Forum

Hiawatha version: 8.7
Operating System: Ubuntu Server 12.04 LTS

Problem loading page

Config file :

#Hiawatha main configuration file
#


# GENERAL SETTINGS
#
ServerId = www-data
ConnectionsTotal = 13
ConnectionsPerIP = 1
SystemLogfile = /usr/local/var/log/hiawatha/system.log
GarbageLogfile = /usr/local/var/log/hiawatha/garbage.log
ExploitLogfile = /usr/local/var/log/hiawatha/exploit.log


# BINDING SETTINGS
# A binding is where a client can connect to.
#
#Binding {
#	Port = 80
#	Interface = 127.0.0.1 
#	MaxKeepAlive = 30
#	TimeForRequest = 3,20
#}

Binding {
	Port = 443	
	Interface = 192.168.1.3
	MaxKeepAlive = 30
	TimeForRequest = 3,20
	SSLcertFile = securesite.pem
}


# BANNING SETTINGS
# Deny service to clients who misbehave.
#
BanOnGarbage = 300
BanOnMaxPerIP = 60
BanOnMaxReqSize = 300
BanOnTimeout = 300
BanOnDeniedBody = 300
BanOnSQLi = 300
BanOnFlooding = 30/1:300
BanOnInvalidURL = 300
KickOnBan = yes
ReconnectDelay = 4
RebanDuringBan = yes





# COMMON GATEWAY INTERFACE (CGI) SETTINGS
# These settings can be used to run CGI applications.
#
#CGIhandler = /usr/bin/perl:pl
CGIhandler = /usr/bin/php5-cgi:php
#CGIhandler = /usr/bin/python:py
#CGIhandler = /usr/bin/ruby:rb
#CGIhandler = /usr/bin/ssi-cgi:shtml
CGIextension = cgi
#
FastCGIserver {
	FastCGIid = PHP5
	ConnectTo = 127.0.0.1:9000
	Extension = php, php5
}


# URL TOOLKIT
# This URL toolkit rule was made for the Banshee PHP framework, which
# can be downloaded from http://www.hiawatha-webserver.org/banshee
#
#UrlToolkit {
#	ToolkitID = banshee
#	RequestURI isfile Return
#	Match ^/(css|files|images|js|slimstat)($|/) Return
#	Match ^/(favicon.ico|robots.txt|sitemap.xml)$ Return
#	Match .*\?(.*) Rewrite /index.php?$1
#	Match .* Rewrite /index.php
#}


# DEFAULT WEBSITE
# It is wise to use your IP address as the hostname of the default website
# and give it a blank webpage. By doing so, automated webscanners won't find
# your possible vulnerable website.
#
Hostname = **.**.***.26
WebsiteRoot = /var/www/hiawatha
StartFile = index.html
AccessLogfile = /var/log/hiawatha/access.log
ErrorLogfile = /var/log/hiawatha/error.log
ErrorHandler = 404:/error.cgi


# VIRTUAL HOSTS
# Use a VirtualHost section to declare the websites you want to host.
#
VirtualHost {
	Hostname = www.rixajait.com 
	WebsiteRoot = /usr/local/var/www/FinAidApp
	StartFile = index.php
	AccessLogfile = /usr/local/var/log/FinAidApp/access.log 
	ErrorLogfile = /usr/local/var/log/FinAidApp/error.log
	TimeForCGI = 20
	UseFastCGI = PHP5
	RequireSSL = yes
	ExecuteCGI = yes
	PreventCSRF = yes
	PreventSQLi = yes
	PreventXSS = yes
#Deny Bots
   DenyBot = Googlebot:/
   DenyBot = twiceler:/
   DenyBot = MSNBot:/
   DenyBot = yahoo:/
   DenyBot = BaiDuSpider:/
   DenyBot = Ask:/
   DenyBot = Yahoo! Slurp:/
   DenyBot = Sogou web spider:/
   DenyBot = Sogou-Test-Spider:/
   DenyBot = Baiduspider+:/
   DenyBot = Yandex:/
   DenyBot = UniversalFeedParser:/
   DenyBot = Mediapartners-Google:/
   DenyBot = Sosospider+:/
   DenyBot = YoudaoBot:/
   DenyBot = ParchBot:/
   DenyBot = Curl:/
   DenyBot = msnbot:/
   DenyBot = NaverBot:/
   DenyBot = taptubot:/	

}


# DIRECTORY SETTINGS
# You can specify some settings per directory.
#
#Directory {
#	Path = /home/baduser
#	ExecuteCGI = no
#	UploadSpeed = 10,2
#}

Summary : This is app is going to be a company intranet to track students in the financial aid office of my local community college. all pages of this app must be SSL enabled. I used Almost Secure and Prefect Ubuntu Server to set up the PHP and to set up the Bot FIltering.
More Info :

There are only 13 clients (computers) at the office so only 13 connections. And I want only one connection per IP (or client) index.php is a html login form with the action = "checklogin.php" the checklogin.php checks for passwords. It compared user password inputed to the bcrypt password in the user table. I am using PHP PDO connection.

The exact error is :

The connection was reset

The connection to the server was reset while the page was loading.

The site could be temporarily unavailable or too busy. Try again in a few
moments.
If you are unable to load any pages, check your computer's network
connection.
If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web.

The first page Index.php loads perfectly. Then the rest of the app doesn't run at all.

xx.xx.xxx.xx|Tue 29 Jan 2013 22:59:34 -0500|Maximum number of connections for IP address reached
xx.xx.xxx.xx|Tue 29 Jan 2013 22:59:34 -0500|Client banned because of too many simultaneous connections
xx.xx.xxx.xx|Tue 29 Jan 2013 22:59:35 -0500|Client kicked


I was kicked / banned? How? This is seeming like a configuration error.

A client usually uses up to 6 connections to a webserver. It uses multiple connections so I can download files (images, javascripts, stylesheets, etc) simultaneous, because HTTP doesn't support multiplexing. My advice is to use the following settings:

ConnectionsTotal = 150
ConnectionsPerIP = 10

I fixed that error, now for some reason I am getting :

File not found.

when I load my virtual host in the browser.

and in the logs the error is as follows :

xx.xx.xxx.xx|Wed 30 Jan 2013 08:38:29 -0500|/usr/local/var/www/finaid/index.php|Primary script unknown

I followed this tutorial : http://secure-ubuntu-server.blogspot.com/2013/01/howto-highest-secured-hiawatha-web.html

if you need my config file let me know.

I got passed that error now I have this error in my logs :

|Wed 30 Jan 2013 10:55:34 -0500|/usr/local/var/www/finaid/index.php|Unable to open primary script: /usr/local/var/www/finaid/index.php (No such file or directory)

and I can even screen shot you the index.php file in that directory.

Check access rights of PHP file and containing directory. Is the PHP FastCGI daemon able to read the PHP file?

I didn't have the php5-fpm pool directory configured currectly. The problem was that the user and group was commented out.