Regex Error in .htaccess with hash mark in URL - regex

What am I doing wrong with this regex.
My requested url
http://domain.com/local/v11/full/#Q73Ps/
What I have in .htaccess
Options +FollowSymlinks
RewriteEngine On
RewriteRule ^local/v11/full/#([a-zA-Z0-9]+)/ local/v11/server/full.php?token=$1
The above rule always give me 404 error.
Added Logs
related apache error
[Thu Feb 09 14:04:21 2012] [error] [client 127.0.0.1] File does not exist: /path/to/folder/local/v11/full
related access logs
[09/Feb/2012:14:16:54 +0500] "GET /local/v11/full/ HTTP/1.1" 404 340
no re-write log

when you try to access: http://domain.com/local/v11/full/#Q73Ps/ browser send request for: http://domain.com/local/v11/full/ and doesn't consider #Q73Ps/ as part of URL. if you want to get your rewrite rule working replace # in URL with %23 and it will work.

Related

config fail2ban on joomla

Hello everyone i'm trying to config joomla with fail2ban so i created
the file /etc/fail2ban/filter.d/joomla-error.conf
and added the failregex as below:
failregex = [[]client <HOST>[]] user .* authentication failure.*
After I added this code into the jail.conf
[joomla-error]
enabled = true
port = http,https
filter = joomla-error
logpath = /var/log/httpd/domains/jayjezz.com.error.log
maxretry = 5
bantime = 30
the logpath is right but every time i try to reload fail2ban service i get
ERROR NOK: ("No 'host' group in '[[]client <HOST>[]] user .* authentication failure.*'",)
i think something is wrong with my regex, can someone provide me the right regex for
[Thu Sep 28 17:14:23.932811 2017] [:error] [pid 6673] [client 000.000.000.000:56806] user xxxxx authentication failure, referer: http://jayjezz.com/administrator/index.php
thank you
fixed this by adding a script to change file permissions inside joomla website. now when i cannot login under /administrator without launching the script first

mod-rewrite rule works, but no output from file

thanks in advance, this is an odd problem, but probably is some internal processing I don't understand...
The rules and conditions work as expected except for one tiny problem.... it seems to be returning an empty file when the file is not empty...
On the bright side I got logging working, and am starting to have a clue about the very cryptic codes (thank you mr. apache and of course apache.org, and for those who want to test there regex: regex101.com)
Here is my log file:
[Sat Dec 06 19:04:49.939312 2014] [rewrite:trace1] [pid 5918] mod_rewrite.c(468): [client 192.168.1.100:55227] 192.168.1.100 - - [webtypography.dev/sid#7fdcea80dd68][rid#7fdcea7de0a0/initial] [perdir /var/www/webtypography.dev/public_html/] pass through /var/www/webtypography.dev/public_html/toc.php
this is my .htaccess file:
Options +FollowSymLinks -MultiViews
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^webtypography\.dev$ [NC]
RewriteRule ^(.*)\/$ $1.php [R=301,L]
A little more info: My intent is if you type in the url which includes a directory: /directory/ it is rewritten as directory.php and appended to the base url....works great except the big blank browser viewport...
[Sat Dec 06 19:04:49.939265 2014] [rewrite:trace3] [pid 5918] mod_rewrite.c(468): [client 192.168.1.100:55227] 192.168.1.100 - - [webtypography.dev/sid#7fdcea80dd68][rid#7fdcea7de0a0/initial] [perdir /var/www/webtypography.dev/public_html/] strip per-dir prefix: /var/www/webtypography.dev/public_html/toc.php -> toc.php
[Sat Dec 06 19:04:49.939301 2014] [rewrite:trace3] [pid 5918] mod_rewrite.c(468): [client 192.168.1.100:55227] 192.168.1.100 - - [webtypography.dev/sid#7fdcea80dd68][rid#7fdcea7de0a0/initial] [perdir /var/www/webtypography.dev/public_html/] applying pattern '^(.*)\\/$' to uri 'toc.php'
[Sat Dec 06 19:04:49.939312 2014] [rewrite:trace1] [pid 5918] mod_rewrite.c(468): [client 192.168.1.100:55227] 192.168.1.100 - - [webtypography.dev/sid#7fdcea80dd68][rid#7fdcea7de0a0/initial] [perdir /var/www/webtypography.dev/public_html/] pass through /var/www/webtypography.dev/public_html/toc.php
These are the only entries in my virtual log for that transaction (i created a separate log for this virtual host...) Also this is NOT a production server, but I am going to look at php.ini and the php error log.... I'm not allowed to comment so I must do this here?
php.ini is display_errors was off!
Now I got the errors I need... THANKS NIEL! Allow me to check these errors, they are simple to fix, how can I give you any credit for this?
If PHP or Apache produces empty output this is nearly always caused by an error in either your Apache configs, including .htaccess files, or in your PHP with display_errors being disabled (as it damn well should be on a production site - you never want to show server internals to a possible attacker).
First stop should be Apache's vhost error logs as they will contain the errors from all these sources.

Fail2Ban regex does not match

I'm using fail2ban. For some reason Fail2Ban refuse to compile my regex. Here is my logs that I need to match:
root#server1:/etc/fail2ban/filter.d# tail /var/log/apache2/error.log
[Sun Apr 20 10:40:05 2014] [error] [client 75.144.181.151] user root: authentication failure for "/phpmyadmin/": Password Mismatch
[Sun Apr 20 10:40:16 2014] [error] [client 75.144.181.151] user root: authentication failure for "/phpmyadmin/": Password Mismatch
[Sun Apr 20 10:40:38 2014] [error] [client 75.144.181.151] user haker not found: /phpmyadmin/
[Sun Apr 20 10:40:44 2014] [error] [client 75.144.181.151] user pentest not found: /phpmyadmin/
and here is my fail2ban filter.d file:
root#server1:/etc/fail2ban/filter.d# cat /etc/fail2ban/filter.d/phpmyadmin.conf
[Definition]
failregex = [client <HOST>;] user .*; not found: \/phpmyadmin\/|[client <HOST>;] user root: authentication failure for "\/phpmyadmin\/":
ignoreregex =
here is my regex line from the file above:
[client <HOST>;] user .*; not found: \/phpmyadmin\/|[client <HOST>;] user root: authentication failure for "\/phpmyadmin\/":
Unfortunately fail2ban log file giving me error about regex: Unable to compile regular expression..
root#server1:/etc/fail2ban# tail /var/log/fail2ban.log
2014-04-20 10:47:06,788 fail2ban.filter : INFO Added logfile = /var/log/apache2/error.log
2014-04-20 10:47:06,789 fail2ban.filter : INFO Set maxRetry = 3
2014-04-20 10:47:06,789 fail2ban.filter : INFO Set findtime = 600
2014-04-20 10:47:06,790 fail2ban.actions: INFO Set banTime = 600
2014-04-20 10:47:06,790 fail2ban.filter : ERROR Unable to compile regular expression '[client (?:::f{4,6}:)?(?P<host>[\w\-.^_]+);] user .*; not found: \/phpmyadmin\/|[client (?:::f{4,6}:)?(?P<host>[\w\-.^_]+);] user root: authentication failure for "\/phpmyadmin\/":'
2014-04-20 10:47:06,794 fail2ban.jail : INFO Jail 'ssh' started
2014-04-20 10:47:06,799 fail2ban.jail : INFO Jail 'pureftpd' started
2014-04-20 10:47:06,805 fail2ban.jail : INFO Jail 'phpmyadmin' started
My regex http://regex101.com/r/kU7tX3. What is wrong with this? Any help is appreciated. Thank you.
I would have asked a question in comment but i cannot add a comment:
So trying my best to understand the requirement and giving an answer.
Requirement: I think you are looking to filter all lines containing
"authentication failure for "/phpmyadmin/""
You can do so by changing your regular expression to following:
failregex = .*authentication failure for "\/phpmyadmin\/"
You may have to escape "
Please add comments if this wasn't the correct understanding.....

Apache mod_rewrite recursing

I need help.
I've wasted half hour to get my mod_rewrite rule. Unsuccessfully.
My server root structure is:
/project/public_html/index.html
/project/public_html/css/style.css
/project/public_html/js/script.js
I want to access it from my localhost as:
/project/index.html
/project/css/style.css
/project/js/script.js
I have this in my /project/.htaccess:
RewriteEngine On
RewriteBase /project
RewriteRule ^(.+)$ public_html/$1 [L,QSA,NS]
But I'm still getting this:
[Thu Dec 05 12:29:20.252091 2013] [core:error] [pid 26176] [client 127.0.0.1:60642] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
And actually is happening this:
[Thu Dec 05 12:29:20.252111 2013] [core:debug] [pid 26176] core.c(3520): [client 127.0.0.1:60642] AH00122: redirected from r->uri = /project/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/index.html
Problem should be extremely simple, but neither Google, nor manual helped me.
Thanks in advance.
Try this rule with an additional condition to stop looping. This condition first checks whether /public_html has already been inserted into request URI.
RewriteEngine On
RewriteBase /project/
RewriteCond %{REQUEST_URI} !/public_html/ [NC]
RewriteRule ^(.*)$ public_html/$1 [L,NS]

Apache HTTP Basic Auth - 401 error after supplying username and password

I am attempting to configure my amazon server with Apache Http to prompt the user for username/password upon hitting the domain via browser.
Here is a snippet from my app.conf file (included in the httpd.conf)
Alias / "/opt/bitnami/apache2/htdocs"
<Directory "/opt/bitnami/apache2/htdocs">
AuthType Basic
AuthName "No Trespassing"
AuthUserFile "/opt/bitnami/apache2/users"
Require valid-user
<IfVersion < 2.3 >
Order allow,deny
Allow from all
Satisfy all
</IfVersion>
<IfVersion >= 2.3>
Require all granted
</IfVersion>
ErrorDocument 403 "Authentication error"
</Directory>
After logging in I am redirected to a 401 "Authorization error" page. Any reason here? I am thinking perhaps my other .conf file causes some conflict.
In httpd.conf I have the following:
WSGIScriptAlias / /opt/bitnami/apps/django/scripts/djangoApp.wsgi
<Directory '/opt/bitnami/apps/django/django_projects/djangoApp'>
Order allow,deny
Allow from all
Satisfy all
</Directory>
Could the first line of each of those snippets be causing a conflict here, preventing me from logging in? I am not sure, but they both look to be creating a similar alias.
If there are any more details I should provide, please let me know.
Here is the error in the logs:
[Wed Jan 09 03:49:49 2013] [error] [client X.X.X.X] client denied by server configuration: /opt/bitnami/apache2/htdocsindex.html
[Wed Jan 09 03:49:49 2013] [error] [client X.X.X.X] client denied by server configuration: /opt/bitnami/apache2/htdocsfavicon.ico
[Wed Jan 09 03:50:28 2013] [error] [client X.X.X.X] client denied by server configuration: /opt/bitnami/apache2/htdocsindex.html
[Wed Jan 09 03:50:28 2013] [error] [client X.X.X.X] client denied by server configuration: /opt/bitnami/apache2/htdocsfavicon.ico
[Wed Jan 09 03:50:28 2013] [error] [client X.X.X.X] client denied by server configuration: /opt/bitnami/apache2/htdocsfavicon.ico
I would try some changes.
First your first Alias / "/opt/bitnami/apache2/htdocs" would easily be replaced by a DocumentRoot /opt/bitnami/apache2/htdocs instruction.
Then you have several Aliases in place, both for "/". Instead of url-filesystem mapping instructions like Alias and AliasMap I would simple use a Location instruction for the security settings.
<Location />
(... Auth basic stuff)
<Location>
By using Location you work on the url and not on the filesystem mapping.
I think your problem is one of 2 things:
potential solution #1
Simply that the user that Apache is running as doesn't have access to the /opt/bitnami/apache2/htdocs directory.
See this page for more details on dealing with the "client denied by server configuration errors": http://wiki.apache.org/httpd/ClientDeniedByServerConfiguration
Check to see what user/groups are set on the /opt/bitnami directory tree. Make sure that they're friendly to the Apache user.
potential solution #2
Also if you look at your error messages the path is missing a '/' after htdocs. See the paths:
/opt/bitnami/apache2/htdocsindex.html
/opt/bitnami/apache2/htdocsfavicon.ico
I think you need to add a trailing slash, '/', to your Alias line like so:
Alias / "/opt/bitnami/apache2/htdocs/"