Wednesday Nov 05, 2008

How to log Host header in web 6.1SPx

If you need to see the incoming request Host header logged in the web server 6.1SPx logs, then you can try below:


add last one below in magnus.conf, i.e. %Req->headers.host%

Init fn="flex-init" access="$accesslog" format.access="%Ses->client.ip% - %Req->vars.auth-user% [%SYSDATE%] \\"%Req->reqpb.clf-request%\\" %Req->srvhdrs.clf-status% %Req->srvhdrs.content-length% %vsid%  %Req->headers.host% "


then it will log the host header of the incoming request, e.g.


apple:/export/home/iws6.1sp10> telnet localhost 60103
Trying 127.0.0.1...
Connected to localhost.
Escape character is '\^]'.
GET /banner.html HTTP/1.1
Host: dummytest  (note this)

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 05 Nov 2008 10:45:37 GMT
Content-length: 1827
Content-type: text/html
Last-modified: Mon, 29 Sep 2008 08:37:07 GMT
Etag: "723-48e093b3"
Accept-ranges: bytes
...........


 The log will show,


127.0.0.1 - - [05/Nov/2008:18:45:37 +0800] "GET /banner.html HTTP/1.1" 200 1827 https-sess  dummytest

You can see the Host: dummytest  in the last column above.


See more at
http://docs.sun.com/app/docs/doc/820-1639/6nda10e4a?l=ja&a=view


e.g. add Req->headers.cookie.cookie_name for


Easy Cookie Logging

Wednesday Aug 13, 2008

How to tell web server version ?

In 6.1 or 7.0  web server,


1. if this is a standalone installation,


then you can run

apple:/export/home/iws6.1sp9> find . -name webservd
./bin/https/bin/webservd
\^C
apple:/export/home/iws6.1sp9> ./bin/https/bin/webservd -v
Sun Microsystems, Inc.
Sun ONE Web Server 6.1SP9 B01/11/2008 14:24


Or, you can always run,


 apple:/export/home/iws6.1sp9/https-apple.asia.sun.com> ./start -version
Sun Microsystems, Inc.
Sun ONE Web Server 6.1SP9 B01/11/2008 14:24


apple:/export/home/iws7.0u3/https-apple.asia.sun.com/bin> ./startserv --version
Sun Microsystems, Inc.
Sun Java System Web Server 7.0U3 B06/16/2008 12:00


2. if this is a JES installation, then you can run


 apple:/export/home/opt/SUNWwbsvr-JES3> https-apple.asia.sun.com/start -version
Sun Microsystems, Inc.
Sun ONE Web Server 6.1SP9 B01/11/2008 14:24


You will get following error if you run #1 above in a JES installation,


apple:/export/home/opt/SUNWwbsvr-JES3> find . -name webservd
./bin/https/bin/webservd
\^C
apple:/export/home/opt/SUNWwbsvr-JES3> ./bin/https/bin/webservd -v
ld.so.1: webservd: fatal: libldap50.so: open failed: No such file or directory
Killed



3. Summary:


In 6.1,  "start -version" will print out web server version.


In 7.0, "startserv --version" will print out web server version.



Thursday Jun 12, 2008

How to mask the Server name in Sun Java Web server ?

It  is a good security practice to mask the web server name.


In Sun Java Web server 6.1 SPx, you can simply add


ServerString none  


 into magnus.conf file, then restart.


Before the change ,


apple:/export/home/iws6.1sp9> telnet localhost 61901
Trying 127.0.0.1...
Connected to localhost.
Escape character is '\^]'.
HEAD / HTTP/1.1
Host: apple

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 12 Jun 2008 01:33:50 GMT
Content-length: 447
Content-type: text/html
Last-modified: Thu, 27 Mar 2008 00:22:13 GMT
Etag: "1bf-47eae8b5"
Accept-ranges: bytes


 Then after the change,


apple:/export/home/iws6.1sp9/https-apple.asia.sun.com/config> telnet localhost 61901
Trying 127.0.0.1...
Connected to localhost.
Escape character is '\^]'.
HEAD / HTTP/1.1
Host: apple

HTTP/1.1 200 OK
Date: Thu, 12 Jun 2008 01:37:25 GMT
Content-length: 447
Content-type: text/html
Last-modified: Thu, 27 Mar 2008 00:22:13 GMT
Etag: "1bf-47eae8b5"
Accept-ranges: bytes


 (Note: no more Server: Sun-ONE-Web-Server/6.1 in above headers from server.)


------------------------------------------------------------------------------------------------------------------------------------------------------- 


 For 7.0 Ux, you can do it in Admin GUI - Configurations - General - Advanced -HTTP Settings - Server Header:


 e.g. Server Header: none


Admin GUI to change server name


then you will see it inside server.xml,


cat server.xml,
..........
  <user>webservd</user>

  <http>
    <server-header>none</server-header>
  </http>

  <snmp>
 ..........


then a restart will do it.


E.g. before the above change in 7.0 Ux,


 apple:/export/home/iws7.0u2/https-migrate-sp2> telnet localhost 7028
Trying 127.0.0.1...
Connected to localhost.
Escape character is '\^]'.
HEAD / HTTP/1.1
Host: apple

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Thu, 12 Jun 2008 01:42:55 GMT
Content-type: text/html
Last-modified: Thu, 13 Jan 2005 02:34:52 GMT
Content-length: 447
Etag: W/"1bf-41e5de4c"


 after the change,


apple:/export/home/iws7.0u2/https-apple.asia.sun.com/config> telnet localhost 7023
Trying 127.0.0.1...
Connected to localhost.
Escape character is '\^]'.
HEAD / HTTP/1.1
Host: apple

HTTP/1.1 200 OK
Server: none
Date: Thu, 12 Jun 2008 02:29:41 GMT
Content-type: text/html
Last-modified: Wed, 28 May 2008 06:31:58 GMT
Content-length: 447
Etag: "1bf-483cfc5e"
Accept-ranges: bytes


Hope this above can help you mask out the default web server name banner.

Friday May 23, 2008

Sun Java System Web Server 6.1 Service Pack 9 International Release

I tried the latest web 6.1 SP9 International Release.

You can download it at

Sun Download link

The installation is the same easy.
It will ask one more question about Default Language.

See ScreenDump118.gif  below for the choice of default language.


the choice of default language

I tried Traditional Chinese because I am in Hong Kong.

Then, everything works the same well in the installation and later startup.

The good results are now localized default pages and error responses, e.g.

See ScreenDump111.gif  below for the default home page after install

default home page in Chinese


See ScreenDump112.gif below for the localized Chinese NOT FOUND error responses after install

 localized Chinese NOT FOUND error responses


I opened the config files and found this below  in magnus.conf

DefaultLanguage zh_tw  

So, I experimented and tried to change it to

#DefaultLanguage zh_tw
DefaultLanguage ja

then I restarted the web server and hit a page which does not exist.

It will show me Japanese Not Found error responses.
See ScreenDump119.gif below  for the JA responses.

Japanese Not Found error responses

Hope this will add more local languages you need in your site.


Walter

Wednesday May 21, 2008

How to block certain file types from outside users in Sun Java System Web Server 6.1 SP9

If you want to block certain file types , e.g. some .ini or .conf files,  from outside access in Sun Java System Web Server 6.1 SP9, then you can add <Client> tag into obj.conf, e.g.

.....
NameTrans fn="document-root" root="$docroot"
<Client uri="\*.(ini|conf)">
PathCheck fn=deny-existence bong-file="<web install root>/docs/bongfile.html"
</Client>
PathCheck fn="unix-uri-clean"
....

and the bongfile is :

shell> cat bongfile.html
You cannot view this type of files here !!!

If you do not specify the "bong-file=" above, then the users will get the standard "Not Found" error in their browser.

e.g.

<Client uri="\*.(ini|conf)">
PathCheck fn=deny-existence
</Client>


then restart the web server and test, e.g.

http://<hostname.domain>/test.conf
 
or
 
http://<hostname.domain>/test.ini

will result in the response as set in bongfile.html to prevent users accessing these types of ini/conf files.

Errors logs:

[21/May/2008:14:38:03] security (10791): for host xx.xx.xx.xx trying to GET /test.conf, deny-existence reports: HTTP4129: denying existence of <web root>/docs/test.conf

[21/May/2008:14:41:12] security (10791): for host xx.xx.xx.xx trying to GET /test.ini, deny-existence reports: HTTP4129: denying existence of <web root>/docs/test.ini

This can add security to file types you do not want outside users accidentally access.
About

Wing-Yip Walter Lee

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today