Re:

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Nick, they mean that they have no name-based vhost defined for that domain name. This can happen with DNS spoofing.

On Tue, 17 May 2022 at 08:01, Nick Folino <nick@xxxxxxxxx> wrote:
Not exactly sure what you're asking.  If it shows up in the log it's reaching the server.

On Tue, May 17, 2022 at 7:30 AM vaidya nathan <vaidyaatdst@xxxxxxxxx> wrote:

Hello World,

 

I have a strange problem. I have an angular app deployed in http server and for some users alone I see that one of the calls ( generate-token in this case) is not reaching the server (which happens to be a spring boot server deployed in websphere liberty).

 

 

1.1.1.1 - - [11/Mar/2022:09:42:50 -0400] "GET /application/dashboard HTTP/1.1" 200 11153 0 9143 -

1.1.1.1 - - [11/Mar/2022:09:42:50 -0400] "GET /application/5.97e05069c31d30d5372d.js HTTP/1.1" 200 16031 0 552 -

1.1.1.1 - - [11/Mar/2022:09:42:51 -0400] "GET /assets/images/blue.png HTTP/1.1" 200 3887 0 469 -

1.1.1.1 - - [11/Mar/2022:09:42:51 -0400] "GET /applicationurl/applicationurl/auth/generate-token/QkVUSEVMUzpBMG1hbWU5MDAy HTTP/1.1" 200 - 0 46802 -

1.1.1.1 - - [11/Mar/2022:09:42:51 -0400] "GET /application/fontawesome-webfont.20fd1704ea223900efa9.woff2?v=4.7.0 HTTP/1.1" 200 77160 0 33090 -

1.1.1.1 - - [11/Mar/2022:09:42:51 -0400] "GET /applicationurl/applicationurl/auth/generate-token/QkVUSEVMUzpBMG1hbWU5MDAy HTTP/1.1" 200 - 0 2108 -

1.1.1.1 - - [11/Mar/2022:09:42:51 -0400] "GET /applicationurl/applicationurl/auth/generate-token/QkVUSEVMUzpBMG1hbWU5MDAy HTTP/1.1" 502 341 0 43550 -

 

Pertinent httpd.conf

 

ServerRoot "/usr/HTTPServer"

PidFile logs/httpd.pid

Timeout 300

KeepAlive On

ReadmeName README.html

HeaderName HEADER.html

IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t

AddEncoding x-compress Z

AddEncoding x-gzip gz tgz

AddType application/x-tar .tgz

AddType image/x-icon .ico

BrowserMatch "Mozilla/2" nokeepalive

BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0

BrowserMatch "RealPlayer 4\.0" force-response-1.0

BrowserMatch "Java/1\.0" force-response-1.0

BrowserMatch "JDK/1\.0" force-response-1.0

BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully

BrowserMatch "^WebDrive" redirect-carefully

BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully

BrowserMatch "^gnome-vfs" redirect-carefully

<VirtualHost *:1025>

    ServerName XXX.com

    DocumentRoot "/usr/HTTPServer/htdocs"

    SSLEnable

    SSLProxyEngine on

    SSLServerCert XX

    Keyfile /venafi/XX.kdb

    # The following protocols are disabled SSLv2, SSLv3, TLSv1 & TLSv1.1

    SSLProtocolDisable SSLv2

    SSLProtocolDisable SSLv3

    SSLProtocolDisable TLSv10

    SSLProtocolDisable TLSv11

    # The following protocol is enabled

    SSLProtocolEnable TLSv12

    # Remove all Ciphers

    SSLCipherSpec ALL NONE

    # Enable Approved CipherSpec's Only

    SSLCipherSpec ALL +9C

    SSLCipherSpec ALL +9D

    SSLCipherSpec ALL +C02B

    SSLCipherSpec ALL +C02C

    SSLCipherSpec ALL +C02F

    SSLCipherSpec ALL +C030

</VirtualHost>

SSLInsecureRenegotiation off

 

TraceEnable off

 

CoreDumpDirectory /wslogs

 

# Block Files with Server Side Script - file extensions

<FilesMatch "^.*\.(sh|ksh|go|gsp|lp|op|lua|cgi|ipl|pl|php|rhtml?|py|rb?w|smx|lasso|tcl|dna|tpl|r|w)$">

Order Deny,Allow

Deny from all

</FilesMatch>

 

Alias /siteminderagent/pwcgi/ "/usr/local/webagent/pw/"

<Directory "/usr/local/webagent/pw/">

Options Indexes MultiViews ExecCGI

AllowOverride None

Order allow,deny

Allow from all

</Directory>

Alias /siteminderagent/pw/ "/usr/local/webagent/pw/"

<Directory "/usr/local/webagent/pw/">

Options Indexes MultiViews ExecCGI

AllowOverride None

Order allow,deny

Allow from all

</Directory>

Alias /siteminderagent/ "/usr/local/webagent/samples/"

<Directory "/usr/local/webagent/samples/">

Options Indexes MultiViews

AllowOverride None

Order allow,deny

Allow from all

</Directory>

 

#To Disable HTTP TRACE / TRACK Method in all Directives

    RewriteEngine On

    RewriteLog "/wslogs/http/rewrite.log"

    RewriteLogLevel 5

    RewriteCond %{REQUEST_FILENAME} -s [OR]

    RewriteCond %{REQUEST_FILENAME} -l [OR]

    RewriteCond %{REQUEST_FILENAME} -d

    RewriteRule ^ - [NC,L]

    RewriteRule ^ index.html [NC,L]

 

 

and the .htaccess is

<IfModule mod_rewrite.c>

    RewriteEngine on

    RewriteCond %{REQUEST_FILENAME} -s [OR]

    RewriteCond %{REQUEST_FILENAME} -l [OR]

    RewriteCond %{REQUEST_FILENAME} -d

    RewriteRule ^.*$ - [NC,L]

    RewriteRule ^.*$ index.html [NC,L]

</IfModule>

 

 

Any idea why this happens ?  This happens only for certain users and always. For all the other users it works well. We use siteminder before these calls are made to authenticate the users but it redirects appropriately and the angular app makes the above calls .

 

I would also like to see whether I can print the absolute url in the logs or get more debug information about the calls. 

 

Thx

Vaidya


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux