I am trying to install Phpki on a SME-Server.   In the initial Setup screen I is asking the following.

"Storage Directory *
Enter the location where PHPki will store its files. This should be a directory where the web server has full read/write access (chown phpki ; chmod 700), and is preferably outside of DOCUMENT_ROOT (/opt/phpki/html). You may have to manually create the directory before completing this form. "

It gives the example of :

"/opt/phpki/phpki-store"

The server's Primary Dir has three  folders

Primary -  cgi-bin
               -  html
               -  folder  -  phpki-store


I was thinking  about putting  phpki-store under folder which is at the same level as the html folder,   I'm not sure what they are asking for.

I have my domaing "www.myserver.com" and I got  customized my ".htaccess" file with the following rewrite rules:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/oculto/larespuesta.php$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www.myserver.com$ [NC]
RewriteRule ^(.*)$ https://www.myserver.com/$1 [L,R=301]

Select all Open in new window

This set of lines allow me:
1.- redirect all calls of "http://" to "https://"
2.- redirect all calls of non "www" to "www"

I wanna know how to bybass of this rules using rewrite rules, subdomains in the same server? I tried with RewriteCond %{HTTP_HOST} !subdomain\.myserver1\.com$ [NC], but after I add that line I need to comment

   RewriteCond %{HTTP_HOST} !^www.myserver.com$ [NC]
   RewriteRule ^(.*)$ https://www.myserver.com/$1 [L,R=301]

Select all Open in new window

Is there a way to add a bypass for my subdomains in my htaccess?

Hi Experts

Could you pont a way to obtain the volume of accesses to a customer portals (Apache/ MSSQLServer) ?

Accordingly to:
 
The customer enter on some site's pages with it's credentials, choosing it's name on a combo, etc...

Is it possible to obtain the access volume by using the Apache default features, f.e. ?

Thanks in advance!

I would like my Apache server to automatically connect all requests for a specific website using https:

I use MAMP Pro 5, running on Mac OS X 10.11.6  I have set up multiple websites, and for one specific domain I have successfully installed a SSL certificate that I purchased from namecheap.com
I can connect to the website securely if I type in the complete address, with https://

If I connect to the website without typing in https://  MAMP PRO's Apache server only serves up the pages without the secure connection

How can I have MAMP/Apache only connect visitors securely?
I've tried Allow http connections, but that doesn't redirect connections from http to https

Can anyone suggest any SW tools/utilities/commands to help manage disk space, identify space hogs, etc for a Linux Server?
(If it matters, it is a web server, headless CentOs 7 LAMP)

Dear Experts,

We have several forms on our website that send emails to various users in our organization.  I didn't create these but am only the sys admin for the server.

One user is being pestered by spam that seems to be generated by one particular form.  
The form has a few radio buttons, Name, address, phone number and comment fields.

The set up of our forms is this:
myForm.html  gets filled out by users.
When the submit is clicked, it executes a myForm.cgi.
This myForm.cgi calls a compiled c++ program myForm_comp.cgi which parses the information from the form and sends it using a mail package to the user.  The user's email address is hardcoded in the compiled coded.  

This set up is the same for all our forms however this user is the only one who gets the spam.  We have several forms (separate cgi compiles) that get sent to different users depending on topic. All simple forms with similar fields.

In reviewing the Apache logs, we see, for example, what appears to be a bot (same IP, hundreds of lines in a 30 second window) hitting all our webpages and especially hitting two of our forms.  One being myForm.cgi the other being otherForm.cgi.

The apache log shows 11 GETS of the myForm.html and then hundreds of GET/POST for myForm.cgi.
The user reported she got 10 spam emails.  

The same pattern shows for the otherForm.html but no spam emails arrived.

We think it must be a bot that reads the html, fills it in (it's always the same …

Hi all

I'm currently restricting access to a intranet site using a LDAP lookup and requiring a valid user, ip or host name. For some reason a wordpress site running on this cannot loopback and is coming up with a 401 error saying

"Unauthorized, This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required"

If I remove the code below all works fine so I'm asking for some guru help please how I can still use the below, but allow the machine to talk to itself (I guess) without authentication?
 

<Directory "D:/htdocs/intranet">

    Options Indexes FollowSymLinks
    AllowOverride All
    
    AuthType Basic
    AuthName ""
    
    AuthBasicProvider ldap  
    
    AuthLDAPURL "ldap://1.2.3.4:567/ou=#,dc=#,dc=#,dc=#?sAmaccountName"  
    AuthLDAPBindDN "cn=#,cn=#,dc=#,dc=#,dc=#"
    AuthLDAPBindPassword ####
    
    Require valid-user 

    Require ip ####
    Require host localhost
    
</Directory>

Select all Open in new window

We use a company called my contact form for our forms onsite.

https://www.magickitchen.com/contact-test.html

But they use a standard captcha where you have to enter text, and we have an older base, who have trouble with it, so we'd like to replace it with a recaptcha.

I've got the client side on that page, but I have no idea how to implement the server-side, I'm hoping someone can tell me how to so it with htaccess.

Google says:
When your users submit the form where you integrated reCAPTCHA, you'll get as part of the payload a string with the name "g-recaptcha-response". In order to check whether Google has verified that user, send a POST request with these parameters:
URL: https://www.google.com/recaptcha/api/siteverify
secret (required)      6LdfIn4UAAAAALJ-198KrFzDKKytHk5w9tTipp8m
response (required)      The value of 'g-recaptcha-response'.
remoteip      The end user's ip address.


The reCAPTCHA documentation site describes more details and advanced configurations. https://developers.google.com/recaptcha/docs/verify

Can someone check this please ... Is this the correct coding for robots.txt if I put a sitemap.xml file in the web root folder:
     User-agent: *
     https://EXAMPLE.COM/sitemap.xml
and
Is this the correct coding for .htaccess if I want to direct all requests to the Non-www https version of a URL:
     RewriteEngine On
     RewriteCond %{HTTP_HOST} ^www\.EXAMPLE\.com [NC]
     RewriteRule ^(.*)$ https://EXAMPLE.com/$1 [L,R=301]
     RewriteCond %{SERVER_PORT} 80
     RewriteRule ^(.*)$ https://EXAMPLE.com/$1 [L,R=301]
Any advice appreciated!

So, I have been reading about this for a long time and there's never a conclusive answer to be found anywhere.

I have a Centos 6 LAMP web server which mostly hosts websites created by yours truly and the occasional website created by someone else.

Which is the most secure way to configure Wordpress folders ownership AND keep all the automatic features (updating, uploading and so on) without the need to insert ftp or sftp credentials each time?

Aside from permissions (which I always set to 755 for folder, 644 for files and 600 for special files, as suggested everywhere), there's a lot of different ideas about ownership.

Somebody says apache should be the owner of the whole folder. Somebody says that the owner should be your server user (root for instance, or a dedicated user) and never apache.

But if the owner is not apache, you have to use your ftp credentials to upload, update and so on.

So is there a way to actually have it all? What's the safest and smartest way to configure ownership for Wordpress?

Thanks guys.

hi all

I have an issue with my rewrite in a .htaccess file that I'm unsure how to fix.

I want to be able to pass parameters as a query variable when someone uses the url for example www.mysite.com/user/reset/asdfg12345 to be re-written as www.mysite.com/user/reset/?rp=asdfg12345

My code below works but only for the very last rule so in this case RewriteRule ^user/verify/([^/\.]+)/?$      user/verify/?uvc=$1 [L] , the rule or rules above it never work, If I change the order again the last one only ever works.

Sure it's a simple error but something I'm not sure about.

Thanks in advance all, Neil

RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_REFERER} !^$  

# allows reset URL like /user/reset/5d34f4e59c155566913f782a2e2557dc,234j5hj23k452hk
RewriteRule ^user/reset/([^/\.]+)/?$	user/reset/?rp=$1 [L] 

# allows verification URL like /user/verify/5d34f4e59c155566913f782a2e2557dc
RewriteRule ^user/verify/([^/\.]+)/?$	user/verify/?uvc=$1 [L]

ErrorDocument 404 404.php 

############################################
## never rewrite for existing files, directories and links
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l

## rewrite everything else to index.php
RewriteRule .* index.php [L]

Select all Open in new window

Friend transferred a wordpress site to a new VPS, the new host is displaying SOME pages but not all pages.

For example /category/mypage works
but category/mypage2 returns 500 server error

Wp-admin works, so i dont htink its a database issue, i re created the htaccess file, no luck.

When i inspect the  broken page it says <!-- html is corrupted -->

They are using the wordpress fastest cache plugin, not sure if that helps (even though i look into the cache folder and not all the pages are in here? is it permissions? i set 777 temporarily on those folders but look slike Fastest Cache isnt loading those pages into the cache)


Any ideas other than corrupted pages one one page would return 500 server error?

Hello Htaccss  Experts :)

I have an htaccess file that has, near the end, a rewrite section that redirects the site to another url.

I don't want that redirect to happen, but I'm not sure how to change that htaccess file.

It's running on xampp that I installed on my local windows based server, for testing locally on Localhost.

I have changed the redirect to google, for privacy issues.   But I just want there to be NO redirect. It's a WordPress site that I just want to run locally for some testing. WordPress has been successfully installed.

Below is a snippet from the end of the .htaccess file   My snippet starts a few lines before the rewrite engine section -- and goes all the way to the end of the .htaccess file

ExpiresByType application/x-shockwave-flash "access 1 month"
ExpiresByType image/x-icon "access 1 year"
ExpiresDefault "access 2 days"
</IfModule>
## EXPIRES CACHING ##

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^(.*)$ https://www.google.com/$1 [R,L]
# Use PHP70 as default
AddHandler application/x-httpd-php70 .php
# BEGIN custom php.ini PHP70
<IfModule mod_suphp.c>
    suPHP_ConfigPath /home3/zzz/public_html
</IfModule>
# END custom php.ini

Select all Open in new window

Would just changing "rewriteengine" to öff do it?

As I said, I am running this on my local computer using xampp   (which I haven't used for a while, but I got localhost working on it.)

Thanks!
Rowby