Re: [users@httpd] Cloudflare logging and remote IP

2023-01-27 Thread Walter Hop
oteIPTrustedProxy 2c0f:f248::/32 This just worked, the logs and apps now see the original address. Kind regards, Walter Hop > Does it require rebuilding apache with the mod_remoteip source, as seems to > be indicated, and would code from 10 years ago even compile with the current > apache? &g

Re: [users@httpd] firefox shows default site page

2022-11-11 Thread Walter Hop
could put a .htaccess or index.php in the default web root and have that redirect to https://mail.openmbox.net/ Good luck, Kind regards, Walter Hop - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional c

Re: [users@httpd] Qualys scan reports B overall rating for a specific domain

2022-10-24 Thread Walter Hop
very good resource with configuration examples for getting an A+ on your Qualys SSL test: https://ssl-config.mozilla.org <https://ssl-config.mozilla.org/> Kind regards, Walter Hop

Re: [users@httpd] How to use DH 4096 parameters?

2022-03-14 Thread Walter Hop
On 14 Mar 2022, at 19:02, Yann Ylavic wrote: > > Step 3) does not work anymore with latest openssl versions, the only > way to configure custom dhparams in httpd is to append them to the > certificate file (see > https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile >

Re: [users@httpd] How to use DH 4096 parameters?

2022-03-14 Thread Walter Hop
>> I’m confused where the DH 3072 comes from. My question is, what should I >> configure so that DH 4096 is sent? > > Your problem is in step 2) generate DH params - internet.nl explicitly > states that "Self-generated groups are 'Insufficient'". Follow their > instructions to download one of the

Re: [users@httpd] How to use DH 4096 parameters?

2022-03-13 Thread Walter Hop
Hi William, >> I’m confused where the DH 3072 comes from. My question is, what should I >> configure so that DH 4096 is sent? > > Is your DH file actually 4096 bits? ;) It appears to be so when i look at the dhparams.pem file: openssl dhparam -inform PEM -in /etc/apache2/dhparam.pem -check -t

[users@httpd] How to use DH 4096 parameters?

2022-03-13 Thread Walter Hop
Hi all, I am trying to strengthen my HTTPS setup. One security-checker which is popular in my country is internet.nl . One thing I have a problem with is their check “Key exchange parameters”. On my old setup, this was DH 2048, which is considered “insufficient” according