Re: [users@httpd] ESTABLISHED connections

to prevent the client from connecting, instead of restricting what the client is allowed to request after it connects, use a firewall. -- Mark Montague m...@catseye.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apac

Re: [users@httpd] mod_systemd and Apache 2.4

are familiar with RHEL7 who administer it later. - mod_systemd is not likely using any significant amount of RAM. -- Mark Montague m...@catseye.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For

Re: [users@httpd] Apache & Unix

ts are ignored. This lets scripts and other programs construct filenames without having to detect and remove extraneous slashes; if a script always adds a slash, it will be there when needed and won't cause problems if it is not needed. The following are all equivalent: /usr/private /usr//private /usr/private/ /usr/private/ For more reading, see http://teaching.idallen.com/cst8207/12f/notes/160_pathnames.html -- Mark Montague m...@catseye.org

Re: [users@httpd] Can I change how mod_disk_cache stores content on disk?

the cache at a particular point in time. See https://httpd.apache.org/docs/2.4/programs/htcacheclean.html If this doesn't meet your need, you might want to look into writing your own module to do exactly what you need for your experi

Re: [users@httpd] trivial but annoying; no _GET

riable is an array. If the query string parameters are not showing up in your Apache HTTP Server access logs, then generate a test request locally from your web sever with a query string and see if that shows up in your logs; if it does, then the problem is not with your local web server.

Re: [users@httpd] How to configure http and https for same hostname

stanzas. That's all. For more information on setting up Virtual Hosts in Apache HTTP Server 2.4, see https://httpd.apache.org/docs/2.4/vhosts/ For more information about setting up HTTPS, see https://httpd.apache.org/docs/2.4/ssl/ -- Mark Montague m...@catseye.org

Re: [users@httpd] My SSL Certificate is not working properly

your page is being served to you via HTTPS, see http://stackoverflow.com/questions/2632983/any-tool-available-to-detect-whats-not-https-on-an-encrypted-page -- Mark Montague m...@catseye.org - To unsubscribe, e-mail:

Re: [users@httpd] My SSL Certificate is not working properly

the VirtualHost stanza for your default HTTP virtual host, just like all of the other directives you have for that virtual host. # other directives that you already have Redirect /nagios https://domain/nagios # other directives that you already have -- Mark Montague m...@catseye.

Re: [users@httpd] My SSL Certificate is not working properly

nd check in your web server access log to find out what, specifically, is being requested over HTTP. -- Mark Montague m...@catseye.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands,

Re: [users@httpd] Apache 2.4 stability & ErrorLogFormat

b virtual host within the same web server (see https://httpd.apache.org/docs/2.2/vhosts/ ) You can then have a different Apache HTTP Server error log file for each web application (see https://httpd.apache.org/docs/2.2/mod/core.html#errorlog ) Or you may find it easiest to upgrade to Apache HT

Re: [users@httpd] Apache 2.4 stability & ErrorLogFormat

source, just compile an unmodified version of 2.4 -- even counting the cost of learning about the new features and making some changes to your existing configuration, I think this will be much easier than backporting a feature to 2.2 and then supporting it yourself in-house long term. -- Mark

Re: [users@httpd] Setting REMOTE_USER to %{SSL:HTTP_SSL_CLIENT_S_DN_CN}

On November 5, 2012 10:24 , Martin Drescher wrote: On 05/11/12 14:35, Mark Montague wrote: On November 5, 2012 6:32 , Martin Drescher wrote: > I would like to set the REMOTE_USER environment to the value of > %{HTTP_SSL_CLIENT_S_DN_CN}. SSLUserName SSL_CLIENT_S_DN_CN Close, but no

Re: [users@httpd] Setting REMOTE_USER to %{SSL:HTTP_SSL_CLIENT_S_DN_CN}

} (.+) RewriteRule ^.*$ - [E=REMOTE_USER:$1] Tried some variations, but it does not :-( Could someone help me out with this? Remove those mod_rewrite directives. Instead, use SSLUserName SSL_CLIENT_S_DN_CN See https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslusername -- Mark Montague m

Re: [users@httpd] OpenSSL vs. Mozilla's NSS

ith OpenSSL but use whatever software you want to use for managing your certificates. -- Mark Montague m...@catseye.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] apache access permission

n /var/www/.ssh/id_pub since that will not get served to clients. -- Mark Montague m...@catseye.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] apache access permission

e). If you want to use a ssh key that is stored somewhere else other than the user "apache" home directory, the "-i" option to ssh will allow you to do this. See the ssh manual page for more information. -- Mark Montague m...@catseye.org --

Re: [users@httpd] Re: RewriteCond - Multiple matches

e PCRE documentation for what's legal in regular expressions. Keep in mind that PCRE does not support perl delimiters (that is, enclosing the regular expression in slashes) nor does PCRE support Perl regular expression modifiers such as 'g', 'i', 'm', 's

Re: [users@httpd] Mac OS X and SSL Client Certitficates

ari 6.x when "SSLVerifyClient optional" was set (although this worked just fine with Firefox 15 under MacOS X, so I don't think this is the only source of your problem with Safari client certificates). Sorry I don't have any better advice. -- Mark Montague m...@catsey

Re: [users@httpd] RewriteCond - Multiple matches

using to see if you have an error in it. If you post the relevant configuration directives here, list members can have a look at them. Be sure to include which version of Apache HTTP Server you are using. -- Mark Montague m...@catseye.org

Re: [users@httpd] Re: Client certificate authentication issues

ent certificate in the initial SSL negotiation for all connections, and renegotiation should never be triggered. -- Mark Montague m...@catseye.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Re: Client certificate authentication issues

ent versions of Safari). Good luck. I hope this helps. -- Mark Montague m...@catseye.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] SSL Client Certificates and CGI

). The Apache HTTP Server documentation contains examples of serving CGIs from underneath DocumentRoot and also user home directories: https://httpd.apache.org/docs/2.4/howto/cgi.html -- Mark Montague m...@catseye.org ---

Re: [users@httpd] SSL Client Certificates and CGI

On October 1, 2012 14:58 , Tom Browder wrote: On Mon, Oct 1, 2012 at 10:53 AM, Mark Montague wrote: On October 1, 2012 9:17 , Tom Browder wrote: Inside the restricted area I have: SSLVerifyClient require I have found that the configuration doesn't restrict CGI programs at all

Re: [users@httpd] SSL Client Certificates and CGI

7;re not using Location), the directives inside the Directory stanza, and then the URL that, when a client requests it, results in access being granted despite the client not presenting a certificate. -- Mark Montague m...@catseye.org -

Re: [users@httpd] SSL Client Certificates and CGI

On October 1, 2012 5:41 , Tom Browder wrote: On Sun, Sep 30, 2012 at 7:44 PM, Mark Montague wrote: On September 30, 2012 19:45 , Tom Browder wrote: Does anyone have a pointer to help on restricting a directory to access only with valid SSL Client Certificates and how to work CGI scripts to

Re: [users@httpd] SSL Client Certificates and CGI

s for each restricted directory for each user that CGIs run as. -- Mark Montague m...@catseye.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache2 - Logging

sections (for directives which should apply only to proxied requests). Or you can put most directives directly into the server config context or a virtual host context, in order to have the directives apply to all requests. For more information, see https://httpd.apache.org/docs/2.4/sections

Re: [users@httpd] rotatelogs: does it create directories?

ra access that httpd has, as it does now. -- Mark Montague m...@catseye.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] DirectoryIndex fails to serve file to proxy (php-fpm, proxy_fcgi_module)

he HTTP Server. php-fpm is a part of the PHP project, and the functionality that is missing is missing from PHP, not from Apache HTTP Server. But there are workarounds that you can do in Apache HTTP Server, such as the mod_rewrite based workaround that I discuss above. -- Mark Montague m...@c

Re: [users@httpd] DirectoryIndex fails to serve file to proxy (php-fpm, proxy_fcgi_module)

entation of how PHP interprets the CGI standard which completely throws away what PHP currently does both with cgi.fix_pathinfo=1 and cgi.fix_pathinfo=0 and replaces it all with what I personally believe PHP "should" do according to RFC 3875 with no regard for any sort of backward compati

Re: [users@httpd] Download breaks in the middle

ing, under which version of which distribution of which OS? - Is there anything special about how you have either Apache HTTP Server or your operating system configured? -- Mark Montague m...@catseye.org - To unsubscri

Re: [users@httpd] WAMP SSO

if he sets up his own OpenID provider rather than using an external provider such as Google or Yahoo. -- Mark Montague m...@catseye.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands,

Re: [users@httpd] WAMP SSO

en Apache HTTP Server will put the identity of the authenticated user into the REMOTE_USER environment variable, which can be accessed in your PHP script with the code $_SERVER['REMOTE_USER'] -- Mark Montague m...@catseye.org

Re: [users@httpd] What verification does Apache do as part of SSLVerifyClient?

=catseye dot org/CN=Mark Montague/emailAddress=m...@catseye.org/UID=markmont ...and when I authenticate to my web server using this certificate, I have httpd configured to populate the REMOTE_USER environment variable using the UID attribute of the validated certificate. As you can see, the CN is

Re: [users@httpd] REDIRECT_STATUS

pting to use it; this will avoid the error message you are getting. -- Mark Montague m...@catseye.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Re: WELCOME to users@httpd.apache.org

solete and unsupported for many years. You should upgrade to 2.4.3 or 2.2.22. -- Mark Montague m...@catseye.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache 2.4.2/PHP-FPM via ProxyPass/htaccess-Problem

.htaccess files at all: they have performance, security, and management downsides. Put the access restrictions into the above block instead. -- Mark Montague m...@catseye.org - To unsubscribe, e-mail: users-unsubscr...@h

Re: [users@httpd] Apache can't interpret a link in my webpage so the style is not good, how I can resolve that ?

e? - Does the user as which you are running httpd have permission to read the HTML file in the filesystem? - What version of Apache HTTP Server are you running? - What operating system (including version) are you running? - How did you install httpd? - How did you configure httpd? --

Re: [users@httpd] Can somebody help me to understand the strange GET requests logged in access.log and error.log ?

ual host. But since the default virtual host will not be serving any content -- it's only purpose is to catch and deny proxy abuse -- this doesn't matter. -- Mark Montague m...@catseye.org - To unsubscrib

Re: [users@httpd] Can somebody help me to understand the strange GET requests logged in access.log and error.log ?

httpd/ProxyAbuse If you look at the page above and determine that what you are seeing in your logs is not what the page above is talking about, please send the mailing list just a couple representative log lines so we can see what you're describing. -- Ma

Re: [users@httpd] How to serve https only? Is this correct?

ot; into the address bar of their web browser in order to get to sites (in addtion to using web searches, links, and bookmarks). Based on this observation, I'd weigh security with user friendliness and choose set up HTTP-to-HTTPS redirects for either just / or for all URL paths for al

Re: [users@httpd] How to serve https only? Is this correct?

site harder to access for users who don't know to type "https://"; in their browser location bars as a part of all URLs for your site. -- Mark Montague m...@catseye.org - To unsubscribe, e-mail: users-unsub

Re: [users@httpd] Re: How to enable file-uploads to HTTPD server, via WebDAV?

lar OS distribution can help you set up and configure things properly. -- Mark Montague m...@catseye.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] How to serve https only? Is this correct?

r to accept HTTP, but use the configuration that you had in your original message to redirect all HTTP request to HTTPS. -- Mark Montague m...@catseye.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache configuration error ( during make)

sure that OpenSSL and Apache HTTP Server are both compiled using the same compiler. -- Mark Montague m...@catseye.org

Re: [users@httpd] Apache configuration error ( during make)

lso include what operating system you're using as well as the version of the operating system. I hope this helps. -- Mark Montague m...@catseye.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache 2.2.22 32 bit version

is no problem. -- Mark Montague m...@catseye.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Build problem

ion. Since you say you just ran "./configure" (without any command line options, right?), this points to something being fundamentally messed up on your system; it'll be easier to start over fresh in a known state than to try and find and fix

Re: [users@httpd] Build problem

ng up a VM guest system in which to experiment and learn and get things working, which you can reload as many times as needed. -- Mark Montague m...@catseye.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Build problem

formation - What configure command you used - Any errors or warnings from the configure command. - What operating system you're using (e.g., "Fedora 17"), including version and platform-specific details (e.g., "x86_64"). Good luck. I hope this helps! -- Mark Montagu

Re: [users@httpd] apache http running in multithreaded mode

would be bad to have only one process that handles everything via threads. In the special case where you are trying to debug httpd, you can start it with the -X option to limit it to a single worker in a single process. -- Ma

Re: [users@httpd] How to have multiple SSL ports

" in my configs, but hopefully using _default_ in both VirtualHost stanzas will work for you; see the documentation for the VirtualHost directive to understand the difference). I hope this helps. -- Mark Montague m...@catseye.org

Re: [users@httpd] Simple problem of index.php

t to apply to only a single directory): DirectoryIndex index.php I hope this helps. -- Mark Montague m...@catseye.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mai

Re: [users@httpd] simple easy way to turn to maintenance mode

tion files, and when you end maintenance stop httpd and start it using your regular configuration files. -- Mark Montague m...@catseye.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional comman

Re: [users@httpd] LD_LIBRARY_PATH issue in 2.2.22 and earlier

r/sbin/envvars and/or apachectl to fix LD_LIBRARY_PATH, if it is in fact being handled insecurely on your system (it appeared to be fine on the two older systems where I checked for this vulnerability). -- Mark Montague m...@catseye.org ---

Re: [users@httpd] Help: accessing network files from apache server

the user as which httpd runs, or set the ACLs appropriately (if you are using ACLs), and/or set the permission bits properly (if you're running httpd under a Unix-like OS). -- Mark Montague m...@catseye.org ---

Re: [users@httpd] mod_include

that you are using Apache HTTP Server 1.3.27; this version is not supported any more. You should upgrade to a later version of Apache HTTP Server; the current version is 2.4.2. Also, I can’t upgrade apache How are you trying to upgrade Apache HTTP Server? What happens when you try? -

Re: [users@httpd] Disable Hot-linking Files

gif|jpg|jpeg|bmp|txt|pdf)$ http://www.example.com/somepage.html [F,NC] -- Mark Montague m...@catseye.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Caching webservice calls using apache

ed only for static content, as it can be tricky -- or inappropriate -- to correctly set up caching for dynamically generated content. Instead of caching web service calls, you may want to analyze how Tomcat is spending its time and see if the code of your web application can be made

Re: [users@httpd] installing apache 2.4 on macosx Lion

ou compile PHP 5.4.0, including mod_php, and you've installed this version of mod_php in /opt/mystuff/apache-httpd/libexec/libphp5.so, then you can load it using the following directive: LoadModule php5_module /opt/mystuff/apache-httpd/libexec

Re: [users@httpd] [RHEL6.2] SSL handshake failure

Access Control system that you are running to find out what the problem is. Hopefully other people on this list will have additional, and better, suggestions of things to check. -- Mark Montague m...@catseye.org - To unsubscribe,

Re: [users@httpd] [RHEL6.2] SSL handshake failure

e Red Hat provided build of httpd uses. -- Mark Montague m...@catseye.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] enable HTTPD to support multi-layer certificates (ca chain)

s. On the other hand, https://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcertificatechainfile says that SSLCertificateChainFile specifies the "all-in-one" file containing certificates from the server certificate up through and including the root CA certificate. -- Mark Montagu

Re: [users@httpd] confused about modsecurity and apparmor

about are SELinux and Tomoyo. -- Mark Montague m...@catseye.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] mod_status, disable server-status for users

e security-related ramifications for your site.* -- Mark Montague m...@catseye.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] mod_proxy_fcgi + PHP-FPM on Apache 2.4 solution?

see what tests the patch breaks and how/why it breaks them. I do hope to go back and take another stab at this, but I can't say when it will be, so if anyone else wants to, please feel free. -- Mark Montague m...@catseye.org -

Re: [users@httpd] confused about modsecurity and apparmor

ot; mod_security and AppArmor: both can be used together, and they complement each other to provide defense in depth. I hope this helps. -- Mark Montague m...@catseye.org - To unsubscribe, e-mail: users-unsubscr...@

Re: [users@httpd] changing owner:group of uploaded data

ned by the user who is authenticated. Does this sound right? For more information, see https://wiki.apache.org/httpd/PrivilegeSeparation -- Mark Montague m...@catseye.org - To unsubscribe, e-mail: users-unsubscr...@

Re: [users@httpd] mod_proxy_fcgi + PHP-FPM on Apache 2.4 solution?

e LogLevel for proxying to "trace" (which is more detailed than "debug") and see if that provides any additional information as to what is -- or is not -- happening. For example, when debugging PHP-FPM issues, I use: LogLevel info ssl:notice rewrite:trace8 proxy:trace8 proxy_fcgi:trace8 Good luck! I hope this helps. -- Mark Montague m...@catseye.org

Re: [users@httpd] Problems with cgi scripts and Apache's log.

ograms take many different approaches. Some programs to look into include Splunk, logwatch, swatch, AWstats, Analog, and Webalizer. Do a google search on "log file analyzer" or "log file filter", or describe what you want to do on this mailing

Re: [users@httpd] Problems with cgi scripts and Apache's log.

g it from the same IP address, block that IP address at your network-level or host-level firewall. This will prevent the requests from getting to Apache HTTP Server and from getting logged. -- Mark Montague m...@catseye.org -

Re: [users@httpd] Fork as 'REMOTE_USER' instead of 'User'

on the subject, which goes into the topic in detail and discusses the difficulties and various potential solutions: https://wiki.apache.org/httpd/PrivilegeSeparation -- Mark Montague m...@catseye.org - The official User-To

Re: [users@httpd] Help with ssl configuration in apache

t, but I'm keeping things simple for the purposes of this discussion). I hope this helps. -- Mark Montague m...@catseye.org - The official User-To-User support forum of the Apache HTTP Server Project. See http://h

Re: [users@httpd] best website security method

other people can add other recommended practices to this list. 3. which is the best open source "automated and heuristic web vulnerability scanner" ? I don't know, hopefully someone else can answer this. -- Mark Montague m...@catseye.org -

Re: [users@httpd] proxy_fcgi and PHP-FPM: error pages and config syntax

scalability and fault tolerance across a pool of PHP-FPM servers all running the same web applications. So for this reason I have not tried using a Unix socket. -- Mark Montague m...@catseye.org - The official User-To-User

Re: [users@httpd] proxy_fcgi and PHP-FPM: error pages and config syntax

s intended for the 2.2 series, apologies for not making that clear in my original response to this and the other PHP-FPM thread. I sort of assumed that the two PHP-FPM threads were occasioned by people trying out 2.4.1, this was a bad assumption on my part. -- Mark Montague m...@c

Re: [users@httpd] A working mod_proxy_fcgi + php-fpm httpd.conf file anyone?

version of PHP that I've patched to solve my specific problems, though. Try the examples I give above and if you still have errors, ask about the problem again -- I might be able to update to the newest versions and then give you

Re: [users@httpd] proxy_fcgi and PHP-FPM: error pages and config syntax

what I've been using is very similar: RewriteRule ^/?(.*\.php)$ fcgi://127.0.0.1:9003/www/wp3/wordpress/$1 [P,L] -- Mark Montague m...@catseye.org - The official User-To-User support forum of the Apache HTTP Server Pr

Re: [users@httpd] Cross-Site Request Forgery

t the web server level as being useful, since you then would not need to trust each web application author to both completely impelment CSRF protection and to implement it correctly. Does anyone know of ANY web server that provides CSRF protection at the web server level? I'm curious.

Re: [users@httpd] How to find if Revision 1179239 patch is in place

lf and you patched the source to fix CVE-2011-3368 thus creating the vulnerability described in CVE-2011-4317 but you did not apply the patch to fix CVE-2011-4317 for some reason, despite applying other fixes. -- Mark Monta

Re: [users@httpd] Apache forking a forked child process -- is that possible?

reter or a persistent interpreter in an external daemon (e.g., FastCGI). -- Mark Montague m...@catseye.org - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist

Re: [users@httpd] Question regarding OS support for Apache version 2.2.21....

ll they update and maintain a package for it?" then the answer is "no". In fact, Fedora 8 itself is no longer supported by the Fedora Project: Fedora 8 reached its end of life on January 7th, 2009. If you want to run a version of Fedora that is supported by the Fedora Project

Re: [users@httpd] Running cgi binaries as root

On January 26, 2012 13:51 , Doug McNutt wrote: At 09:56 -0500 1/26/12, Mark Montague wrote, and I snipped a bunch: On January 26, 2012 2:50 , Tarzan Jane<mailto:lapierr...@hotmail.com> wrote: Concerning the security I believe when using binary scripts, security is increased some

Re: [users@httpd] Running cgi binaries as root

ry privileges to read the IO pins (and *only* those privileges) to the www-data user, if possible. -- Mark Montague m...@catseye.org

Re: [users@httpd] Apache forking a forked child process -- is that possible?

trying to solve or why you are asking the question? Knowing this might help us help you better. -- Mark Montague m...@catseye.org - The official User-To-User support forum of the Apache HTTP Server Project. See http

Re: [users@httpd] Running cgi binaries as root

root and turn on the set-uid bit. This way, when the CGI binaries are run they will be run as root. https://en.wikipedia.org/wiki/SetuidSince you've already said that you're aware of the security issues, I won't repeat any dire warnings here. -- Mark Montagu

Re: [users@httpd] syncing across web cluster

ve them from the database instead of from the filesystem. -- Mark Montague m...@catseye.org - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more

Re: [users@httpd] apache bench -k switch

tween requests, request pipelining, and how long a connection is held open by the client after the last request on it. -- Mark Montague m...@catseye.org - The official User-To-User support forum of the Apache HTTP Server Project

Re: [users@httpd] Cross-site scripting over ssl

to protect against cross-site scripting, see https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet I hope this helps. -- Mark Montague m...@catseye.org - The official User-To-User suppor

Re: [users@httpd] HOW TO HAVE COOKIE FREE DOMAINS

just by hosting all my static contents in a new domain it can be achieved... To be cookie-free, do not use any code on your web site that sets cookies. This is the default, especially when you are serving static content. -- Mark Montague m...@catseye.org

Re: [users@httpd] worker, prefork, .apache2.conf.swp and php

behind. PHP has had long-standing thread safety issues. The "worker" MPM for Apache HTTP Server is threaded. This can create problems and instability. See http://www.php.net/manual/en/faq.installation.php#faq.installation.apache2 If you want to use PHP, either use the &quo

Re: [users@httpd] Re: IfModule *rewrite*

ified? - Are there error messages about creating/opening the log file in your web server error log file? -- Mark Montague m...@catseye.org - The official User-To-User support forum of the Apache HTTP Server Project. S

Re: [users@httpd] IfModule *rewrite*

e on| directive for each virtual host in which you wish to use rewrite rules." -- Mark Montague m...@catseye.org - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org

Re: [users@httpd] Virtual hosts

e compiled into the httpd binary and you'd need to switch to a httpd binary that provides the worker MPM and then change the worker MPM directives in your configuration files back to the prefork MPM configuration directives that you had be

Re: [users@httpd] mod_rewrite help?

t context, and they should not be in a Directory or other context within the virtual host context. -- Mark Montague m...@catseye.org - The official User-To-User support forum of the Apache HTTP Server Project. See

Re: [users@httpd] Apache 2.2.20 and mod_proxy_balancer with ajp

2.3.12: https://issues.apache.org/bugzilla/show_bug.cgi?id=50945 -- Mark Montague m...@catseye.org - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info.

Re: [users@httpd] Disabled directory listing, but I got 404 instead of 403

idden'". (Note that I have not tested this, I don't know if it will work) RewriteCond %{REQUEST_FILENAME} -d RewriteCond %{REQUEST_FILENAME/index.php !-f RewriteRule ^. - [F] -- Mark Montague m...@catseye.org ---

Re: [users@httpd] Disabled directory listing, but I got 404 instead of 403

the list of resources specified by the DirectoryIndex directive (for example, index.html, index.php). 404 means that none of those resources were found. You can try not loading mod_dir (assuming that it is not statically compiled into your copy of httpd) and see if that changes things.

Re: [users@httpd] Apache restarting

x27;m using version 1.7.0 beta with the jumbo patch). http://cronolog.org/ -- Mark Montague m...@catseye.org - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist

Re: [users@httpd] Consequences of https to https rewrites?

od_rewrite as a cause of the problem you're seeing. -- Mark Montague m...@catseye.org - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info.

  1   2   >