Re: [users] Re: Recommended practice for mitigating BREACH/CRIME attacks with Apache 2.4+, SSL/TLS-only sites, and use of mod_deflate?

On Fri, Jun 06, 2014 at 09:21:20AM -0500, Tom Browder wrote: > On Tue, Jun 3, 2014 at 3:52 PM, Tom Browder wrote: > > I have several SSL/TLS-only virtual sites running under Apache 2.4.7. > > I haven't turned on compression because of all the warnings about > > CRIME and BREACH. However, when I r

Re: [users] Re: Basic Login as domain\username

On Fri, Jun 6, 2014 at 3:50 PM, Darly Senecal Baptiste wrote: > What about in apache 2.2.3? I don't think so. I think you'd need to write a small module to strip (or add?) that prefix - To unsubscribe, e-mail: users-unsubscr...@

Re: [users] Re: Basic Login as domain\username

What about in apache 2.2.3? On Fri, Jun 6, 2014 at 3:40 PM, Eric Covener wrote: > On Fri, Jun 6, 2014 at 3:38 PM, Darly Senecal Baptiste > wrote: > > Hi Community : > > > > Let's forget about NTLM module. It is a way to perform a Rewrite > username? > > Like using mod_rewrite? > > > > 2.4's mo

Re: [users] Re: Basic Login as domain\username

On Fri, Jun 6, 2014 at 3:38 PM, Darly Senecal Baptiste wrote: > Hi Community : > > Let's forget about NTLM module. It is a way to perform a Rewrite username? > Like using mod_rewrite? > 2.4's mod_authnz_ldap has specific stuff to alter the username specifically for this scenario. ---

[users] Re: Basic Login as domain\username

Hi Community : Let's forget about NTLM module. It is a way to perform a Rewrite username? Like using mod_rewrite? Thanks On Thu, Jun 5, 2014 at 4:26 PM, Darly Senecal Baptiste wrote: > Hi Community: > > I had implemented a git repository server and its authentication is Basic > (*AuthType >

[users] Re: getting stuck

Oh one more thing that might be important. The current system is created by moving the harddrive from one machine to an identical (however with somewhat different plugged in Hw), as the first machine just went out and wouldnt boot at all. So having access to a second DellDimension5000 I just s

[users] getting stuck

Hi, I have a kind of problem. My computer running as Apache server under fedora/linux is getting stuck more or less regularly. It runs for around 2 days and then just does not respond, neither to internet nor to keybord/mouse. I do not know if its the httpd or the linux/pc that goes into sta

Re: [users] Re: Recommended practice for mitigating BREACH/CRIME attacks with Apache 2.4+, SSL/TLS-only sites, and use of mod_deflate?

On Fri, Jun 6, 2014 at 10:35 AM, Tom Browder wrote: > On Fri, Jun 6, 2014 at 10:16 AM, Jeff Trawick wrote: >>> On Tue, Jun 3, 2014 at 3:52 PM, Tom Browder wrote: >>> > I have several SSL/TLS-only virtual sites running under Apache 2.4.7. >>> > I haven't turned on compression because of all the w

Re: [users] Re: Recommended practice for mitigating BREACH/CRIME attacks with Apache 2.4+, SSL/TLS-only sites, and use of mod_deflate?

On Fri, Jun 6, 2014 at 10:16 AM, Jeff Trawick wrote: >> On Tue, Jun 3, 2014 at 3:52 PM, Tom Browder wrote: >> > I have several SSL/TLS-only virtual sites running under Apache 2.4.7. >> > I haven't turned on compression because of all the warnings about >> > CRIME and BREACH. However, when I run

Re: [users] Re: Recommended practice for mitigating BREACH/CRIME attacks with Apache 2.4+, SSL/TLS-only sites, and use of mod_deflate?

On Fri, Jun 6, 2014 at 10:21 AM, Tom Browder wrote: > On Tue, Jun 3, 2014 at 3:52 PM, Tom Browder wrote: > > I have several SSL/TLS-only virtual sites running under Apache 2.4.7. > > I haven't turned on compression because of all the warnings about > > CRIME and BREACH. However, when I run my s

Re: [users] Re: Recommended practice for mitigating BREACH/CRIME attacks with Apache 2.4+, SSL/TLS-only sites, and use of mod_deflate?

On Fri, 2014-06-06 at 09:21 -0500, Tom Browder wrote: > On Tue, Jun 3, 2014 at 3:52 PM, Tom Browder wrote: > > I have several SSL/TLS-only virtual sites running under Apache 2.4.7. > > I haven't turned on compression because of all the warnings about > > CRIME and BREACH. However, when I run my

[users] Re: Recommended practice for mitigating BREACH/CRIME attacks with Apache 2.4+, SSL/TLS-only sites, and use of mod_deflate?

On Tue, Jun 3, 2014 at 3:52 PM, Tom Browder wrote: > I have several SSL/TLS-only virtual sites running under Apache 2.4.7. > I haven't turned on compression because of all the warnings about > CRIME and BREACH. However, when I run my sites against web site > analyzers they always suggest turning

Re: [users] Apache2 Trying to retrieve at least an index but Forbidden

same configuration /etc/apache2 in new virtual machine works in the old one continue to not working. Please HELP!!! On Fri, Jun 6, 2014 at 11:07 AM, Luigi Cirillo wrote: > No idea? very strange I will create another virtual machine with > default conf. If it works I will diff the conf files a

Re: [users] Apache2 Trying to retrieve at least an index but Forbidden

No idea? very strange I will create another virtual machine with default conf. If it works I will diff the conf files and I let you know. A question there a way to get verbose infos about why Apache return "Forbidden"? I tried to set all logs to debug level but I got unuseful infos about the module

Re: [users] Server-side include problem in Apache 2.4.9 <--#if expr

I solved this problem by not using server-side includes any more. Most of my site's pages were generated by programs anyway, so it wasn't a big task to have them all generated by programs, eliminating the need for SSI. Roger