What is the best and most secure way to disable /cpanel and /webmail from the end of my website's URL?
I would like to disable them so they can't be accessed that way.
Thanks!
Assuming you have not fully control on your servers I mean to the OS through SSH, according to my assumption the easiest way would be redirect those urls to your home page. What web server do you use ? Nginx, Apache etc. ? If this is apache then what is the version ?
You can find your web server config edit section in Cpanel I'm not sure where it is.
There may be those url configs specified. The clear way would be remove them. But if you couldn't find it add one of the config according to your web sever and version
Apache 2.2
RewriteEngine on
RewriteRule (.*)/cpanel(.*)$ / [R]
RewriteRule (.*)/webmail(.*)$ / [R]
Apache 2.2 Doc
Apache 2.4
AliasMatch "(.*)/cpanel(.*)$" "/"
AliasMatch "(.*)/webmail(.*)$" "/"
Apache 2.4 Doc
Nginx
rewrite (.*)/cpanel(.*)$ / ;
rewrite (.*)/webmail(.*)$ / ;
Nginx Doc
Related
I want to use geminabox with Apache web server. I have searched a lot on web but could not find any concrete information. Can some one please let me know how to do this ? Will appreciate detailed suggestions.
An easy way to use Geminabox with Apache is to configure a HTTP Reverse Proxy.
For this configuration, you just need two files:
1) The config.ru just like the example in the README.md file in the geminabox repository:
require "rubygems"
require "geminabox"
Geminabox.data = "include here the data path"
run Geminabox::Server
To run the server use rackup command. This will start the server in the 9292 port. If you want to change the port number use rackup -p XXXX.
2) In the Apache side, make sure that you have the mod_proxy and the mod_proxy_http installed. If yes, just include the following lines into your Apache config file:
ProxyRequests Off
ProxyPass / http://localhost:9292/
ProxyPassReverse / http://localhost:9292/
Restart the Apache and it is done!
geminabox is a ruby application, and just like all ruby applications, Apache does not support them out of the box.
With that said, a simple Google of how to use ruby applications with Apache lead me to this, which lead me to this. I have no experience with this tool. However, it is suggested by the rails team, so it has to have some merit.
I did work with Apache VirtualHost.
In folder /etc/httpd/conf.d/ create a file gems.conf, so add it to the file:
<VirtualHost *:80>
ServerName gems.mydomain
ServerAlias gems.local
DocumentRoot /var/railsapps/gems/public
</VirtualHost>
Where /var/railsapps/gems is the folder that have the config.ru.
The domain gems.mydomain must be in your DNS or /etc/hosts
I need to make a reverse proxy back to a tomcat server running a grails application.
I have always seen reverse proxy examples like this:
ProxyRequests Off
ProxyPass / http://localhost:8080/appname/
ProxyPassReverse / http://localhost:8080/appname/
ProxyPreserveHost On
In all my apps though, when I do that the page comes up and my statics get loaded like this with the context:
/appname/static/[jsapp.js][mycss.css]
so consequently styling and functionality are lost. So my workaround is has been to do this:
ProxyRequests Off
ProxyPass /appname/ http://localhost:8080/appname/
ProxyPass / http://localhost:8080/appname/
ProxyPassReverse /appname/ http://localhost:8080/appname/
ProxyPassReverse / http://localhost:8080/appname/
ProxyPreserveHost On
which I guess is a reverse-reverse-proxy; either way it seems hacky and has (what i think is) a side affect; it creates the URL with the tomcat context in it: http://servername.com/appname/user/username instead of http://servername.com/user/username. I would much prefer the later if its possible without losing the styling.
NOTES:
When i go to the base URL:http://servername.com it works fine, any link i click on after that puts the "/appname/" name in the URL.
I believe that I could resolve this by making the app on tomcat the ROOT app, however, I would prefer not to.
This example is using HTTP, I normally use AJP protocol, but I tried HTTP last just for kicks
This is in a NameVirtualHost configuration.
Apache 2.2.15, Tomcat 7.0.27, CentOS release 6.2 (Final), java version "1.7.0_04", Grails 2.0.4
Any thoughts on what I need to be doing differently?
Thanks.
There are several ways, how to solve this situation. I am using vhosts inside TomCat, so I eliminate the application name in the URL. Add this to your server.xml
<Host name="myapp.com" appBase="myappbase" unpackWARs="true" autoDeploy="false">
<Alias>www.myapp.com</Alias>
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="myapp_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
<Context path="/thumbnails" docBase="/var/www/myapp/thumbnails" reloadable="true">
</Host>
in your $TOMCAT_HOME create a directory "myappbase", where you upload your application WAR as ROOT.war. Your application is available via http://myapp.com:8080/.
Your proxy configuration is than very simple ;-) You can also make more vhosts in 1 TomCat.
In the aforementioned configration is also an directory alias (thumbnails), which is accessible via http://myapp.com/thumbnails/ and you can use it in GSP via:
${ resource( dir: 'thumbnails', file: 'image01.png' ) }
And the last point, which can help you is setting a "static" directories in UrlMappings.groovy. These directories are ignored when translation URL to controllers and vice versa:
static excludes = [
'/css*', '/js*', '/thumbnails*'
]
We have purchased Verisign SSL for a Domain for https://www.domainname.com ; the problem is that it does not work for https://domainname.com. I am using ssl_requirement Gem: https://github.com/rails/ssl_requirement
So I patched the Gem to also redirect non www ones to https://www.domainname.com and it worked well for the following scenarios:
http://www.domainname.com => https://www.domainname.com
http://domainname.com => https://www.domainname.com
But not for the scenario where someone types:
https://domainname.com
It seems that the server throws error before Rails takes control. Here are the details of the server:
OS: RHEL 5.5
Ruby: 1.9.2
Rails: 3.0.10 (on RVM)
Web Server: Apache with Passenger
Thanks for your help.
Here's the code I use to redirect from domainname.com to www.domainname.com
RewriteEngine on
RewriteCond %{HTTP_HOST} ^domainname.com [nc]
RewriteRule (.*) http://www.domainname.com/$1 [R=301,nc]
This goes in the .htaccess file at the root level of the www directory.
Here's another writeup about SSL in Rails 3.1:
http://www.simonecarletti.com/blog/2011/05/configuring-rails-3-https-ssl/
You will prob have to handle this at apache level using a .htaccess file in the public dir of your rails app.
for the www rewrite rule see this SO answer: use htaccess to add www with https support
Also if your going to ssl your whole app have a look at Rack::SSL middleware - it handles secure cookies and such. This post has a good write up on using it and also avoiding mixed content warnings.
http://collectiveidea.com/blog/archives/2010/11/29/ssl-with-rails/
Hope this helps.
NOTE: Just got to thinking, this may not work still, if it doesn't you may have to setup a specific VirtualHost to handle that scenario, hopefully not.
I've found the rack-rewrite gem to be particularly helpful here, particularly since Heroku doesn't use .htaccess. Gem: https://github.com/jtrupiano/rack-rewrite
Here's an example configuration in config/environments/production.rb
ExampleApp::Application.configure do
config.middleware.insert_before(Rack::Lock, Rack::Rewrite) do
r301 /.*/, Proc.new {|path, rack_env| "http://www.#{rack_env['SERVER_NAME']}#{path}" }, :if => Proc.new {|rack_env| rack_env['SERVER_NAME'] !~ /www\./i}
end
#... the rest of production environment config.
end
Check it out as my gist at: https://gist.github.com/1843097
My setup:
thin running on port 1234 with --prefix /foobar
apache running on port 80
apache reverse proxies /foobar to thin on port 1234
I would like the static assets to not be served via the proxy to thin, but instead be served at /assets directly via apache instead.
I have to use a relative path because I don't know the host name/ip of the rails application before startup (it's app-in-a-box that should be able to be moved around).
I found config.action_controller.asset_host in production.rb, but I can't set that to a relative path. When I do it gets confused and creates really bogus URLs.
How can I make this work?
You don't need to call it through the config block in the environment, you can call it from the application controller, which gives you access to the request object. So you could do:
class ApplicationController < ActionController::Base
before_filter :set_asset_url
def set_asset_url
ActionController::Base.asset_host = "http://#{request.host}"
end
end
It feels a little hackish but I know of no better way.
and if you need to worry about ssl and different ports, you could go crazy:
ActionController::Base.asset_host = "http#{request.ssl? ? 's' : ''}://#{request.host_with_port}"
This depends in your server environment somewhat, but basically you want something along the lines of what is described here: http://blog.codahale.com/2006/06/19/time-for-a-grown-up-server-rails-mongrel-apache-capistrano-and-you/
First, I want to thank Geoff and darkliquid. I took what was in darkliquid's link and worked on it to make it work for my case. The big challenge was that I wasn't serving the rails application from the root of the webserver.
Notes:
thin is run with --prefix '/railsapp' on port 9999.
This works for windows and linux. W00T!
I have to use the LA-U (look-ahead) to get the final filename apache would use.
The IS_SUBREQ check is to prevent the look-ahead (a sub request) from ever returning the proxy.
The /railsapp/index.html rewrite is required because otherwise another rule in my apache conf would rewrite it to /index.html, which is a default 'here's what's here' page; 404s are served elsewhere, though.
Here's the relevant part of the apache configuration:
# Only proxy the thin stuff.
<Proxy /railsapp/*>
Order deny,allow
Allow from all
</Proxy>
## Add an alias for filename mapping.
Alias /railsapp "/website/root/railsapp/public"
## We need the Rewrite Engine for this.
RewriteEngine on
<IfDefine debug>
## If debugging, turn on logging.
RewriteLogLevel 9
RewriteLog "/website/logs/http.rewrite.log"
</IfDefine>
## Check for a static root page.
RewriteRule ^/railsapp/?$ /railsapp/index.html [QSA]
## Check for Rails caching.
RewriteRule ^(/railsapp/[^.]+)$ $1.html [QSA]
## Redirect all non-static requests to Rails.
# Don't proxy on sub-requests (needed to make the LA-U work).
RewriteCond %{IS_SUBREQ} false
# Use look-ahead to see if the filename exists after all the rewrites.
RewriteCond %{LA-U:REQUEST_FILENAME} !-f
# Proxy it to Rails.
RewriteRule ^/railsapp(.*)$ http://127.0.0.1:9999%{REQUEST_URI} [P,QSA,L]
## Make sure Rails requests are reversed correctly.
ProxyPassReverse /railsapp http://127.0.0.1:9999/railsapp
## Disable keepalive; railsappd doesn't support them.
SetEnv proxy-nokeepalive 1
Our current Apache installations are running Apache 2.0. Now we'd like to add some Rails applications and plan to run them on Apache with Phusion Passenger. I've gotten conflicting reports about whether we need to upgrade Apache to 2.2 in order to use Passenger (a consultant I highly respect recommended that; someone from Phusion says 2.0 should be fine.
Anybody running Passenger with Apache 2.0 in production?
I was under the impression that the minimum version for Apache with Passenger was 2.2, but if you head over to their site and look in the Users Guide I'm sure it will say what you need.
i was choose this way. (optional)
im havent using Pasenger when production, i get simple deploy rails now. only create rails app # etc/rails_app/myapp/ and upload all app folder and public to myapp/app. then i just need to unchecklist # environment for production and configurated at database.yml
then i copied public # http/public_html folder
run mongrel -> rewrite 12007 to 80 -> restart mongrel
if u get problem, ur app only apper in index, and get error when link to another page.
only ask to admin host to configur .httaccess
for example like
RewriteEngine on
RewriteCond %{HTTP_HOST} ^myapp.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.myapp.com$
RewriteRule ^.*$ "http\:\/\/127\.0\.0\.1\:12007%{REQUEST_URI}" [P,QSA,L]
or do like railsninja said :)
Since no one seems to have a definitive answer, I'm going to assume that the answer I was given by someone at Phusion is definitive. It's on Google Groups at http://groups.google.com/group/phusion-passenger/browse_thread/thread/789f4f6e8f1c542d.
He states that Apache 2.0 and up should be fine. (As it worked out, we were able to go with Apache 2.2 for this server, so the point was moot for us.)
You don't need 2.2. 2.0 works fine and if it doesn't it's considered a bug. That said 2.2 is probably better than 2.0 so regardless of the minimum supported version you should go for 2.2.