I really have done searched and read dozens of replies on this old worn out subject. My "virtual server" must be different to the ones I read about here.
I have no cPanel. I have a Linux platform powered by Apache. I know the "root" of the server is a "free domain" which is never used and added domains sit on the webspace in folders. I can use redirects and expires and a few other instruction used on .htaccess. OK - redirects do not work - sometimes! Expires worked once and never again - at least I cannot see on Google Pagespeed that an expiry as been applied to a bunch of files.
I think teh redirects are blighted by AB Zero.html not being AB_Zero.html or AB-Zero.html ditto a similar issues with various folders.
The website originated in 2002 and I inherited the file and folder names.
I tried adding " %20 " to the spaces - to no avail.
Thats the story, the question is - is there another way to handle redirects that overcomes this problem?
Related
I have a few web sites that are hosted in a VPS.
Today, I found that when visiting "http://api.rsywx.com", it forces me to visit "https://api.rsywx.com", and the redirects me to "https://rsywx.net" (which is SSL enabled).
I checked my virtual host files, and did not find out anything forcing this redirect.
Anyone can point me some direction on how this can happen?
Redirects can be done on different ways and levels. Most elegant ways in descending order (my opinion):
Apache conf (mostly in /etc/apache2/apache2.conf)
.htaccess - file
in the index.php or the used backend script/code
(- could be even done in the frontend with javascript files but for that the page must be loaded and then will be redirected.. So nothing somebody should use)
Problem solved. I added one line in my Silex application's entry index.php to require HTTPS access, which is meant to be locally tested only.
I own a VPS with ISPConfig installed. On that VPS we got 4 websites, which are running well, but we have recently spotted problem with Google indexing nonexistent subdomains.
No matter that if you type www.xxx.com or www.xxx.xxx.com or www.yyy.xxx.com or yyy.xxxx.com it will load the main website www.xxx.com, which is, I assume, bad for Google as we give them millions of pages to index. I got to mention that subdomains "xxx" and "yyy" were not preset, in a matter of fact we got no subdomains at all, except "mail", which we use to reach the Roundcube for our websites.
I spotted that the "auto-subdomain" setting for every website is "*." and setted it to "www.", which fixed the issue with redirect but now all subdomains are still reachable - response code is 200 and they show empty pages.
I would like to show 404 error or something like that, not OK status.
Take a look at your dns manager, probably you have an "*" A record with *.xxx.com pointing to your IP address, then if you type this.xxx.com or that.xxx.com, you get www.xxx.com.
About a year ago I have installed mod_pagespeed on my VPS server, set it up and left it running. Recently I was exploring files on my server, went to pagespeed cache folder and discovered some strange folders.
All folders usually named this way ,2Fwww.mydomain.com or ,2F111.111.111.111 for IP addresses. I was surprised to see some domains that does not belong to me, like:
24x7-allrequestsallowed.com
allrequestsallowed.com
m.odnoklassniki.ru
www.fbi.gov
www.securitylab.ru
It looks like something dodgy is going on, was my server compromised, is there any reasonable explanation?
That does look peculiar. Everything in the cache folder should be files that mod_pagespeed tried to rewrite. There are two ways that I know of that this can happen:
1) You reference some third-party resource (say an image from another domain, or google analytics script) and you have explicitly enabled rewriting of that domain with ModPagespeedDomain www.example.com or ModPagespeedDomain *.
2) If your server accepts HTTP requests with invalid Host headers. Try (for example) wget --header="Host: www.fbi.gov" www.yourdomain.com/foo/bar.html. If your server accepts requests like that it may be providing mod_pagespeed with an incorrect base domain, and then subresources would be fetched from the same domain (so if www.yourdomain.com/foo/bar.html references some.jpeg, and your server accepts invalid host headers, we could fetch www.fbi.gov/foo/some.jpeg as the resource). There was a recent security release that makes sure all of these subrequests are done against localhost (not arbitrary third-party websites). Please see: https://developers.google.com/speed/docs/mod_pagespeed/CVE-2012-4001
You might want to look through these folders and see what specific resources are in there. I think that the biggest concern you should have is that someone might be trying to perform an XSS attack on your users or maybe a DDoS attack against another website (like www.fbi.gov), using your server as one vector. I do not think that these folders are indicative that your server itself is compromised.
If you would like to discuss this more, https://groups.google.com/forum/?fromgroups#!forum/mod-pagespeed-discuss is a good list to join and email.
On a Windows 2003 server running IIS 6.0 and FastCGI with an ExpressionEngine-powered website, I've encountered an issue where links containing index.php fail unless a question mark is added.
The basic issue is that if a link points to "index.php/archive/article", the page fails to load (see below) but it will work when "index.php?/archive/article" is used.
What happens when the "index.php" links fail is the URL will change in the browser address bar, but the main page content is still displayed. Append a question mark to "index.php" and the page loads properly.
The site was previously running with ISAPI as the Server API with no issues: the server saw "index.php" and "index.php?" as being synonymous and pages with "index.php" in the path would load as expected.
How would I configure setting somewhere which would tell FastCGI to treat "index.php" and "index.php?" the same way?
I am a bit green when it comes to Windows servers; my experience is mostly with Apache servers running on Unix boxes.
Any guidance or pointers would be most appreciated.
One option is that you could simply enable EE's force URL query string option.
But, if you don't like having the question mark in the URL, you can try this workaround.
I can't say that I know anything about Windows servers, but this has worked for me on Apache servers when running PHP as CGI. Best of luck!
We are putting up a company blog at companyname.com/blog but for now the blog is a Wordpress installation that lives on a different server (blog.companyname.com).
The intention is to have the blog and web site both on the same server in a month or two, but that leaves a problem in the interim.
At the moment I am using mod_rewrite to do the following:
http://companyname.com/blog/article-name redirects to http://blog.companyname.com/article-name
Can I somehow keep the address bar displaying companyname.com/blog even though the content is coming from the latter blog.companyname.com?
I can see how to do this if it is on the same server and vhost, but not across a different server?
Thanks
Rather than using mod_rewrite, you could use mod_proxy to set up a reverse proxy on companyname.com, so that requests to http://companyname.com/blog/article-name are proxied (rather than redirected) to http://blog.companyname.com/article-name.
Here are more instructions and examples.
There is functionality with ZoneEdit called webforwards which could probably do this and hide what you are actually doing (unless someone looked into it).
The only thing that mod_rewrite can do is send HTTP header redirects, and those redirects (across servers) always result in the browser address bar reflecting the reality.
You should instead consider writing a 404 script that 'reflects' the blog. This would essentially be a transparent proxy, and many are already written.
The script would find if the requested page (that was 404'd) started with http://mycompany.com/blog/ . If it did, it would download and then send onto the client the blog page and associated files (probably caching them as well).
So requesting http://mycompany.com/blog/article_xyz would cause the 404 script to download and send http://blog.companyname.com/article_xyz.
It's probably more work than it's worth, but you might be able to design a simple enough 404 script that it's worthwhile.
-Adam