I'm trying to use a .htaccess redirect so that both are accomplished in one pass.  I've tried a few different things and none work.

The most recent was:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.
RewriteRule ^(.*)$ https://chloedog.org/$1 [R=301,L]
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Open in new window


With the above, the following happens:

http://www.chloedog.org?129  - Works Fine
http://chloedog.org?129 - works fine
https://chloedog.org?129 - works fine
https://www.chloedog.org?129 - I get an "insecure connection" message.

Can you tell me what I'm doing wrong? It is like it looks for the certificate before doing the redirect.
0
Is it possible to block a state via htacess?  Hypothetical, I am not allowed to business in CA so I want to block the state of CA?
Are there instructions on how to block all countries except the USA via htaccess?
0

Apache Web Server

19K

Solutions

14K

Contributors

The Apache HTTP Server is a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. Typically Apache is run on a Unix-like operating system, but it is available for a wide variety of operating systems, including Linux, Novell NetWare, Mac OS-X and Windows. Released under the Apache License, Apache is open-source software.