[SOLVED] Zen Cart incorrect time zone


Our Zen Cart installation has incorrect time zone. On the orders page, the orders are placed +5 hours from current date/time. This is very annoying problem as the server is showing correct time, and PHP is configured with correct time zone in /etc/php.ini file. Also, the correct time zone is set in the includes/application_top.php file.

How to mitigate from DDoS with mod_security and mod_evasive on Centos 6?


For smaller scale DDoS attacks, Web Application Firewall (WAF) like Mod Security and Mod Evasive will mitigate DDoS attacks. For larger scale DDoS attacks, you may need to turn to professional DDoS mitigation service provider.

1. Install Mod Security Apache Module.

How to mitigate from Apache Killer?


Apache is the most popular web server being used today. Apache Killer exploit which was released in August 2011, exploits a vulnerability in the Apache software by sending a crafted "Range" HTTP header. Apache Killer attack abuses the HTTP protocol by requesting URL content to be returned in a huge number of small chunks, which leads to hundreds of large memory fetches causing a server to run out of memory and crash. This vulnerability identified as CVE-2011-3192 was fixed in httpd-2.2.21.

How to run PHP with HTML extension?


There are a couple of reasons why you may want to run php with html extension. You may have a static website with highly ranked web pages, and would like to retain search engine indexing and ranking while converting the site to use server-side technology. Or, you may not want to reveal server-side technology to your website visitors for security reasons. While others may just prefer plain old html extensions over php extensions on their URLs. Regardless of your reasoning, using a server-side technology such as PHP with html extension is easy to setup.

Apache mod_vhost_alias module fails to set DOCUMENT_ROOT


Mass virtual hosting using mod_vhost_alias or mod_rewrite module simplifies pattern-based virtual hosting. However, there is a major problem if your virtual host application makes use of the DOCUMENT_ROOT environment variable. According to the Apache documentation, the mod_vhost_alias does NOT correctly sets the DOCUMENT_ROOT variable and hence pontentially break PHP web applications that makes use of this environment variable.

SSL Certificate File Formats


Secure Sockets Layer (SSL) provides secure connections by allowing two applications connecting over a network connection to authenticate the other's identity and by encrypting the data exchanged between the applications. A server identity is verified by three components: Private Key, Digital Certificate and Trusted Certificate Authority.

How to create a htpasswd file with encrypted password?


htpasswd is used to create and update the flat-files used to store usernames and password for basic authentication of HTTP users. Resources available from the Apache HTTP server can be restricted to just the users listed in the files created by htpasswd. This program can only manage usernames and passwords stored in a flat-file.

To restrict access to certain HTTP resources, we need to create two files: .htaccess and .htpasswd (or equivalent per httpd.conf setting). The .htaccess file looks something like:

-- [.htaccess] file content begins --

SELinux Issue: Apache 403 permission denied on virtual hosts


Platform setup:
Fedora Core 3
Apache 2.0.52-3
SELinux enabled.

Apache configuration is setup correctly with right permissions, we the server throws a 403 error.

The log entry in the /etc/httpd/logs/error_log:
"[error] [client xx.xx.xxx.xxx] (13)Permission denied: access to / denied"

The issue is well known but the fixes only apply to Fedora 3, such as :
"Use : chcon -R -t httpd_sys_content_t "


"deactive SELinux at the command line or GUI".


How to create a 301 redirect?


As described on URL Canonicalization article we published in March, having a unique URL ("canonicalization") for each webpage is important in improving your "Pagerank". Canonicalization is accomplished by redirecting non-standard webpages to a preferred ("standard") webpage.

Subscribe to RSS - apache