I'm using apache v.2.4.38 (on windows) and, when I enable mod_security/owasp with "SecRuleEngine On", the redirection rule from http to https stop working.
What I'm doing wrong?
Here my redirection:
<VirtualHost _default_:80>
ServerName my.site.com
Redirect permanent / https://my.site.com/
</VirtualHost>
<VirtualHost _default_:443>
DocumentRoot "C:/my/site"
ServerName my.site.com
ServerAdmin support#magicleaer.com
ErrorLog "${SRVROOT}/logs/error.log"
TransferLog "${SRVROOT}/logs/access.log"
SSLEngine on
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "${SRVROOT}/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "${SRVROOT}/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
SSLProtocol TLSv1.2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA:!RC4
SSLCertificateFile "..."
SSLCertificateKeyFile "..."
SSLCertificateChainFile "..."
SSLCACertificateFile "..."
Alias /.well-known C:/magicleader/php/.well-known
<Directory "C:/my/site">
DirectoryIndex index.php
AllowOverride All
</Directory>
</VirtualHost>
Related
I am using WAMP Server with the following configuration:
Apache 2.4.54
PHP 8.1.8
MySQL 8.0.29
and the Virtualhost at httpd-hosts.conf is:
<VirtualHost *:80>
ServerName localhost
ServerAlias localhost
DocumentRoot "${INSTALL_DIR}/www"
<Directory "${INSTALL_DIR}/www/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require local
</Directory>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
</VirtualHost>
and at httpd-ssl.conf is:
<VirtualHost _default_:443>
DocumentRoot "${INSTALL_DIR}/www"
ServerName localhost
ServerAdmin webmaster#example.com
ErrorLog "${SRVROOT}/logs/error.log"
TransferLog "${SRVROOT}/logs/access.log"
SSLEngine on
SSLCertificateFile "${SRVROOT}/conf/key/localhost.crt"
SSLCertificateKeyFile "${SRVROOT}/conf/key/localhost.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "${SRVROOT}/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0
CustomLog "${SRVROOT}/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
With the above configuration my WAMP Server opens from the URL:
https://localhost
I have also installed Apache Tomcat 9.0 where it opens from the URL:
http://localhost:8080
My intention is to create a virtualhost i.e.: https://mylocaltomcat with a configuration like the following:
<VirtualHost *:80>
ServerName mylocaltomcat
ServerAlias mylocaltomcat
DocumentRoot "${INSTALL_DIR}/www/tomcat/"
<Directory "${INSTALL_DIR}/www/tomcat/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
# ProxyRequests off
# ProxyPass /.well-known/acme-challenge !
# ProxyPass "${INSTALL_DIR}/www/tomcat" ajp://127.0.0.1:8009/
# ProxyPassReverse "${INSTALL_DIR}/www/tomcat" ajp://127.0.0.1:8009/
</VirtualHost>
and
<VirtualHost _default_:443>
DocumentRoot "${INSTALL_DIR}/www/tomcat"
RewriteEngine On
ServerName mylocaltomcat
ServerAdmin webmaster#example.com
ErrorLog "${SRVROOT}/logs/error.log"
TransferLog "${SRVROOT}/logs/access.log"
SSLEngine on
SSLCertificateFile "${SRVROOT}/conf/key/localhost.crt"
SSLCertificateKeyFile "${SRVROOT}/conf/key/localhost.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "${SRVROOT}/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0
CustomLog "${SRVROOT}/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
# ProxyRequests off
# ProxyPass /.well-known/acme-challenge !
# ProxyPass "${INSTALL_DIR}/www/tomcat" ajp://127.0.0.1:8009/
# ProxyPassReverse "${INSTALL_DIR}/www/tomcat" ajp://127.0.0.1:8009/
</VirtualHost>
The Proxy lines are commented (#) as it was my effort to make the whole thing to work, but unfortunately it didn't.
The modules I have activated in Apache are:
I think I am missing something or even more stuff, but I cannot figure out how to proceed.
Any help would be greatly appreciated.
Edited - Fixed!
I figured out what the correct lines were for the proxy in order for it to work:
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
and I thought about sharing it.
Now it works as expected!
When i am hit https://subdomain2.example.com then pages are called form https://subdomain1.example.com but when i am hit sub2.example.com without HTTPS then it working fine below is my ssl.config..Give me any suggestion for below. what is an issue in my config
LoadModule ssl_module modules/mod_ssl.so
Listen 443
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
Below is my SSL Configuration.
<VirtualHost *:443>
ServerName subdomain1.example.com
ServerAlias subdomain1.example.com
DocumentRoot /Path/sub1
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/ServerCertificate2017.crt
SSLCertificateKeyFile /etc/pki/tls/private/keyw2017.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/Path/sub1">
SSLOptions +StdEnvVars
Options FollowSymLinks -Indexes
AllowOverride All
Order deny,allow
Allow from all
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
<VirtualHost *:443>
ServerName subdomain2.example.com
ServerAlias subdomain2.example.com
DocumentRoot /Path/sub2
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/ServerCertificate2017.crt
SSLCertificateKeyFile /etc/pki/tls/private/keyw2017.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/Path/sub2/">
SSLOptions +StdEnvVars
Options FollowSymLinks -Indexes
AllowOverride All
Order deny,allow
Allow from all
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
In This Configuration Need to add Virtual Host Name in SSL Config then it will work as per the configuration other wise it will consider only first configuration..
Below is the code..
NameVirtualHost *:443
OR
NameVirtualHost 192.168.1.1:443
I have 2 linux instances on AWS , a webserver that has apache running on it and the other has tomcat running it.
The website on apache is configured to process requests over https and internally the requests go to tomcat over http.
Things i have done so far w.r.t to ssl,
1) created self signed certificate on the apache server.
2) installed and enabled mod_ssl modules in my httpd.conf file
3) mapped my domain to required document root and also to required proxy pass settings in virtual hosts
the website is accessible over https but as soon as you click a link that makes a backend call to tomcat , it fails. I have looked through the net and have played around with all possible config changes not sure what is the issue.
My VirtualHost settings....
Listen 443
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4
SSLHonorCipherOrder on
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/opt/apache24/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<VirtualHost _default_:443>
DocumentRoot "/opt/testapp/ui"
ServerName app.dev.testapp.dom.com
ErrorLog "/opt/testapp/logs/error_log"
TransferLog "/opt/testapp/logs/access_log"
SSLEngine on
SSLCertificateFile "/opt/testapp/certificate/testapi.crt"
SSLCertificateKeyFile "/opt/testapp/certificate/testapi.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/opt/apache24/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "/opt/apache24/logs/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
<VirtualHost _default_:443>
ServerName api.dev.testapp.dom.com
ErrorLog "/opt/testapp/logs/error_log"
TransferLog "/opt/testapp/logs/access_log"
SSLEngine on
SSLProxyEngine on
ProxyPass / http://ec2-100-100-100-100.compute-1.amazonaws.com:8080/testapi/
ProxyPassReverse / http://ec2-100-100-100-100.compute-1.amazonaws.com:8080/testapi/
SSLCertificateFile "/opt/testapp/certificate/testapi.crt"
SSLCertificateKeyFile "/opt/testapp/certificate/testapi.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/opt/apache24/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "/opt/apache24/logs/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
I am using wamp in windows machine to configure SSL to support https request
when I ran this command below
httpd -e debug
Getting below error
(OS 10013)Permission denied: AH00072: make_sock: could not bind to address [::]:443
OS: Windows
Server:Wamp(appache2.4.x)
httpd-ssl.conf
<VirtualHost *:443>
DocumentRoot "D:/ews/liveenergy/myapp"
ServerName test.main.com:443
ServerAdmin admin#localhost
ErrorLog "C:/wamp32/wamp/bin/apache/apache2.4.9/logs/apache_error.log"
TransferLog "C:/wamp32/wamp/bin/apache/apache2.4.9/logs/access.log"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "C:/wamp32/wamp/bin/apache/apache2.4.9/conf/ssl.crt/ServerCertificate.crt"
SSLCertificateKeyFile "C:/wamp32/wamp/bin/apache/apache2.4.9/conf/ssl.key/rms_bldgot_com.key"
SSLCertificateChainFile "C:/wamp32/wamp/bin/apache/apache2.4.9/conf/ssl.crt/ChainBundle1.crt"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "D:/ews/liveenergy/myapp">
SSLOptions +StdEnvVars
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order Deny,Allow
Allow from 127.0.0.1
</Directory>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "C:/wamp/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
I've been receiving ERR_CONNECTION_TIMED_OUT when I try to open a https page on my server since I upgrade my Fedora 14 to 22.
The server run on linode cloud, and was add an "A/AAAA Record" look like this:
HOSTNAME ssl_page.mysite.com
IP ADDRESS xxx.xxx.xxx.xxx
TTL Default
My vhost.conf look like this:
<VirtualHost *:80>
ServerName mysite.com
ServerAlias www.mysite.com
DocumentRoot /var/www/html/mysite
ErrorLog /var/www/html/mysite/logs/error.log
CustomLog /var/www/html/mysite/logs/access.log combined
</VirtualHost>
My ssl.conf looks like:
Listen 443 https
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
SSLSessionCache shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout 300
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
<VirtualHost _default_:443>
DocumentRoot "/var/www/html/ssl_page"
ServerName ssl_page.mysite.com:443
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite PROFILE=SYSTEM
SSLCertificateFile /etc/pki/tls/certs/ssl_page.mysite.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/ssl_page.mysite.com.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
Neither "/var/log/http/ssl_error" or "/var/www/http/ssl_page/logs/error.log" have messages for this problem.
I even tried disable the firewalld, but it doesn't worked too.
Any one have a clue what are happening?
Finally it worked, I just had to change my ssl.conf in this way:
Listen 443 https
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
SSLSessionCache shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout 300
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
<VirtualHost *:80>
ServerName ssl_page.mysite.com
DocumentRoot /var/www/html/ssl_page
Redirect permanent / https://ssl_page.mysite.com
</VirtualHost>
<VirtualHost _default_:443>
DocumentRoot "/var/www/html/ssl_page"
ServerName ssl_page.mysite.com:443
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite PROFILE=SYSTEM
SSLCertificateFile /etc/pki/tls/certs/ssl_page.mysite.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/ssl_page.mysite.com.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
What was missing was the redirect directive.
Thanks anyway fellows!!!