I am trying to enable Anti clickjacking on a website hosted by Azure.
Its a shared hosting package run on Apache server. Problem is that i cant find the correct conf file to modify and add this line of code to:
header always set x-frame-options "SAMEORIGIN"
we found a file called apache2.conf and added this but after restarting apache server the line is removed from the conf.
Anyone any ideas what i can do ?
The header code you are trying to add should be applied to a .htaccess file, placed in the folder where you want the action to happen. In your case it's likely the root of your site.
Be warned, though, that I've just ran in to an issue whereby mod_headers.c are not enabled in my container. So even if you put the code above in to a .htaccess file, it still may not work.
I'm interested in knowing where you found the apache2.conf file though. I can't see that on mine (but that may be due to me replying a custom docker container).
Related
The ACME server was probably unable to reach http://mydomain/.well-known/acme-challenge/LLtRq6EdfBLmxyhzlFEqL
kDXBUFLsQbaea6A5kiJxIo
Check in a browser to see if the answer file is being served correctly.
This could be caused by IIS not being setup to handle extensionless static
files. Here's how to fix that:
1. In IIS manager goto Site/Server->Handler Mappings->View Ordered List
2. Move the StaticFile mapping above the ExtensionlessUrlHandler mappings.
(like this http://i.stack.imgur.com/nkvrL.png)
3. If you need to make changes to your web.config file, update the one
at C:\applications\letsencrypt\web_config.xml
Getting this error
While creatng ssl certifcate using letsencrypt
tried
1) If you can't browse to this configcheck file in your web browser (http://{your site}/.well-known/acme-challenge/configcheck then the Lets Encrypt service can't access the files it needs either.
=> configcheck is not getting created
You can edit the web.config file in this folder to get extensionless files working, then you can re-request your certificate. A mimeMap entry for either "." or ".*" usually works depending on your operating system version.
=> Edited web.config tried both "." or ".*"
No success
Can anyone please suggest steps to follow
i am using aws sever windows 2008 R2
If you have redirected your domain name from http to https
in virtual host of apache http.conf file
This will cause this issue
please comment that redirect and try it
Got solved
I have apache 2.2 with mod_wsgi handling /
WSGIScriptAlias / "...wsgihandler.py"
I have followed instructions to setup static file handling with AliasMatches and a matching directory configuration.
The website is working fine.
How can I determine that static content is served by Apache and not via wsgihandler.py
working? The apache access log file doesn't help me, even when I set it to debug.
I've tried to intercept and read traffic between Firefox and the server, but that didn't enlighten me either.
Work out what the URLs of the static files are and then comment out the WSGIScriptAlias. The URLs should still work.
Note that in general you would not use AliasMatch but just Alias. You might want to provide the appropriate parts of the Apache configuration so it can be reviewed to see whether you are doing it in the best way.
This is my attempt:
load the headers_module
and in
Header set MyHeader "Static content served"
i am new to web hosting, but i purchased a domain from namecheap.com and i purchased web hosting from ramnode.com to host my domain, i am using centOS 32bit as my server, and i have pointed my domain to ramnode nameservers that were provided to me.
The problem i am having here is that everytime i load my website, it just says
Index Of/
cgi-bin/
even though i have placed my web page files in var/www, and var/www/html like ramnode support told me too, it still does not want to work. Any suggestions?
It all depends on how your server is setup but here are a few things to check.
What are the permission levels for your files, who owns them and what group are they in? If you don't have proper permissions set they may not show. If the wrong person owns them they may not show.
Read over your httpd.conf (centos should have it in /etc/httpd/conf) see how your server is setup. It may not have a default setup, perhaps your using a virtual host?
In a nutshell we need more information to help you out.
You should have an
.htaccess or htaccess.txt file in your WWW root, whithin that file you need the following line:
DirectoryIndex index.htm index.html index.php
That is the priority order of your index page. (Your web project needs an index page)
So in otherwords your webserver will serve the first matching file that it finds in that list.
A quick fix if you cant find the htaccess file, is just make sure you have an index.html file in your var/www
I just reset my nameservers to point to ramnode's last night and am experiencing the same issue as the OP this morning.
I previously had no FQDN for the ramnode server and simply used my /etc/hosts file locally to point to the ramnode server. Through that method, I was able to make sure everything was setup just so - apache virtualhosts, .htaccess files, apache.conf, and httpd.conf files all operating as desired.
It seems to have something to do with the installation of the cpanel, which auto-fills DNS A records with a different IP than the one I was provided. changing it to ramnode's original IP simply leads to the same cgi-bin directory index. But going going to the original ip in the browser leads to my site, as I have the apache virtualhost set for the IP.
Ramnode sets subdomain a records such as cpanel.mydomain.com all set to the same new IP and those do function, so it leads me to believe a ramnode server is capturing the trafic elsewhere and should be sending it on but isn't.
It's a bit confusing where cpanel is taking me and why redirecting to my the domain.com. A record to the original IP seems to have no effect.
I recently installed apache2 on ubuntu but I have a problem, my httpd.conf is empty. Can someone give me a clean copy of httpd.conf for apache2 on ubuntu?
Thanks!
Edit: I saw your answers but on wampserver httpd.conf is not empty and as you mentioned it is for user options. SO what should I do?
Edit2 : That's what I got on my apache2.conf, how I add modules, enable gzip and all of that?
[Deleted the contents, as they render the question unreadable and are useless, because that were the default Apache2 configuration under Ubuntu.]
The /etc/apache2/httpd.conf is empty in Ubuntu, because the Apache configuration resides in /etc/apache2/apache2.conf!
“httpd.conf is for user options.” No it isn't, it's there for historic reasons.
Using Apache server, all user options should go into a new *.conf-file inside /etc/apache2/conf.d/. This method should be "update-safe", as httpd.conf or apache2.conf may get overwritten on the next server update.
Inside /etc/apache2/apache2.conf, you will find the following line, which includes those files:
# Include generic snippets of statements
Include conf.d/
As of Apache 2.4+ the user configuration directory is /etc/apache2/conf-available/. Use a2enconf FILENAME_WITHOUT_SUFFIX to enable the new configuration file or manually create a symlink in /etc/apache2/conf-enabled/. Be aware that as of Apache 2.4 the configuration files must have the suffix .conf (e.g. conf-available/my-settings.conf);
It's empty by default. You'll find a bunch of settings in /etc/apache2/apache2.conf.
In there it does this:
# Include all the user configurations:
Include httpd.conf
OK - what you're missing is that its designed to be more industrial and serve many sites, so the config you want is probably:
/etc/apache2/sites-available/default
which on my system is linked to from /etc/apache2/sites-enabled/
if you want to have different sites with different options, copy the file and then change those...
It seems to me, that it is by design that this file is empty.
A similar question has been asked here:
https://stackoverflow.com/questions/2567432/ubuntu-apache-httpd-conf-or-apache2-conf
So, you should have a look for /etc/apache2/apache2.conf
I wasn't aware of this, and it is kind of funny; when you name a directory icons in the root of your host, then if you point your browser to host.com/icons, apache does not read from that directory and shows you a listing of Public Domain Icons.
I added an icons directory to the root and placed a key.png file in that directory, yet accessing that image results in 404. I tried to find if/where this has been documented and how it could be turned off. I found nothing. Could someone provide a pointer?
P.S. I am using XAMPP 1.7.3 which basically is a WAMP and has Apache 2.2.14
Edit
Aparently lots of live servers have this turned on and index of /icons could be seen lots of places.
Open this file: %XAMPP_PATH%\apache\conf\extra\httpd-autoindex.conf
and change :
Alias /icons/ "X:/xampp/apache/icons/"
<Directory "X:/xampp/apache/icons/">
to this:
Alias /icons/ "./icons/"
<Directory "./icons/">
Restart your Apache Server.
I'd assume that you have an alias within your httpd.conf.
I'm not familiar with XAMPP's config files or their location (google suggests it's probably in \xampp\apache\conf\httpd.conf) but I'd suggest you're looking for a line like the following:
Alias /icons/ /usr/local/apache/icons/
See http://httpd.apache.org/docs/current/mod/mod_alias.html for more info.
EDIT:
According to XMAPP site, you need to check \xampp\apache\conf\httpd.conf and the extra subfolder.
I would look in either your apache config file (\xampp\apache\conf\httpd.conf) or your .htaccess files and see if there is a redirect going on.
EDIT: I think Grhm is correct in that an Alias is in your config file somewhere, per the XAMPP site:
The main configuration file for Apache. It's including other files from the subdirectory "extra".
See if there is a directory called extra in the \xampp\apache\conf\ directory and then go through the files in there and see if that Alias is present.