temp link

marc@zandvliet.

Verified User
Joined
May 2, 2015
Messages
8
when i setup a domainname ( without connecting the domainname to the server) i normally i get a temp link like http://109.72.82.71/~d12982
in the "old days" this used to work perfectly. But now he cannot find the site ...
Not Found
The requested URL /~12987 was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

how can i solve this ??
ps i checked it for all the domains but they did work either...
 

marc@zandvliet.

Verified User
Joined
May 2, 2015
Messages
8
a new one ... user d12987
Not Found
The requested URL /~d12987 was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
 

floyd

Verified User
Joined
Mar 29, 2005
Messages
5,994
Does the symbolic link exist for public_html in /home/d12987 ?
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
6,373
Location
Maastricht
Is userdir access enabled?
Check your options.conf file: /usr/local/directadmin/custombuild/optios.conf

Check this line, should be:
userdir_access=yes

If it's set to no, then you have to enable it:
Code:
cd /usr/local/directadmin/custombuild
./build set userdir_access yes
./build rewrite_confs
 

sce

Verified User
Joined
Aug 22, 2008
Messages
99
Location
EU
As this is not usually considered "safe", you can also add a domain to the server as you did, but access them via editing your hosts file on local machine. With edited hosts file, you basically tell your system to check the domain at specific IP (your server's). Even if domain doesn't exist yet.

How To: https://docs.rackspace.com/support/how-to/modify-your-hosts-file/
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
6,373
Location
Maastricht
As this is not usually considered "safe",
This was in the past. Userdir access is enabled by default nowadays in Directadmin.
If people still consider this unsafe, they have to disable it.

However, using the local hosts file also makes things easier if you already want to start installing things.
 

scriptkitty

Verified User
Staff member
Joined
Jul 10, 2019
Messages
292
Are you using mod_ruid2? If so, it’s incompatible with the tempURLs...You May try editing the hosts file on your computer to specify what ip to load what domain from as suggested in the previous reply.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
6,373
Location
Maastricht
Are you using mod_ruid2? If so, it’s incompatible with the tempURLs...
Can you clarify what you mean with tempURLs please? Maybe a misunderstanding between tempURLs and userdir access. But I'm working with mod_ruid2 on my servers and the userdir access does work with mod_ruid2 without issues. Even with the hostname of the server.
 

wtptrs

Verified User
Joined
Jul 13, 2015
Messages
151
Clicked the link in the OP, seems to work now. Alternatively, you can edit your hosts file as suggested above, or if you want other people to view your temporary page easily, you can set up an automatic domain pointer 'domain.hostname' when adding a new domain, as follows:

Note: for this to work, wildcard DNS records have to be active, i.e. for a hostname host.name.com pointing to 111.111.111.111, add the following wildcard A-record:

*.host.name.com. A 111.111.111.111

Copy apache2 virtual host templates to custom folder

Code:
cd /usr/local/directadmin/data/templates
cp virtual_host2_secure.conf custom/
cp virtual_host2_secure_sub.conf custom/
cp virtual_host2_sub.conf custom/

Edit virtual_host2.conf and virtual_host2_secure.conf

Change:

Code:
ServerAlias www.|DOMAIN| |DOMAIN| |SERVER_ALIASES|

to:

Code:
ServerAlias www.|DOMAIN| |DOMAIN| |SERVER_ALIASES| |DOMAIN|.|HOSTNAME| www.|DOMAIN|.|HOSTNAME|

Edit virtual_host2_sub.conf and virtual_host2_secure_sub.conf

Change:

Code:
ServerAlias www.|SUB|.|DOMAIN| |SUB|.|DOMAIN| |SERVER_ALIASES|

to:

Code:
ServerAlias www.|SUB|.|DOMAIN| |SUB|.|DOMAIN| |SERVER_ALIASES| |SUB|.|DOMAIN|.|HOSTNAME| www.|SUB|.|DOMAIN|.|HOSTNAME|

Rewrite existing httpd virtual host files

Code:
echo "action=rewrite&value=httpd" >> /usr/local/directadmin/data/task.queue
 

scriptkitty

Verified User
Staff member
Joined
Jul 10, 2019
Messages
292
Can you clarify what you mean with tempURLs please? Maybe a misunderstanding between tempURLs and userdir access. But I'm working with mod_ruid2 on my servers and the userdir access does work with mod_ruid2 without issues. Even with the hostname of the server.
I could be mistaken in that case, though I was under the impression that ruid2 and userdir tempURLs didn't work together properly. What PHP handler do you use if you don't mind me asking (for the sake of curiosity)?
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
6,373
Location
Maastricht
What PHP handler do you use if you don't mind me asking (for the sake of curiosity)?
As far as I know the only php handler working correctly with mod_ruid2 is mod_php so that is the one I'm using. And ofcourse you may ask, no problem. ;)

@bdacus01 I haven't searched for it. I think DA is also considering our security. So I'm not sure, but I can't imagine that if it would be unsafe, DA staff would change this option from off to on, because it was disabled by default in DA years ago.

However I found some link in which it says "this ship has sailed" about xss flaws with userdir.
On this discussion you might find more, I didn't read it completely.

That comment he replied to is present in this article
Which has a statement which I find confusing.
The problem with userdir URLs should now become obvious: All userdir URLs on one server run on the same host and thus are in the same origin. It has XSS by design.
Domains are also still running on the same host so I don't see the difference.

However I'm not a security expert, but lots of hosters started using this again, and DA put it back on by default, hence I can't imagine that it's still dangerous. Didn't hear of any hacks recently via userdir either.

But if it can be proven it is dangerous, I would gladly know, because then we request DA to revert the setting to off by default.
 

bdacus01

Verified User
Joined
Jul 22, 2017
Messages
2,876
Location
Murfreesboro
That comment he replied to is present in this article
Which has a statement which I find confusing.
So what does that mean? You probably should not use userdir URLs for anything except hosting of simple, static content - and probably not even there if you can avoid it. Even in situations where all users are considered trusted there is an increased risk, as vulnerabilities can cross application boundaries. As for Apache‘s mod_userdir I have contacted the Apache developers and they agreed to add a warning to the documentation.

From Apache
Summary
By using this module you are allowing multiple users to host content within the same origin. The same origin policy is a key principle of Javascript and web security. By hosting web pages in the same origin these pages can read and control each other and security issues in one page may affect another. This is particularly dangerous in combination with web pages involving dynamic content and authentication and when your users don't necessarily trust each other.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
6,373
Location
Maastricht
I still don't see the difference with userdir and domain, it's both the same user, so same origin.

However if even Apache still says it's dangerous, seems better to have this disabled by default, correct?
 

bdacus01

Verified User
Joined
Jul 22, 2017
Messages
2,876
Location
Murfreesboro
However if even Apache still says it's dangerous, seems better to have this disabled by default, correct?
I have mine set to no in CB option.conf.

Yeah, I would love to hear more on the subject. Seems the old and current though is it's not a safe thing.
 
Top