apache

[SOLVED] Zen Cart incorrect time zone

Jun
24

Our Zen Cart installation has incorrect time zone. On the orders page, the orders are placed +5 hours from current date/time. This is very annoying problem as the server is showing correct time, and PHP is configured with correct time zone in /etc/php.ini file. Also, the correct time zone is set in the includes/application_top.php file.

How to mitigate from DDoS with mod_security and mod_evasive on Centos 6?

Sep
11

For smaller scale DDoS attacks, Web Application Firewall (WAF) like Mod Security and Mod Evasive will mitigate DDoS attacks. For larger scale DDoS attacks, you may need to turn to professional DDoS mitigation service provider.

1. Install Mod Security Apache Module.

How to mitigate from Apache Killer?

Sep
03

Apache is the most popular web server being used today. Apache Killer exploit which was released in August 2011, exploits a vulnerability in the Apache software by sending a crafted "Range" HTTP header. Apache Killer attack abuses the HTTP protocol by requesting URL content to be returned in a huge number of small chunks, which leads to hundreds of large memory fetches causing a server to run out of memory and crash. This vulnerability identified as CVE-2011-3192 was fixed in httpd-2.2.21.

How to run PHP with HTML extension?

Feb
16

There are a couple of reasons why you may want to run php with html extension. You may have a static website with highly ranked web pages, and would like to retain search engine indexing and ranking while converting the site to use server-side technology. Or, you may not want to reveal server-side technology to your website visitors for security reasons. While others may just prefer plain old html extensions over php extensions on their URLs. Regardless of your reasoning, using a server-side technology such as PHP with html extension is easy to setup.

Apache mod_vhost_alias module fails to set DOCUMENT_ROOT

Feb
04

Mass virtual hosting using mod_vhost_alias or mod_rewrite module simplifies pattern-based virtual hosting. However, there is a major problem if your virtual host application makes use of the DOCUMENT_ROOT environment variable. According to the Apache documentation, the mod_vhost_alias does NOT correctly sets the DOCUMENT_ROOT variable and hence pontentially break PHP web applications that makes use of this environment variable.

SSL Certificate File Formats

Feb
04

Secure Sockets Layer (SSL) provides secure connections by allowing two applications connecting over a network connection to authenticate the other's identity and by encrypting the data exchanged between the applications. A server identity is verified by three components: Private Key, Digital Certificate and Trusted Certificate Authority.

How to create a htpasswd file with encrypted password?

Feb
04

htpasswd is used to create and update the flat-files used to store usernames and password for basic authentication of HTTP users. Resources available from the Apache HTTP server can be restricted to just the users listed in the files created by htpasswd. This program can only manage usernames and passwords stored in a flat-file.

To restrict access to certain HTTP resources, we need to create two files: .htaccess and .htpasswd (or equivalent per httpd.conf setting). The .htaccess file looks something like:

-- [.htaccess] file content begins --

SELinux Issue: Apache 403 permission denied on virtual hosts

Feb
04

Platform setup:
Fedora Core 3
Apache 2.0.52-3
SELinux enabled.

Apache configuration is setup correctly with right permissions, we the server throws a 403 error.

The log entry in the /etc/httpd/logs/error_log:
"[error] [client xx.xx.xxx.xxx] (13)Permission denied: access to / denied"

The issue is well known but the fixes only apply to Fedora 3, such as :
"Use : chcon -R -t httpd_sys_content_t "

or

"deactive SELinux at the command line or GUI".

or

How to create a 301 redirect?

Feb
02

As described on URL Canonicalization article we published in March, having a unique URL ("canonicalization") for each webpage is important in improving your "Pagerank". Canonicalization is accomplished by redirecting non-standard webpages to a preferred ("standard") webpage.

Subscribe to RSS - apache