Let us suppose we have a website http://www.example.com and we do not have any website where we dont have any secure site so no such site exist https://www.example.com
Some How it is possible someone else can use same domain name which i have and run parallel https://www.example.com
EDIT:-
Now see one live example
Please open this link https://www.lpu.in/frmLoginAccounts.aspx and main website is http://www.lpu.in/index.php
Can someone tell me https used in this website is fraud or someone hacked this website?
No someone else can not take your reserved domain(A-Record), but you can run virtual hosts on your apache server, one that listens to HTTPS(Port 443) and one that listens to HTTP(Port 80). Both can refer to the same directory on your webserver, whereas the HTTPS host configures certificates additionally.
Here is a link to that: https://httpd.apache.org/docs/2.2/vhosts/examples.html
Do you have a SSL purchased on your hosting? if you have you can just install and configure on the server and then add an htaccess on the root directory of site with the following code:
FOR Linux based Hosting:
htaccess:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Windows & Plesk:
Using the following code in your web.config file automatically redirects visitors to the HTTPS version of your site:
<configuration><system.webServer><rewrite> <rules><rule name="HTTP to HTTPS redirect" stopProcessing="true"> <match url="(.*)" /> <conditions> <add input="{HTTPS}" pattern="off" ignoreCase="true" /></conditions> <action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" /></rule> </rules></rewrite></system.webServer></configuration>
No they dont hacked you. Do you have a webhoster or is this your own server? If you have a webhoster, then they provide you HTTPS with a trustworthy certificate, because my browser says that the certificate is trustworhy, so the Certificate Authority(CA) confirmed the servers identitiy.Otherwise deactivate the HTTPS-Service on your webserver, while you close the listening port(f.e 443).
I hope this helps :-)
Its seems like you have a broken SSL on your site. it is not hacked in my point of view. domain name server cannot be hacked at all. please check check you htaccess file if you using Linux hosting or check webconfig file if you are on windows hosting. there will any rule defile there so you site is running in both cases. either with https:// but it is not showing any content of the site so it is broke. or without https:// that is good so it is showing site contents.
No, it's totally not possible. The domain name (www.example.com) is resolved to an IP address before the HTTP/HTTPS request, therefore they both point to the same Web server.
EDIT after original question was edited
when you try to reach www.lpu.in, the first thing your OS does is resolving its domain name in a numeric IP address:
$ host www.lpu.in
www.lpu.in has address 173.244.171.162
there's absolutely no difference in trying to reach the machine with HTTP or HTTPS protocol.
Therefore, i'm confident that someone hacked into your server.
The behaviour you report is possible because Apache has two separate configuration for HTTP and HTTPS, and serves different pages from each if one (you or an hacker) configures it for this purpose.
You should look at the Apache configuration, HTTPS section in particular, to understand what's the DocumentRoot for https virtualhosts.
Related
I've searched and haven't been able to find an answer to this. A lot of the information I've found appears to be out of date.
I have a Bitnami wordpress installation, running Apache on a lightsail instance.
I have multiple different domains resolving to the server. At the moment, each domain displays in the browser if you use it
eg
website-address.com - displays in browser
website-address.org - displays in browser
etc
I just want website-address.com to display in the browser with any other domains redirecting to that.
It seems that 301 redirects are not managed by htaccess files any more. As far as I can tell, this should be configured using the virtual hosts configuration in the bitnami.conf file
I currently have two vhosts in that file, one for port 80 and one for 443
There are a number of rewrite conditions in there, rewriting things like www to non www and http to https, all of which work.
I have configured the ServerName to the domain that I want in both virtual hosts and the ServerAlias to match all of the other urls
I have also tried adding:
RewriteCond %{HTTP_HOST} !^{SERVER_NAME}
RewriteRule ^(.*)$ https://{SERVER_NAME}/$1 [R,L]
but the alternate domains are still not redirecting.
Is there something else I need to add? Do I need to configure a vhost for each of the alternate domains and if so, do I just do it for 443 or do I need to do it for port 80 as well?
I have a new website but it has some SSL issue.
Issue is that when i type my website URL without https like only (example.com) in address bar it becomes not secure
and when i type https with it like (https://example.com) my site show secure.
I have installed the SSL certificate with my cPanel "Let Encrypt SSL" option.
And i have update my urls from http to https in my worpress Settings > General.
Help me with this I want to type my url in address bar without https (example.com) like othere website we usually surf on internet and want it to automatically detect that it is a secure website.
I'm assuming you've already acquired an SSL certificate for your site.
What you want to do is redirect HTTP to HTTPS via your .htaccess file. A quick search will tell you how to do that, it is something like:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.example/$1 [R,L]
Another easy solution is to redirect via your Apache configuration. Navigate to /etc/apache2/sites-available/ and edit your site's config file. Add the following lines:
<VirtualHost *:80>
ServerName yourdomain.com
Redirect permanent / https://yourdomain.example/
</VirtualHost>
I've been trying to set up a reverse proxy on a main website to a blog site of the url format
example.com/blog -> blog.example.com
example.com/blog is on an Apache instance and in the httpd.conf I have added the following.
SSLProxyEngine on
ProxyPreserveHost Off
ProxyRequests Off
ProxyPassMatch /blog https://blog.example.com
ProxyPassReverse /blog https://blog.example.com
This all works but it keeps 404ing. The good news is it is actually reverse proxying correctly because it grabs the 404 page of the blog.
After looking at the apache access logs I found that it is passing the subpath for whatever reason /blog to blog.example.com so its fetching blog.example.com/blog. When users navigate to /blog, it does 404 naturally. However, my understanding was when setting up ProxyPassReverse is it would make the request at what was specified so in my above case it should be requesting blog.example.com and not passing the /blog at the end.
Here is the snippet from the documentation that confirms the above in how it should work:
For example, suppose the local server has address http://example.com/; then
ProxyPass /mirror/foo/ http://backend.example.com/
ProxyPassReverse /mirror/foo/ http://backend.example.com/
ProxyPassReverseCookieDomain backend.example.com public.example.com
ProxyPassReverseCookiePath / /mirror/foo/
will not only cause a local request for the http://example.com/mirror/foo/bar to be internally converted into a proxy request to http://backend.example.com/bar (the functionality which ProxyPass provides here).
Any ideas why this might be? Worst case I might try to add a redirect or a rewrite so /blog goes to the homepage but I do have my permalinks set up in such a way that the /blog is in the slug of articles.
FYI I am using Apache 2.2.
I'm an idiot. I was using ProxyPassMatch instead of ProxyPass. Ugh.
In IIS 7.5 (Win2k8 R2) I'm trying to create a new rule for these requests:
http://www.domain.com/userprofile
https://www.domain.com/userprofile
http://domain.com/userprofile
https://domain.com/userprofile
rewriting to:
http://www.domain.com/users/?username=userprofile
(or whatever the protocol/domain is)
The regex that I wrote is:
^(http|https)://(www\.domain.com|domain\.com)/([a-zA-Z0-9-]{6,35})
and the rewrite is:
{R:1}://{R:2}/users/?username={R:3}
But this is not working. Is it because I don't need to the protocol? I also added conditions that the request is not a file or directory.
Also, do I need to restart IIS each time I change the rule?
You don't have to look at the protocol or domain name when you want to rewrite these request. It's not important in your case as you only want to rewrite the path.
The following rule should work:
<rule name="Rewrite user profiles">
<match url="([a-zA-Z0-9-]{6,35})" />
<action type="Rewrite" url="/users/?username={R:1}" />
</rule>
You don't have to restart IIS when you change the rule. IIS will automatically restart the application pool when web.config is modified and hence reload the rules.
#Marco was almost right, but here's how what ended up working: (I used the URL Rewrite form in IIS Manager)
Regex:
^([a-zA-Z0-9-]{6,35})(/?)$
Conditions:
Not a file
Not a directory
This forces the match to start directly after the domain and must be either the first directory, or with no trailing "/". According to the regex, the match must be between 6 and 35 characters, alpha numeric with "-"
Trying to use AAR as a reverse proxy in front of several back end IIS servers.
One public ip address assigned to the server running IIS/AAR
Then outbound URL rewrite rules are setup to redirect to one of
several back end servers depending on hostname.
Works somewhat, but always returns the back end servers default site (not the one mapped to a hostname) so it looks like the host name (HTTP_HOST) is not getting passed from the proxy server to the back end server.
(I've verified bypassing the reverse proxy by editing hosts and the back end server returns the correct site bound to the host header)
This is an example of the rule (192.168.0.99 is the internal server, site.myco.com is the hostname)
<rewrite>
<rules>
<rule name="ReverseProxyInboundRule1" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="http://192.168.1.99/{R:1}" />
</rule>
</rules>
</rewrite>
Have tried putting sever variables so
<!-- Guessing server.myco.com is hard coded -->
<serverVariables>
<set name="HTTP_HOST" value="server.myco.com" />
</serverVariables>
<!-- Guessing picked up dynamically from incoming request host header -->
<serverVariables>
<set name="HTTP_HOST" value="{HTTP_HOST}" />
</serverVariables>
But alas always returns the default binding - any ideas?
This post has the answer - Modifying headers with IIS7 Application Request Routing
Need to enable preserveHostHeader - can't see how you do that in the UI but this works
Run this from command line to update Machine/webroot/apphost config
%windir%\system32\inetsrv\appcmd.exe set config -section:system.webServer/proxy -preserveHostHeader:true /commit:apphost
You can do this with GUI. While on the root server click configuration editor, go to System.webServer -> proxy and set preserveProxyHeader to true.
My guess would be that your server doesn't allow you to change the server variable HTTP_HOST when you rewrite the URL.
At the level of the website where the URL rewrite is applied:
Then click the Add... link on the right tab and add your HTTP_HOST variable: