For testing purposes, I set this in my htacces:
order deny, allow
deny from all
allow from 123.456.789.000
But Firefox shows:
Internal Server Error The server
encountered an internal error or
misconfiguration and was unable to
complete your request.
Error log shows:
[Thu Feb 24 04:05:12 2011] [alert]
[client 123.456.789.000]
/var/www/vhosts/website.org/httpdocs/.htaccess:
order takes one argument,
'allow,deny', 'deny,allow', or
'mutual-failure'
What does this mean? What am i doing wrong?
Thanks for helping with this.
You have a space in your Order directive argument.
Related
I'm having trouble getting fail2ban to detect failed apache-auth attempts
The filters looks like this:
^%(_apache_error_client)s (AH01617: )?user .* authentication failure for "\S*": Password Mismatch$
^%(_apache_error_client)s (AH01618: )?user .* not found(: )?\S*\s*$
and the errors that comes up:
[Tue Dec 23 13:41:45.870693 2014] [auth_basic:error] [pid 2818] [client 97.171.82.123:91131] AH01617: user miati: authentication failure for "/test/file.html": Password Mismatch, referer: https://example.org/test/file.html
[Tue Dec 23 13:41:45.870693 2014] [auth_basic:error] [pid 2818] [client 97.171.82.123:91131] AH01617: user miati: authentication failure for "/test/file.html": Password Mismatch, referer: https://example.org/test/file.html
Neither work correctly. I would like to get them re-written so they do work but I cannot figure out how the filter works, and googling is not getting me anywhere. Most guides presume I understand the regex, which I do not.
Could anyone explain (or link to) what these parameters in the filter mean so I can modify it on my own?
I was having this same issue with Fail2Ban v0.8.11 and initially found your post about 13 hours after you posted. My eventual solution was to use more current apache-common.conf and apache-auth.conf files from the official GitHub repo. It now catches login attempts and then auto-bans the IP address, though I'm using ufw for the actual banning/unbanning.
Your error message has extra text that fail2ban wasn't expecting, to tell fail2ban to accept this extra text:
remove the $ from the end of the pattern or add .* before the $.
The $ in the rule indicates that the log line must end there however your log lines contain text after the words "Password Mismatch", removing the $ removes that restriction. .* means "allow anything" so adding that allows anything before the end of line,
I'm setting up WAMP server for LDAP validation.
I can start the apache server and phpinfo() shows LDAP is active.
But when I submit the user name and password, it shows 500 error.
The error description in apache log is:
[Fri Mar 21 13:33:19.255265 2014] [ldap:error] [pid 8032:tid 1544]
(70023)This function has not been implemented on this platform:
AH01277: LDAP: Unable to add rebind cross reference entry. Out of
memory?
Can anyone help for this? Thanks a lot.
James Blond's replay in this thread https://www.apachelounge.com/viewtopic.php?t=4851&view=next works for me.
Since a few days, my Apache 2 error log is showing a lot messages like the following (IP addresses and URIs redacted):
[Thu Dec 12 13:46:42 2013] [error] [client 111.222.333.444] 0
[Thu Dec 12 13:52:27 2013] [error] [client 222.333.444.555] 0, referer: http://www.mydomain.com/
[Thu Dec 12 13:52:27 2013] [error] [client 222.333.444.555] 0, referer: http://www.mydomain.com/
[Thu Dec 12 13:53:54 2013] [error] [client 333.444.555.666] 0, referer: http://www.mydomain.com/subdirectory/
[Thu Dec 12 13:46:42 2013] [error] [client 444.555.666.777] 0
[Thu Dec 12 13:54:07 2013] [error] [client aaaa:1111:2222:ffff::] 0, referer: http://www.otherdomain.com/subdirectory/
What is this 0? There are no other messages shown (besides sometimes some other, normal messages, but very rarely).
The IP addresses are both IPv4 and IPv6. I checked the access log for the same date/time and IP addresses. Most of the times, there was an access for the exact same moment from this IP for different URIs on my webpage. But sometimes, there wasn't an access according to the access log.
It's a shared hosting environment, so I can't access the Apache settings (but I have ssh access to my home directory if this helps). I already googled and searched the Apache documentation, but didn't found anything (it's hard to search for "0"...)
/edit: I also asked the webhoster, they said they don't know what it's causing. I cross checked it with the Apache access log, these are requests to PHP scripts (mostly Joomla), but also requests to images as well as JS and CSS files. So I assume it's not a PHP script which is causing this.
If your error_log directive is unset errors will be written in your Apache log file for current VirtualHost.
So double check your PHP configuration (php.ini) or write a simple page with phpinfo()
If this is true, you should look inside your code (may be even into index.php).
Pay attention to this: usually there are two separate php.ini files for Apache /etc/php5/apache2/php.ini and CLI configuration /etc/php5/cli/php.ini.
Please also consider that, if you want change your PHP configuration, you can use ini_set function.
ini_set('error_log', '/var/log/php/error_new.log');
Remember: the destination directory must exist and your web server (or php engine) must have all permission to write into.
error_log format is not customizable, I suspect that it can be set to some higher level: debug or trace, where it can produce additional information.
Also please take into account, that error_log contains debug info from CGI/PHP/Perl scripts, so that 'zero' can be produced by some script that executed through apache as its module.
I'm getting this message in my Apache error console:
[Thu Jun 27 11:56:07 2013] [alert] [client 127.0.0.1] /Users/.......htacces without matching section
It started after my MAMP server wouldnt start and i found some online info that suggested entering ps aux/ grep mysql lsof _-i Killall -9 mysqld when this failed, I tried 2nd suggestion sudo Killall -9 mysqld. This came up with a warning so i called it. I then recalled that i had the same problem before and simple quit mysqld in my activity monitor, and the MAMP server worked again. I tried that, the server worked but got I then got a error message saying:
500 internal server error The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, you#example.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
I checked Apache error console and got this:
[Thu Jun 27 11:56:07 2013] [alert] [client 127.0.0.1] /Users/.......htacces without matching section
I have a problem on multiple servers than use Apache module mod_fcgid to serve a cgi script that processes the request (ticket validation and similar processing) then serves files on the server based on the result of the processing.
I keep getting the following errors repeatedly in the logs:
[Mon Jan 30 23:11:41 2012] [warn] [client 95.35.160.193] mod_fcgid: error reading data, FastCGI server closed connection
[Mon Jan 30 23:11:41 2012] [warn] [client 95.35.160.193] (32)Broken pipe: mod_fcgid: ap_pass_brigade failed in handle_request_ipc function
[Mon Jan 30 23:13:34 2012] [warn] [client 37.8.52.128] mod_fcgid: can't apply process slot for /var/www/cgi-bin/assetx.fcgi
These problems cause the server to be slow and other times result in service temporarily unavailable error.
The servers have large traffic on them, I have currently configured the following fcgi directives as below:
FcgidMaxRequestsPerProcess 0
FcgidMaxProcesses 300
FcgidMinProcessesPerClass 0
FcgidIdleTimeout 240
FcgidIOTimeout 240
FcgidBusyTimeout 300
the average load on the servers is normal, the number of processes is on average 250 processes.
I have done research for days about this issue, some say it is a permission problem, I've followed their suggestion, didn't help. I tried to tune the parameters above, these are the final values I tried, but they didn't work as well. I am also trying out nginx to be used instead of apache but I cannot find a suitable way to run the cgi script with this high load on the server using nginx.
What can I do to fix this problem?
Your app is dying before Apache can contact it successfully. The answer is to find out why the app is dying.
FastCGI process should never die or quit, even in an error condition. Apache expects FastCGI script to just keep on being there.
You mention you have a cgi script. How did you modify it to support FastCGI?
Usually you need to switch to something like CGI::Fast, remove all calls to die and exit, and refactor your script to run using the CGI::Fast while loop.