Posts Tagged ‘ Apache

如何解决 TLS/SSL 使用了不安全的加密算法: ARCFOUR、CBC、HMAC-MD5、HMAC-RIPEMD160

弱点扫瞄

弱点: TLS Service Supports Weak Cipher Suite

Transport Layer Security (TLS), the successor to Secure Socket Layer (SSL), is a network protocol that encrypt communications between TLS servers (e.g., websites) and TLS clients (e.g., web browsers). Every communication is secured by a cipher suite: a combination of several algorithms working in concert. Cryptographic algorithms do not have a defined lifetime, but academics, researchers, and nation states are constantly evaluating them for weaknesses. Consensus on which algorithms are untrustworthy evolves over time, and if a communication is protected with a weak cipher suite then that communication can be altered or decrypted.

  • Severity: Medium
  • Risk: A TLS service was observed supporting weak cipher suites.
  • Recommendation: Disable the cipher suites listed in the evidence column of the measurement.

Read more

如何解决 Web/Mail Server 使用了不安全的 SSL 通讯协定

弱点扫瞄

弱点: SSL/TLS Service Supports Weak Protocol

Transport Layer Security (TLS), the successor to Secure Socket Layer (SSL), is a network protocol that encrypt communications between TLS servers (e.g., websites) and TLS clients (e.g., web browsers). Every communication is secured by a cipher suite: a combination of several algorithms working in concert. Networking protocols do not have a defined lifetime, but academics, researchers, and nation states are constantly evaluating them for weaknesses. Consensus on which protocols are untrustworthy evolves over time, and if communications are sent with a weak protocol then that communication can be altered or decrypted.

  • Severity: High
  • Risk: A TLS service was observed supporting weak protocols.
  • Recommendation: Disable the protocols listed in the evidence column of the measurement.

Read more

如何自动将网站的 http:// 网址转址为 https://

弱点扫瞄

弱点: Site does not enforce HTTPS

The site responds to HTTP requests without ultimately redirecting the browser to a secure version of the page. Since the site allows plaintext traffic, a man-in-the-middle attacker is able to read and modify any information passed between the site and the user. There are a variety of situations in which an attacker can intercept plaintext traffic in a man-in-the-middle position, including but not limited to:

  1. Open Wi-Fi Hotspots
  2. WPA/WPA2 encrypted hot-spots where the attacker connected before the victim
  3. Malicious Wi-Fi access points
  4. Compromised switches and routers
  5. ARP poisoning on the same wired network

It's important to remember that in many of the above situations, an attacker can not only read traffic, but also actively modify the traffic. Even if a site that does not contain sensitive information, an attacker can still inject malicious content to a user’s browser.

  • Severity: High
  • Risk: Site does not enforce the use of HTTPS encryption, leaving the user vulnerable to man-in-the-middle attackers (who can falsify data and inject malicious code).
  • Recommendation: Any site served to a user (possibly at the end of a redirect chain) should be served over HTTPS.

Read more

WordPress 的错误讯息: You don’t have permission to access post.php ...

如果你在上传图片时,出现:

 Http Error

或是发表文章时,出现

You don’t have permission to access /wordpress/wp-admin/post.php on this server.

这是 Apache 的 mod_security 造成之错误,这时候你可以在 wp-admin 的目录下新增 .htaccess 档案,内容如下:

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

这样应该就可以轻松解决了。

参考网页

  1. 窄多之Blog: PHP post error: Forbidden - You don't have permission to access
  2. Hongkiat: WordPress 2.5 Image Upload Error [Wordpress Fix]

[MySQL]处理字符编码的一些心得

因为我在写程式所用的到的 MySQL,同时有 3.x 版及 5.x 版要处理,所以对 MySQL 的字符编码问题需要特别做研究,研究了一阵子之后,终于有了一些初步的心得,列出旧版及新版的 MySQL 做为比较:
Read more

[转载][MySQL]MySQL 的 SET NAMES xxx 字符编码问题分析

转载自: PHPChina


近来接受 BBT 的培训,做一个投票系统。系统程式码倒不是很难,但是我的时间主要花费在了研究字符集和编码上面。MySQL 和 Apache 两个系统的编码 (字符集) 问题让我费劲脑筋,吃尽苦头。网上对这些问题的解决比较零散,比较片面,大部分是提供解决方法,却不说为什么。于是我将这几天收获总结一下,避免后来者再走弯路。这篇文章对 PHP 编写有一点帮助 (看完你就知道,怎样让你的 PHP 程式在大部分空间提供商的服务器里显示正常),但是更多帮助在于网络服务器的架设和设置。
Read more

使用 .htaccess 自订“404 找不到网页”的页面

一般我们租用的虚拟主机无法让我们修改 httpd.conf,所以只能透过使用 .htaccess 来自订“404 找不到网页”的页面。

Read more

SVN + Trac + Apache 完整安装攻略

SVN + Trac + Apache 完整安装攻略,而原本在 SVN 所欠缺的用户及权限管理接口,也都可以由 Trac 的外挂程式来搞定,可谓两全其美。

本文章适合熟悉 SVN 但没用个任何线上专案管理的人做为参考。

请注意,本人使用的 Linux 是 CentOS 4.x,RHEL 4.x 也适用。

Read more

Apache 1.3.x 限制频宽(mod_bandwidth)

仅限 Apache 1.3.x 使用 mod_bandwidth 来限制用户流量。

Read more

[转载]apache 部份参数说明

转载自: 小红帽技术论坛


Part I

AllowOverride 的属性功能

AllowOverride Limit 允许覆写原连结属性的范围
AllowOverride Authconfig 可做密码设定: 如: 藏密
AllowOverride Options 可将该目录之 Options 功能覆写
AllowOverride FileInfo 可将该目录之任何文件型态覆写, 如: DefaultType, ErrorType
AllowOverride Indexs 可将该目录之显示打印功能覆写, 如: AddIcon, HeaderName, ReadName

Options 的属性功能

Indexs 当无 index.html 可用打印目录方式显示, 如: center3 homepage 若用 -Indexs 则看不见 listing
FollowSymLinks 加一属性如 +FollowSymLinks 可允许使用 symbol link 时, 依旧可浏览
ExecCGI 当为 +ExecCGI 可执行 CGI SCRIPT
Includes 可执行 Server site include, 若为 +Includes
IncludesNOEXEC 可执行 Server site include, 若为 +Includes, 但不可执行 CGI
None 没有任何功能可用
All 均可
总之, 以 +, - 符号可加或删减其功能, 若未给符号, 则只有初步功能

Read more

return top