When I checked the logs, I found Mod_security blocking some files necessary
for the site operation. So far, I disabled it per domain in the apache configuration file.
I want to only disable certain rules on certain pages.The implementation examples I read are specific to red hat and other distros.
I run Centos 5 with apache 2.8 and mod_security 2 (the server hosts multiple sites)
On centos, the loaded mod_security is included on top like this:
Include "/usr/local/apache/conf/modsec2.conf"
The above file calls modsec2.user.conf that is found in the same directory.
Here's what I've done so far:
My server does not have a directory called modsecurity.d for me to create a file like this:
/etc/httpd/modsecurity.d/modsecurity_localrules.conf
So I created a file named:
whitelist.conf
in:
/usr/local/apache/conf/
then I added an include to it in:
/etc/httpd/conf/modsec2.conf/
the rules look like:
<LocationMatch "/wp-admin/post.php">
SecRuleRemoveById 950006
</LocationMatch>
But the rules are not working. I wonder if whitelist.conf was placed in the right place.
I then created 2 files:
modsecurity_crs_15_customrules.conf
modsecurity_crs_60_customrules.conf
and placed them in:
/home/cpeasyapache/src/modsecurity-apache_2.5.12/rules
The above path is where I found:
modsecurity_crs_10_config.conf
that contains main rules though I haven't seen it called by any other file.
Base rules are found in:
/home/cpeasyapache/src/modsecurity-apache_2.5.12/rules/base_rules
It seems my mod_security is installed and configured with minimal functionality.am thinking to add this to httpd.conf:
<IfModule security2_module>
Include /home/cpeasyapache/src/modsecurity-apache_2.5.12/rules/modsecurity_crs_10_config.conf
Include /home/cpeasyapache/src/modsecurity-apache_2.5.12/rules/base_rules/*.conf
Include /home/cpeasyapache/src/modsecurity-apache_2.5.12/rules/optional_rules/*.conf
Include /home/cpeasyapache/src/modsecurity-apache_2.5.12/rules/modsecurity_crs_15_customrules.conf
Include /home/cpeasyapache/src/modsecurity-apache_2.5.12/rules/modsecurity_crs_60_customrules.conf
</IfModule>
How do you guys do it on your end?
Thank you in advance
Related
with io.open("filepath/filename",mode="w",encoding="utf8") as file:
file.write(jsondata)
But it seems something wrong.
my flaskapp return 500 and no error logs
But when i remove it everything can run as normal.
what should i do?
If you are using OpenShift 2, it is likely your web application is running under Apache/mod_wsgi. You shouldn't in that case be using relative path names as the current working directory of the application is effectively undefined and likely not writable. Instead construct an absolute path name. Depending on what file is for, you may be best to write files into the data directory provided to you and specified by the OPENSHIFT_DATA_DIR environment variable, if it potentially needs to persist. Or OPENSHIFT_TMP_DIR if a temporary file. Details of important variables for directories can be found in:
https://developers.openshift.com/managing-your-applications/environment-variables.html#directory-variables
As to why you aren't seeing any error, this is likely because Flask is swallowing the error up when generating the 500 response. You would need to configure Flask to log details of the error.
I'm working on a website that showed in the page source a suggestion to implement gzip compression to help my pages display faster. I have downloaded the zip file for mod_gzip 1.23.26.1a (latest version). I'm running Apache 2.4.14.
The link below is the installation instructions from the zip file. When you look at the section Static integration of mod_gzip it says in step 4 to read file INSTALL. The file is missing so I cannot use them to install mod_gzip.
http://schroepl.net/projekte/mod_gzip/install.htm
Note: When I open the index.hm file from the folder there is no link to the left that displays the install link above. I don't remember how I found that link. There are three makefile files but I have no idea what to do with them because the link gives no details.
I did find this link http://nadeausoftware.com/node/33 where I looked at the Mac steps in the section Enable file compression using mod_gzip. I guess these are valid instructions to implement mod_gzip. I don't know how to perform step 4: Compile the module using the included instructions. The documentation provided in the zip file does not have any compiling instructions that I could find. All I have are .c and .h files in the folder. The few places that I could find instructions were using files that end in .cpp. I don't know what I'm supposed to compile.
I would like to use mod_gzip to help speed up my websites but I don't know where else to find information on how to implement it.
I continued to search but could not find any answers to help me. During my search I found out that mod_deflate was available in apache2. Since there is an old debate between mod_gzip and mod_deflate with no consensus I decided to implement mod_deflate. I added the following statements to my apache config file which will compress all file types except images, files already compresses and pdf files. I have reviewed the log file and it's working well.
# HTTP compression using mod_deflate
LoadModule deflate_module ${MODULE_INSTALL_PATH_PREFIX}/usr/libexec/apache2/mod_deflate.so
<IfModule mod_deflate.c>
# compress all files types except the following
SetOutputFilter DEFLATE
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|jpg|tif?|bmp|svg)$ \ no-gzip dont-vary
SetEnvIfNoCase Request_URI \
\.(?:exe|t?gz|zip|bz2|sit|rar)$ \ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary
DeflateFilterNote Input input_info
DeflateFilterNote Output output_info
DeflateFilterNote Ratio ratio_info
LogFormat '"%r" %{output_info}n/%{input_info}n (%{ratio_info}n%%)' deflate
CustomLog /var/log/apache2/deflate_log deflate
</IfModule>
For some reason, when browsing to URL that ends in a folder (ex. //localhost:8500/website/directory/), index.cfm is not loading and instead a 404 error page is returned. I have confirmed that the ...\web-inf\web.xml file is being used by modifying filter-mappings to enable the display of .htm and .txt files. In fact, none of the files in the welcome-file-list section are being used even if they exist which leads me to believe that there is something wrong with this section of the web.xml file.
The web.xml files are as follows:
{install-root}\cfusion\runtime\conf\web.xml
{install-root}\cfusion\wwwroot\web-inf\web.xml
Both files contain the same XML listed below.
<web-app>
...
<welcome-file-list id="WelcomeFileList_1034013110672">
<welcome-file>index.cfm</welcome-file>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.txt</welcome-file>
</welcome-file-list>
...
</web-app>
I have just recently patched to Update 6, but I believe that the problem was always there from the initial install. Please note that this is the development stand-alone server.
Has anyone already solved this or have any ideas on how to proceed other than re-installing CF10 and using IIS?
Late to the party, IMO there are two possible reasons that i can think of for this issue
Either your have additional mapping like "/" in place which is taking over servletcontainer's builtin default servlet who is the one responsible for going to the right root path
your folder name is something which CF already have a mapping for e.g. /flashservices/gateway/, CFFormGateway, cfform-internal, WSRPProducer, JSDebugServlet, flex2gateway
I think sharing your web.xml could have helped pin point the issue here.
I had this issue recently and it was a case-sensitivity issue in Tomcat (despite this being a ColdFusion 10 install on Windows).
My default index.cfm would load when I navigated to http://127.0.0.1 but as soon as I went to http://127.0.0.1/mysite, I got a 404. The folder was named mySite in Windows. As soon as I changed my URL to http://127.0.0.1/mySite it began working.
Could you advise me how to remove file extensions properly in lighttpd?
So that:
Root directory ("/") is not going to be rewritten to "/.php"
Open directory if trailing slash is missing
All files can be accessed without extension
Another StackOverflow thread here have answers that do not fix (1):
Rewriting with lighttpd - how to remove file extensions
2) and 3) are mutually exclusive - how do you expect the system to know if blahBlah is meant to be a directory blahBlah or a file blahBlah.php?
1) is probably handled by DirectoryIndex, not by your rewrite rules
I had following directory-structure:
/user1/
/user1/bla.cfm
/index.cfm
and created a directory called users:
/users/
/user1/
/user1/bla.cfm
/index.cfm
I set up a symbolic link (under linux with ln -s) from /user1/ to /users/user1/ and tried to <cfinclude> the bla.cfm which worked good. From index.cfm:
<CFINCLUDE template="users/user1/bla.cfm" />
After some testing I removed the symbolic link (/users/user1/) and moved the real directory /user1/ to /users/user1/. Suddenly the bla.cfm did not let me include and threw a template not found exception.
After setting up the symbolic link from /users/user1/ to /user1/ the <cfinclude> worked again. I cannot reproduce this on our development server!? Any hints how to fix this?
Btw all user-directories (user2, user3, etc.) have a bla.cfm inside - and just 2 are having the problem described above. It seems that those users were active and the bla.cfm was included via the symlink. Are those symlinks and their targets cached somewhere?
EDIT:
I tried already clearing the template-cache in CFAdmin.
Further testing:
from index.cfm:
expandpath("/users/user1/bla.cfm") -> correct path
fileexists(expandpath("/users/user1/bla.cfm")) -> saying "YES"
but:
fileexists(expandpath("users/user1/bla.cfm")) -> saying "NO"
Maybe it's some issue with mappings? In the last include you're using absolute path, where in the first one you're using relative path.
Here are some links about mappings:
http://www.coldfusionmuse.com/index.cfm?mode=entry&entry=8E676EBA-A0EF-5BB2-1461BEA3C00CC076
http://forums.adobe.com/thread/442033
Coldfusion mapping error
You don't specify how you setup a 'symbolic link' - do you mean you created a mapping in CF Administrator? If so, check the neo-runtime.xml file in your /cfusion/lib/ folder and see if has been correctly updated.
Restarting coldfusion server instance fixed the problem.