Re: [users@httpd] Best way to redirect all traffic to secure website.

ld be wonderful! On Mon, Feb 20, 2017 at 4:56 PM, Yann Ylavic <ylavic@gmail.com> wrote: > On Mon, Feb 20, 2017 at 8:17 PM, Spork Schivago <sporkschiv...@gmail.com> > wrote: > > > > > > ServerName www.mydomain.com > > Redirect "/" &quo

[users@httpd] Best way to redirect all traffic to secure website.

Hello, I was following a post from a user asking about the best way to redirect all traffic on his server from port 80 to port 443. Someone linked the original OP to https://httpd.apache.org/docs/2.4/rewrite/avoid.html#redirect I decided to post my own question instead of hijacking his

Re: [users@httpd] redirect port from 80 to 443

Sorry to butt in here. I've been following this post with some interest. I wanted to accomplish the same thing the original OP wanted to accomplish, redirect all traffic to the secure version of my site. I went to the internet and found directions on how to do this using mod_rewrite rules.

Re: [users@httpd] Help tracking down a weird error with Apache and local / remote connections.

generated configuration, look at custom > config: > > If you are using EA4: https://documentation.cpanel. > net/display/EA4/Modify+Apache+Virtual+Hosts+with+Include+Files > EA3 has a similar feature, but I can't find the documentation right now. > > - Y > > On Tue, Feb 7, 2017 at

Re: [users@httpd] Help tracking down a weird error with Apache and local / remote connections.

>> >> >> >> So I run curl https://www.jetbbs.com/.well-known/test.html and see this: >> jetbbs.com and www.jetbbs.com test >> >> >> But on Eugene (my local machine), and everyone elses machine, when I run: >> curl www.jetbbs.com/.well-kn

Re: [users@httpd] Help tracking down a weird error with Apache and local / remote connections.

hole config file, I suggest creating a gist > or pastebin post. > You should also just run dig or host on the domain name from both machines > and make sure you get the same results. > > - Y > > On Sun, Feb 5, 2017 at 8:25 PM, Spork Schivago <sporkschiv...@gmail.com> > wrot

Re: [users@httpd] Help tracking down a weird error with Apache and local / remote connections.

Host because it is more specific. > > If there is a different IP for the website on one of your systems - for > example in the hosts file - that would cause it to all back to a different > Virtual Host than you expect because the IP doesn't match. > > - Y > > > On Sun, Feb 5, 2017

Re: [users@httpd] Help tracking down a weird error with Apache and local / remote connections.

ess? > > - Y > > > On Thu, Jan 26, 2017 at 3:31 PM, Spork Schivago <sporkschiv...@gmail.com> > wrote: > >> I have a bit of a weird problem that I'd like some help tracking down. >> I'm pretty sure it's something with Apache. In my Apache 2.4.25 (cPanel) >>

[users@httpd] Help tracking down a weird error with Apache and local / remote connections.

I have a bit of a weird problem that I'd like some help tracking down. I'm pretty sure it's something with Apache. In my Apache 2.4.25 (cPanel) config file, I have the ServerAliases disabled. There's a "catch-all" entry for unbound IPs, that look like this: ServerName

Re: [users@httpd] hello

Also, are those spaces allowed in the Apache configuration file? Shouldn't this line: DocumentRoot "/ srv / ftp" be more like: DocumentRoot "/srv/ftp" And this line: Be more like: Unless the srv directory really has a space before and after srv and the ftp directory really has a space before

Re: [users@httpd] Re: pf 2017

On Sun, Jan 8, 2017 at 10:29 AM, Erik Dobák <erik.do...@gmail.com> wrote: > If you consider this email as spam i am sorry. I was just celebrating the > new year and though apache people would like the infected mushrooms album > to be played in the evening. > > On 2 January

Re: [users@httpd] How to modify the apache instance name in linux

Hello Muduli, I'm assuming you're talking about Apache 2.4, but it shouldn't really matter I'd think. If I understand your question correctly, the default installation directory for Apache is /usr/local/apache2.Is that what you want to change? If so, you can change that using configure and

Re: [users@httpd] Re: pf 2017

{HTTP_HOST} !^server.example.com$ > RewriteCond %{HTTP_HOST} ^cpcalendars. > RewriteCond %{HTTPS} on > RewriteRule ^/(.*) https://127.0.0.1:2080/$1 [P] > > RewriteCond %{HTTP_HOST} !^server.example.com$ > RewriteCond %{HTTP_HOST} ^cpcontacts. > RewriteCo

Re: [users@httpd] Re: pf 2017

e config, so > you need to be careful. > > - Y > > Sent from a device with a very small keyboard and hyperactive autocorrect. > > On Jan 1, 2017 4:07 PM, "Spork Schivago" <sporkschiv...@gmail.com> wrote: > >> I'd like to add that I agree with Stormy. I don'

Re: [users@httpd] Re: pf 2017

017 +, Good Guy wrote: > >> On 01/01/2017 00:51, Spork Schivago wrote: >> >>> I don't understand why I'm receiving this e-mail. Is this spam? >>> Thanks. >>> >> >> Of course it is. Some people celebrate new year by spamming people.

Re: [users@httpd] pf 2017

I don't understand why I'm receiving this e-mail. Is this spam? Thanks. On Sat, Dec 31, 2016 at 6:58 PM, Erik Dobák wrote: > https://www.youtube.com/watch?v=zqwPjNGDuIQ=156s >

Re: [users@httpd] Unknown accepted traffic to my site

, 2016 at 1:53 AM, Spork Schivago <sporkschiv...@gmail.com> wrote: > Tawasol, > > You might want to look into more than just mod_security. For example, > there's modules out there for PHP, for instance, that will make PHP run as > a certain user. If someone manages to take adv

Re: [users@httpd] Unknown accepted traffic to my site

curity. > > Thanks, > > On Fri, Oct 7, 2016 at 1:01 AM, Anthony Biacco <abia...@handll.com> wrote: > >> >> >> On Thu, Oct 6, 2016 at 3:42 PM, Spork Schivago <sporkschiv...@gmail.com> >> wrote: >> >>> Are you sure they haven't succe

Re: [users@httpd] Unknown accepted traffic to my site

I'm not really that intelligent when it comes to stuff like this. Ken On Thu, Oct 6, 2016 at 5:21 PM, Spork Schivago <sporkschiv...@gmail.com> wrote: > Thanks Tony! Much appreciated. > > Erik, > > Did I ever try to run what on my server? The string query that Berkeley > se

Re: [users@httpd] Unknown accepted traffic to my site

I remember this! I contacted the college that was running the scanners and got indepth information about what it was and how it worked. This is the responses I got back from the people running the scan... Apologies for the long delay. As Stefan said, I've been away on my honeymoon. As far as

Re: [users@httpd] Help disabling weak ciphers.

I'll try with TLSv1.0 disabled and maybe TLSv1.1 and TLSv1.2 enabled. That way I can be PCI compliant. Now I have to figure out what this SNI is and whether I want it enabled or not. Thanks for all the help!! On Sat, Jul 16, 2016 at 6:06 PM, Spork Schivago <sporkschiv...@gmail.com> wrote

Re: [users@httpd] Help disabling weak ciphers.

from anyone? Thanks! On Sat, Jul 16, 2016 at 3:59 PM, Spork Schivago <sporkschiv...@gmail.com> wrote: > Wow, thank you Dr. James Smith! I am going to try your cipher list and > see if I can get the A+ rating. That's exactly what I'm after. Are > there any other drawbacks

Re: [users@httpd] Help disabling weak ciphers.

:!DSS > > as the setting for ciphers - this gets a A+ rating on the qualys SSL labs > scoring (although Java 6 + IE 6 clients don't work but that is the > compromise you need to take) > > James > > > On 15/07/2016 22:49, Spork Schivago wrote: > >> Hello, >>

[users@httpd] Help disabling weak ciphers.

Hello, I think I figured it out. I removed the DES-CBC3-SHA line from the SSL Cipher Suite list and now this is the output from nmap: | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US | Public Key type: rsa | Public Key bits: 2048 | Signature

[users@httpd] Help disabling weak ciphers.

Hello, I'm sorry if this is a simple question. I'm fairly new to running an Apache web server. I lease a virtual private server (VPS) from GoDaddy that's running CentOS 6.8 Final with cPanel / WHM v56.0.25. Apache is version 2.4.18 (Unix) with OpenSSL/1.0.1e-fips. I'm trying to disable

Re: [users@httpd] Strange access.log entry...

hear > back from them again. > dave > > > On 7/8/2016 2:41 PM, Spork Schivago wrote: > > Okay Red-Tail Books, I got more information for you! This is the latest > response I got: > > "The malware is installed via a range of vulnerabilities including > so

Re: [users@httpd] Strange access.log entry...

ve nothing to worry about, mainly because you're running Apache and not IIS. I wish I could answer what the actual hex string means and what Apache responded with. Perhaps when Paul gets back from his honeymoon, we'll receive an answer. Best of luck. Ken. On Fri, Jul 8, 2016 at 5:32 PM, Spor

Re: [users@httpd] Strange access.log entry...

t you know what he says. Thanks! On Fri, Jul 8, 2016 at 3:56 PM, Spork Schivago <sporkschiv...@gmail.com> wrote: > I think I can shed a little light on this. I believe it has something to > do with exploits / vulnerabilities. I'm not sure what the hex values are, > but

Re: [users@httpd] Strange access.log entry...

I think I can shed a little light on this. I believe it has something to do with exploits / vulnerabilities. I'm not sure what the hex values are, but I'm guessing that's part of the exploit. I've tried searching for it but couldn't find anything. Maybe the query is confusing the search

Re: [users@httpd] Block access to "OPTIONS *"

AM, Yann Ylavic <ylavic@gmail.com> wrote: > On Fri, Feb 12, 2016 at 2:38 AM, Spork Schivago <sporkschiv...@gmail.com> > wrote: > > Sorry to but in here, but is there away for me to test to see if my > server > > is affected by this OPTIONS issue? > > OPTIO

Re: [users@httpd] Block access to "OPTIONS *"

I put this: RewriteEngine on RewriteOptions AllowAnyURI # for * to be taken into account by mod_rewrite RewriteCond %{REQUEST_METHOD} OPTIONS RewriteRule ^ - [R=405,L] RewriteRule ^[^/] - [R=403,L] in my .htaccess file, but when I still telnet to mydomain 80, and try the OPTIONS thing,

Re: [users@httpd] Block access to "OPTIONS *"

it in the httpd.conf file (or the vhosts .conf files). I use cPanel / WHM and EasyApache so it makes things much harder to figure out. On Fri, Feb 12, 2016 at 12:33 AM, Toomas Aas <toomas@reach-u.com> wrote: > > On 02/12/2016 03:38 AM, Spork Schivago wrote: > > Sorry to put in here,

Re: [users@httpd] Block access to "OPTIONS *"

Sorry to put in here, but is there away for me to test to see if my server is affected by this OPTIONS issue? I have cPanel / WHM and ConfigServer Firewall installed and just about every day, I see CSF blocking users from trying to hack in using some known hacking kit. Something with the word

Re: [users@httpd] Re: throttling IP addresses

I found a program, ConfigServer Firewall, that's pretty good at helping me secure my servers. It plays nice with iptables and it's fairly easy to configure. It has stuff that autoblocks IPs from bad people and can even download lists of bad IPs and auto-blocks them. On Mon, Feb 1, 2016 at

[users@httpd] New server admin needing help setting up my Apache server to work with Chrome.

Hello, I'm sorry if this has been asked before. I've searched a good bit through the Archives on Apache's site and I've spent the last couple days trying to find an answer on the web for my question. I have a Virtual Private Server that I'm renting through GoDaddy. It's running CentOS 6.7 in