Apache – Page 3 – WindowsTechs.com

Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks

Posted on September 29, 2023 by Ionut Arghire

Hackers have set their sights on CVE-2023-34468, an RCE vulnerability in Apache NiFi that impacts thousands of organizations.
The post Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks appeared first on SecurityWeek.
Continue reading Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks→

Apache .htaccess rule to hide folders [migrated]

Posted on August 31, 2023 by user304539

In .htaccess I’d like to have a rule to find out if a request is to a folder, before Apache redirects to the folder. If it is a forbidden folder, it should display my custom 404 page.
How can I do it?
Here is my attempt, where I want all s… Continue reading Apache .htaccess rule to hide folders [migrated]→

Secure Serving of File Uploads on PHP Server without Root Config Possibilities? (Apache)

Posted on August 28, 2023 by DevelJoe

To secure the file uploads to a PHP/Apache server, I have already implemented the following steps:

Solid upload validation from PHP Framework
Used own names for uploaded files
Place uploaded files in server directory outside + above web r… Continue reading Secure Serving of File Uploads on PHP Server without Root Config Possibilities? (Apache)→

How to Fix Apache 2 Not Executing PHP Files

Posted on August 24, 2023 by Phil Hajjar

Learn how to troubleshoot Apache 2 when it’s not executing PHP files with this easy-to-follow, step-by-step tutorial. Continue reading How to Fix Apache 2 Not Executing PHP Files→

How to create custom rules for fail2ban in Apache?

Posted on July 9, 2023 by Tom

In the last few weeks I’ve been having some problems with some users who are scanning our server for files, and in those searches they generate a lot of errors.
That’s why I installed fail2ban, it turns out that not all the errors I’ve bee… Continue reading How to create custom rules for fail2ban in Apache?→

Analyze Apache Logs and block IPs for errors

Posted on June 30, 2023 by Tom

I have the Apache error.log file that has some access attempts that generate the errors below:

AH00082
AH01630
AH02430
AH00126

Is there any way to read the error.log file every minute, find the IP that generated this error code about 5 t… Continue reading Analyze Apache Logs and block IPs for errors→

Problem Extracting SSL keys from Apache 2.4

Posted on June 29, 2023 by Todd Hight

I am trying to setup SSL key logging with Apache 2.4 on Ubuntu 22.04.
I followed the very good Walkthrough provided by Lekensteyn in this post: Extracting openssl pre-master secret from apache2
What I have found is that the key logging do… Continue reading Problem Extracting SSL keys from Apache 2.4→

Why does metasploit SSL scanner only show highest version available?

Posted on May 21, 2023 by Cal-linux

I’m trying to scan my server (Apache2 on Debian), which is configured to support only TLS1.2 (and 1.3, presumably?). The config line is:
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1

I scan it with:
msf6 > use auxiliary/scanner/ssl/ssl_versi… Continue reading Why does metasploit SSL scanner only show highest version available?→

Organizations Warned of Security Risk in Default Apache Superset Configurations

Posted on April 26, 2023 by Ionut Arghire

Attackers can exploit Apache Superset installations with default configurations to gain administrator access and execute code on servers and databases.
The post Organizations Warned of Security Risk in Default Apache Superset Configurations appeared fi… Continue reading Organizations Warned of Security Risk in Default Apache Superset Configurations→

Remove old Cipher Suites [migrated]

Posted on April 24, 2023 by Rever_2019

I manage some websites and one of them got a poor security rating (from sec scorecard). I have a managed server, so I asked the IT guys to help, but also would like to understand this issue a little more.
The problem is, there are old TLS1… Continue reading Remove old Cipher Suites [migrated]→