MRatWork Forum by Mustafa Ramadhan
Sawo Project - Kloxo-MR Discussions => Kloxo-MR Technical Helps => Topic started by: lenawaii on 2016-08-22, 12:07:10
-
Hi Mustapha,
I'm discovering Kloxo MR 7 and I have several questions, can you please inform me:
1/ Where to set/unset X-Frame-Options? I would like to allow iframes for a domain.
2/ What is the difference between PHP Used and PHP Branch in Configure for pserver-localhost?
3/ Is it possible to set a PHP version only for a client or is it apparently set for all clients?
4/ Which lxcenter conf is used by kloxo MR 7?
- /etc/httpd/conf.d/~lxcenter.conf ?
- /opt/configs/apache/conf.d/~lxcenter.conf ?
5/ It's impossible to modify hostmaster email in DNS templates > mytemplate.dnst > General Settings > Hostmaster Email. There is a bug to fix, I guess.
Thanks for your help.
-
- For security reasons (check via https://securityheaders.io/). every domains will be set 'x-frame-options: SAMEORIGIN' (that mean only possible iframe from the same address).
But, you can modified certain domains for this purpose. Copy /opt/configs/apache/conf/domains/yourdomain.com to /opt/configs/apache/conf/customs/yourdomain.com. Modified yourdomain.com in customs dir where change:
Include /opt/configs/apache/conf/globals/header_base.conf
to:
<IfModule mod_headers.c>
Header always set X-Content-Type-Options "nosniff"
Header always set X-XSS-Protection "1;mode=block"
#Header always set X-Frame-Options "SAMEORIGIN"
Header always set Access-Control-Allow-Origin "*"
#Header always set Content-Security-Policy: script-src "self"
Header always set X-Supported-By "Kloxo-MR 7.0"
## MR -- ref: https://www.howtoforge.com/tutorial/httpoxy-protect-your-server/
RequestHeader unset Proxy early
</IfModule>
- Php branch is standard php where install with 'yum install'. Multiple php are php where install with 'special' install (only KLoxo-MR implementing this trick). And 'php used' is select 'default' php for all domains where you can choose 'php branch' or one of 'multiple php'
- All phps (branch and multiple php) will be show for all clients
- Kloxo (also Kloxo-MR) using /etc/httpd/conf.d/~lxcenter.conf where /opt/configs/apache/conf.d/~lxcenter.conf is 'default' ~lxcenter.conf. Set 'apache optimize' in 'webserver configure' will be change /opt/configs/apache/conf.d/~lxcenter.conf content based on /opt/configs/apache/tpl/~lxcenter.conf.tpl
- Yes
-
thanks for all :-)
-
If you uncomment:
Header always set Content-Security-Policy: script-src "self"
apache doesn't work anymore do you know how to fix this ?
thanks
-
Need 'sh /script/fixweb; sh /script/restart-web' after this step.
-
Hi,
ISSUE 1: Even after "sh /script/fixweb; sh /script/restart-web" I still can't uncomment:
#Header always set Content-Security-Policy: script-src "self"
Here is the error:
Stopping httpd: [FAILED]
Starting httpd: Syntax error on line 6 of /opt/configs/apache/conf/globals/header_base.conf:
error: envclause should be in the form env=envar
[FAILED]
ISSUE 2: I have Qmail issue since last yum update. There is a problem when I test the mail server on mxtoolsbox. SMTP banner doesn't match Reverse DNS. PTR Record is ok and server mail name is ok :
[root@server3 ~]# telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 mail3.mydomain.eu - Welcome to Qmail ESMTP
ehlo localhost
250-mail3.mydomain.eu - Welcome to Qmail
250-STARTTLS
250-PIPELINING
250-8BITMIME
250-SIZE 20971520
250 AUTH LOGIN PLAIN
HERE IS MXTOOLSBOX result:
smtp:51.25x.xx.xxx Monitor This smtp
Timeout waiting for response after 15 seconds. : Completed Connect
Test Result
SMTP Banner Check Reverse DNS does not match SMTP Banner More Info
SMTP TLS Warning - Does not support TLS. More Info
SMTP Transaction Time 15.423 seconds - Not good! on Transaction Time More Info
SMTP Reverse DNS Mismatch OK - 51.25x.xx.xxx resolves to mail3.mydomain.eu
SMTP Valid Hostname OK - Reverse DNS is a valid Hostname
SMTP Connection Time 0 seconds - Good on Connection time
SMTP Open Relay OK - Not an open relay.
Thanks for your help :-)
-
Inform here 'cat /opt/configs/apache/conf/globals/header_base.conf'. Something wrong with the content.
Doesn't care about 'SMTP Banner Check Reverse DNS does not match SMTP Banner', but better make 'My Name (Domain Name)' in 'mail server settings' as the same as rdns
-
thanks I found the solution, it was a syntax issue, here is what you need to write to make it work proprely:
Header always set Content-Security-Policy "script-src=self"
Another requirement from me, how to hide Server Signature, I modified /opt/configs/apache/etc/conf/httpd.conf with:
ServerSignature Off
ServerTokens Prod
and Apache restart but I didn't work, any idea?
-
is /opt/configs/apache/etc/conf/httpd.conf used for Apache ?
I had this:
ServerSignature Off
ServerTokens Prod
But I still see Apache/2.2.31 (CentOS), any idea? Thanks for all your help :-)
-
To hidden this header info is useless.
-
For security reasons, it is better to hide server information, don't you agree with this?
For anyone interested, I finally found the solution in Kloxo MR, we need to add:
ServerSignature Off
ServerTokens Prod
in /etc/httpd/conf/httpd.conf
and then restart apache
Thanks :-)
For your information: I don't know why but in your forum website, I often have an Internal Error 500 when I tried to access your site (I use Google Chrome), I need to refresh several times to load a page.
-
1. For this forum, remove browser cache and history
2. Hacker clever enough to try to attach to target without identify web server type and version. So, hidden server information (name and version) is useless.
-
Hi Mustapha,
There were some changes in apache conf since your last update, header_base.conf is not used anymore. Before, I could modify X-Frame-Options for all domains.
Now even I modify /opt/configs/apache/conf/domains/mydomain.com.conf in <IfModule mod_headers.c> part or use a custom config in /opt/configs/apache/conf/customs/mydomain.com.conf, no change in the headers.
1/ So now how to modify X-Frame-Options? It is important to be able to use iframes in the websites.
2/ For my own config, please, where is the template of /etc/httpd/conf/httpd.conf file?
Thanks for helping
-
Make sure using last update and after cleanup go to 'web features' and then remove 'X-Frame-Options' line in 'general header'.
-
Well thanks, I see this new web features, It works great :-)