We Keep Coding

windows apache mod_security owasp. When i activate mod_security with owasp with SecRuleEngine On the redirection rule http to https stop working

I'm using apache v.2.4.38 (on windows) and, when I enable mod_security/owasp with "SecRuleEngine On", the redirection rule from http to https stop working.
What I'm doing wrong?
Here my redirection:
<VirtualHost _default_:80>
ServerName my.site.com
Redirect permanent / https://my.site.com/
</VirtualHost>
<VirtualHost _default_:443>
DocumentRoot "C:/my/site"
ServerName my.site.com
ServerAdmin support#magicleaer.com
ErrorLog "${SRVROOT}/logs/error.log"
TransferLog "${SRVROOT}/logs/access.log"
SSLEngine on
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "${SRVROOT}/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "${SRVROOT}/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
SSLProtocol TLSv1.2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA:!RC4
SSLCertificateFile "..."
SSLCertificateKeyFile "..."
SSLCertificateChainFile "..."
SSLCACertificateFile "..."
Alias /.well-known C:/magicleader/php/.well-known
<Directory "C:/my/site">
DirectoryIndex index.php
AllowOverride All
</Directory>
</VirtualHost>

Virtual host Object not found

Everytime I try to access https://sub.myproject.test/ this message pops up:
Object not found!
The requested URL was not found on this server. If you entered the URL manually please check your spelling and try again.
If you think this is a server error, please contact the webmaster.
Error 404
sub.myproject.test
Apache/2.4.38 (Unix) OpenSSL/1.0.2q PHP/7.2.15 mod_perl/2.0.8-dev Perl/v5.16.3
On httpd-vhosts.conf I have:
<VirtualHost *:80>
DocumentRoot "/mnt/data/myproject/sub.myproject.com/public_html"
ServerName sub.myproject.test
ServerAlias www.sub.myproject.test
<Directory "/mnt/data/myproject/sub.myproject.com/public_html/">
AllowOverride All
Require local
</Directory>
</VirtualHost>
and on httpd-ssl.conf I have:
# catalog config
<VirtualHost *:443>
DocumentRoot "/mnt/data/myproject/sub.myproject.com/public_html"
ServerName sub.myproject.test:443
ServerAlias www.sub.myproject.test:443
ErrorLog "/opt/lampp/logs/error_log"
TransferLog "/opt/lampp/logs/access_log"
SSLEngine on
SSLCertificateFile "/opt/lampp/etc/ssl.crt/server.crt"
SSLCertificateKeyFile "/opt/lampp/etc/ssl.key/server.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/mnt/data/myproject/sub.myproject.com/public_html/">
SSLOptions +StdEnvVars +FakeBasicAuth
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Allow from all
Require all granted
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "/opt/lampp/logs/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
And of course in /mnt/data/myproject path I have the sub.myproject.com folder
If you could help me fix this, it'd be very appreciated

Your VirtualHost is ok (except you do not need to put :443 in ServerName and ServerAlias directives), but you never tell Apache which page to display by default, when not specified in the request.
Define DirectoryIndex in each VirtualHost.
Ex: DirectoryIndex index.html
When the request is https://example.com/
,hence nothing after the domain name, Apache will display index.html, from the DocumentRoot directory.
Unrelated to your question, you should put ServerTokens Prod and ServerSignature Off in your configuration, your error message is displaying way to much information.

how to enable AllowEncodedSlashes in ubuntu

as the title say i have difficulties to enable AllowEncodedSlashes in Ubuntu
i put
AllowEncodedSlashes On
inside /etc/apache2/apache2.conf and inside /etc/apache2/sites-available/default but still got 404 page after access url with encoded slashes

I was searching a lot for this. But can't find a clear answer for Ubuntu 14.4 and Apache 2.4.7 . I figured it out. Here's what I did:
Go to /etc/apache2/sites-available
Open the 000-default.conf file.
add AllowEncodedSlashes NoDecodeinside the <VirtualHost> tag
Save and restart Apache.
** apache2.conf modification is not needed. Modify only 000-default.conf file and not default-ssl.conf

You should use
<VirtualHost *:80>
AllowEncodedSlashes On
ProxyPreserveHost On
ProxyRequests Off
ServerName www.domain.com
ServerAlias domain.com
Redirect permanent / https://example.com/
</VirtualHost>
If your domain is secure with ssl certificate then you shuold also use with 443 port
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ServerName example.com
DocumentRoot /var/www/html
ProxyPreserveHost On
AllowEncodedSlashes On
ProxyRequests Off
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCertificateFile /home/ubuntu/domain.com/example.com.crt
SSLCertificateKeyFile /home/ubuntu/domain.com/example.com.key
SSLCertificateChainFile /home/ubuntu/domain.com/intermediate.crt
SSLCACertificateFile /home/ubuntu/domain.com/intermediate.crt
<FilesMatch “\.(cgi|shtml|phtml|php)$”>
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch “MSIE [2–6]” \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch “MSIE [17–9]” ssl-unclean-shutdown
</VirtualHost>
</IfModule>

How to redirect subdomains to https main domain in apache

I have some site example.biz. I redirect all http request to https, but how redirect with subdomains(Excluding one host that is in a different configuration file)? I need something like this: If i write bla-bla.example.biz i must redirected to example.biz. But if ololo.bla-bla.example.biz - error. And all this redirection must be to https. To all this, I can not add *.example.biz to ServerAlias, because i have another site adm.example.biz. Now If I write something like any.example.biz, i left on the home page.
Config of example.com:
<VirtualHost *:80>
ServerAdmin i#example.com
ServerName example.biz
ServerAlias www.example.biz
UseCanonicalName On
DocumentRoot /var/www/example/webapps
LogLevel warn
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
ErrorLog ${APACHE_LOG_DIR}/example-error.log
CustomLog ${APACHE_LOG_DIR}/example-access.log combined
</VirtualHost>
https config:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin i#example.com
ServerName example.biz
ServerAlias www.example.biz
UseCanonicalName On
DocumentRoot /var/www/example/webapps/
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/example-error.log
CustomLog ${APACHE_LOG_DIR}/example-access.log combined
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/rockfutur/webapps/rockfutur/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/example.pem
SSLCertificateKeyFile /etc/ssl/private/example.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>

How do I use https (SSL) in XAMPP while using virtual hosts

I am writing a php app on my local machine and would like to test to see if SSL is working. Bear with me because this is the first time I've ever used SSL.
So far this is what I've done:
Created a SSL Certificate. I followed the first part of this this tutorial to create the certificate.
I imported the server.crt file into chrome.
Removed the semicolon in front of ;extension=php_openssl.dll in php.ini (reference)
Edited my httpd-vhosts.conf file based on this page. The relevant section of that file is below. This is the full file: http://pastebin.com/k6Jh2eR6
<VirtualHost *>
DocumentRoot "C:\Users\user_name\Documents\project_one"
ServerName project_one.localhost
SSLEngine on
SSLCertificateFile "conf/ssl.crt/server.crt"
SSLCertificateKeyFile "conf/ssl.key/server.key"
<Directory "C:\Users\user_name\Documents\project_one">
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
I would usually access my project by typing in http://project_one.localhost
When trying to access my project by typing https://project_one.localhost into chrome I automatically get forwarded to https://project_one.localhost/xampp/ (as if XAMPP doesn't recognize https://project_one.localhost as a subdomain at all and treats it as if I'm typing in https://localhost) Any idea where I'm screwing up?
NOTE:
LoadModule ssl_module modules/mod_ssl.so was uncommented in httpd.conf file

SSL, of the HTTPS://url.here/ variety, is entirely handled by Apache and has nothing to do with PHP, or any of PHP's extensions/modules, or any php.ini settings.
A typical SSL Enabled VirtualHost looks like this and contains at least these parts...
<VirtualHost *:443>
DocumentRoot "C:/WampDeveloper/Websites/www.example.com/webroot"
ServerName www.example.com
ServerAlias example.com
SSLEngine On
SSLCertificateFile "C:/WampDeveloper/Websites/www.example.com/certs/public.crt"
SSLCertificateKeyFile "C:/WampDeveloper/Websites/www.example.com/certs/private.key"
<Directory "C:/WampDeveloper/Websites/www.example.com/webroot">
Options All
AllowOverride All
order allow,deny
allow from all
</Directory>
</VirtualHost>
(The paths above are from my WampDeveloper Pro set up, Xampp's will be slightly different)
Your <VirtualHost *> line is faulty. It needs a port number, which is always 443 for an HTTPS:// URL, in combination with either an IP address or a star before it. And if using a star, also a NameVirtualHost *:443 line...
NameVirtualHost *:80
NameVirtualHost *:443
<VirtualHost *:80>
DocumentRoot "C:\xampp\htdocs"
ServerName localhost
</VirtualHost>
<VirtualHost *:443>
DocumentRoot "C:\Users\user_name\Documents\project_one"
ServerName project_one.localhost
SSLEngine on
SSLCertificateFile "conf/ssl.crt/server.crt"
SSLCertificateKeyFile "conf/ssl.key/server.key"
<Directory "C:\Users\user_name\Documents\project_one">
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "C:\Users\user_name\Documents\project_two"
ServerName project_two.localhost
<Directory "C:\Users\user_name\Documents\project_two">
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>

Here is simple step.
Go to C:\xampp\apache\conf
Open httpd.conf
And enable the ssl extensions (Remove # from line)
LoadModule ssl_module modules/mod_ssl.so
Go to C:\xampp\apache\conf\extra
Open httpd-vhosts.conf
Add new virtual hosts or edit existing
<VirtualHost *:443>
DocumentRoot "C:/xampp/htdocs/PROJECTNAME"
ServerName www.pl.f24sdev.com
<Directory C:/xampp/htdocs/PROJECTPATH>
AllowOverride All
Order Deny,Allow
Allow from all
</Directory>
SSLEngine on
SSLCertificateFile "conf/ssl.crt/server.crt"
SSLCertificateKeyFile "conf/ssl.key/server.key"
</VirtualHost>

This may be an old question, but i am putting my answer here anyway for future reference
i'm Using XAMPP 3.2.1, Compiled May,7 2013
to enable VirtualHost with SSL at the same time here is what i did. (I'm using windows 7)
your windows HOST file must already be setup
Go to httpd-ssl.conf located at xampp\apache\conf\extra
I just copied the _default_ virtualhost and added my config. I removed all comments for shorter one and pasted this just below the default virtualHost just change the DocumentRoot and servername then Restart apache.
<VirtualHost *:443>
DocumentRoot "***path/to/your/project}***"
ServerName ***yourdomain***
ServerAdmin admin#example.com
ErrorLog "C:/xampp/apache/logs/error.log"
TransferLog "C:/xampp/apache/logs/access.log"
SSLEngine on
SSLCertificateFile "conf/ssl.crt/server.crt"
SSLCertificateKeyFile "conf/ssl.key/server.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "C:/xampp/apache/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "C:/xampp/apache/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

Which version of Apache are you using ? NameVirtualHost is not available in 2.4 version.
Uncomment the line Include conf/extra/httpd-ssl.conf in httpd.conf and add the following contents (fix the paths according to xampp's path). This will enable https://localhost
<IfModule ssl_module>
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crlss phrase on stdout.
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:E:/PROGRA\~1/AMPPS/apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
Mutex default
<VirtualHost _default_:443>
DocumentRoot "E:/Program Files/AMPPS/www"
ServerName localhost:443
ServerAdmin you#127.0.0.1
ErrorLog "E:/Program Files/AMPPS/apache/logs/ssl_error.log"
TransferLog "E:/Program Files/AMPPS/apache/logs/ssl_access.log"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "E:/Program Files/AMPPS/apache/conf/ssl_crt/server.crt"
#SSLCertificateFile "E:/Program Files/AMPPS/apache/conf/server-dsa.crt"
SSLCertificateKeyFile "E:/Program Files/AMPPS/apache/conf/ssl_key/server.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "E:/Program Files/AMPPS/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "E:/Program Files/AMPPS/apache/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
</IfModule>
If you want other domain like project_one.localhost have secured http connection then add the following virtualhost in httpd.conf or httpd-vhosts.conf(must be included in httpd.conf)
<IfModule ssl_module>
<VirtualHost 127.0.0.1:443>
<Directory "e:/program files/ampps/www/project_one.localhost">
Options FollowSymLinks Indexes
AllowOverride All
Order deny,allow
allow from All
</Directory>
ServerName project_one.localhost
ServerAlias project_one.localhost
ScriptAlias /cgi-bin/ "e:/program files/ampps/www/project_one.localhost/cgi-bin/"
DocumentRoot "e:/program files/ampps/www/project_one.localhost"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "E:\Program Files\AMPPS/apache/conf/ssl_crt/project_one.localhost.crt"
SSLCertificateKeyFile "E:\Program Files\AMPPS/apache/conf/ssl_key/project_one.localhost.key"
ErrorLog "E:/Program Files/AMPPS/apache/logs/project_one.localhost_ssl_error.log"
TransferLog "E:/Program Files/AMPPS/apache/logs/project_one.localhost_ssl_access.log"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "e:/program files/ampps/www/project_one.localhost/cgi-bin/">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "E:/Program Files/AMPPS/apache/logs/project_one.localhost_ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
</IfModule>
Note : You will have to add an entry in hosts file 127.0.0.1 project_one.localhost

# to use ssl
<VirtualHost *:443>
DocumentRoot "D:/xampp/htdocs/httpsProject"
DirectoryIndex index.php
SSLEngine on
SSLCertificateFile "conf/ssl.crt/server.crt"
<Directory "D:/xampp/htdocs/httpsProject"
Options All
AllowOverride All
Require all grated
</Directory>
</VirtualHost>