Category Archives: Apache

Apache: deny not allowed here

If you are seeing “deny not allowed here” within your error logs .Try adding the following to your httpd conf file for the virtual site.

or
[] [error] [client ::1] client denied by server configuration: /var/www/example.com/
<Directory /home/www/troublefolder>
Options Indexes FollowSymLinks MultiViews +Includes
AllowOverride All
Order allow,deny
allow from all
</Directory>

of course replace the trouble folder with the actual folder name . If you do not have access to the httpd conf file , you may need to ask your System Admin to do this for you.

*We need clarification on if this setting inherits to the sub folders.*

send me a message on twitter if you can assist with clarifying the above for me .
Twitter

https://wiki.apache.org/httpd/ClientDeniedByServerConfiguration

obsolete cipher (AES_128_CBC with HMAC-SHA1)

With Internet privacy on everyone’s mind. I decided it was time to do some house keeping myself. I ran my main domain through the test at SSL Labs . I ended up with a SSL grade of B- :( wow .




I ran a test via Google chrome and Chrome returned the message “obsolete cipher (AES_128_CBC with HMAC-SHA1) ” . Additionally I ran a quick test via Python and it returned ” raise SSLError(e, request=request)
requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)”

A few things I had issues with
1) The root chain bundle was missing from the server
2) I was using old ciphers
3) Enabling Perfect Forward Secrecy was disabled
Enabling perfect forward secrecy
After correcting the above , My SSL grade changed to A . Hopefully this information will help those out there. Internet privacy is a big deal these days. Engineers need to do what they can to protect every day users.

Python Test :


import requests
s = requests.get('https://domain.com')
print(s)


Ciphers used
SSLCipherSuite “EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4”

Apache / Python basic setup

Apache / Python basic setup

This is a from the ground up basic Apache/ Python integration.

Linux OS: Debian

1. apt-get install python apache2

2. enable the cgi module by running ” a2enmod cgi ”

3. update the Apache config setting. For me I set AllowOverride to All because i wanted to set my configs via a .htaccess file.

<Directory /var/www/html/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>

cat .htaccess
Options +ExecCGI
AddHandler cgi-script .py

3a. You can also avoid using the .htaccess file and update the apache setting to
<Directory /var/www/cgi-bin>
Options ExecCGI
SetHandler cgi-script
</Directory>

<Directory /var/www/html/>
Options +ExecCGI
AddHandler cgi-script .py
</Directory>

reference
http://httpd.apache.org/docs/2.2/howto/cgi.html

Check Apache loaded modules
apachectl -t -D DUMP_MODULES
httpd -t -D DUMP_MODULES

Note: I heard using the cgi module is discourage and they recommend using fastcgi or uwsgi. I will write up another blog entry after I run a few test. As of this writing I needed to get something up quick for a project launch.

Apache:: AH01627: AUTHTYPE CONFIGURED WITH NO CORRESPONDING

Apache Version : 2.2/2.4
Error: AH01627: AUTHTYPE CONFIGURED WITH NO CORRESPONDING AUTHORIZATION DIRECTIVES

After upgrading apache we started seeing the above error. This was due to the .haccess file missing a directive that work without it in earlier versions of Apache.

before the upgrade
AuthType Basic
AuthName “Restricted Area”
AuthUserFile “/home/path”

Needed after the upgrade
Require valid-user << ——   required after the upgrade <<<<<<—




 
Require valid-user
AuthType Basic
AuthName “Restricted Area”
AuthUserFile “/home/path”

Installing Virtualmin http error on centos 5.6

Error: Missing Dependency: httpd = 2.2.3-22.el5.centos.1 is needed by package httpd-devel-2.2.3-22.el5.centos.1.i386 (installed)

Run to check what is currently installed on the server
rpm -qa | grep httpd

simple fix :
Uninstall the current version of apache using yum
yum remove httpd

**make sure you backup any custom conf* files prior **

Reference