It's for a more secure process, the new session_id should be sent via ssl as
well, and more still the logged in user should stay ssl.
The. Idea is that Dr. Evil who knows the value of the (unauthenticated)
session_id at time_a shouldn't be able to operate as the logged in user at
time_b by repla
Wondering if this is hard or something? Is my question not clear? Not
enough httpd.conf included?
I'd hugely appreciate some help figuring out how to do this, if anyone
has any ideas. I feel like I must be missing something obvious.
Many thanks,
Eric
Eric Bowman wrote:
Hi all,
I'm tryi
Thanks for the reply,
I do not fully agree on what you say, why should I redirect and start a new
session. What I am doing is
inside the Authentication Hanlder I do the authentication and if success
full I return the constant OK if not FORBIDDEN.
How the the Auth handler get invoked is via a Lo
Usually an authentication handler will send the user_agent a redirect header
(for security) and start a new session on success, this handler could save
parts of the POST payload against that session (remember to filter this data)
so that when the user_agent makes the GET request to the new URL t
Hi,
We have Apache Auth handler writting in mod_perl, after success full
authentication (after the execution of auth handler).
The request parameter came as POST data is lost, but if I send the same
parameters with GET those are available.
What is the reason for this, and how to preserve the po
This may or may not be an install issue. I downloaded the most recent
version of Apache 2.2.8 (Win32). I downloaded the installer, and ran
it. This was a clean install as Apache was not on the system previously,
and IIS is not on the system either. My operating system is Windows XP
Media Cen
mod_security does this with aoppropriate set-up
To audit log
Sent from my BlackBerry® wireless device
-Original Message-
From: Tracy12 <[EMAIL PROTECTED]>
Date: Tue, 13 May 2008 16:55:46
To:users@httpd.apache.org
Subject: [EMAIL PROTECTED] How to log httpd request with all the headers
On Tue, May 13, 2008 at 10:59 AM, Hayward Lam <[EMAIL PROTECTED]> wrote:
> I need to support the ARK (Archive Resource Key) spec which requires URL
> ending with "?" and "??". For example:
>
> http://domain.com/ark:/12345/t41290?
> http://domain.com/ark:/12345/t41290??
>
> Since "?" is used for re
On Tue, May 13, 2008 at 7:58 PM, Mark Slater <[EMAIL PROTECTED]> wrote:
>
> I'm able to recompile apache to disable the auto-indexing, but I'd like to
> also have it disabled in the configuration files by default because I won't
> always be able to control how apache gets compiled for a productio
On Tue, May 13, 2008 at 7:55 PM, Tracy12 <[EMAIL PROTECTED]> wrote:
>
> What is the log format to log all the request and response headers?
Doesn't exist. You can either enumerate the headers you want, or you
can use mod_log_forensic, which will give you all the input headers,
or you can use mod_
I've got Apache 2.2.8 running and the following configurations
(truncated for readability):
conf/httpd.conf:
AllowOverride None
Include conf/extra/httpd-vhosts.conf
Include conf/extra/httpd-ssl.conf
conf/extra/httpd-vhosts.conf
...
Options -Indexes
...
con
What is the log format to log all the request and response headers?
Can I have a sample?
--
View this message in context:
http://www.nabble.com/How-to-log-httpd-request-with-all-the-headers-tp17220742p17220742.html
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.
-
> > > Why would this be a DNS issue? The problem happens on the SERVER
> > because the most common reason for this is DNS issue.
On 13.05.08 12:37, Alex Grässer wrote:
> Granted, but we have ruled that out by putting the names into the hosts.
using local caching DNS is usually much more effectiv
Hi all,
I have a dev server for a site that I maintain, running Apache 2.0.52/Linux. I
would like to be able to route requests from the dev server to files on
production back to dev so that I can consolidate config files on both servers
and do pushes to production more easily. Production is on
On Tue, May 13, 2008 at 2:44 PM, sakthi v <[EMAIL PROTECTED]> wrote:
> Hello,
>
> I am trying to configure/compile apache with svn module. I tried following
> steps but have results furitless :(
>
> objective: I like to have mod_dav_svn.so and mod_authz_svn.so for subversion
> access through apache
Use another directory stanza in your main httpd.conf which references the
subdir you want unprotecting.
Perhaps .htaccess files are off - and with more than 100 directories, you
should leave them off, especially if some are nested.
Sent from my BlackBerry® wireless device
-Original Message
Sounds like you. Installed apache as a service and haven't uninstalled it
completely.
Just goto start,run
Type services.msc
Hit enter
Locate apache service and double check the location of the apache.exe
Generally you should crystal clear where the conf files are
Httpd.conf
Php.ini
My.cnf
Etc...
I had originally installed Apache server version 2.2.8 along with PHP and
MySQL, but could not configure PHP to read the database. I uninstalled the
individual components and instead installed wampserver 2.0. Everything works
fine when accessing the server as localhost, but I am unable to ac
On Tue, May 13, 2008 at 11:04 AM, Fred Day <[EMAIL PROTECTED]> wrote:
> Built with OpenLDAP LDAP SDK"
I'm unable to reproduce this (500 with LDAP auth when user hits 'ok'
to basic auth prompt) on my apache system built against openldap. Do
you have any insight about sensitivity to ldap client ve
im running an apache 2.2.4...
Server version: Apache/2.2.4 (Unix)
Server built: Jul 30 2007 17:04:39
Below is my generic directory configuration
i need some help as im a little lost
i have put something like this in my httpd.conf file to protect all my web
directory's with user/pass
AuthType
Eric Covener <[EMAIL PROTECTED]> wrote:
On Fri, May 9, 2008 at 3:51 PM, Fred Day wrote:
> click "OK" without entering anything for id and password ... if someone does
> that, the get back an "Internal Server Error" rather than an "Authorization
> Required". Note this does not happen on our apa
I need to support the ARK (Archive Resource Key) spec which requires URL
ending with "?" and "??". For example:
http://domain.com/ark:/12345/t41290?
http://domain.com/ark:/12345/t41290??
Since "?" is used for request parameter, when it is ending with "?" by
itself, my Apache Tomcat ignores it.
I
- Original Message -
From: Jean-Christophe Roux
To: users@httpd.apache.org
Sent: Tuesday, May 13, 2008 5:59 AM
Subject: [EMAIL PROTECTED] call rsync from php script
Hello,
I have a bash script update.sh that contains:
rsync -- delete -avz -e ssh ${files} [EMAIL PROTECTED
Bad form to answer my own question, but for the sake of the archive,
here goes...
Apparently IE doesn't like "no-cache" in a cache-control header.
Changing that to max-age=0 solved the problem.
Bad: header Set Cache-Control: "no-cache"
Good: header Set Cache-Control: "max-age=0"
FireFox, Opera,
On Mon, May 12, 2008 at 12:44 PM, Travis Sidelinger
<[EMAIL PROTECTED]> wrote:
> Any know an easy method to provide 2-factor authentication in Apache?
>
> I'd like to require both a group name+password and a user name+password.
> (or simply just two user accounts)
>
> I think this could be implem
Hello,
I am trying to configure/compile apache with svn module. I tried following
steps but have results furitless :(
objective: I like to have mod_dav_svn.so and mod_authz_svn.so for subversion
access through apache.
I tried following configuration before make. make install
prompt>> ./configure
Hello,
I am trying to configure/compile apache with svn module. I tried following
steps but have results furitless :(
objective: I like to have mod_dav_svn.so and mod_authz_svn.so for subversion
access through apache.
I tried following configuration before make. make install
prompt>> ./configure
Thanks Matus
> > Why would this be a DNS issue? The problem happens on the SERVER
> because the most common reason for this is DNS issue.
Granted, but we have ruled that out by putting the names into the hosts. file.
What is strange is, that this does not happen every time a new connection is
Hi Jean-Christophe,
You need to source the ssh-key agent. I suggest you work with a tool
like keychain.
And please configure some sort of protection/authentication
around your update.sh.
Regs,
Christian
Von: Jean-Christophe Roux [mailto:[EMAIL PROTECTED]
On 13.05.08 09:52, Alex Grässer wrote:
> Why would this be a DNS issue? The problem happens on the SERVER
because the most common reason for this is DNS issue.
> and HostnameLookups is Off!
isn't it turned on somewhere?
> Also the VirtualHosts are IP based so there is no name to be looked up.
Hello,
I have a bash script update.sh that contains:
rsync -- delete -avz -e ssh ${files} [EMAIL PROTECTED]:/red
when I use that script ./update.sh as root, it works like a charm as I set up
the private/public key properly.
When run from a php script through the apache webserver
The rsync line i
---
HARBOR: http://coolharbor.100free.com/index.htm
The most powerful application server on earth.
The only real POJO Application Server.
Making the Java dream come true.
Lars
Why would this be a DNS issue? The problem happens on the SERVER and
HostnameLookups is Off!
Which name could Apache possibly want to look up? The server name is stored in
the hosts. file for good measure.
Also the VirtualHosts are IP based so there is no name to be looked up.
The problem
Hi
Its most likely to be an DNS issue. If your not using vhosts, try
accessing it by its IP-adress. If that helps, check your DNS. Dont
remember your reverse dns settings.
--
Lars
On Tue, May 13, 2008 at 9:10 AM, Alex Grässer <[EMAIL PROTECTED]> wrote:
> Hi
>
> We are experiencing an intermit
Hi
We are experiencing an intermittent but reproducible problem, where
establishing a new connection to Apache httpd sometimes takes up to 30 seconds.
We are running 350 threads with +-20 threads in keepalive state (according to
/server-stats) and nothing else connecting or executing in Apache
35 matches
Mail list logo
