nginx Directive rewrite is not terminated

linux web I have been setting up some sites on nginx today (moving from an apache server) and have been pretty happy with how an Apache rewrite rule like:

RewriteRule /foo/([0-9]+)/ /foo.cfm?id=$1

Can be done in nginx like this:

rewrite /foo/([0-9]+)/ /foo.

This entry was:

Apache Security Patches on CentOS / RHEL

web Those familiar with RedHat Enterprise Linux (RHEL) or CentOS servers may notice that when you update a Apache (or most any other package) on a RedHat / CentOS based server it still reports the same version number.

This entry was:

Blocking .svn and .git Directories on Apache or IIS

web One of the issues that our HackMyCF ColdFusion Server Scanner checks for is the existence of public .git/ or .svn/ directories. Exposing these directories to the public could lead to information disclosure, such as your server side source code.

Blocking .svn and .

This entry was:

Fixing Apache (13)Permission denied: access to / 403 Forbidden

web Every so often I run into a 403 Forbidden response when I'm setting up something in Apache, checking the log files will yield something like:

(13)Permission denied: access to /

There are a few things that could be the problem:

This entry was:

Changing the ColdFusion CFIDE Scripts Location

coldfusion One of the things that the HackMyCF ColdFusion server security scanner looks for, is if the /CFIDE/scripts/ folder is in it's default location. There have been security vulnerabilities located in this folder in the past, most notably was the FCKEditor Vulnerability in ColdFusion 8.

This entry was:

ColdFusion wsconfig Hotfix CVE-2009-1876 is for Apache Only

coldfusion There has been some confusion over the ColdFusion web server connector (wsconfig.jar) hotfix CVE-2009-1876 which is part of Adobe Security Bulletin APSB09-12.

Whether or not this hotfix is required on IIS has been a question posed by many.

This entry was:

Using Apache Bench for Simple Load Testing

apple coldfusion linux web If you have access to a Mac or Linux server, chances are you may already have a really simple http load generating tool installed called Apache Bench, or ab. If you are on windows and have Apache installed, you may also have ab.exe in your apache/bin folder.

This entry was:

How many iPhone Visitors have you had?

apple I was curious if anyone was using an iPhone to read my blog yet, I'm sure before too long we will all be optimizing our sites for 3.5" displays. To find out I did a little grep on my Apache log file and piped it to wc to count the number of matches:

fgrep 'iPhone;' access.

This entry was:

20 ways to Secure your Apache Configuration

web Here are 20 things you can do to make your apache configuration more secure.

Disclaimer: The thing about security is that there are no guarantees or absolutes.

This entry was:

Howto make Friendly URLs

web Thinking and Making has a good article called: Friendly URLs improve usability and user experience. I've always been a big fan of the friendly urls, when I see a site that uses friendly URL's I get a sense of elegance, and cleanliness.

This entry was:

CheatSheet for Apache

web A few weeks ago I started working on an Apache Cheat Sheet - I think covers the most common configuration, let me know if you want to see anything else on there.

Looking for more cheat sheets? check out my cheat sheet roundup.

This entry was:

ServerTokens Prod, ServerSignature Off

web I tend to forget the syntax every time, but one of the first things I do when I setup an Apache web server is add/edit these two directive in my httpd.

This entry was:

Free Chapters in Apache Security

books Ivan has made two chapters from his book Apache Security available for download. He just released the chapter on secure php configuration, and the chapter on installation and configuration was previously made available.

This entry was:

Apache Modules - Top 10 List

web When people ask me why I run my web server on linux, the main reason is Apache, and when they ask why I like Apache - the modules.

This entry was:

Apache mod_rewrite URLs Also Provide Validation

coldfusion web I Realized something when using Apache mod_rewrite for search engine safe url's, they also provide input type validation. I can use mod_rewrite to ensure that only integers are passed in my url in the id.

For example, on my site macread I use url's like: http://macread.

This entry was:

Building Apache2 From Source on Linux (Redhat 8)

linux This blog entry shows the steps used to compile and build apache2 on linux. The example uses Apache 2.0.46 on Redhat 8 using a bash shell, you will need gcc installed. You can find Apache's install instructions here

Downlaod the latest tar.gz file for apache2

This entry was:

BlueDragon httpd.conf settings

coldfusion Here are the settings that bluedragon 6.1 adds to your httpd.conf file. I am posting these because it is helpful when your trying to install on an unsupported platform.

ServletExecInstances default

ServletExecAliases default /servlet servlet .jsp .cfc .cfm .

This entry was:

Moving SSL Certs from IIS to Apache

linux web I found some instructions for converting SSL certificates generated for IIS to private key, and cert files you can use on unix, or Apache for windows.

First Export your IIS certificate into a pfx file (this is something you should do anyways for backup)

Run mmc.

This entry was:

Installing PHP on Apache 2

linux misc This page describes how to setup php on Apache2. PHP 4.3.0 with Apache 2.0.46 was used on Redhat 8.

Install Apache

This entry was:


did you hack my cf?