Skip to main content
Information Security

Questions tagged [apache]

Ask Question

Questions about the security of Apache open source software, especially Apache HTTP Server

536 questions
Newest Active Bountied Unanswered
1 vote
1 answer
196 views

So I have a peculiar setup to work with. The main server is your standard off-the-mill Apache server with SSL enabled bound to a public domain (NOT localhost!). My Node.JS server runs on localhost:...
bblizzard's user avatar
  • 111
1 vote
1 answer
103 views

I parse content of user uploaded files using Apache Tika. While I use setMaxStringLength property to limit the parsed content to 4mb, I am suspicious if this is enough to safeguard my service from ...
Manish's user avatar
  • 11
0 votes
1 answer
137 views

Lately i see some line like this in my access.log [2a05:22c7:1:2102::7] 114.32.218.17 - - [13/Dec/2024:01:03:10 +0000] "GET / HTTP/1.0" 200 12794 "-" "-" Normally my ...
alebal's user avatar
  • 101
7 votes
3 answers
3k views

I can sometimes see in the server logs records caused by series of “strange” HTTP requests such as 2024.10.16 16:21:00 /index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-...
Anton Duzenko's user avatar
  • 179
0 votes
1 answer
492 views

I am testing a web application and I found a file upload vulnerability where I can upload php files to the server with the ability to know the path. The issue is that when I go to the file path, the ...
0xx7's user avatar
  • 1
1 vote
0 answers
2k views

I tried to find a way to limit requests per minute (or other time) using mod security rule in apache, but didn't get success from anywhere. I think it needs more expertise to write such complex rules ...
Rahul Thakkar's user avatar
  • 11
0 votes
1 answer
174 views

I have access to companies internal files through SSRF and Path traversal both but want to leverage it further to website takeover. Thus I can increase the impact and get more bounty then what they ...
oo7hacker's user avatar
  • 1
2 votes
0 answers
182 views

TLS unique value is present in TLS 1.2 version. In Golang, I can get the value of the TLS unique value from the http response through the field TLS. I'd like know how I can get it from Apache. Is ...
MoBe's user avatar
  • 21
0 votes
1 answer
292 views

Let's say there is a webapp where users can upload files with sensitive data and view analytics generated by the backend. Does using a reverse proxy like nginx or Apache actually help with the ...
BigMistake's user avatar
  • 123
0 votes
1 answer
544 views

To secure the file uploads to a PHP/Apache server, I have already implemented the following steps: Solid upload validation from PHP Framework Used own names for uploaded files Place uploaded files in ...
DevelJoe's user avatar
  • 161
0 votes
2 answers
876 views

In the last few weeks I've been having some problems with some users who are scanning our server for files, and in those searches they generate a lot of errors. That's why I installed fail2ban, it ...
Tom's user avatar
  • 174
1 vote
1 answer
289 views

I am trying to setup SSL key logging with Apache 2.4 on Ubuntu 22.04. I followed the very good Walkthrough provided by Lekensteyn in this post: Extracting openssl pre-master secret from apache2 What ...
Todd Hight's user avatar
  • 21
0 votes
0 answers
322 views

I'm trying to scan my server (Apache2 on Debian), which is configured to support only TLS1.2 (and 1.3, presumably?). The config line is: SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 I scan it with: msf6 &...
Cal-linux's user avatar
  • 113
2 votes
0 answers
199 views

I'm using Apache Airflow and I was troubleshooting built-in smtp setup. A mass email occurred on "[email protected]". It was used as a "From:" email in a mass email attack. ...
python_mainly's user avatar
  • 21
1 vote
0 answers
148 views

Besides some other hacking attempts, I am seeing the following kind of log entries in my Apache logs which I cannot fully understand. 5.188.x.x - - [10/Feb/2023:14:40:14 +0100] "GET http://5.188....
fuego's user avatar
  • 11

15 30 50 per page
1
2 3 4 5
36