How to , and other stuff about linux, photo, php … Another blog just like others on internet

January 16, 2019

How to deny execution of php on some directory

Filed under: Linux — Tags: , , , — admin @ 1:12 pm
Just add this on your .htaccess in that directory and php will not be executed.
# Kill PHP Execution
<Files ~ "\.ph(?:p[345]?|t|tml)$">
deny from all
</Files>

December 10, 2018

Your browser sent a request that this server could not understand

Filed under: Linux — Tags: , , , — admin @ 4:51 pm

Well today I am facing another problem.

Got this answer on a apache behind a proxy .

400 Bad Request
Bad Request
Your browser sent a request that this server could not understand.
Size of a request header field exceeds server limit.

So .. it appear the header that is received by webserver is bigger then normal .

Solution is to increase it .

LimitRequestFieldSize 32760
LimitRequestLine 32760

Please note that is loaded from first VirtualHost.

One solution is to tested with this

curl -v -H “CustomHeader: `printf ‘1%.0s’ {1..n}`” localhost

Where n can be replace with a value of for example 20000

 

March 12, 2018

Amazon ec2 ami certbot-auto problem

Filed under: Linux — Tags: , , , , , , — admin @ 11:15 am

Today tried to renew some ssl and surprise

 

certbot-auto renew
Error: couldn’t get currently installed version for /opt/eff.org/certbot/venv/bin/letsencrypt:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/bin/letsencrypt”, line 7, in <module>
from certbot.main import main
File “/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/main.py”, line 10, in <module>
import josepy as jose
File “/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/__init__.py”, line 41, in <module>
from josepy.interfaces import JSONDeSerializable
File “/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/interfaces.py”, line 8, in <module>
from josepy import errors, util
File “/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/util.py”, line 4, in <module>
import OpenSSL
File “/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/__init__.py”, line 8, in <module>
from OpenSSL import rand, crypto, SSL
File “/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/rand.py”, line 12, in <module>
from OpenSSL._util import (
File “/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/_util.py”, line 6, in <module>
from cryptography.hazmat.bindings.openssl.binding import Binding
ImportError: No module named cryptography.hazmat.bindings.openssl.binding

 

Well tryied everything

rm -rf /opt/eff.org    ( didn’t worked for me )

Reinstalled same problem.

The only solution was this found on a comment on github

$ unset PYTHON_INSTALL_LAYOUT
$ /opt/eff.org/certbot/venv/local/bin/pip install –upgrade certbot
$ /opt/eff.org/certbot/venv/local/bin/certbot –help

 

 

 

February 6, 2018

Prevent SSL redirect loop using WordPress and HAProxy

Filed under: Linux — Tags: , , , , — admin @ 11:21 am

I do have a haproxy that is serving the ssl frontend and the apache is on 80 port.  But the wordpress see the 80 port and is not forcing to use the ssl as links for css/js

So to force wordpress to generate ssl internal links you need to add this into wp-config.php

define('FORCE_SSL_ADMIN', true);
define('FORCE_SSL_LOGIN', true);
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
  $_SERVER['HTTPS']='on';


Offcourse on the haproxy you need to have

reqadd X-Forwarded-Proto:\ https

 

August 30, 2017

httpd with multiple ssl and password for every key automatically

Filed under: Linux — Tags: , , , , — admin @ 1:19 pm

Well to use this we must use the SSLPassPhraseDialog functionality of httpd – apache .

Basically into ssl.conf we put this line or modify the existing one into

SSLPassPhraseDialog exec:/path/script

Where script is read/execute only by root.

And the script is

 

#!/bin/perl
$server = $ARGV[0];
#print $server;
if ($server eq ‘www.example.com:443’ || $server eq ‘www.example2.com:443’ ) {
print ‘password one’;
} elsif ($server eq ‘example3.com’) {
print ‘Password two’;
}

 

Older Posts »

Powered by WordPress