On Fri, Nov 16, 2007 at 02:18:11PM -0800, dertown wrote:
>
> I used the tools and there is no path or domain in the original cookie that
> ican see.
> I know it is encrypted under MD5 so maybe icant access the cookie and change
> it.
>
> Is there a way to hold a cookie with in the prroxy server i
On Sun, Nov 18, 2007 at 11:02:21AM -0500, Greg Boyington wrote:
> I like the firewall approach myself, as it seems likely that anyone
> with malicious intent (as distinct from the uninformed download
> accelerator user, etc) should forfeit their rights to your bandwidth
> regardless of protocol.
Hi All,
I have built the apache source code for IPv6 support.
It started listening to the [::1] loop back address but not it is not
listening to the global IPv6 address.
Can somebody tell me what is the problem.
Thanks and Regards,
Ashwani Sharma
Mob: +91+9916454843
Off: +91-80-2626
I have done rm -f * under ServerRoot/logs after apachectl stop.That has
http.pid also in that particular path.
After that I have started apache apachectl start.
I see that there is no error_log under ServerRoot/logs.Why no error_log
as well as no access_log.I see that httpd is running.(ps _ef | gr
Greetings folks,
The past few mornings, I've come back to load averages on my box varying
from 4 up to 29. Taking a look at top, the processes sucking all the CPU
are httpd. It ranges from two or three up to seven. It seems some child
processes are causing apache to get stuck somewhere, but I'
Hi.
Using Apache 2.0.52, I'd like to analyze the performance and know how
resources (memory, threads) are used during a period of time.
Do you know any tool to carry it out? Thank you very much.
-
The official User-To-User suppo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi all.
I am a newcomer to this list, as this is the first time I am
experiencing some trouble with Apache. Greetings to the whole list.
I was trying to install the latest 2.0 series release (2.0.61) on a
machine running WinXP SP2 and I got a 1711 er
Hi
Whats the exact difference between Version 1.3.x, 2.0.x and 2.2.x of Apache
Web Server
Thanks and Regards
Kaushal
Kaushal Shriyan wrote:
> Hi
>
> Whats the exact difference between Version 1.3.x, 2.0.x and 2.2.x of
> Apache Web Server
>
> Thanks and Regards
>
> Kaushal
Hmm... Oldest, older, current... Same as Win31, Win95, WinXP. I could
say RTFM... but you should digest the following:
http://httpd.apache
On Nov 19, 2007 3:21 AM, Christian Folini <[EMAIL PROTECTED]> wrote:
> Hey Greg,
>
> could you elaborate on this? How would you prevent this
> attack with mod_access?
In one case where an attack was under way but I didn't have access to
the firewall, I added something like:
Order Deny,Allow
# off
On Mon, Nov 19, 2007 at 09:59:20AM -0500, Greg Boyington wrote:
> to the docroot's .htaccess file. Not as effective as dropping the
> packets at the border, obviously, but in this case the attacker wasn't
> very bright/determined.
I see. Yes, this helps for a non-determined DoS attack.
Thanks. H
> Thanks. Hoped you had found the silver bullet though. :)
Nope, sadly. Although I haven't attempted it myself, I've been
wondering of late if using tcp wrappers in combination with httpd
would be effective/advisable. On our FreeBSD systems, we use a little
python script in combination with host
On Mon, 19 Nov 2007 09:59:20 -0500
"Greg Boyington" <[EMAIL PROTECTED]> wrote:
> On Nov 19, 2007 3:21 AM, Christian Folini <[EMAIL PROTECTED]>
> wrote:
> > Hey Greg,
> >
> > could you elaborate on this? How would you prevent this
> > attack with mod_access?
>
> In one case where an attack was und
After quite a bit of trouble I finally got the dbd mysql compiled but
now as soon as I put the "DBDriver mysql" directive into the httpd.conf
file I get endless Segmentation Fault messages in the error log. I set
the LogLevel to debug but that doesn't help any. Any suggestions?
Below is my D
On Nov 19, 2007 10:47 AM, Nick Kew <[EMAIL PROTECTED]> wrote:
> On Mon, 19 Nov 2007 09:59:20 -0500
> "Greg Boyington" <[EMAIL PROTECTED]> wrote:
>
> > On Nov 19, 2007 3:21 AM, Christian Folini <[EMAIL PROTECTED]>
> > wrote:
> > > Hey Greg,
> > >
> > > could you elaborate on this? How would you prev
By the way the actual error message in the error_log is
[Mon Nov 19 15:55:22 2007] [notice] child pid 21426 exit signal
Segmentation fault (11)
and after a while I see
[Mon Nov 19 15:55:22 2007] [info] server seems busy, (you may need to
increase StartServers, or Min/MaxSpareServers), spawning
- Original Message -
From: "Daniel Campbell" <[EMAIL PROTECTED]>
To:
Sent: Monday, November 19, 2007 10:52 AM
Subject: [EMAIL PROTECTED] dbd mysql segmentation fault in 2.2.6
After quite a bit of trouble I finally got the dbd mysql compiled but now
as soon as I put the "DBDriver mys
- Original Message -
From: "Daniel Campbell" <[EMAIL PROTECTED]>
To:
Sent: Monday, November 19, 2007 10:55 AM
Subject: Re: [EMAIL PROTECTED] dbd mysql segmentation fault in 2.2.6
By the way the actual error message in the error_log is
[Mon Nov 19 15:55:22 2007] [notice] child pid 21
My configure opitions are:
CONFIGUREOPTS="--prefix=/usr --localstatedir=/var --enable-rewrite
--enable-http --enable-cgi --enable-so \
--enable-ssl --enable-headers --bindir=/usr/bin --sbindir=/usr/sbin
--libexecdir=/usr/libexec --datadir=/var/www \
--sysconfdir=/etc/apache --enable-dbd --with-ldap
No I have not. What is the difference?
Danie Qian wrote:
>
> - Original Message - From: "Daniel Campbell" <[EMAIL PROTECTED]>
> To:
> Sent: Monday, November 19, 2007 10:55 AM
> Subject: Re: [EMAIL PROTECTED] dbd mysql segmentation fault in 2.2.6
>
>
>> By the way the actual error message
- Original Message -
From: "Daniel Campbell" <[EMAIL PROTECTED]>
To:
Sent: Monday, November 19, 2007 11:29 AM
Subject: Re: [EMAIL PROTECTED] dbd mysql segmentation fault in 2.2.6
No I have not. What is the difference?
worker is the multi-threaded and you only need smaller number of
had you installed mysql driver before you compiled httpd?
- Original Message -
From: "Daniel Campbell" <[EMAIL PROTECTED]>
To:
Sent: Monday, November 19, 2007 11:29 AM
Subject: Re: [EMAIL PROTECTED] dbd mysql segmentation fault in 2.2.6
My configure opitions are:
CONFIGUREOPTS="--p
On Mon, 19 Nov 2007 10:52:58 -0500
Daniel Campbell <[EMAIL PROTECTED]> wrote:
> After quite a bit of trouble I finally got the dbd mysql compiled but
> now as soon as I put the "DBDriver mysql" directive into the
> httpd.conf file I get endless Segmentation Fault messages in the
> error log.
At
Yes
Danie Qian wrote:
> had you installed mysql driver before you compiled httpd?
>
>
> - Original Message - From: "Daniel Campbell" <[EMAIL PROTECTED]>
> To:
> Sent: Monday, November 19, 2007 11:29 AM
> Subject: Re: [EMAIL PROTECTED] dbd mysql segmentation fault in 2.2.6
>
>
>> My config
At server startup. Not even with any requests to it. I will install
gdb and try it out.
Nick Kew wrote:
On Mon, 19 Nov 2007 10:52:58 -0500
Daniel Campbell <[EMAIL PROTECTED]> wrote:
After quite a bit of trouble I finally got the dbd mysql compiled but
now as soon as I put the "DBDriver m
Hello every body,
i have a question about redirecting the apache server from http to https
dynamically. In fact, i proceed with the modification of the apache2.conf file,
and i force reload the server each time i want to redirect from http to https
or vice versa (sure after commenting/decommen
Redirect 301 / https://myserver.com/ is usually easier than mod_rewrite?
Hello every body,
i have a question about redirecting the apache server from http to
https dynamically. In fact, i proceed with the modification of the
apache2.conf file, and i force reload the server each time i want to
thanks for your reply, in fact, i tried
redirect permanent / https://myserver/
Always the same result, to switching until i proceed with a refresh :s,
nizar
Michael McGlothlin <[EMAIL PROTECTED]> a écrit :
Redirect 301 / https://myserver.com/ is usually easier than mod_rewrite?
> Hello e
2007/11/18, Joshua Slive <[EMAIL PROTECTED]>:
> See:
> http://httpd.apache.org/docs/trunk/misc/security_tips.html#dos
>
> The standard solution is a simple firewall rule to control number of
> connections per ip at some reasonable level.
I already thought about using a firewall rule. Although it
2007/11/19, Christian Folini <[EMAIL PROTECTED]>:
> > > > As I understand the issue it's a very simple DoS as it neither does
> > > > require a lot of cpu nor bandwidth on the client side.
>
> Is there a proper name for this kind of attack. I am not sure
> the original question was referring to a r
2007/11/19, Greg Boyington <[EMAIL PROTECTED]>:
> On Nov 19, 2007 3:21 AM, Christian Folini <[EMAIL PROTECTED]> wrote:
> > Hey Greg,
> >
> > could you elaborate on this? How would you prevent this
> > attack with mod_access?
>
> In one case where an attack was under way but I didn't have access to
Hello all,
I enabled PHP processing of .html files by adding "AddType
application/x-httpd-php .html" to my httpd.conf file. Now the
mysite.com/manual page comes up blank. Any ideas?
Would someone shoot me over a link with info on how to control the
/manual page (restricting access, etc.)? I've
On Mon, 19 Nov 2007 20:19:20 +0100
"Ben Macintosh" <[EMAIL PROTECTED]> wrote:
> 2007/11/18, Joshua Slive <[EMAIL PROTECTED]>:
>
> > See:
> > http://httpd.apache.org/docs/trunk/misc/security_tips.html#dos
> >
> > The standard solution is a simple firewall rule to control number of
> > connections
On Mon, 19 Nov 2007 13:30:48 -0600
"Stuart, Cory G." <[EMAIL PROTECTED]> wrote:
> Hello all,
>
> I enabled PHP processing of .html files by adding "AddType
That's an ugly hack that was fixed in Apache 1.1 (1996).
If you found it in some post-96 guide, treat it as a warning sign.
> application/x
2007/11/19, Nick Kew <[EMAIL PROTECTED]>:
> On Mon, 19 Nov 2007 20:19:20 +0100
> "Ben Macintosh" <[EMAIL PROTECTED]> wrote:
> > I already thought about using a firewall rule. Although it could be
> > quite difficult to get it right. As every malicious request blocks a
> > slot for 5 minutes there h
On Mon, 19 Nov 2007 21:19:29 +0100
"Ben Macintosh" <[EMAIL PROTECTED]> wrote:
> > 5 minutes??? Where does that come from?
>
> That's the default timeout that a http child waits for, before closing
> the connection.
Really? I thought it was something more sensible these days.
5 seconds would m
On Nov 19, 2007 3:19 PM, Ben Macintosh <[EMAIL PROTECTED]> wrote:
> Thanks for pointing me to the right direction - never heard about
> AcceptFilter before.
Interesting, because it is specifically suggested in the link that I
sent you two days ago.
Joshua.
--
>> Hello all,
>>
>> I enabled PHP processing of .html files by adding "AddType
>That's an ugly hack that was fixed in Apache 1.1 (1996).
>If you found it in some post-96 guide, treat it as a warning sign.
Do you have any other recommendations? I don't see the need for users
browsing my pages t
2007/11/19, Joshua Slive <[EMAIL PROTECTED]>:
> On Nov 19, 2007 3:19 PM, Ben Macintosh <[EMAIL PROTECTED]> wrote:
>
> > Thanks for pointing me to the right direction - never heard about
> > AcceptFilter before.
>
> Interesting, because it is specifically suggested in the link that I
> sent you two
On Nov 19, 2007 6:49 PM, Nizar KHEIR <[EMAIL PROTECTED]> wrote:
> thanks for your reply, in fact, i tried
> redirect permanent / https://myserver/
> Always the same result, to switching until i proceed with a refresh :s,
> nizar
Have you read this:
http://www.squirrelmail.org/docs/admin/admin.html
Hy krist, and hy everybody,
In fact i think you have not understand my question.
The fact is that i'm working in an environment where my config should modify
dynamically, so in certain conditions, i want to give users access with http
(non secure), and in other circonstences, i want to re
41 matches
Mail list logo
