Tech.It.2.Me->{By.Anton.Perez}

I run my own mail server and use Squirrelmail to facilitate webmail access using HTTPS.  I encountered problems trying to delete a folder that I created as part of a test to find out if things were working correctly:

ERROR : Could not delete “Archive” 
Given: Invalid mailbox name

SquirrelMail is a Webmail application started by Nathan and Luke Ehresman and written in the PHP scripting language. It can be installed on almost all web servers so long as PHP is present and the web server has access to an IMAP and SMTP server

After some digging around, I found that after modifying a setting via ./conf.pl I was able to delete the folder.  If you’re experiencing the same thing, do the following:

1.   Open a terminal window.

2.   Navigate to Squirrelmail’s root dir, which in my case is /usr/share/squirrelmail.

3.   Navigate to the config/ folder then type: ./conf.pl.

4.   Select option 3 then 1 and enter none.

5.   Save your changes and exit.

It may not work on all situations, and some have said that in version 1.4.0, you may need to set/pick your IMAP server (I use Dovecot), like so:

1.   Open terminal window (again).

2.   Navigate to the config/ folder then type: ./conf.pl.

3.  From the menu options, select D, then save and exit.

If you still have problems after performing these steps, modify your php.ini config file to report more verbosely by changing the following lines:

display_errors = on
error_reporting = E_ALL

After saving the modifications you just made, restart your web server via (I run FC6 so) service httpd restart, then watch your Apache error_log for more info. 

That’s it.  Hopefully, this helps you from having to do the legwork.  Take care.  =0)

I caught the flu last week that’s why I haven’t been posting regularly.  =0(

Anyway, I wrote previously on how to password-protect a website/page, but in this post I’ll show you how to redirect a user automagically to HTTPS.

All you need to do is add the following in the .htaccess file (I’ll be using the Squirrelmail website as an example):

1.  I use Apache 2, so I do:

vi /etc/httpd/conf.d/squirrelmail.conf

Initially, it will look like:

# SquirrelMail is a webmail package written in PHP.
Alias /webmail /usr/share/squirrelmail
<Directory /usr/share/squirrelmail>
    Options FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

2.  Add the following, like so:

# SquirrelMail is a webmail package written in PHP.
Alias /webmail /usr/share/squirrelmail
<Directory /usr/share/squirrelmail>
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
    Options FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

3.  Save and exit by typing :wq!.

4.  Restart Apache like so: service httpd restart.

That’s it!  When someone visits, http://www.website.com/webmail, Apache will automatically redirect the user to https://www.website.com/webmail.

Hope this helps.  Take care!

If you need to support or serve your website using SSL, but only for personal purposes, such as a webmail, you’ve probably come across the problem of creating your own server certificate.

Secure Sockets Layer (SSL), are cryptographic protocols which provide secure communications on the Internet for such things as web browsing, e-mail, Internet faxing, instant messaging and other data transfers.

If so, run the following to create a self-signed cert:

1.   Via a terminal window, run these commands in sequence:

openssl genrsa -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl rsa -in server.key -out signingkey.key
openssl x509 -in server.csr -out selfsigned_digicert.crt -req -signkey signingkey.key -days 3650
chmod 600 server.key
chmod 600 selfsigned_digicert.crt
mkdir -p /etc/pki/tls/private
mkdir -p /etc/pki/tls/certs
cp server.key /etc/pki/tls/private/localhost.key
cp selfsigned_digicert.crt /etc/pki/tls/certs/localhost.crt

1.   Restart HTTP (I run FC6), like so:

server httpd restart

That’s it!  You can now serve your website via SSL…Don’t forget to open up your firewall to accept them (TCP port 443).

If you develop websites or adminster them, you’ve probably been asked or required to password-protect parts of a website. 

So, to help you out, here’s a quick how-to in Apache using .htaccess:

1. Open a terminal window and navigate to the folder or page(s) you’d like to add a password requirement.
2. Once there, type the following: htpasswd -c .htpasswd username.  BTW, you can name .htpasswd to another name (something that is hard to guess is preferable).
3. Enter the password you’d like to associate with the username (from above).  This will create the user and an encrypted password.
4. Next, create the .htaccess file by typing: vi .htaccess, and add the following in the .htaccess file:

To protect a folder

AuthUserFile /full/path/to/.htpasswd
AuthType Basic
AuthName “Your Secret Folder”
Require valid-user

To protect a page

AuthUserFile /full/path/to/.htpasswd
AuthType Basic
AuthName “Your Secret Page”
<Files “yourpage.html”>
  Require valid-user
</Files>

Note: You can use a different name for .htpasswd so it’s harder for a hacker to figure it out.

5.   Type :wq! to save and exit. 

6.   For better security, perform a chmod on .htaccess, like so: chmod 644 .htaccess.

As you can see, the steps above are pretty straight-forward.  Also as an FYI, Apache blocks any requests for anything that start with “.ht”.

That’s basically it, I hope this post helps you out.  =0)

My sister’s been shopping around for airline tickets to go to Asia without any luck.  So, the geekness in me felt the need to help her out. 

Scanning through some blogs I read regularly, I came across SideStep.com.  It is one of the “newer” travel websites that search a lot of other websites’ flight information, which got me curious as to what technology they use. 

Watching what other people/companies are doing and using helps me stay up-to-date with all these technologies.

I initally wasn’t able to figure out what technologies drive their website until I:

1. Used Steve Gibson’s excellent ID Serve tool to find out what web server they were using
2. Looked for file extensions and came across the .do extension on one of their links. 
3. Checked out the HTML code and scanned for methods that buttons and other input controls were calling.

So, for the web server, it’s none other than Apache (yeah!):

HTTP/1.1 301 Moved Permanently
Date: Fri, 13 Apr 2007 21:32:05 GMT
Server: Apache
Location: http://www.sidestep.com/
Content-Length: 294
Connection: close
Content-Type: text/html; charset=iso-8859-1

For the back-end, it’s Java, most likely an Apache Struts implementation:

And of course, a ton of JavaScript code for client-side functionality.

From this brief investigation, I also learned that SideStep.com, though, a new comer is giving Orbitz and Expedia a run for their money.  Cool!  Better for us consumers.

To summarize: Try to regularly observe what other people and companies are doing, so as to keep yourself up-to-date.  And along with that, try the techniques I mentioned above for your investigation, as you might learn a thing or two.  =0)

Disclaimer: There are a lot of other techniques and tools that you can use, but the steps above, though, may be incomplete served the purpose of this post.