I'm trying to setup my local wamp server online using its online/offline feature.
Every time I head to my IP address, I get redirected to my router's config page instead of wamp homepage.
I tried changing these lines in httpd.config file at C:\wamp\bin\apache\appache2.4.9\conf\
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 0.0.0.0:80
Listen [::0]:80
to
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:8080
Listen 0.0.0.0:8080
Listen [::0]:8080
but my ip (the one that shows at http://whatsmyip.org) still redirects to my router's config page. Even if I write XXX.XXX.XXX.XXX:8080 i get ERR_CONNECTION_TIMED_OUT
EDIT: Adding some info
Router info:
http://www.zyxel.com/products_services/amg1202_t10b.shtml?t=p
Dynamic IP (That's my ISP plan)
Your router is at a lower level. Some type of remote config/help/whatever is turned on in your router. Since it is at a lower level then your Apache server, it will always grab the packets with destination port 80 first.
You need to figure out what "feature" is turned on in your router.
Internet -> Router -> Apache
Your apache is probably just fine.
Regards to your router...since it's not showing what you need. You could factory reset it and make sure you set it up with "advanced view" selected. You should have all your options to set port-forwarding correctly
https://www.youtube.com/watch?v=QZ0zoZ_pbUM
The easiest way is to give your PC a static IP address and add that address to your router's DMZ but without knowing your router's make/model I cannot give you step by step instructions.
It's basically a port forwarding issue. Check you have forwarded the correct ports on your router.
Most home/office routers will do this.
It's because most do not have a feature called LoopBack either available or turned on.
Without this feature the router has no way of spotting that the ip address you are using in your browser is in fact your routers WAN IP Address so it assumes you are addressing your routers httpd server and launches the routers Admin panels. ( yup there is an web server running in your router )
With loopback enabled it would, loop you back into your internal network.
Related
I have a bit problem with my site.
So setup is ElasticBeanstalk(NGINX) + Cloudflare
But each day around 4AM I have direct IP attack to my server.
Around 300 requests in 1-2 minutes.
Bot try to access some resources like
GET /phpMyadmi/index.php HTTP/1.1
GET /shaAdmin/index.php HTTP/1.1
POST /htfr.php HTTP/1.1
For now all of them going to 80 or 8080 ports.
And successfully handled by Nginx configuration that redirect it to example:443
server {
listen 80 default_server;
listen 8080 default_server;
server_name _;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
server_name example.com;
ssl on;
...
So questions are,
have many site owners/devOps face the same attack. What is your action to prevent such attacks.
For now it is handled very well and did not affect on server work, should I worry about it? Or just filter out logs with /phpmy/ pattern and forgot about it.
Before this attacks I have request with method PROPFIND, should I blocked it for security reasons? It is handled by default server for now.
I know that I can use Cloudflare Argotunel or ELB + WAF. But I am not really want to do it for now.
I have found one solution on stackoverflow. Is whitelist of all cloudflare ips. But i think it is not a good one.
Also another solution that should work I guess it is to check Host header, and compare it with 'example.com'.
To answer your specific questions:
Every public IP receives unwanted traffic like you describe, sadly its pretty normal. This isnt really an attack as such, its just a bot looking for signs of specific weaknesses, or otherwise trying to provoke a response that contains useful data. This data is no doubt later used in actual attacks, but its basically automated recognisance on a potentially massive scale.
This kind of script likely isnt trying to do any damage, so as long your server is well configured & fully patched its not a big concern. However these kinds of scans are first step towards launching an attack - by identifying services & application versions with known vulnerabilities - so its wise to keep your logs for analysis.
You should follow the principle of least privilege. PROPFIND is related to WebDAV - if you dont use it, disable it (or better white list the verbs you do support and ignore the rest).
If your site is already behind CloudFlare then you really should firewall access to your IP so only Cloudflares IPs can talk to your server. Those IPs do change, so I would suggest a script to download the latest from https://www.cloudflare.com/ips-v4 and have it periodically update your firewall. Theres a slightly vuage help article from CloudFlare on the subject here: https://support.cloudflare.com/hc/en-us/articles/200169166-How-do-I-whitelist-Cloudflare-s-IP-addresses-in-iptables-
If for whatever reason you cant firewall the IP, your next best option is something like fail2ban (www.fail2ban.org) - its a log parser that can manipulate the firewall to temporarily or permanently block an IP address based on patterns found in your log files.
A final thought - id advise against redirecting from your IP to your domain name - your telling the bot/hackers your URL - which they can then use to bypass the CDN and attack your server directly. Unless you have some reason to allow HTTP/HTTPS traffic to your IP address, return a 4XX (maybe 444 a " Connection Closed Without Response") instead of redirecting when requests hit your IP. You should then create a separate server block to handle your redirects, but only have it respond to genuine named URLs.
Can subdomains be used with ip on Nginx for testing, like teste.x.x.x.x
I did this but does not work.
server_name teste.x.x.x.x teste2.x.x.x.x ;
Thanks
I would say that is not possible, since an IP address is an entity by itself, and subdomains are a feature of DNS's structure or hierarchy.
However, for testing purposes, you could edit you /etc/hosts file, adding the following:
x.x.x.x teste.yourdomain.com
y.y.y.y teste2.yourdomain.com
and this way, accessing teste.yourdomain.com in your browser, would redirect your requests to x.x.x.x
We configured a load balanced URL that will direct the request from "sasstudiodev.org.com" to "http://abcd.org.com:7980/SASStudio" . Note that abcd and sasstudiodev do not have same ip address and sasstudiodev is a load balanced URL. Now we would like to ensure that the host name (i.e. abcd) is not visible to end users. Hence when a user types "sasstudiodev.org.com", SAS should connect to the available mid-tier node based on LB algorithm but the URL displayed in the address bar should NEVER expose the host name, ie. it should still show sasstudiodev.org.com/~/~
Is this possible using httpd or URL rewrite rules?
Yes, it is possible. In fact, you already have a load balancer/reverse proxy set up using Apache by default. To see it working, replace port 7980 to 8080. It is a default set up even when you have a single application server.
You need to change the settings for your virtual host and setup redirect, and should be ready to go.
I have following suspicious logs in my django output logs. Somebody is doing vulnerability check or what?
Invalid HTTP_HOST header: '47.95.231.250:58204'. You may need to add '47.95.231.250' to ALLOWED_HOSTS.
[03/Dec/2017 20:09:28] "GET http://47.95.231.250:58204/ip_js.php?IP=my_ip&DK=my_port&DD=FOQGCINPZHEHIIFR HTTP/1.0" 400 62446
How can I prevent it? Tried to block 47.95.231.250 IP, but didn't help. Request is coming from different IP address probably
Check your server - you will very likely find that 47.95.231.250 is your own server's IP address! This error indicates that someone is able to get to your server but that your Django application is not set to respond to the requests based on IP address. If it is working otherwise then you actually have ALLOWED_HOSTS set correctly based on domain name. Do NOT add the IP address to your ALLOWED_HOSTS unless you actually want to access it by IP address, which is usually not necessary in a production system.
So the IP address access is an indication of someone trying to get it that shouldn't be allowed. The port 58204 is also a clue. Regular ports for most web servers are 80 & 443. Occasionally, in order to have alternate ports for different applications, you will see 8000 or 8080 or other numbers. 58204 is not a typical web site port number. The third clue is that the requested file is ip_js.php which indicates a request for a PHP-based web site and not Django/Python.
Bottom line: See if you can configure your firewall to allow ONLY the necessary open ports from the outside world in to your server. Typically this will include:
80 - http
443 - https
22 - ssh
and possibly others depending on how your server is configured and what applications it runs. For example, if you host MySQL or another database on the same box then you will need to open additional ports if-and-only-if you require remote access to the database outside of the application.
So i am pretty new to WampServer or local working environment in general.
I am trying to making so my people outside my network(lan) will be able to access my www folder.
So far i did the following:
Installed wamp.
Put the server online
Edited httpd.conf and set <Directory "c:/wamp/www/"> to Allow from all.
It doesn't seem to work.
I read something about port forwarding, however i have no access to my router at all. is there anything else that might effect this ?
Thanks in advanced.
If you cannot port forward your router then you cannot let people into your server.
A router will normally reject any access to any port that has not been initiated by an internal ip address. Normal router operation will block people trying to hack your internal systems.
Port forwarding the router says to the router, if you get accessed from outside (i.e. the internet) on port 80, forward that request to a specific ip address inside your local(home) network. That ip should be the PC running WAMP. If you cannot set your router up in this way you are scuppered.