Hello Everyone,
I am researching how to run PHP as CGI with Apache's Suexec module. Up to
this point we have been using PHP as an Apache mod, but are looking to move
to the more secure solution.
I am not sure this is exactly the right list top post to so if anyone knows
a better one please l
2009 11:21 AM
Subject: [us...@httpd] Re: iFrame Injection Blocking
Grant Peel wrote:
Can this be done on the server side somehow, or is an iFrame completely
loaded by the browser (i.e. doe the content pas through the server first,
or is it cmpletely pulled by the client?).
An IFrame is complete
Hi all,
I have serveral sites that have had an malicious iFrame injected.
I would like to block the sites that the iFrame poiunts to.
Can this be done on the server side somehow, or is an iFrame completely loaded
by the browser (i.e. doe the content pas through the server first, or is it
cmple
Hi all,
I originally posted this to the PHP mailing list with, so far, less than
helpful results. I am not a fan of cross-posting, but I suspect there may be
a few ISP support / server admins who may be interested in this offer.
Good Morning / Afternoon,
We run several of our own servers:
-
Hi all,
I have been trying to get Mailman (2.1.9) working under Apache2.2+Suexec for
the past few days and am about to give up.
I have gooogled my ___-___ trying to formulate a solution to no avail. I
also have the Mailman install procedure pretty much memorized.
What I am seeing is that th
AIL PROTECTED]>
To:
Sent: Thursday, September 11, 2008 6:10 PM
Subject: Re: [EMAIL PROTECTED] Logs
Grant Peel wrote:
Hi Justin,
Thanks for the reply. FYI I am using UNIX (freebsd).
Up tp this point, I have been using an sh script to rotate logs.
The logs in question are the access_log
al Message -
From: "Justin Pasher" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, September 10, 2008 10:18 PM
Subject: RE: [EMAIL PROTECTED] Logs
-Original Message-
From: Grant Peel [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 10, 2008 6:54 PM
To: users@httpd.
Hi all,
I am investigating useing apache rotatelogs pipe. My servers have about 250
virtual domains each on them, so I am curious about a couple of things:
How are people in a similar setup handling remove logs (so they dont build
up forever), say after 2 months?
Does piping the data throug
try and track down an
offending script?
-Grant
- Original Message -
From: "Joshua Slive" <[EMAIL PROTECTED]>
To: ; "Grant Peel" <[EMAIL PROTECTED]>
Sent: Wednesday, July 30, 2008 5:40 PM
Subject: Re: [EMAIL PROTECTED] Here's a new one (to me).
O
elp.
-Grant
- Original Message -
From: "William A. Rowe, Jr." <[EMAIL PROTECTED]>
To:
Sent: Tuesday, July 29, 2008 11:34 PM
Subject: Re: [EMAIL PROTECTED] Here's a new one (to me).
Grant Peel wrote:
index.html = 1401 bytes.
?
Well that's good, you have to
index.html = 1401 bytes.
?
-Grant
- Original Message -
From: "William A. Rowe, Jr." <[EMAIL PROTECTED]>
To:
Sent: Tuesday, July 29, 2008 7:46 PM
Subject: Re: [EMAIL PROTECTED] Here's a new one (to me).
Grant Peel wrote:
On this past Saturday, my server st
Hi all,
Just when you thought you'd seen it all.
On this past Saturday, my server started seeing sporadic spikes in CPU
usage. As it turns out, somehow, some bot or something somewhere is
connecting to me server and relaying messages to another server. The logs
below have been Googled several
Hi all,
We have been using Webalizer for a number of years now and it has been a
decent tool, but alas, seems to have stagnated from a development
standpoint.
I curious what everyone is using these days for analyzing Apache logs?
- Virtual Sites (per domain config),
- Can do incremental file
Hi Guys,
"I" Have no plans to write any applications to Send or Receive RSS Feeds.
The (clients) who asked me about it understand the developing the xml
scripts just wanted to know if the server is capable.
That was my priginal question : Does apache (or php for that matter) need
any special
His all,
I am running apache 2.x.x on all my FreeBSD servers.
Is there anything special that needs to be done to allow users to start using
RSS feeds? (MIME Types XML etc).
-Grant
- Original Message -
From: "Joshua Slive" <[EMAIL PROTECTED]>
To: ; "Grant Peel" <[EMAIL PROTECTED]>
Sent: Monday, March 31, 2008 7:47 AM
Subject: Re: [EMAIL PROTECTED] Logging Denied Referrers
On Sun, Mar 30, 2008 at 8:32 PM, Grant Peel <[EMA
- Original Message -
From: "Joshua Slive" <[EMAIL PROTECTED]>
To: ; "Grant Peel" <[EMAIL PROTECTED]>
Sent: Sunday, March 30, 2008 5:43 PM
Subject: Re: [EMAIL PROTECTED] Logging Denied Referrers
On Sun, Mar 30, 2008 at 3:32 PM, Grant Peel <[EMAIL PROT
/1.4.1_04" block_bad_bots
Order Allow,Deny
Allow from all
Deny from env=block_bad_bots
-Grant
- Original Message -
From: "Joshua Slive" <[EMAIL PROTECTED]>
To: ; "Grant Peel" <[EMAIL PROTECTED]>
Sent: Sunday, March 30, 2008 12:53 PM
All,
I misspoke below, I am talking about User Agents not referrers!
- Original Message -
From: Grant Peel
To: users@httpd.apache.org
Sent: Sunday, March 30, 2008 12:15 PM
Subject: [EMAIL PROTECTED] Logging Denied Referrers
Hi all,
As mentioned in previous emails, I am
Hi all,
As mentioned in previous emails, I am trying to deny access via SetEnvIf
statements in my httpd.conf (to block smap bots / email harvesters etc.
I have two questions:
1. My server has several hundred VirtualHost directives. When the SetEnvIf
statements are just placed in the main serve
I have visited a few lists that help make up my current spam bot deny list.
Can anyone reccomend a list thats reliably well written and
up -to-date/updated frequently?
-Grant
- Original Message -
From: "Joshua Slive" <[EMAIL PROTECTED]>
To: ; "Grant Peel"
Mark,
I take it from your reply that the only reliable way right now is to keep
using the referrers deny method then?
-Grant
- Original Message -
From: "Mark Space" <[EMAIL PROTECTED]>
To:
Sent: Saturday, March 29, 2008 12:38 PM
Subject: Re: [EMAIL PROTECTED] S
Hi all,
I am being hit with a number of spam bots (email address harvesters) and have
implimeted some deny referrers ruls as a short term fix.
Does anyone know of any permanent long term fixes?
-Grant
Hi all,
I am just starting to investigate why:
An html page (with an html extension), sent to Firefox (2.0.0.12), will
render a page (with a form), and will allow me to 'post' it. But when the
(Perl) cgi script returns the answer page (using a 'print qq~ ...'
statement, the resulting page sho
eggdropp is an irc bot. You need to kill this, unless you know it is something
different. Also, check your system, you have been breached.
-Grant
- Original Message -
From: Liz Kim
To: users@httpd.apache.org
Sent: Thursday, January 03, 2008 2:30 PM
Subject: Re: [EMAIL PROTEC
cd /usr/ports/www/apache22
make install clean
done
-Grant
- Original Message -
From: Bhakta
To: users@httpd.apache.org
Sent: Monday, November 26, 2007 4:57 AM
Subject: [EMAIL PROTECTED] apache2.2
Hi List
How do I install apache2.2.6 in freeBSD through ports.
Bhakta
Hi all,
I have asked this question before, but not with as much detail as I hope to
provide below. FOr those who have read this before, feel free to
skip/delete.
I am running:
Server version: Apache/2.2.3
Server built: Oct 27 2007 21:17:49
(Prefork)
on
FreeBSD 6.2
And am wondering which m
Hi all,
I have a client for whom I have added about 500 301 redirects in thier
VirtualHost container. The server has about 200 VirtualHosts total.
What kind of performance issues would one think all those redirects have on
the whole (Apache) server?
-Grant
--
: [EMAIL PROTECTED] .htaccess and Server Side Includes
> -Original Message-
> From: Grant Peel [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, November 21, 2007 4:04 PM
> To: users@httpd.apache.org
> Subject: [EMAIL PROTECTED] .htaccess and Server Side Includes
Hi all,
Suppose one had a server that is currently parsing all file for server side
includes, php etc, and one wanted to make it so that a .htaccess file in the
web root of a few virtual hosts parsed all files, but the rest of the
virtual hosts only parsed shtml, how would one accomplish such
Hi all,
Does any one have any good tips on makeing apache lean and mean from a
memory perspective?
I am using apaceh 2.2 on FreeBSD 6.2.
Each one of my deamons is using about 1.8 - 2.5 % of available memory. (1
GB).
-Grant
---
Hi all,
I have a 400 MB resuorce.pag file, and a resourse.dir directory in my /tmp
folder. It appears something is accessing them as I can see the files
timestamp updated.
Are they truely Apache files? DO I need to keep them? Can I delete them?
Any answers will be appreciated.
-Grant
--
Hi all,
I have what I would call a moderately busy server. It processes about 10
million hits per month. It is a virtual server with about 150 domains on it.
I am seeing a pretty constant cpu load of about 0.5 - 2.0 on the UNIX CPU
(1-5-15 ave) method. At any given time, 5 - 20 domains are sh
Hi all,
I have a security company hounding me to turn of HTDigest.
Any idea how?
Words of wisdom ... please.
-Grant
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/user
ter this directories contents.
- Original Message -
From: Joshua Slive
To: users@httpd.apache.org ; Grant Peel
Sent: Wednesday, October 24, 2007 9:45 AM
Subject: Re: [EMAIL PROTECTED] php and suexec
On 10/24/07, Grant Peel <[EMAIL PROTECTED]> wrote:
>
>
>
Understood,
BUT suexec will not allow a script to be written to outside the users home
directory ... right?
-Grant
- Original Message -
From: Joshua Slive
To: users@httpd.apache.org ; Grant Peel
Sent: Monday, October 22, 2007 11:12 AM
Subject: Re: [EMAIL PROTECTED] php and
right, it does not do that. PLEASE correct me if I am wronge!
-Grant
- Original Message -
From: Matthew A. Bockol
To: users@httpd.apache.org ; Grant Peel
Sent: Monday, October 22, 2007 10:29 AM
Subject: Re: [EMAIL PROTECTED] php and suexec
Hi Grant,
You might also con
Hi again all,
Has anyone on this had succees setting up php to use (apache) suexec?
If I am reading things right, it appears that php must be run as CGI and
then it will use the built in (Apache2) suexec wrapper in the same fassion
as perl does.
If the above is correct I am looking for a primer
Hi all,
I recently installed mod_security and noticed that it would not write to the
server logs (the main server logs in /var/log), until I gracefully restarted
apache. After reviewing that, I noticed that none of the other files were
being written to as well (httpd-access.log, httpd-error.lo
Hi all,
I installed mod_security yesterday on one server and am in the process of
debugging.
Along with mod_security itself, I have installed a number of rules, most of
which are not causing any issues. The two below are causing some problems
though:
Number one seems to do its job too well as
- Original Message -
From: Tony Guadagno
To: users@httpd.apache.org ; Grant Peel
Sent: Sunday, June 24, 2007 10:37 PM
Subject: Re: [EMAIL PROTECTED] Mod Deflate and PDF
Grant,
I don't know why, but I can confirm that it does break pdf's I have had to
exclude them,
flate_log deflate
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|gz2|sit|rar)$ no-gzip dont-vary
Any ideas why the logs appear broken?
-Grant
- Original Message -
From: Grant Peel
To: users@httpd.apache.org
S
Hi all,
It seems mod deflate may be causing some older versions of windows (98, 2000)
to cracsh when pdf's are accessed.
Does any one know of this and any patches/workarounds that might help?
I am running FreeBSD 6.2 and apache 2.2.3.
Mime types pehaps?
-Grant
part of what the point of certificates is (along with encypting data) is to
ensure you are connecting to the domain for which the cert was issued.
mydomain.com is NOT the same in ssl as www.mydomain.com.
The data (assuming the users says 'yes, continue to the site' in thier browser
(when they
Josh, + all
Here are the ones in Intend on removing, please see comments below and let me
know if my logic is flawed.
- Original Message -
Virtual Hosting - about 250 domains
PHP, mostly x-cart, and Forums Invision Board and phpBB
MySQL (accessed mostly via PHP)
static html pag
- Original Message -
From: Joshua Slive
To: users@httpd.apache.org ; Grant Peel
Sent: Monday, May 14, 2007 10:04 AM
Subject: Re: [EMAIL PROTECTED] Leaner httpd
On 5/14/07, Grant Peel <[EMAIL PROTECTED]> wrote:
>
>
> Hi all,
>
> my server has bee
Hi all,
my server has been running at a rather high load lately, as well as swapping a
bit.
I was thinking its time to consider removing some of the DSO entries. (See list
of loading modules below).
Here is what the server is used for:
Virtual Hosting - about 250 domains
PHP, mostly x-cart, a
Hi,
I was wondering if anyone else has seen CPU usage skyrocket after upgrading to
X-Cart 4.x.x ?
I have optimized my Apache conf file about as much as I can, but still the CPU
usage trippled after upgrading.
-Grant
] mod_gzip
On 1 May 2007, at 19:28, Grant Peel wrote:
> Does anyone know of a fix for this?
Yes. Upgrade to Apache 2.
You're using a 1998 server. Things have moved on since then.
Like, a clean compression architecture that eliminates the need
for crap like tempfiles.
--
Hi all,
I have added mod_gzip to my apache config a few weeks back.
Yesterday, the server pretty much locked up due to no disk space left on the
root filesystem.
It appears that with mod_gzip turned on, hundreds of *.wrk files are left in
the /tmp dir, eventually filling it up.
Does anyone k
50 matches
Mail list logo
