Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
I have the following for www.domain.com and login.domain.com. But spammers forward there site to login.domain.com and it works. How can I block them?
Ex: http://spammerexmaple.sex.com opens http://login.domain.com (I want to block this)
<VirtualHost *:80>
ServerName login.domain.com
ServerAlias login.domain.com
DocumentRoot /var/www/html/com/public
<Directory /var/www/html/com/public>
#AddDefaultCharset utf-8
DirectoryIndex index.php
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName www.domain.com
ServerAlias domain.com
DocumentRoot /var/www/html/www/public
<Directory /var/www/html/www/public>
# Compress output
AddOutputFilterByType DEFLATE text/html text/css text/plain text/xml application/x-javascript
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0[678] no-gzip
BrowserMatch bMSIE !no-gzip !gzip-only-text/html
#AddDefaultCharset utf-8
DirectoryIndex index.php
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
Follow up:
Spammers forward www.spammer.com to login.domain.com or www.spammer.sex.com anything someone can forward to login.domain.com and it works.
How can I block this?
[root#d dd.dd.com]# httpd -S
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
_default_:443 d (/etc/httpd/conf.d/ssl.conf:81)
*:80 is a NameVirtualHost
default server dummy.com (/etc/httpd/conf/httpd.conf:1028)
port 80 namevhost dummy.com (/etc/httpd/conf/httpd.conf:1028)
port 80 namevhost dd.dd.com (/etc/httpd/conf/httpd.conf:1039)
port 80 namevhost aa.aa.com (/etc/httpd/conf/httpd.conf:1058)
Syntax OK
<VirtualHost *:80>
ServerName dummy.com
DocumentRoot /tmp
<Directory /tmp>
deny from all
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName dd.dd.com
#ServerAlias dd.dd.com
DocumentRoot /var/www/html/dd.dd.com/public
<Directory /var/www/html/dd.dd.com/public>
#AddDefaultCharset utf-8
DirectoryIndex index.php
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName aa.aa.com
ServerAlias aa.com
DocumentRoot /var/www/html/aa.aa.com/public
<Directory /var/www/html/aa.aa.com/public>
# Compress output
AddOutputFilterByType DEFLATE text/html text/css text/plain text/xml application/x-javascript
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0[678] no-gzip
BrowserMatch bMSIE !no-gzip !gzip-only-text/html
#AddDefaultCharset utf-8
DirectoryIndex index.php
AllowOverride All
Order allow,deny
Allow from all
</Directory>
Action 1: Iptables are best + Physical routers such as Cisco Pix or other routers and making black lists + checking the incoming source ip with black listed ip networks, and suspend there access to our network.
Action 2: Putting some moderators, who screen the incoming traffic and bounce them as soon as possible and mark them spammer, and also report those to other networks
Action 3: god bless us, and hope we get more informations.. its a unlimited game, never ends.
Hope it help others at-least to know possibilities.
Related
I have 2 vhost files: 1 with all our sites admin URLS on port 443, 1 with all our sites main URLs on port 80.
Both files are known by apache as shown by apachectl -S.
net stat shows Apache listening on :80 and :443
I am using host file from my MacBook for now.
However, only URLs that match vhosts lines in the 443 vhost file are working. Otherwise the site will load the first site in the 443 vhost file. (301 Moved Permanently)
I even try going to site-name.com:80 - but none of the site URLS from the :80 vhost file are getting matched by apache. What am I missing?
EDIT: adding code
Listen 1xx.2xx.3xx.4xx:80 is defined in httpd.conf
From vhost.conf for main site URLS (This one is NOT working)
NameVirtualHost *:80
<VirtualHost 1xx.2xx.3xx.4xx:80>
ServerAdmin admin#site1.com
ServerAlias www.site1.com
DocumentRoot /var/www/site1.com/public
ServerName site1.com
ErrorLog /var/log/httpd/site1.com-error_log
CustomLog /var/log/httpd/site1.com-access_log common
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
<Directory /var/www/site1.com/public>
Options FollowSymLinks
AllowOverride All
DirectoryIndex index.php
</Directory>
</VirtualHost>
From sslvhost.conf for admin sites (This one IS working)
Listen 443 https
NameVirtualHost *:443
<VirtualHost *:443>
DocumentRoot "/var/www/site1.com/public"
ServerName site1.com
ServerAlias site1.com admin-site1.com
LogLevel warn
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
SSLEngine on
SSLProtocol all -SSLv3 -SSLv2 -TLSv1 -TLSv1.1
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
<Directory /var/www/site1.com/public>
Options FollowSymLinks
AllowOverride All
DirectoryIndex index.php
</Directory>
</VirtualHost>
From the config it seems you are missing the following
Listen 80
You Can add it just below the NameVirtualHost *:80
Everytime I try to access https://sub.myproject.test/ this message pops up:
Object not found!
The requested URL was not found on this server. If you entered the URL manually please check your spelling and try again.
If you think this is a server error, please contact the webmaster.
Error 404
sub.myproject.test
Apache/2.4.38 (Unix) OpenSSL/1.0.2q PHP/7.2.15 mod_perl/2.0.8-dev Perl/v5.16.3
On httpd-vhosts.conf I have:
<VirtualHost *:80>
DocumentRoot "/mnt/data/myproject/sub.myproject.com/public_html"
ServerName sub.myproject.test
ServerAlias www.sub.myproject.test
<Directory "/mnt/data/myproject/sub.myproject.com/public_html/">
AllowOverride All
Require local
</Directory>
</VirtualHost>
and on httpd-ssl.conf I have:
# catalog config
<VirtualHost *:443>
DocumentRoot "/mnt/data/myproject/sub.myproject.com/public_html"
ServerName sub.myproject.test:443
ServerAlias www.sub.myproject.test:443
ErrorLog "/opt/lampp/logs/error_log"
TransferLog "/opt/lampp/logs/access_log"
SSLEngine on
SSLCertificateFile "/opt/lampp/etc/ssl.crt/server.crt"
SSLCertificateKeyFile "/opt/lampp/etc/ssl.key/server.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/mnt/data/myproject/sub.myproject.com/public_html/">
SSLOptions +StdEnvVars +FakeBasicAuth
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Allow from all
Require all granted
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "/opt/lampp/logs/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
And of course in /mnt/data/myproject path I have the sub.myproject.com folder
If you could help me fix this, it'd be very appreciated
Your VirtualHost is ok (except you do not need to put :443 in ServerName and ServerAlias directives), but you never tell Apache which page to display by default, when not specified in the request.
Define DirectoryIndex in each VirtualHost.
Ex: DirectoryIndex index.html
When the request is https://example.com/
,hence nothing after the domain name, Apache will display index.html, from the DocumentRoot directory.
Unrelated to your question, you should put ServerTokens Prod and ServerSignature Off in your configuration, your error message is displaying way to much information.
I have wamp server with client authentication I generated for specific sub folder:
Now , I want to access my site instead of https://www.domain.com/subdomain/app1 by using https://app1.domain.com
When I try to access the url I do get asked to choose client certificate , but when I choose the matching one I get error 403 forbidden.
When I generated my certificate using OpenSSL , I've used *.domain.com as CN for the server key.
Here is my virtual host definition in httpd-ssl.conf
<VirtualHost *:443>
ServerName www.domain.com:443
DocumentRoot "c:/wamp/www"
ServerAdmin admin#domain.com
ErrorLog "C:/wamp/bin/apache/apache2.4.9/logs/ssl_error.log"
TransferLog "C:/wamp/bin/apache/apache2.4.9/logs/ssl_access.log"
SSLEngine on
SSLVerifyClient require
SSLVerifyDepth 10
SSLCertificateFile "C:\wamp\bin\apache\apache2.4.9\conf\cert\server.cer"
SSLCertificateKeyFile "C:\wamp\bin\apache\apache2.4.9\conf\cert\server.key"
SSLCACertificateFile "C:\wamp\bin\apache\apache2.4.9\conf\cert\ca.cer"
<LocationMatch ^(?=.*/subomain/app1/)(?!.*/subdomain/app1/service).*>
SSLRequire %{SSL_CLIENT_S_DN_CN} eq "App1Key"
</LocationMatch>
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
CustomLog "c:/wamp/bin/apache/apache2.4.9/logs/ssl_request.log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
Also , I've created this vhosts.conf to allow subdomain.domain.com
<VirtualHost *:80>
ServerName www.domain.com
ServerAlias *.domain.com
VirtualDocumentRoot "C:\wamp\www\demo\%1"
ErrorLog "logs\errors.log"
<directory "C:\wamp\www\demo\%1">
Options FollowSymLinks
AllowOverride all
Order Deny,Allow
Deny from all
Allow from all
</directory>
</VirtualHost>
Update
I've added the following code to the ssl.conf based on an answer , but now the client certificate always works and it ignores the criteria of the LocationMatch
<directory "C:\wamp\www\demo\%1">
Options FollowSymLinks
AllowOverride all
Order Deny,Allow
Deny from all
Allow from all
</directory>
Lets say I want to have the equivalent criteria below to subdomain.domain.com
<LocationMatch ^(?=.*/subomain/app1//)(?!.*/subomain/app1//service).*>
#SSLOptions +StdEnvVars +ExportCertData
SSLRequire %{SSL_CLIENT_S_DN_CN} eq "Shob"
</LocationMatch>
It's not your SSL setup that is giving the 403 forbidden.
Add this at the end of your <VirtualHost> block (just before the </VirtualHost> although it's only a preference to put it there) to give permissions to access the DocumentRoot folder for the virtual host:
<Directory "c:/wamp/www">
Order allow, deny
Allow from all
</Directory>
Or if you're on Apache 2.4 or later:
<Directory "c:/wamp/www">
Require all granted
</Directory>
You should also check if you had anything else in your previous <Directory> block when you had your previous setup, and bring that in too. For example, you might need to AllowOverride or set up some Options but the above will fix the problem you're asking about.
I have had two webservers running on the same machine with addresses like the following:
internal.myservername.com
and
test.myservername.com
The test site is (on some pages) pulling images from the internal site, and works flawlessly. Now that we are out of testing, I wanted to add/change the test domain to be the main site, so I added the apache server alias of myservername.com to the test site, but although all pages work, any images from internal will not show up on that address, resulting in a 403 error:
[access_compat:error] AH01797: client denied by server configuration
I have also tried setting up myservername.com as its own domain, and also tried making it the primary name on the test site (with test being an alias). In all cases, test.myservername.com continues to work fine and display images correctly, whereas myservername.com will not (resulting in all the 403 errors for these embedded images).
I have checked all configs and find nothing amiss. And there is nothing in my .htaccess files or conf files that is specific to "test". I am stumped.
I should probably also mention that I am running on a Mac OS Sierra server. (Server version: Apache/2.4.23 (Unix))
UPDATE WITH REQUESTED DETAIL:
img tags: there is nothing special in the image tags, they are called using the full url, ie
<img src="http://internal.myservername.com/images/imagename.jpg" />
I should also add that if I take the exact src url and paste it alone into a browser, the image WILL load. It is only embedded in the page that it will refuse to load. (and only on the main domain, test works fine embedded in img tag)
And the setup of test/main conf is:
<VirtualHost 127.0.0.1:34580>
ServerName http://test.myservername.com:80
ServerAdmin admin#example.com
DocumentRoot "/Library/Server/Web/Data/Sites/myservername.com/plugins/mywebsite"
DirectoryIndex index.php home.php index.html
CustomLog /var/log/apache2/access_log combinedvhost
ErrorLog /var/log/apache2/error_log
<IfModule mod_ssl.c>
SSLEngine Off
SSLCipherSuite "HIGH:MEDIUM:!MD5:!RC4:!3DES"
SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2
SSLProxyEngine Off
SSLProxyProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2
</IfModule>
<IfModule mod_secure_transport.c>
MSTEngine Off
MSTCipherSuite HIGH, MEDIUM
MSTProtocolRange TLSv1.2 TLSv1.2
MSTProxyEngine On
MSTProxyProtocolRange TLSv1.2 TLSv1.2
</IfModule>
<Directory "/Library/Server/Web/Data/Sites/myservername.com/plugins/mywebsite">
Options All -Indexes +ExecCGI +Includes +MultiViews
AllowOverride All
<IfModule mod_dav.c>
DAV Off
</IfModule>
<IfDefine !WEBSERVICE_ON>
Require all denied
ErrorDocument 403 /customerror/websitesoff403.html
</IfDefine>
</Directory>
ServerAlias myservername.com
And the conf for internal:
<VirtualHost 127.0.0.1:34580>
ServerName http://internal.myservername.com:80
ServerAdmin admin#example.com
DocumentRoot "/Library/Server/Web/Data/Sites/myservername.com"
DirectoryIndex index.php
CustomLog /var/log/apache2/access_log combinedvhost
ErrorLog /var/log/apache2/error_log
<IfModule mod_ssl.c>
SSLEngine Off
SSLCipherSuite "HIGH:MEDIUM:!MD5:!RC4:!3DES"
SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2
SSLProxyEngine Off
SSLProxyProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2
</IfModule>
<IfModule mod_secure_transport.c>
MSTEngine Off
MSTCipherSuite HIGH, MEDIUM
MSTProtocolRange TLSv1.2 TLSv1.2
MSTProxyEngine On
MSTProxyProtocolRange TLSv1.2 TLSv1.2
</IfModule>
<IfModule mod_headers.c>
<filesmatch "^.*www.*\.jpg$">
Header set Cache-Control "max-age=2678400, public"
</filesmatch>
</IfModule>
<Directory "/Library/Server/Web/Data/Sites/myservername.com">
Options All -Indexes +ExecCGI +Includes +MultiViews
AllowOverride All
Require all granted
<IfModule mod_dav.c>
DAV Off
</IfModule>
<IfDefine !WEBSERVICE_ON>
Require all denied
ErrorDocument 403 /customerror/websitesoff403.html
</IfDefine>
</Directory>
</VirtualHost>
UGH, I just figured out what was causing this, and here are the steps I took to figure it out:
Because my error was happening in mod_access_compat, I turned off that module to see if anything changed
This resulted in a much more clear error_log message that pointed to a problem with an .htaccess file inside my images folder on the internal site (that was setup by someone else and that I had no idea existed until the error showed it to me)
That .htaccess file contained directives that allowed my test site to pull images, but not the new domain, so once I added it to the file, all was fixed.
For those that want to know what the directives there were:
SetEnvIfNoCase Referer "^http://test.myservername.com/" locally_linked=1
SetEnvIfNoCase Referer "^http://test.myservername.com$" locally_linked=1
SetEnvIfNoCase Referer "^http://internal.myservername.com/" locally_linked=1
SetEnvIfNoCase Referer "^http://internal.myservername.com$" locally_linked=1
SetEnvIfNoCase Referer "^$" locally_linked=1
<FilesMatch "\.(gif|png|jpe?g)$">
Order Allow,Deny
Allow from env=locally_linked
</FilesMatch>
And by adding the following two lines, it now works:
SetEnvIfNoCase Referer "^http://myservername.com/" locally_linked=1
SetEnvIfNoCase Referer "^http://myservername.com$" locally_linked=1
I hope someone can give me a hand with this. I have 2 IPs that I can use to do this and need to host 2 different secure (SSL) domains on the same Apache server. I've read that as of Apache 2.2.something that a single IP can be used, using some sort of add-in but I want to keep this as simple as possible and am willing to use both IPs to accomplish this task. I already have the 2 signed certificates for the domains.
This setup that I am posting here, works, but the issue I am having is that when I go to domain2.net, I receive a browser warning telling me that the cert does not match the domain but matches domain1.com
I'm using CentOS 5 and Apache 2.2.3. CentOS has a ssl.conf file and these lines are what I believe are giving me trouble:
SSLCertificateFile /etc/pki/tls/certs/domain1.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/domain1.com.key
I was under the impression that I could override these values in the virtual host containers and reference the keys that I need but it doesn't appear that way. When I comment these two lines out in the ssl.conf file, Apache won't restart. The ssl_log hints: SSLCertificateKeyFile
These are my virtual containers:
<VirtualHost 2.2.2.2:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/domain2.net.crt
SSLCertificateKeyFile /etc/pki/tls/private/domain2.net.key
DocumentRoot "/var/www/domain2"
ServerName domain2.net
ServerAlias domain2.net
DirectoryIndex "index.php"
<Directory /var/www/html/domain2>
Options -Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost 1.1.1.1:444>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/domain1.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/domain1.com.key
DocumentRoot "/var/www/html"
ServerName domain1.com
ServerAlias domain1.com
DirectoryIndex "index.php"
<Directory /var/www/html>
Options -Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
How can I get these two domains to work using SSL? I've also tried to use the same port for the different IPs but again, Apache won't restart.
I'm truly lost on this so if someone could lend a hand, I'd really appreciate it.
Great question!
I was able to get two SSL certificates working on the same server. You should be able to do what you are trying to do.
The things in your configuration that stand out as odd to me:
I'd suggest using port 443 for both SSL-protected sites. You should have a specific instruction in apache's conf files somewhere for listening on port 443. For me it is located in /etc/apache2/ports.conf
Listen 443
.
It seems odd that you have ServerName and ServerAlias both using the same domain per virtual host. Try making the ServerAlias different or leaving it out:
ServerName domain1.com
ServerAlias www.domain1.com
.
I am assuming that you replaced your IPs and domains in your posted conf. Even if they are not the actual IPs you are using, you might want to double check that they can get you to the right place outside of SSL (since obviously SSL is not working).
.
Check the apache2 error log for more information. For me the log is located at: /var/log/apache2/error.log . You can set it with:
ErrorLog /var/log/apache2/error.log
And finally, for your reference here is my ssl-default (ssl.conf). I replaced my domains and IPs with the ones you used in your example conf. I have multiple subdomains working with NameVirtualHost since I have a wildcard cert:
<IfModule mod_ssl.c>
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/>
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
NameVirtualHost 1.1.1.1:443
NameVirtualHost 2.2.2.2:443
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/ssl_access.log combined
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
# 1.1.1.1 = domain1.com
<VirtualHost 1.1.1.1:443>
ServerName www.domain1.com
ServerAdmin admin#domain1.com
SSLEngine on
SSLCertificateKeyFile /var/www/ssl/domain1.key
SSLCertificateFile /var/www/ssl/wildcard.domain1.crt
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
DocumentRoot /var/www/domain1/www.domain1.com/web
DirectoryIndex index.php index.html
</VirtualHost>
<VirtualHost 1.1.1.1:443>
ServerName secure.domain1.com
ServerAdmin admin#domain1.com
SSLEngine on
SSLCertificateKeyFile /var/www/ssl/domain1.key
SSLCertificateFile /var/www/ssl/wildcard.domain1.crt
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
DocumentRoot /var/www/domain1/secure.domain1.com/
DirectoryIndex index.php index.html
</VirtualHost>
# 2.2.2.2 = *.domain2.com
<VirtualHost 2.2.2.2:443>
ServerName admin.domain2.com
ServerAdmin admin#domain2.com
SSLEngine on
SSLCertificateKeyFile /var/www/ssl/domain2.key
SSLCertificateFile /var/www/ssl/domain2.crt
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ErrorLog /var/log/apache2/error.log
DocumentRoot /var/www/domain2/secure.domain2.com/web
DirectoryIndex index.php index.html
php_flag display_errors on
php_value error_reporting 7
</VirtualHost>
</IfModule>
I hope this helps!!
You don't need a separate ssl.config file, but if you want to use one, then put your SSL <VirtualHost XXX:443> containers in your ssl.conf file rather than in your httpd,conf file.
The other option which we use on our site is to put the settings from the ssl.conf file in our httpd.conf file and rename the ssl.conf file to something like ssl.conf.bak (to keep it for reference).
It might help to put this Apache command before the first Virtual Host:
SSLStrictSNIVHostCheck on
This enabled me to have several different domains each with its own keys running on the same IP without getting confused.