July 21, 2011
Fixing Apache (13)Permission denied: access to / 403 Forbidden
Every so often I run into a 403 Forbidden response when I'm setting up something in Apache, checking the log files will yield something like:(13)Permission denied: access to /
There are a few things that could be the problem:
January 10, 2011
Changing the ColdFusion CFIDE Scripts Location
One of the things that the HackMyCF ColdFusion server security scanner looks for, is if the /CFIDE/scripts/ folder is in it's default location. There have been security vulnerabilities located in this folder in the past, most notably was the FCKEditor Vulnerability in ColdFusion 8.
August 20, 2009
ColdFusion wsconfig Hotfix CVE-2009-1876 is for Apache Only
There has been some confusion over the ColdFusion web server connector (wsconfig.jar) hotfix CVE-2009-1876 which is part of Adobe Security Bulletin APSB09-12.Whether or not this hotfix is required on IIS has been a question posed by many.
February 05, 2009
Using Apache Bench for Simple Load Testing
If you have access to a Mac or Linux server, chances are you may already have a really simple http load generating tool installed called Apache Bench, or ab. If you are on windows and have Apache installed, you may also have ab.exe in your apache/bin folder.
July 19, 2007
How many iPhone Visitors have you had?
I was curious if anyone was using an iPhone to read my blog yet, I'm sure before too long we will all be optimizing our sites for 3.5" displays. To find out I did a little grep on my Apache log file and piped it to wc to count the number of matches:fgrep 'iPhone;' access.
December 06, 2005
20 ways to Secure your Apache Configuration
Here are 20 things you can do to make your apache configuration more secure.Disclaimer: The thing about security is that there are no guarantees or absolutes.
November 30, 2005
Howto make Friendly URLs
Thinking and Making has a good article called: Friendly URLs improve usability and user experience. I've always been a big fan of the friendly urls, when I see a site that uses friendly URL's I get a sense of elegance, and cleanliness.
October 07, 2005
CheatSheet for Apache
A few weeks ago I started working on an Apache Cheat Sheet - I think covers the most common configuration, let me know if you want to see anything else on there.Looking for more cheat sheets? check out my cheat sheet roundup.
July 25, 2005
ServerTokens Prod, ServerSignature Off
I tend to forget the syntax every time, but one of the first things I do when I setup an Apache web server is add/edit these two directive in my httpd.
June 13, 2005
Free Chapters in Apache Security
Ivan has made two chapters from his book Apache Security available for download. He just released the chapter on secure php configuration, and the chapter on installation and configuration was previously made available.
March 25, 2005
Apache Modules - Top 10 List
When people ask me why I run my web server on linux, the main reason is Apache, and when they ask why I like Apache - the modules.
February 17, 2005
Apache mod_rewrite URLs Also Provide Validation
I Realized something when using Apache mod_rewrite for search engine safe url's, they also provide input type validation. I can use mod_rewrite to ensure that only integers are passed in my url in the id.For example, on my site macread I use url's like: http://macread.
September 21, 2004
Building Apache2 From Source on Linux (Redhat 8)
This blog entry shows the steps used to compile and build apache2 on linux. The example uses Apache 2.0.46 on Redhat 8 using a bash shell, you will need gcc installed. You can find Apache's install instructions hereDownlaod the latest tar.gz file for apache2
August 17, 2004
BlueDragon httpd.conf settings
Here are the settings that bluedragon 6.1 adds to your httpd.conf file. I am posting these because it is helpful when your trying to install on an unsupported platform.ServletExecInstances default 127.0.0.1:9999
ServletExecAliases default /servlet servlet .jsp .cfc .cfm .
August 27, 2003
Moving SSL Certs from IIS to Apache
I found some instructions for converting SSL certificates generated for IIS to private key, and cert files you can use on unix, or Apache for windows.First Export your IIS certificate into a pfx file (this is something you should do anyways for backup)
Run mmc.
December 01, 2002
Installing PHP on Apache 2
This page describes how to setup php on Apache2. PHP 4.3.0 with Apache 2.0.46 was used on Redhat 8.Install Apache
