Why does Apache2 map www.myurl.com/php to this directory?

I've recently inherited the job of maintaining a LAMP server. I have basically zero experience with web development, so sorry if I'm missing something obvious or not giving the right information.

If I go to www.myurl.com/foo/someFile.php, I get someFile.php located in /directory/number/one/foo. This is what I would expect since /etc/apache2/httpd.conf contains:

<Directory /directory/number/one/foo>
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /etc/apache2/passwords
Require valid-user
</Directory>

However, if I go to www.myurl.com/php/someFile.php, then I get someFile.php located in /directory/number/two/ (In real life /directory/number/two/ is /home/sean/sean_test/, so it's not some default path). I haven't been able to find any references to /directory/number/two/ in any of the following places:

  • Any httpd.conf on the system
  • Any apache2.conf
  • Any file in /etc/apache2/conf.d/
  • Any .htaccess on the system
  • Any php.ini on the system
  • Any .user.ini on the system (none exist, but they are referenced by php.ini)

I also haven't been able to find any symlinks from php to /directory/number/two/ anywhere on the system. Why is Apache loading files from /directory/number/two/?

Output of /usr/sbin/apache2 -V:

Server version: Apache/2.2.16 (Debian)
Server built:   Mar  3 2013 12:09:44
Server's Module Magic Number: 20051115:24
Server loaded:  APR 1.4.2, APR-Util 1.3.9
Compiled using: APR 1.4.2, APR-Util 1.3.9
Architecture:   64-bit
Server MPM:     Prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=128
 -D HTTPD_ROOT="/etc/apache2"
 -D SUEXEC_BIN="/usr/lib/apache2/suexec"
 -D DEFAULT_PIDLOG="/var/run/apache2.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="/var/run/apache2/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="mime.types"
 -D SERVER_CONFIG_FILE="apache2.conf"

Output of php --version:

PHP 5.3.3-7+squeeze15 with Suhosin-Patch (cli) (built: Mar  4 2013 13:11:17) 
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
    with Suhosin v0.9.32.1, Copyright (c) 2007-2010, by SektionEins GmbH

run setuid as www-data in python

I have a python script running as www-data but I would like it to have separate r/w/e permissions to the rest of the scripts. So I created a user to use however can't get the script to run as that user (it's a cgi script and I want all but this one running as www-data). Is there anyway I can use os.setuid() to demote myself to this user?. It seems to work the other way around but not from www-data to new user

Passenger (under Apache, running a Rails app) is not connecting to Postgres, but gives useless error messages

I have a pair of apps I'd like to run on one server, under CentOS 7,Apache 2.4,Passenger 5.2.3,Rails 5.1.3, and Ruby 2.3.1. One app uses PostgreSQL (9.6.5) (the other uses MySQL). When started, one app shows the following error:

[ D 2018-04-30 18:18:09.6842 29585/Tq age/Cor/Spa/Spawner.h:713 ]: [App 29639 stdout] !> Error
[ D 2018-04-30 18:18:09.6842 29585/Tq age/Cor/Spa/Spawner.h:713 ]: [App 29639 stdout] !> 
[ E 2018-04-30 18:18:09.7171 29585/Tq age/Cor/App/Implementation.cpp:305 ]: Could not spawn process for application /var/www/html/my_carrier_packets: An error occurred while starting up the preloader.
  Error ID: c1c03884
  Error details saved to: /tmp/passenger-error-ffVmuJ.html
  Message from application: could not connect to server: No such file or directory
        Is the server running locally and accepting
        connections on Unix domain socket "/tmp/.s.PGSQL.5432"?
 (PG::ConnectionBad)
  /var/www/html/my_carrier_packets/vendor/bundle/ruby/2.3.0/gems/pg-0.21.0/lib/pg.rb:56:in `initialize'
...

The "Error details" file is functionally a restatement of what's above, with slightly more data, the .s.PGSQL.5432 does, and there's nothing I can find searching the Error ID listed.

What am I missing? What needs to be done?

.htaccess URL redirect old link format to new

Recently I've changed the link format to articles on my self-hosted wordpress blog and I want old bookmarks to be able to redirect to the new links seamlessly, so that readers don't get page not found.

The old format was:https://domain.tld/index.php/yyyy/mm/dd/title-of-post

The new format is: https://domain.tld/title-of-post/

I made this change of course because it's a lot nicer and time isn't really a factor for my blog. I'm using Apache's RewriteRule directive in the .htaccess file but I'm having trouble getting the pattern to match. This is the current state of the .htaccess file:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php/[0-9]+/[0-9]+/[0-9]/.*?$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

But previously I've tried such patterns as:

^index\.php/?([-a-zA-Z0-9_+]+)/?([-a-zA-Z0-9_+]+)/?([-a-zA-Z0-9_+]+)/.*?$

and

^index\.php/2018/03/30/.*?$

and even

(index)(\\.)(php)(\\/)(\\d)(\\d)(\\d)(\\d)(\\/)(\\d)(\\d)(\\/)(\\d)(\\d)(\\/)((?:[a-z][a-z]+))

Of which the last I tried to use txt2re

None of this gave me any luck in matching the URL I'm giving it. I want old links to redirect to the new corresponding link.

Install ssl certificate on apache in Red hat

I already have four .crt and a key which are :

-AddTrustExternalCARoot.crt
OV_NetworkSolutionsOVServerCA2.crt
OV_USERTrustRSACertificationAuthority.crt

STAR.XXXXXXX.COM.crt (a wildcard)

wildcard.XXXXXXXX.com.key

I think I need to copy and paste STAR.xxxxx.com.crt and the key under:

SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt

SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key

but I´m also reading something about an intermediate certificate to paste. I have appart from the wildcard and the key, three .crt certificates as you can see at the begining (addtrust, OV_and OV_). Should i create a intermediate certificate from these 3 certificates?

If not, how is the way to correctly install certificates on a apache web server running in a redhat.
Is there a way also to do this by GUI?

How to stop a rogue Linux process from every starting up again [on hold]

I'm running an Ubuntu 14.04 LTS server, with Apache2, and PHP 5.6.

I'm trying to find the source of a process that has been plaguing one of my servers.

I can see the process in "top", its ran by the www-data user, and is identified by the COMMAND, "vmak". It's very strange, and most likely malicious.

I've included the list of files that the process has open below. "sudo lsof -p"

I am wondering if you guys could point me at any tools that could be helpful in pinpointing the source of this script, so I can remove it, or quarantine it. Are there any commands that would be useful in finding the source of this process?

I've tried a bunch, including pstree. Any help would be greatly appreciated.

As soon as I kill the process, it's started right back up.

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME

vmak 14645 www-data cwd DIR 8,0 4096 124901 /var/www

vmak 14645 www-data rtd DIR 8,0 4096 2 /

vmak 14645 www-data txt REG 8,0 2359872 36 /tmp/vmak (deleted)

vmak 14645 www-data mem REG 8,0 101240 8608 /lib/x86_64-linux-gnu/libresolv-2.19.so

vmak 14645 www-data mem REG 8,0 22952 11891 /lib/x86_64-linux-gnu/libnss_dns-2.19.so

vmak 14645 www-data mem REG 8,0 149120 8765 /lib/x86_64-linux-gnu/ld-2.19.so

vmak 14645 www-data mem REG 8,0 1857312 11893 /lib/x86_64-linux-gnu/libc-2.19.so

vmak 14645 www-data mem REG 8,0 43616 8605 /lib/x86_64-linux-gnu/libnss_files-2.19.so

vmak 14645 www-data 0r CHR 1,3 0t0 9114 /dev/null

vmak 14645 www-data 1w CHR 1,3 0t0 9114 /dev/null

vmak 14645 www-data 2w CHR 1,3 0t0 9114 /dev/null

vmak 14645 www-data 3r FIFO 0,11 0t0 2074158 pipe

vmak 14645 www-data 4w FIFO 0,11 0t0 2074158 pipe

vmak 14645 www-data 5u 0000 0,12 0 9112 anon_inode

vmak 14645 www-data 6r FIFO 0,11 0t0 2074159 pipe

vmak 14645 www-data 7w FIFO 0,11 0t0 2074159 pipe

vmak 14645 www-data 8u 0000 0,12 0 9112 anon_inode

vmak 14645 www-data 9r CHR 1,3 0t0 9114 /dev/null

vmak 14645 www-data 10u IPv4 2074160 0t0 TCP [FQDN-Edited-Out].com:53328->ramzansal5.example.com:3338 (ESTABLISHED)

Get Referrer Url in php codeigniter

I am not sure if this is doable or not, but i am trying to find the original source on how the user actually reached our site. This is to display an example of the flow. Lets say our site is xyz.com User reached our site in this manner

A.com -> B.com -> xyz.com

Is it possible to know A.com because $_SERVER['HTTP_REFERRER'] will only provide me with B.com. Even, if it is doable with .htaccess will be great

Any ideas/suggestion will be very helpful.

Thank you

Apache modsecurity: limit requests per resource per second

I'm trying to configure modsecurity for Apache to limit the number of requests to the same resource per unit of time: 10 hits per second per resource, no matter which ip address does the request. It is desirable do not block extra calls but redirect to a given page.

I included module and placed next code in httpd.conf:

<LocationMatch "(.*)\.dimg(.*)">
  SecDebugLogLevel 9
  SecAction phase:2,initcol:resource=%{REQUEST_URI},pass,nolog,id:132
  SecRule RESOURCE:COUNT "@gt 10" "phase:2,pause:300,deny,status:503,setenv:RATELIMITED,skip:1,nolog,id:102"
  SecAction "phase:2,setvar:resource.count=+1,pass,nolog,id:103"
  SecAction "phase:5,deprecatevar:resource.count=10/1,pass,nolog,id:104"
  Header always set Retry-After "10" env=RATELIMITED
  ErrorDocument 503 "Service Unavailable"

Then I run stress test to simulate high load. But extra requests are not blocked. From logs: Recorded original collection variable: resource.count = "0"

As a result SecRule RESOURCE:COUNT "@gt 10" returns false for any request.

What is wrong here?

Remove extensions for both .html and .php in apache

The code is mixed to I have .html and .php in the same folder. There is never a time there there is the same name but different extensions. I have some code that should work but doesn't. The html part works but when I try to request a PHP page without an extension the URL it gives a 404

RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.html -F
RewriteRule ^(.*)$ $1.html
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -F
RewriteRule ^(.*)$ $1.php

Unable to remove www. from subdomain with .htaccess

I wanted to remove www. from my urls. It is working for main domain https://www.klepow.zone but not for subdomains (f.ex. http://www.blanka.klepow.zone).

According to http://www.htaccesscheck.com/ and https://htaccess.madewithlove.be/ both syntax is correct and the url should change, but it does not on my shared server.

According to http://redirectdetective.com/ there is no redirect happening for the url.

This is my .htaccess file, mind as I do not own a wildcard-SSL I needed to force https:// for main domain and http:// for subdomains (that's why the behavior is different and the file so unnecessarily complicated).

RewriteEngine On

# klepow.zone domain
# Clear www. from klepow.zone domain
RewriteCond %{HTTP_HOST} ^www\.klepow\.zone [NC]
RewriteRule ^ https://klepow.zone%{REQUEST_URI} [NC,QSA,R=302]

# Force SSL protocol on klepow.zone domain
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(www\.)?klepow\.zone [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NC,QSA,R=302]



# *.klepow.zone subdomains
# Clear www. from *.klepow.zone subdomains
RewriteCond %{HTTP_HOST} ^www\.(.*)\.klepow\.zone [NC]
RewriteRule ^ http://%1.klepow.zone%{REQUEST_URI} [NC,QSA,R=302]

# Force non-SSL on *.klepow.zone subdomains
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^(www\.)?(.*)\.klepow\.zone [NC]
RewriteRule ^ http://%2.klepow.zone%{REQUEST_URI} [NC,QSA,R=302]

Why is http://www.blanka.klepow.zone not getting rid of a www.?