Re: [users@httpd] ?????? ??????? ?? files in /tmp
On Mon, Aug 1, 2011 at 3:13 PM, Nick Kew wrote: > On Mon, 1 Aug 2011 12:39:44 +0100 > Tom Evans wrote: > >> On Mon, Aug 1, 2011 at 12:27 PM, vishesh kumar >> wrote: >> > Hi Members >> > >> > I am getting ?? ??? .doc and ?? ??? .xls files in >> > /tmp parition. The owner of all these files are www . I am running apache >> > on >> > centos . Does it indicate any security breach ? >> > >> > Vishesh Kumar > > Are those questionmarks just how something gets rendered in email? > >> Not necessarily. Do you run any apps on the server by www, including >> PHP? Do they write out temporary files in /tmp before serving them? > > "Not necessarily" is a long way from a clear No! If there's an application > that legitimately creates files in /tmp, the sysop should know about it! Which is why I didn't say "No!". All those files mean is that some www process wrote them there - they don't fluff into existence. Whether that is a problem or whether it is expected behaviour for that particular server is only something the people running the application can determine. Hence 'Not necessarily'. It was an invitation for the OP to do some investigation himself. It could be a hack attempt, it could even be the first precursors of the 4th coming of Satan, but neither you nor I can determine any of that. I also don't know any attacks that start by uploading Excel files to a *nix server. Hardly likely to sprout into a 'trojan payload' or start some network daemons, unless ld has started being extremely clever. It is far more likely that this application produces reports in both Excel and Word formats. Creating BIFF files like Excel often requires a file interface to write into, so I could easily see a PHP app misbehaving and leaving temporary files in /tmp. It still requires the OP to work out what his server should be doing, and whether this is within the remit of it. Cheers Tom - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] mod_dav getcontenttype high number of authentication queries
I'm using Apache 2.2.19 on FreeBSD 7.3 mod_dav v.1.0.3 mod_auth_mysql v.3.0.0 I've noticed that when I make a simple PROPFIND request to get just a getcontenttype tag a large number of authentication queries are made to the mysql server, however if a PROPFIND with any of the other tags (eg. getcontentlength) is made, only one authentication query is made. I've noticed that the number of mysql authentication queries is proportional to the number of files & subdirectories in the returned in the response: auth_requests_made = (4 * number_of_directories) + number_of_files + 1 # ls -la Ticket/JB/ total 8 drwxr-x--- 4 www www 512 Aug 2 10:44 . drwxr-x--- 44 www www 1024 Jun 16 18:04 .. drwxr-x--- 3 www www 512 Sep 5 2005 2004 drwxr-xr-x 3 www www 512 Mar 22 2010 2010 -rw-r--r-- 1 root www 0 Aug 2 10:43 bar -rw-r--r-- 1 root www 0 Aug 2 10:44 baz -rw-r--r-- 1 root www 0 Aug 2 10:39 foo # Get the Content Types at a depth of 1 #curl -ku $CRED -d 'xmlns:D="DAV:">' -H 'Depth: 1' --request PROPFIND https://$HOST/ticket/JB/ # MySQL log output 110802 10:47:36 57119 Connect apache@localhost on 57119 Query SELECT Password, length(Password) FROM Users WHERE UserName='dick.perkins' 57119 Query SELECT Password, length(Password) FROM Users WHERE UserName='dick.perkins' 57119 Query SELECT Password, length(Password) FROM Users WHERE UserName='dick.perkins' 57119 Query SELECT Password, length(Password) FROM Users WHERE UserName='dick.perkins' 57119 Query SELECT Password, length(Password) FROM Users WHERE UserName='dick.perkins' 57119 Query SELECT Password, length(Password) FROM Users WHERE UserName='dick.perkins' 57119 Query SELECT Password, length(Password) FROM Users WHERE UserName='dick.perkins' 57119 Query SELECT Password, length(Password) FROM Users WHERE UserName='dick.perkins' 57119 Query SELECT Password, length(Password) FROM Users WHERE UserName='dick.perkins' 57119 Query SELECT Password, length(Password) FROM Users WHERE UserName='dick.perkins' 57119 Query SELECT Password, length(Password) FROM Users WHERE UserName='dick.perkins' 57119 Query SELECT Password, length(Password) FROM Users WHERE UserName='dick.perkins' 57119 Query SELECT Password, length(Password) FROM Users WHERE UserName='dick.perkins' 57119 Query SELECT Password, length(Password) FROM Users WHERE UserName='dick.perkins' 57119 Query SELECT Password, length(Password) FROM Users WHERE UserName='dick.perkins' 57119 Query SELECT Password, length(Password) FROM Users WHERE UserName='dick.perkins' # Get the Content Lengths at a depth of 1 #curl -ku $CRED -d 'xmlns:D="DAV:">' -H 'Depth: 1' --request PROPFIND https://$HOST/ticket/JB/ # MySQL log output 110802 10:49:35 57128 Connect apache@localhost on 57128 Query SELECT Password, length(Password) FROM Users WHERE UserName='dick.perkins' Can anyone explain this disparity between the number of mysql queries made? 16 queries may not seem high, but it gets ridiculous when there are 300 files in a a directory. I simply can't understand what would make getcontenttype different from the other properties, and why it needs to requery so many times. Regards, John - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] mod_dav getcontenttype high number of authentication queries
On Tue, 02 Aug 2011 11:56:20 +0100 FreeBSD Ports wrote: > I'm using Apache 2.2.19 on FreeBSD 7.3 > mod_dav v.1.0.3 > mod_auth_mysql v.3.0.0 > > I've noticed that when I make a simple PROPFIND request to get just a > getcontenttype tag a large number of authentication queries are made to > the mysql server, however if a PROPFIND with any of the other tags (eg. > getcontentlength) is made, only one authentication query is made. That difference is indeed puzzling. Are you sure of it? The large number of queries happens when the server runs a subrequest on each file to determine whether it's accessible (and therefore whether to include it in the listing). In a normal listing you can turn it on and off with the ShowForbidden option, but I'd have to RTFM to tell whether mod_dav supports an equivalent. But that doesn't explain the difference! FWIW, even if you can't turn the behaviour off, you can avoid the repeated SQL queries with mod_authn_socache. In your case, I'd expect that to get you a substantial performance improvement. -- Nick Kew - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] mod_dav getcontenttype high number of authentication queries
On 02/08/11 14:01, Nick Kew wrote: On Tue, 02 Aug 2011 11:56:20 +0100 FreeBSD Ports wrote: I'm using Apache 2.2.19 on FreeBSD 7.3 mod_dav v.1.0.3 mod_auth_mysql v.3.0.0 I've noticed that when I make a simple PROPFIND request to get just a getcontenttype tag a large number of authentication queries are made to the mysql server, however if a PROPFIND with any of the other tags (eg. getcontentlength) is made, only one authentication query is made. That difference is indeed puzzling. Are you sure of it? Positive, it's reproducable & I can tell exactly how man queries will be executed by looking at what type of PROPFIND is being done, depth & directory contents. I am however going to set up an Ubuntu VM and see if I observe the same behaviour. The large number of queries happens when the server runs a subrequest on each file to determine whether it's accessible (and therefore whether to include it in the listing). In a normal listing you can turn it on and off with the ShowForbidden option, but I'd have to RTFM to tell whether mod_dav supports an equivalent. But that doesn't explain the difference! FWIW, even if you can't turn the behaviour off, you can avoid the repeated SQL queries with mod_authn_socache. In your case, I'd expect that to get you a substantial performance improvement. Unfortunately, mod_authn_socache appears to be for Apache 2.3 & later, it's a great idea though and will have to look into it. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] mod_dav getcontenttype high number of authentication queries
On 02/08/11 14:39, FreeBSD Ports wrote: On 02/08/11 14:01, Nick Kew wrote: On Tue, 02 Aug 2011 11:56:20 +0100 FreeBSD Ports wrote: I'm using Apache 2.2.19 on FreeBSD 7.3 mod_dav v.1.0.3 mod_auth_mysql v.3.0.0 I've noticed that when I make a simple PROPFIND request to get just a getcontenttype tag a large number of authentication queries are made to the mysql server, however if a PROPFIND with any of the other tags (eg. getcontentlength) is made, only one authentication query is made. That difference is indeed puzzling. Are you sure of it? Positive, it's reproducable & I can tell exactly how man queries will be executed by looking at what type of PROPFIND is being done, depth & directory contents. I am however going to set up an Ubuntu VM and see if I observe the same behaviour. The large number of queries happens when the server runs a subrequest on each file to determine whether it's accessible (and therefore whether to include it in the listing). In a normal listing you can turn it on and off with the ShowForbidden option, but I'd have to RTFM to tell whether mod_dav supports an equivalent. But that doesn't explain the difference! FWIW, even if you can't turn the behaviour off, you can avoid the repeated SQL queries with mod_authn_socache. In your case, I'd expect that to get you a substantial performance improvement. Unfortunately, mod_authn_socache appears to be for Apache 2.3 & later, it's a great idea though and will have to look into it. Well, I can confirm that the same is happening on Apache on a Ubuntu 11.04 VM. Probably the easiest thing to do is to alter the clients so they don't request the content type. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] MysSQL Connection Fails on Apache2 Start
On Wed, Jul 27, 2011 at 12:09, Tom Browder wrote: > On Wed, Jul 27, 2011 at 11:24, Nick Kew wrote: >> >> On 27 Jul 2011, at 16:05, Tom Browder wrote: >> >>> At the moment it doesn't work. After start I get these errors: >>> >>> [Wed Jul 27 09:08:56 2011] [error] (20014)Internal error: DBD: Can't >>> connect to mysql >>> [Wed Jul 27 09:08:56 2011] [error] (20014)Internal error: DBD: failed >>> to initialise Today I tried the pgsql (Postgresql) interface and got NO errors--pressing on investigating its use for authentication. Best regards, -Tom Thomas M. Browder, Jr. Niceville, Florida USA >> >> And in the MySQL log? > > I see no errors! > > -Tom > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Proxy for TLS connection
Hi, I have a Apache reverse proxy server for both multiple http and https connection setup (v2.2.19). Right now there is a request to proxy TLS connection which is not on port 443. Does Apache reverse proxy server can accomplish that? Thanks. Ruiyuan This message (including any attachments) is intended solely for the specific individual(s) or entity(ies) named above, and may contain legally privileged and confidential information. If you are not the intended recipient, please notify the sender immediately by replying to this message and then delete it. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, by other than the intended recipient, is strictly prohibited. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Proxy for TLS connection
On 2011-08-02 23:17, Ruiyuan Jiang wrote: Do not hijack other peoples' threads or topics. Just start your own. Hi, I have a Apache reverse proxy server for both multiple http and https connection setup (v2.2.19). Right now there is a request to proxy TLS connection which is not on port 443. Does Apache reverse proxy server can accomplish that? Thanks. Why would the port matter Ruiyuan This message (including any attachments) is intended solely for the specific individual(s) or entity(ies) named above, and may contain legally privileged and confidential information. If you are not the intended recipient, please notify the sender immediately by replying to this message and then delete it. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, by other than the intended recipient, is strictly prohibited. I hereby violate everything you state and keep the message to sell to the russians for lotsamonies. -- J. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
