Posts Tagged ‘ Apache

如何解決 TLS/SSL 使用了不安全的加密演算法: ARCFOUR、CBC、HMAC-MD5、HMAC-RIPEMD160

弱點掃瞄

弱點: TLS Service Supports Weak Cipher Suite

Transport Layer Security (TLS), the successor to Secure Socket Layer (SSL), is a network protocol that encrypt communications between TLS servers (e.g., websites) and TLS clients (e.g., web browsers). Every communication is secured by a cipher suite: a combination of several algorithms working in concert. Cryptographic algorithms do not have a defined lifetime, but academics, researchers, and nation states are constantly evaluating them for weaknesses. Consensus on which algorithms are untrustworthy evolves over time, and if a communication is protected with a weak cipher suite then that communication can be altered or decrypted.

  • Severity: Medium
  • Risk: A TLS service was observed supporting weak cipher suites.
  • Recommendation: Disable the cipher suites listed in the evidence column of the measurement.

Read more

如何解決 Web/Mail Server 使用了不安全的 SSL 通訊協定

弱點掃瞄

弱點: SSL/TLS Service Supports Weak Protocol

Transport Layer Security (TLS), the successor to Secure Socket Layer (SSL), is a network protocol that encrypt communications between TLS servers (e.g., websites) and TLS clients (e.g., web browsers). Every communication is secured by a cipher suite: a combination of several algorithms working in concert. Networking protocols do not have a defined lifetime, but academics, researchers, and nation states are constantly evaluating them for weaknesses. Consensus on which protocols are untrustworthy evolves over time, and if communications are sent with a weak protocol then that communication can be altered or decrypted.

  • Severity: High
  • Risk: A TLS service was observed supporting weak protocols.
  • Recommendation: Disable the protocols listed in the evidence column of the measurement.

Read more

如何自動將網站的 http:// 網址轉址為 https://

弱點掃瞄

弱點: Site does not enforce HTTPS

The site responds to HTTP requests without ultimately redirecting the browser to a secure version of the page. Since the site allows plaintext traffic, a man-in-the-middle attacker is able to read and modify any information passed between the site and the user. There are a variety of situations in which an attacker can intercept plaintext traffic in a man-in-the-middle position, including but not limited to:

  1. Open Wi-Fi Hotspots
  2. WPA/WPA2 encrypted hot-spots where the attacker connected before the victim
  3. Malicious Wi-Fi access points
  4. Compromised switches and routers
  5. ARP poisoning on the same wired network

It's important to remember that in many of the above situations, an attacker can not only read traffic, but also actively modify the traffic. Even if a site that does not contain sensitive information, an attacker can still inject malicious content to a user’s browser.

  • Severity: High
  • Risk: Site does not enforce the use of HTTPS encryption, leaving the user vulnerable to man-in-the-middle attackers (who can falsify data and inject malicious code).
  • Recommendation: Any site served to a user (possibly at the end of a redirect chain) should be served over HTTPS.

Read more

WordPress 的錯誤訊息: You don’t have permission to access post.php ...

如果你在上傳圖片時,出現:

 Http Error

或是發表文章時,出現

You don’t have permission to access /wordpress/wp-admin/post.php on this server.

這是 Apache 的 mod_security 造成之錯誤,這時候你可以在 wp-admin 的目錄下新增 .htaccess 檔案,內容如下:

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

這樣應該就可以輕鬆解決了。

參考網頁

  1. 窄多之Blog: PHP post error: Forbidden - You don't have permission to access
  2. Hongkiat: WordPress 2.5 Image Upload Error [Wordpress Fix]

[MySQL]處理字元編碼的一些心得

因為我在寫程式所用的到的 MySQL,同時有 3.x 版及 5.x 版要處理,所以對 MySQL 的字元編碼問題需要特別做研究,研究了一陣子之後,終於有了一些初步的心得,列出舊版及新版的 MySQL 做為比較:
Read more

[轉載][MySQL]MySQL 的 SET NAMES xxx 字元編碼問題分析

轉載自: PHPChina


近來接受 BBT 的培訓,做一個投票系統。系統程式碼倒不是很難,但是我的時間主要花費在了研究字符集和編碼上面。MySQL 和 Apache 兩個系統的編碼 (字符集) 問題讓我費勁腦筋,吃盡苦頭。網上對這些問題的解決比較零散,比較片面,大部分是提供解決方法,卻不說為什麼。於是我將這幾天收穫總結一下,避免後來者再走彎路。這篇文章對 PHP 編寫有一點幫助 (看完你就知道,怎樣讓你的 PHP 程式在大部分空間提供商的伺服器裡顯示正常),但是更多幫助在於網路伺服器的架設和設置。
Read more

使用 .htaccess 自訂「404 找不到網頁」的頁面

一般我們租用的虛擬主機無法讓我們修改 httpd.conf,所以只能透過使用 .htaccess 來自訂「404 找不到網頁」的頁面。

Read more

SVN + Trac + Apache 完整安裝攻略

SVN + Trac + Apache 完整安裝攻略,而原本在 SVN 所欠缺的用戶及權限管理介面,也都可以由 Trac 的外掛程式來搞定,可謂兩全其美。

本文章適合熟悉 SVN 但沒用個任何線上專案管理的人做為參考。

請注意,本人使用的 Linux 是 CentOS 4.x,RHEL 4.x 也適用。

Read more

Apache 1.3.x 限制頻寬(mod_bandwidth)

僅限 Apache 1.3.x 使用 mod_bandwidth 來限制用戶流量。

Read more

[轉載]apache 部份參數說明

轉載自: 小紅帽技術論壇


Part I

AllowOverride 的屬性功能

AllowOverride Limit 允許覆寫原連結屬性的範圍
AllowOverride Authconfig 可做密碼設定: 如: 藏密
AllowOverride Options 可將該目錄之 Options 功能覆寫
AllowOverride FileInfo 可將該目錄之任何文件型態覆寫, 如: DefaultType, ErrorType
AllowOverride Indexs 可將該目錄之顯示列印功能覆寫, 如: AddIcon, HeaderName, ReadName

Options 的屬性功能

Indexs 當無 index.html 可用列印目錄方式顯示, 如: center3 homepage 若用 -Indexs 則看不見 listing
FollowSymLinks 加一屬性如 +FollowSymLinks 可允許使用 symbol link 時, 依舊可瀏覽
ExecCGI 當為 +ExecCGI 可執行 CGI SCRIPT
Includes 可執行 Server site include, 若為 +Includes
IncludesNOEXEC 可執行 Server site include, 若為 +Includes, 但不可執行 CGI
None 沒有任何功能可用
All 均可
總之, 以 +, - 符號可加或刪減其功能, 若未給符號, 則只有初步功能

Read more

return top