i have spend a lifetime while traying to configurate SSL for Dropwizard
what i do is to start the dropwizard application with java -jar command in my console
NOT : i'am working right now on windows , but i'am planning to deploy the solution on linux after .
when i start my application , all works fine :
INFO [2018-10-16 16:23:26,739] org.eclipse.jetty.server.handler.ContextHandler: Started i.d.j.MutableServletContextHandler#24dc150c{/,null,AVAILABLE}
INFO [2018-10-16 16:23:26,759] org.eclipse.jetty.server.AbstractConnector: Started application#20231384{HTTP/1.1,[http/1.1]}{0.0.0.0:8080}
INFO [2018-10-16 16:23:26,762] org.eclipse.jetty.server.AbstractConnector: Started admin#3ba97962{HTTP/1.1,[http/1.1]}{0.0.0.0:8081}
INFO [2018-10-16 16:23:26,762] org.eclipse.jetty.server.Server: Started #3071ms
when i hit on my browser/or my android client a normal request the server show me this :
0:0:0:0:0:0:0:1 - - [16/oct./2018:16:30:25 +0000] "GET /robots.txt HTTP/1.1" 404 43 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" 69
0:0:0:0:0:0:0:1 - - [16/oct./2018:16:30:25 +0000] "GET / HTTP/1.1" 404 43 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" 69
0:0:0:0:0:0:0:1 - - [16/oct./2018:16:30:30 +0000] "GET /robots.txt HTTP/1.1" 404 242 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" 8
0:0:0:0:0:0:0:1 - - [16/oct./2018:16:30:30 +0000] "GET / HTTP/1.1" 200 553 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" 4
0:0:0:0:0:0:0:1 - - [16/oct./2018:16:30:31 +0000] "GET /favicon.ico HTTP/1.1" 404 243 "http://localhost:8081/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" 1
but i have an other client who is configurate to work with SSL ( and it's the mean client, the others is just for the test )
when i hit the same request with HTTPS , that what happen :
WARN [2018-10-16 16:32:29,216] org.eclipse.jetty.http.HttpParser: Illegal character 0x16 in state=START for buffer HeapByteBuffer#12404fb3[p=1,l=517,c=8192,r=516]={\x16<<<\x03\x01\x02\x00\x01\x00\x01\xFc\x03\x036\xD2T\xFd5\xF9\xCd...\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00>>>\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00...\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00}
googing this error i get tat is an problem with my server , he is not prepared to communicat with SSL
so how i can work with SSL or configurate SSL on jetty ?
i fix this by adding the the https params under server area on the yml config file
but i got some errors on ssl handshake so i fixed by creating the keystore .
Related
In our Apache HTTP logs, we see two GET requests for a single PDF file: (notice the exact same time stamp)
For the first request the server returns status code 200 and for the second it returns code 302.
[05/Jul/2022:07:39:22 -0400] "GET /collections/collection_2020/eccc/En4-419-3-2020-eng.pdf HTTP/1.1" 200 1281326 "https://publications.gc.ca/site/archivee-archived.html?url=https://publications.gc.ca/collections/collection_2020/eccc/En4-419-3-2020-eng.pdf" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36"
[05/Jul/2022:07:39:22 -0400] "GET /collections/collection_2020/eccc/En4-419-3-2020-eng.pdf HTTP/1.1" 302 325 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36"
The the past we have seen the browser trying to do Chunking for large PDFs so we set "Accept-Ranges" to none. So we don't understand why we are seeing two requests for a single PDF.
<LocationMatch "\.pdf$">
Header set "Accept-Ranges" "none"
</LocationMatch>
I've been trying to sort and custom print the results from an apache.log file.
The situation is that I would like to see the results as:
The output should represent total hits per month sorted by month
The output should look like:
Nov 2017 hits count - 12512
Dec 2017 hits count - 10087
Jan 2018 hits count - 12561
Here is part of the access.log for reference:
91.244.19.43 - - [12/Dec/2015:19:02:36 +0100] "GET / HTTP/1.1" 404 239 "http://localhost/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36" "-"
91.244.19.43 - - [12/Dec/2015:19:02:36 +0100] "GET /images/ HTTP/1.1" 200 1963 "http://localhost/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36" "-"
91.244.19.46 - - [12/Dec/2015:19:02:36 +0100] "GET /template/ HTTP/1.1" 200 10004 "http://localhost/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36" "-"
91.244.19.43 - - [12/Dec/2015:19:02:36 +0100] "GET /wp-login.php HTTP/1.1" 200 1801 "http://localhost/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36" "-"
193.47.55.21 - - [12/Dec/2015:19:02:36 +0100] "GET /wp-admin/ HTTP/1.1" 200 1457 "http://localhost/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36" "-"
193.47.55.21 - - [12/Dec/2015:19:02:36 +0100] "GET /template/ HTTP/1.1" 200 3465 "http://localhost/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36" "-"
11.114.21.37 - - [12/Dec/2015:19:02:36 +0100] "GET /wp-login.php HTTP/1.1" 200 4890 "http://localhost/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36" "-"
I came up with something like this:
cat access.log |sort -k1n|awk '{print $4}'|cut -d: -f1|cut -d/ -f2-3|sed 's/\[//g'|tr '/' ' '|sort -k2n -k1M
It does the job, printing the year/month and the hit count, but I need the output to be as the example above. In other words, I want to put the "hits counts" between the time frame and the number value of the actual hits count. Any idea how I can do that?
Thank you in advance.
cat access.log | awk '{ print substr($4,5,3),substr($4,9,4) }' | \
sort -k1 | \
uniq -c | \
gawk '{ print $2,$3,"hits count - ",$1}'
First print month and year,
then sort (not really needed),
then count the uniq lines,
then print month,year,"hits count -", and the number counted.
I am running an OpenClinica install on my webserver and experience the following problem on Google Chrome only:
I access the landing page
I log into the root (or any other) account
On the logged in overview, I click any link (eg. list all patients)
I get logged out and thrown back to the landing page
This happens only on Google Chrome. Here are the relevant entries from the access.log - can anyone make sense of these? I don't have any knowledge of HTTP status codes.
[03/Sep/2019:13:29:09 +0200] "POST /OpenClinica/j_spring_security_check HTTP/1.1" 302 328 "http://my-url.com/OpenClinica/pages/login/login;jsessionid=E6A0E2838AA51B1DA9F6AED47C42D5CD" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
[03/Sep/2019:13:29:09 +0200] "GET /OpenClinica/favicon.ico HTTP/1.1" 304 177 "http://my-url.com/OpenClinica/pages/login/login;jsessionid=E6A0E2838AA51B1DA9F6AED47C42D5CD" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
[03/Sep/2019:13:29:09 +0200] "GET /OpenClinica/MainMenu HTTP/1.1" 200 8269 "http://my-url.com/OpenClinica/favicon.ico" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
[03/Sep/2019:13:29:10 +0200] "GET /favicon.ico HTTP/1.1" 302 421 "http://my-url.com/OpenClinica/MainMenu" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
[03/Sep/2019:13:29:10 +0200] "GET /OpenClinica/pages/login/login;jsessionid=EA92FE865CF5345428D7538D18871D99 HTTP/1.1" 200 4770 "http://my-url.com/OpenClinica/MainMenu" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
Click on List all patients
[03/Sep/2019:13:29:12 +0200] "GET /OpenClinica/ListStudySubjects HTTP/1.1" 302 272 "http://my-url.com/OpenClinica/MainMenu" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
[03/Sep/2019:13:29:12 +0200] "GET /OpenClinica/pages/login/login HTTP/1.1" 200 4770 "http://my-url.com/OpenClinica/MainMenu" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
[03/Sep/2019:13:29:12 +0200] "GET /favicon.ico HTTP/1.1" 302 422 "http://my-url.com/OpenClinica/pages/login/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
[03/Sep/2019:13:29:12 +0200] "GET /OpenClinica/pages/login/login;jsessionid=9625D469100D1871538197FE241DECCB HTTP/1.1" 200 4770 "http://my-url.com/OpenClinica/pages/login/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
[03/Sep/2019:13:29:12 +0200] "GET /OpenClinica/RssReader HTTP/1.1" 200 757 "http://my-url.com/OpenClinica/pages/login/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
Now I do have some whacky redirect rules, which I think are the root cause of the problem. They were written as a fix to a different problem - when logging in to the system, instead of regularly looking at the favicon, the browser (any browser) would attempt to OPEN the favicon.ico as a picture, leading to, depending on the browser, a 404 page or the favicon being opened as a picture full screen. Here are the redirect rules:
<VirtualHost *:80>
ServerAdmin webmaster#localhost
ServerName www.my-url.com
ProxyPreserveHost On
ProxyPass /OpenClinica/favicon.ico http://localhost:8080/OpenClinica/
ProxyPassReverse /OpenClinica/favicon.ico http://localhost:8080/OpenClinica/
ProxyPass /OpenClinica/ http://localhost:8080/OpenClinica/
ProxyPassReverse /OpenClinica/ http://localhost:8080/OpenClinica/
ProxyPass / http://localhost:8080/OpenClinica/
ProxyPassReverse / http://localhost:8080/OpenClinica/
</VirtualHost>
Not used the specific application. As I see it, if you login while on / and you receive a cookie that is for /OpenClinica/ then: clicking on a relative link (that will keep you on /) would prevent the browser from re-sending the received cookie to the server.
I would replace the last 2 entries with something like:
RedirectMatch ^/$ /OpenClinica/
I did not exactly understand the issue with favicon but maybe you want to apply the same rule there.
Note: For RedirectMatch to work , mod_alias should be enabled.
Another thing: I see ProxyPreserveHost enabled. This means that OpenClinica should be aware of its external host name.
So that server is listening to port :80, but those proxy rules are all on port :8080 ... while I merely wonder why you need to configure proxy rules on localhost?
Just drop all of them and ignore the favicon issue meanwhile... the jsessionid being passed along with the URL rather hints for the server not handling the session properly, because such ID usually belongs into the request headers; putting them into the URL is the fallback option (because anyone who can see the logs can hijack these sessions, while in progress... no need for a password). With HTTPS it's not that bad, but on HTTP this is also visible in eventual proxy logs.
Honestly, I don't think this is a Chrome problem, but rather the vhost configuration and/or sessions problem.
It seems to stem from the vhost not having a DocumentRoot directive - and so it will inherit the global configuration, which seems to be one level above /OpenClinica.
I am having a problem with Apache randomly returning a blank page. It happens several times a day without any rhyme or reason. When this happens, the Apache access log indicates a 301 redirect to the same page which returns a 200 and no content, 0 bytes returned. Reloading the page works normally returning a 200 with content.
xxx.xxx.xxx.xxx - - [05/Apr/2018:09:52:43 -0400] "GET /administrator HTTP/1.1" 301 255 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/yyy.yyy.yyy.yyy Safari/537.36"
xxx.xxx.xxx.xxx - - [05/Apr/2018:09:52:43 -0400] "GET /administrator/ HTTP/1.1" 200 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/yyy.yyy.yyy.yyy Safari/537.36"
xxx.xxx.xxx.xxx - - [05/Apr/2018:09:52:47 -0400] "GET /administrator/ HTTP/1.1" 200 1937 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/yyy.yyy.yyy.yyy Safari/537.36"
This is also a Joomla installation, but looking at the log I'm not sure how that would have any bearing. It also doesn't matter what page, it happens with random pages as well.
Since approximately one month I have been cumulating a lot of these entries as below list in my server in the Apache2 log file. I have spent several days trying to find out if this is really a hack in the server and how to really interpret this kind of entries. I would like to ask your help to clarify if this is an attack and, if it is, then where to search for the intruder script or file within the server. The referer changes quite frequently, but the requested resources are usually the same, mainly dumped
sql files.
127.0.0.1 - - [01/May/2017:13:05:39 -0500] "GET /sql.sql HTTP/1.1" 404 460 "e5755.com" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.75 Safari/537.36"
127.0.0.1 - - [01/May/2017:13:05:43 -0500] "GET /db.zip HTTP/1.1" 404 459 "e5755.com" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.75 Safari/537.36"
127.0.0.1 - - [01/May/2017:13:05:52 -0500] "GET /db.tar.gz HTTP/1.1" 404 470 "smbexperience.com" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.75 Safari/537.36"