Archive for the tag 'HTTP'

HTTP Error 502 Bad Gateway, 503 Service Unavailable

This error is usually due to improperly configured proxy servers. However, the problem may also arise when there is poor IP communication amongst back-end computers, when the client’s ISP is overloaded, or when a firewall is functioning improperly.

The first step in resolving the issue is to clear the client’s cache. This action should result in the a different proxy being used to resolve the web server’s content.

503 Service Unavailable

This error occurs when the server is unable to handle requests due to a temporary overload or due to the server being temporarily closed for maintenance. The error signifies that the server will only temporarily be down. It is possible to receive other errors in place of 503.

Specify the redirect host value when http is used on an https protocol

If you’ve enabled SSL=1 and the User enters http, then DA will give them the server IP redirect by default. This option will allow the admin to specify the value of the hostname in the redirect, which has an added benefit of forcing them to use the host that matches the certificate to valid ssl errors.

The directadmin.conf option will be:

ssl_redirect_host=host.name.com

The default setting is for the value to not be present in the directadmin.conf.

When it’s not present, the server IP will be used. With the option present, it’s value will be used (even it’s it’s blank) so make sure it only there if you want to use it.

Source: http://www.directadmin.com/

Redirect all HTTP traffic through the proxy.

If you would like to redirect all HTTP traffic through the proxy without needing to set up a proxy manually in all your applications you will need to add some rules

iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp –dport 80 -j DNAT –to-destination 10.0.0.1:3128

And

iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp –dport 80 -j REDIRECT –to-ports 3128

Where eth1,eth0 are the LAN, WAN devices and 10.0.0.1 is the IP address of your LAN device.

SBDavid

Securing the Apache HTTP Server

Securing the Apache HTTP Server

The Apache HTTP Server is one of the most stable and secure services that ships with major Linux Server Distros.

Below is a few list of configuration options administrators should be careful using.

The Indexes Directive

This directive is enabled by default, but may not be desirable. To prevent visitors from browsing files on the server, remove this directive.

FollowSymLinks

This directive is enabled by default, be sure to use caution when creating symbolic links to the
document root of the Web server. For instance, it is a bad idea to provide a symbolic link to /.

The UserDir Directive

The UserDir directive is disabled by default because it can confirm the presence of a user account on the system. To enable user directory browsing on the server, use the following directives:

UserDir enabled UserDir disabled root

These directives activate user directory browsing for all user directories other than /root/. To add users to the list of disabled accounts, add a space delimited list of users on the UserDir disabled line.

Do Not Remove the IncludesNoExec Directive

Restrict Permissions for Executable Directories

Be certain to only assign write permissions to the root user for any directory containing scripts or CGIs. This can be accomplished by typing the following commands:

chown root[directory_name] chmod 755 [directory_name]