XSS is a vulnerability of the application running on top of web-server
and browser, there's hardly a way to fix it on a web-server level. But
outdated web-server may have vulnerabilities of its own.
Of the ways you listed #1 without #2 usually doesn't work; OTOH #2 done
comprehensively (with s
I'm using Webalizer on both Solaris 10, Solaris 11 and OpenIndiana (open source
Solaris based distro).
Webalizer should work on any Unix or Unix clone with a compiler.
Jerry
On 04/29/17 03:38 AM, Freek de Kruijf wrote:
I use webalizer on a Linux system. Don't know is this package is availa
Hello All,
Looking for some help to determine if I can configure Apache 2.0.59 to address
a couple Cross Site Scripting (XSS) vulnerabilities. I'm not able to upgrade to
a later version, so I'm trying to understand if there is functionality within
this version to address the XSS issue.
I have
What are the errors in your PHP-FPM.LOG?
Arthur Johnston
Meadowbrook Kennels
-Original Message-
From: John Iliffe [mailto:john.ili...@iliffe.ca]
Sent: Monday, May 01, 2017 7:53 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Unstable PHP under Apache
Still poking around with t
Still poking around with this and one thing seems very odd to me.
Coded exactly as shown in the Apache docs, php is NOT invoked by a php
script. What I mean is:
This is from the docs, as I understand them:
-
# Add FCGI changes
FcgidMaxRequestsPerProcess 1
Alias
Thanks Arthur.
That was my initial thought, that the file permissions were wrong.
I just checked again and the permission on the root directory of this page
(/httpd) is rwxr-xr-x and it is owned by root so the directory can be world
read and descended.
Same for all of the virtual host lever di
Hello,
I've got a Mysql database set up for user authentication, with fields
username, password, group, and active. I've got a group testgroup that
i've put users in. I'm wanting to authorize users as follows: any
users in the testgroup but who must also be a valid-user.
Can someone take a look a
I experienced similar messages when working outside of the Apache directory.
Check your permissions.
Arthur Johnston
Sent from my iPhone. Please excuse
The typos.
> On May 1, 2017, at 1:20 PM, John Iliffe wrote:
>
> This is set to:
>
> max_execution_time = 30
> max_input_time = 60
>
> T
This is set to:
max_execution_time = 30
max_input_time = 60
This is the default and I would expect to run a simple phpinfo it would be
adequate.
I was playing further and now I have got rid of the "No Input File
Specified" in favour of "Prohibited". I had this problem before while I
was try
John
I am not near my computer right now.
There is a setting in PHP.ini to extend the time for each process.
Arthur Johnston
Sent from my iPhone. Please excuse
The typos.
> On May 1, 2017, at 8:24 AM, John Iliffe wrote:
>
> Thanks for the response Nick.
>
> I originally suspected PHP t
On Mon, 2017-05-01 at 19:17 +0800, Liwei wrote:
>
> Apache is acting as a proxy with mod_security being used to limit the
> maximum request sizes.
Aha! Another component in the chain. Do you get the same behaviour
if you remove mod_security and use LimitRequestBody instead?
> So Apache is the
Thanks for the response Nick.
I originally suspected PHP too but using mod_php most of this works. (It
all does on the old server on Apache-2.4.10 using mod_php) I'm using
mod_fcgid on Apache so that is why I posted here. I already tried the
Apache download of PHP-FPM about a month back with
Linux, Fedora 25, SELinux set to permissive and permissions on the
directories are correct.
John
On Monday 01 May 2017 00:57:36 Arthur E. Johnston wrote:
> What operating system?
>
> Arthur Johnston
> Meadowbrook Kennels
>
> -Original Message-
> From: John Iliffe [mailto:john.ili...@il
Hi,
Thanks for the info.
I have already tried this, but was getting fatal mod_ssl error while enabling
TLSv1.1 or 1.2.
Regards,
Krishna
From: K R [mailto:kp0...@gmail.com]
Sent: Saturday, April 29, 2017 9:28 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] how to enable TLS v1.1 and TL
On 1 May 2017 at 19:17, Liwei wrote:
>
> Hi Nick, replies inline...
>
> On Mon, 1 May 2017 at 18:14 Nick Kew wrote:
>>
>> On Mon, 2017-05-01 at 15:08 +0800, Liwei wrote:
>> > Hi list,
>> > I'm seeing an unexpected behaviour when a 413 Request Entity Too
>> > Large error occurs on a site proxi
Hi Nick, replies inline...
On Mon, 1 May 2017 at 18:14 Nick Kew wrote:
> On Mon, 2017-05-01 at 15:08 +0800, Liwei wrote:
> > Hi list,
> > I'm seeing an unexpected behaviour when a 413 Request Entity Too
> > Large error occurs on a site proxied with Apache 2.4.25. There is an
> > ErrorDocumen
Hi Markus,
from your previous emails I understood a different picture, namely that you
didn't want to send compressed requests to the backend to keep it as simple
as possible.
To solve your problem you might try to use SetOutputFilter INFLATE inside a
dedicated https://httpd.apache.org/docs/2.4/m
On Mon, 2017-05-01 at 15:08 +0800, Liwei wrote:
> Hi list,
> I'm seeing an unexpected behaviour when a 413 Request Entity Too
> Large error occurs on a site proxied with Apache 2.4.25. There is an
> ErrorDocument configured for this error but it does not show up as
> (from the error page itself
Hi list,
I'm seeing an unexpected behaviour when a 413 Request Entity Too Large
error occurs on a site proxied with Apache 2.4.25. There is an
ErrorDocument configured for this error but it does not show up as (from
the error page itself):
"Additionally, a 413 Request Entity Too Large error
19 matches
Mail list logo
