I have one VPS server with Zpanel.
I want to enable proc_open function.
I search disable_functions in php.ini file but there is nothing.
My Script say that this function is disabled.
how to fix this problem?
thanks.
Check your domain into
/etc/zpanel/configs/apache/httpd-vhosts.conf
Related
Okay I searched and I can't find the solution.
I have a folder on my website where I'm keeping some script I use for something. My server via Cron job has to access this folder all the time. But if someone goes to the URL of the folder they can see the Index page, and I would like to prevent it. I want it to throw up a 403 or a 404 or a 500 or any page, I don't care what it is.
I tried this in htaccess:
deny from all
But this also blocks my own server and breaks the Cron job. I tried a few other solutions I found here and there, but they didn't work.
One of the things I saw is you can block everyone but allow your server access via IP. But I'm on Hostgator Shared hosting, and so my IP isn't static (as far as I know). I don't want to have to worry that at any time my server's IP may change and break my Cron thing.
Isn't there a nice elegant simple and permanent solution for this? Block access to the folder to all people, allow my own server/cron to access it at will.
Thank you :)
As it seems you want to call a script which is stored on the same server.
You don't need to use curl for it, you can just run the script by providing it's path and the php installation.
You can prevent outside access to the script if you just don't save the script in your public_html directory.
Your cronjob command will something look like this:
/opt/php70/bin/php /home/<USERNAME>/cron.php
The exact directory structure differs depending on your webhost.
I have been trying to generate a SSL certificate for one of our projects which is running on an Azure VM which has no IP restrictions. However, the challenge file which is generated throws a 404 error and is not accessible over the web.
I have tried the following:
Moving the static content type above the extension less options in IIS
Adding a mime type for text/json, text/html
None of the above work which is making it really hard for me to generate a SSL using this service. Any idea how I can make it accessible ? I have given full access to that specific App Pool identity so permissions don't seem to be an issue in this case, its just the way the extension less files are being handled in IIS
Any help is appreciated.
Thanks,
Vishal
You just Add a New MIME Type on IIS
like this .
and try use the url at your browser . you will see that
Now you can Pass the lets-encrypt authentication :)
Also, if you're using a system with lots of custom routing or a framework that interferes with how URLs are handled (e.g. a CMS), ensure that you've told it to ignore /.well-known
We often use Umbraco for public-facing sites and I keep forgetting that I need to add ~/.well-known to the umbracoReservedUrls app setting in the web.config. Hopefully next time I'm stuck, I'll come across this answer...
Taking inspiration from the accepted answer, I did the following:
I was using plesk for windows on Godaddy.
Go to
Web server settings
In the MIME types, added the following node and click OK.
text/plain .
Note the dot at the end of the above setting.
I'm trying to fix some strange or destroyed results with my web url, if I add any char after index.php/:
http://domain/index.php/?
How can I fix this? Thank you!
This web server feature is called Path Info. Look for Apaches AcceptPathInfo settings. What's exactly your problem? Do you want to use ordinary query strings together with path info URLs?
If I try wget <url> it downloads the resolved page. But I want to download the original script. Is this possible?
No, and thank goodness for that. The server is completely in control of how it responds to your HTTP requests.
Strictly speaking, you can't tell whether it's PHP on the other end of the wire in the first place.
No this is not possible, and would be a huge security issue if it was.
The only way this would be possible is if the web server (Apache) was not configured correctly
This is not possible, the webserver doesn't output the PHP script. The webserver parses it serverside and writes the response of that to the client.
"Officially" - no.
Through "hacking" - yes. If a website allows to download some content via /download.php?src=path_to_file script, AND it was poorly coded, then you could request to download, say, index.php file.
Check this out: https://owasp.org/www-community/attacks/Path_Traversal
I'm just fooling around, learning the ins and outs of web development and I'd like to make my domain private until I'm ready to display it.
What's the best way to do this?
BTW, I have an Apache server on Debian.
use an .htaccess file to create a user/pass prompt (be warned that this can be bruteforced but it'll keep the general public out)
here's a good article on how to go about implementing this: http://www.freewebmasterhelp.com/tutorials/htaccess/3
You can do one of two things that I can think of:
Put it on a internal network that has no public access.
Require a password to see the the site and don't give it to anyone.
Other alternatives:
Set up a firewall rule to only allow your IP address(es) access to the site.
Use a subdomain that you don't tell anybody about (this is similar to the password and hidden directory options).
Quick and easy way would be to tell your computer's firewall to block port 80 (the port webservers use).
Also, depending on your webserver, you could configure it to only serve on localhost.
In Apache, for example, I believe you can edit the httpd.conf file and add Listen 127.0.0.1:80.
Put it in a hidden directory and have the toplevel site be an empty page. Unless someone knows or guesses the directory name, no one will see your actual site.