I have denied some IP addresses using .htaccess.
How to redirect to a page (banned.something.com) when they try to open my website?
Code:
deny from 176.xx.xxx.xx
You can redirect the banned ip to a specific page or url using the following in htaccess :
ErrorDocument 403 http://banned.example.com
DenyFrom 176.xx.xxx.xx
Related
I've blocked all IP's except my own from an old website, I've added a custom HTML page to replace the default 403, but it's not displaying?
order deny,allow
deny from all
allow from (ip)
allow from (ip)
ErrorDocument 403 http://www.mywebsite.co.uk/error.html
I can access the html page in my browser by visiting www.mywebsite.co.uk/error.html but from a blocked IP it still displays the standard 403 error message
Any ideas?
Thanks
I setup ssl on localhost (wamp), I made the ssl crt with GnuWIn32.
When I try to login with fb in Chrome I get the following message:
URL:
https://localhost/ServerSide/fb-callback.php?code=.....#_=_
Error:
Your connection is not private.
Attackers might be trying to steal your information from localhost (for example, passwords, messages, or credit cards). NET::ERR_CERT_INVALID.
localhost normally uses encryption to protect your information. When Chrome tried to connect to localhost this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be localhost, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chrome stopped the connection before any data was exchanged.
You cannot visit localhost right now because the website sent scrambled credentials that Chrome cannot process. Network errors and attacks are usually temporary, so this page will probably work later.
My SSL Config:
Listen 443
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:c:/wamp/www/ssl/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<VirtualHost *:443>
DocumentRoot "c:/wamp/www"
ServerName localhost:443
ServerAdmin admin#example.com
ErrorLog "c:/wamp/logs/error.log"
TransferLog "c:/wamp/logs/access.log"
SSLEngine on
SSLCertificateFile "c:/wamp/www/ssl/ia.crt"
SSLCertificateKeyFile "c:/wamp/www/ssl/ia.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "c:/Apache24/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "c:/wamp/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
My question is how to setup valid SSL certificate on localhost? or do I need to edit my configuration?
Allow Insecure SSL (localhost)
In Chrome (including Version 110), enable allow insecure localhost:
chrome://flags/#allow-insecure-localhost
Refer to this Stack Overflow for more information.
Allow Insecure SSL (other)
See "Your connection is not private. blah-bla-blah"...
Type thisisunsafe (key listeners pick it up).
Notes
If you are just curious if this works, browse this site which has a bad root ssl certificate. Other "bad ssl" sites can be found using badssl.com.
More about the chromium "override keyword":.
This is specific for each site.
The chrome developers also do change this periodically.
The current (v110) BYPASS_SEQUENCE is dGhpc2lzdW5zYWZl (which is base64 encoded).
1. When you see "Your connection is not private...NET::ERR_CERT_INVALID" warning on Chrome,
2. Just type "thisisunsafe" and wait.
Note: Last time this was tested, Chrome latest version was 107.0.5304.107
Your connection is not private
Attackers might be trying to steal your information from 10.10.10.10 (for example, passwords, messages or credit cards). Learn more
NET::ERR_CERT_INVALID
Type “badidea” or “thisisunsafe” directly on same chrome page.
Do this if you REALLY SURE about the link you are trying is safe. In my case I was trying to setup stackstorm locally using vagrant and virtualbox
Chrome version: Version 92.0.4515.131 (Official Build) (x86_64).
Source
I tried all I found at apache documentation and other sugestions found at stackoverflow and blogs.
When I add the folloowing line to any configuration file like /etc/apache2/apache2.conf or /etc/apache2/conf.d/localized-error-pages or /etc/apache2/httpd.conf or /etc/apache2/sites-enabled/000-default:
ErrorDocument 503 "This is an error msg" or even an html message
ErrorDocument 503 "<h1> This is an error message </h1>
or an external url redirect ErrorDocument 503 http://www.google.com it works.
But when I try an internal redirect like ErrorDocument 503 /ERROR_503.html
or ErrorDocument 503 /error/ERROR_503.html I get the default message with last line:
Additionally, a 503 Service Temporarily Unavailable
error was encountered while trying to use an ErrorDocument to handle the request.
I tried to put the html error page at the DocumentRoot var/www, at var/www/error.
Try to uncomment all the file /etc/apache2/conf.d/localized-error-pages that sets all errors to custom pages with internationalization that are at /usr/share/apache2/error.
And as the messages inside this files are the same as the default, the line
Additionally, a 503 Service Temporarily Unavailable
error was encountered while trying to use an ErrorDocument to handle the request.
is not shown anymore. But if I change the line
`ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var`
at the localized-error-pages file to a new html placed at the same page, the error is back
and the page is not shown. If I edit the file HTTP_SERVICE_UNAVAILABLE.html.var nothing change at the browser message too.
Some more information: I'm using apache2 just to redirect all request on port 80 to tomcat at port 8089 via an worker. My configuration files are https://dl.dropboxusercontent.com/u/1105054/apache.zip
This took me way tooo long (partially due to spelling), but I thought I'd post my whole virtual host file since it might be useful.
You'll want to make sure you've specified a DocumentRoot, and that you do the ProxyPass /file.html ! before your main ProxyPass /.
<VirtualHost *:443>
DocumentRoot /var/www/html
#ProxyPreserveHost On
<IfModule env_module>
# Fake SSL if Loadbalancer does SSL-Offload
SetEnvIf Front-End-Https "^on$" HTTPS=on
</IfModule>
SSLEngine on
SSLCertificateFile file
SSLCertificateKeyFile file
SSLCertificateChainFile file
ProxyPass /maintenance-message.html !
ProxyPass /maintance-message_files !
ProxyPass / "ajp://localhost:8009/"
ProxyPassReverse / "ajp://localhost:8009/"
ServerName server.something.com:443
ErrorDocument 503 /maintenance-message.html
</VirtualHost>
In my case I just added this ProxyPass line to my virtualserver config:
ProxyPass /serverError.html !
ErrorDocument 503 /serverError.html
That tells the proxy to go to the DocumentRoot and search for the error page.
Also you may find useful this answer: https://stackoverflow.com/a/13019667
I faced the same issue too and after deep searching I found here the best (and only?) solution from #Loren.
Worked after setting ProxyPass /file.html ! before the main ProxyPass / and NOT after.
Also, DocumentRoot is needed as well.
http://pastebin.com/B9MqcM1D
Failed to load resource: Request header field
Access-Control-Allow-Origin is not allowed by
Access-Control-Allow-Headers.
--disable-web-security Doesn't help.
Access-Control-Allow-Origin is a response header not a request header.
It has to be sent by the server you are making the request to.
CORS would be useless if the site hosting the JavaScript could grant itself permission to access any site on the WWW.
I've setup a custom 404 error page using the following code.
ErrorDocument 400 /errors.php
But when I check the headers sent i see that first a 301 moved permanently is sent followed by a 404 error header. So is it good for seo will it create problem with bots.
My second question is reg. transfer of non-existent sub-domains to 404 error pages.I'm using Cpanel and i want only the subdomains created in CPanel to work and i've created a wildcard redirect but non existent subdomain gives me a OK status.How do i redirect it to 404 page.
Thanks.
googlebot-news has special requirements published recently, like they won't acept old site schema-s any more