login for one apply to both?
- Grant
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsub
I have 2 users who need to be able to access a website from anywhere
and 2 users who only need to access it from a certain IP. Can
authentication be restricted to a certain IP for certain users, and
not restricted for others?
- Grant
from IP address 1.2.3.4 ?
> AND/OR
Thanks for your response, the above is what I'm after. I don't want
certain users to be able to log in with their password unless they are
doing so from a certain IP.
- Grant
> - accesses from addresses other than 1.2.3.4 must always authentica
Hello,
The shopping cart I use produces a lot of white space in my HTML. Is
there any way to have apache2 strip out all that white space? I don't
need any of it.
- Grant
-
The official User-To-User support forum o
e from the browser. Honestly, the
amount of white space is ridiculous and I want it gone. I don't use
textarea or anything else that relies on whitespace. Is there a way
to do this?
- Grant
-
The official User-To-User s
r a production environment. A
response delay is one thing, but:
"If TidyLib detects an error, the client receives a HTML page with a
list of all found errors and warnings that prevent the input of being
a valid (X)HTML docu
- You can control output with other configurations.
That sounds great. Do you use the module yourself? If so, do you
notice a difference in the server's response time?
- Grant
-
The official User-To-User support forum of
tting far too many bytes, then
standard compression with mod_deflate will fix that. That's also
a performance hit, so you might want to use mod_cache.
I plan on using mod_gzip to eliminate bytes at some point. Right now
all I want to do is eliminate all white space from my delivered HTML
etHandler perl-script
PerlResponseHandler Interchange::Link
PerlOptions +GlobalRequest
PerlSetVar InterchangeServer /path/to/socket
Should I be able to use something like mod_line_edit in conjunction?
- Grant
-
The official User-To-
/path/to/socket
mod_security also sounds interesting. It's pretty tricky to set up though?
- Grant
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.htm
y
>> regarded and I would say is an esssential part of protecting an
>> application such as yours - one for which you do not own and cannot
>> change the code.
Have you used mod_security yourself?
AddOutputFilter DEFLATE pl
I did add this to httpd.conf. How can I tell if it
maller than you are used to.
OK I have:
AddOutputFilter DEFLATE html css
- Grant
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To
Thanks Matt. So mod_deflate is built right into apache2 now?
- Grant
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-
completely open source, I just don't know
perl. Matt did mention my not having access to the source code a
couple times and I didn't correct him. My mistake.
So the content is printed here?
while( ) {
push @out, $_;
}
Can we filter the blank lines in there?
- Grant
ke.
So the content is printed here?
while( ) {
push @out, $_;
}
Can we filter the blank lines in there?
The latest version of Interchange::Link actually has this portion a
little different:
while( ) {
push @out, $_;
}
Here's a link t
test version of Interchange::Link actually has this portion a
little different:
while( ) {
push @out, $_;
}
Here's a link to the whole module. Sorry about the long URL:
http://www.icdevgroup.org/cgi-bin/cvsweb/~checkout~/interchange/dist/src/mod_perl2/Interchange/Link.pm?rev=1.1
> Great news! This was fixed by changing the push line to:
>
> push @out, $_ unless /^\s*$/;
>
> Thanks a lot for everyone's help.
A 15 byte solution. :) I expected something like that would be simpler
than running a separate php script to do it all. ;)
Yeah, that wa
an running a separate php script to do it all. ;)
>
> Yeah, that was my fault.
>
> - Grant
dont worry about it Grant. I'm pleased you got it sorted in an elegant way!
Is the buffer line by line? Or does it miss some blank lines due to them
being "inside&qu
Hello, at what page size does it no longer make sense to use
mod_deflate would you say?
- Grant
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for m
It was thus said that the Great Grant once stated:
> Hello, at what page size does it no longer make sense to use
> mod_deflate would you say?
If mod_deflate uses the same compression as gzip, then the test I just did
on some small files indicates maybe about 100-120 bytes is the brea
vel 9'?
- Grant
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EM
quot;
"Apache (internal dummy connection)"
I read here:
http://www.linuxquestions.org/questions/showthread.php?t=506054
that the "internal dummy connection" is used by apache-2.2 to signal
its children to die, but the 404 and 400 ar
I might need to
make a change in my prefork settings? I'm currently using:
StartServers10
MinSpareServers 10
MaxSpareServers 20
MaxClients 256
MaxRequestsPerChild 100
- Grant
--
256
> > MaxRequestsPerChild 100
>
> No, those log messages rarely indicate any problem at all. But your
> MaxRequestsPerChild setting is pretty-low if you are interested in
> performance.
Ok, would you use 0? I
anyone have any suggestions?
- Grant
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
"
guess I'll downgrade to 0.9.8e-r3 for
> > now. Does anyone have any suggestions?
> >
> > - Grant
> >
> No suggestion but I am seeing these errors too.
Downgrading openssl did fix this.
- Grant
-
The o
except it can't execute a script in the OrdinaryFileList
such as a PHP page. apache2 just serves the raw PHP code. The
module's author says he can't find a way to allow such script
execution in the apache2 API. Is
his
behavior? It is interfering with redirects and I'd rather not offer
information about the folders in my docroot.
- Grant
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apach
is). But in recent
versions you can work around it with
http://httpd.apache.org/docs/2.2/mod/mod_dir.html#directoryslash
or just by disabling mod_dir entirely.
Ok, thanks Joshua. I agree there must be a problem with the
connection to interchange
hy wouldn't I want to run MPM prefork?
- Grant
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECT
ied
(assuming another mpm is not specified).
I use mod_perl and I can't use a threaded perl. Does that mean I
can't use a threaded apache2?
- Grant
-
The official User-To-User support forum of the Apach
's
no thread-safe issue to bite you.
Assuming mod_perl is more or less the "same" in terms of thread-safety
issues, if Perl isn't threaded, then you probably don't want to risk
it, unless you can do extensive testing.
I
Will a failed SSL handshake due to a rejected SSL cipher appear in the
ssl_error_log? I haven't seen any such error and I've been testing
different ciphers, some of which have been rejected. How can I be
alerted (logging, etc.) when an SSL handshake fails due to a rejected
cipher
o relying on X.509 v3
with subjectAltName, or is that the way to go?
- Grant
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubsc
o define different domain names on the
fly within my perl scripts without changing apache2 config. Maybe
we're just not there yet?
Why would you use multiple IPs instead of X.509 v3 with
subjectAltName? Does subjectAltName have any drawbacks?
- Grant
--
omething like this exist?
I've read references to "pre-processing apache2 config files with
perl". Is that the way to go here?
- Grant
>> Why would you use multiple IPs instead of X.509 v3 with
>> subjectAltName? Does subjectAltName have any drawbacks?
>
> Though m
/etc/pki/ssl/$servername.pem
> ErrorLog /var/log/httpd/$servername/error_log
>
>
>
>
> , and then
>
> Use SSLVhost servername IP
>
> In some or the other file. That's one line you have to add -- and then you do
> an
> apachectl graceful.
I see, t
m.crt
SSLCertificateKeyFile /etc/apache2/ssl/www.example1.com.key
...
I can see that pings to www.example2.com are resolved as 12.34.56.2
and http://www.example2.com works fine, but https://www.example2.com
still receives the www.example1.com SSL cert in firefox and opera.
Can anyone tell me what el
t to represent my separate IPs.
...
SSLCertificateFile /etc/apache2/ssl/www.example1.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/www.example1.com.key
...
...
SSLCertificateFile /etc/apache2/ssl/www.example2.com.crt
SSLCertificateKey
ernet HWaddr [removed]
inet addr:12.34.56.2 Bcast:[removed] Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:40
- Grant
-
The official User-To-User support forum of t
moving ServerName entirely works
for Firefox, but in that case SSL wouldn't work for either domain in
Opera.
I thought ServerName was just a label like ServerAdmin. Should I be
OK having it defined only in each of my SSL VirtualHost blocks?
Thanks a lot for everyone's help with this.
- Gra
verName entirely works
>> for Firefox, but in that case SSL wouldn't work for either domain in
>> Opera.
>>
>> I thought ServerName was just a label like ServerAdmin. Should I be
>> OK having it defined only in each of my SSL VirtualHost blocks?
>>
>> Tha
to implement name based virtual
hosts, and are available with the same clients. The CGI variables
SERVER_NAME and SERVER_PORT will be constructed from the client
supplied values as well.
http://httpd.apache.org/docs/current/mod/core.html#usecanonicalname
- Grant
--
d I have ServerName in the port 80 vhost blocks or is
>>> it sufficient in the SSL blocks?
>>
>> without it, the site visitors will only get the ip address url. even on
>> http sites.
>
> Not in 2.2.x by default they won't. See UseCanonicalNa
ut if Opera is directed to load an
https page it displays the same error page it displays when the SSL
cert is invalid.
- Grant
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/users
Can anyone tell me how to deny access to all paths/files/locations
within a VirtualHost except for these:
/folder/file.html
/folder/file.txt
- Grant
-
The official User-To-User support forum of the Apache HTTP Server Project
>> Can anyone tell me how to deny access to all paths/files/locations
>> within a VirtualHost except for these:
>>
>> /folder/file.html
>> /folder/file.txt
>>
>> - Grant
>
> Maybe something like this?
>
>
> Order deny,allo
>> I have some settings inside a block that I need applied
>> to all but those same files:
>>
>> /folder/file.html
>> /folder/file.txt
>>
>> Can that be done or do I need to use a separate VirtualHost for those
>> files?
>>
>> - Grant
&g
>>> I have some settings inside a block that I need applied
>>> to all but those same files:
>>>
>>> /folder/file.html
>>> /folder/file.txt
>>>
>>> Can that be done or do I need to use a separate VirtualHost for t
do I need to use a separate VirtualHost for those
>>>>> files?
>>
>> Does anyone know if this can be done?
>>
>> - Grant
>
> You can try to exclude exactly those two with a locationmatch, or just
> use and then two for the separate URL's to
> revert th
deny
> Allow from all
>
>
>
> SetHandler None
> AuthType None
>
>
>
> SetHandler None
> AuthType None
>
>
> I'm hoping that / will be handled by perl-script with the exception of
> everything in /folder, and that everything in /folder will requir
ng at all.
Does this make sense to anyone? Should I decrease MaxClients?
- Grant
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
swap
> usage don't show anything interesting at all.
>
> Does this make sense to anyone? Should I decrease MaxClients?
>
> - Grant
I've looked over my access_log and I can see there is a particular IP
which was making many requests during the interruption. Since munin
does no
usted the apache service.
It looks like there isn't a Gentoo ebuild for OSSEC HIDS. Is there
another way to prevent this sort of thing?
- Grant
>>> My server has 4GB RAM and uses nginx as a reverse proxy to apache. A
>>> little while ago my website became inaccessible for ab
> You can always compile from source ;)
> What version of Apache are you running?
I'm running 2.2.25.
- Grant
>>> Was it just an IP exhausting the apache service with too many
>>> connections? What do you see in the access logs? I use OSSEC HIDS on my
>&g
> Also, you should be able to limit simultaneous client connections with your
> firewall and pass the traffic in a syn proxy state. There are numerous ways
> to achieve this.
Is that the best way to go besides OSSEC HIDS? I can imagine that
sort of thing could cause problems.
- Grant
lient requesting too many pages and
interrupting the service?
- Grant
>>> Also, you should be able to limit simultaneous client connections with
>>> your
>>> firewall and pass the traffic in a syn proxy state. There are numerous
>>> ways
>>> to achieve
=500 body=20,MinRate=500
Will that do anything to prevent someone from opening too many
connections and interrupting the apache service?
- Grant
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
does
apache prevent that from happening?
- Grant
>>> You wouldn't keep a syn proxy rule enabled all the time; only under a DoS
>>> attack. You could also implement ModSecurity.
>>
>>
>> ModSecurity looks good and I think it works with nginx as well as
>&
;re connecting with a shared IP from a university
campus (for example)?
How is this accomplished with iptables?
- Grant
>>> Two different things come to mind. Kingcope found an Apache byterange
>>> vulnerability and the PoC code he wrote for it exhausts the resources on
&
cmpletely pulled by the client?).
Also, any links or discussion that anyone has on the dereded 'Gumblar' exploit
would be appreciated.
-Grant
mod_rewrite or some other
tool to parse the content (html cide), (and obliterate it possibly) before
it is even sent to the client?
And yes, we are working on the root issue, etc.
Thanks,
-Grant
- Original Message -
From: "Nicholas Sherlock"
To:
Sent: Sunday, May 24,
//lti-mail01.ltinetworks.com:25/ HTTP/1.0"
200 1401 "-" "-"
66.139.69.201 - - [29/Jul/2008:04:02:00 -0400] "CONNECT
http://lti-mail01.ltinetworks.com:25 HTTP/1.
0" 400 226 "-" "-"
I am really in need of stopping this!
mod_security didnt seem to h
try and track down an
offending script?
-Grant
- Original Message -
From: "Joshua Slive" <[EMAIL PROTECTED]>
To: ; "Grant Peel" <[EMAIL PROTECTED]>
Sent: Wednesday, July 30, 2008 5:40 PM
Subject: Re: [EMAIL PROTECTED] Here's a new one (to me).
O
through the rotatelogs util slow down the server much?
-Grant
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EM
it states to use wildcards with caution (as
always). So I have one question:
Can I use a wildcard as such,
/home/*/logs/access_log
/home/*/logs/error_log
The '*' being the wildcard to denote the home dir for
virt_domain1.com
virt_domain2.ca
virt_domain3.net
...
-Grant
- Origin
Justin,
Kewl!
There are a few users in the home directory as well, and those users do not
have a logs directory. How will logrotate handle that? (I am hoping you will
say it just ignores a non existent path/file).
-Grant
- Original Message -
From: "Justin Pasher" <[EM
.
Thansk all,
-Grant
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest
s run time, and security related items.
TIA,
-Grant
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-
used this cert successfully in pam_ldap and ldapsearch.
Any suggestions for what I could be doing wrong?
The details:
RHEL ES 4
httpd-2.0.52-22.ent
Thanks for any suggestions,
Grant
-
Pardon this rubbish:
This electronic message transmission is a PRIVATE communica
No luck on this thread. Let me ask a different question:
Is anyone using ldaps authentication - or ldap for that matter?
Anyone using ldaps to AD?
Thanks,
Grant
---
> -Original Message-
> From: Sturgis, Grant
> Sent: Wednesday, January 18, 2006 2:12 PM
&g
.conf?
>
> And, also, any permissions issue with the server reading the
> certificate ?
The cert file is owned by apache with a mode of 400. All of the parent
directories are 755.
>
> Sturgis, Grant wrote:
> > No luck on this thread. Let me ask a different question:
> >
>
ied just
changing the uri from ldap to ldaps as well as appending the port (:636) to the
server. Which approach would you recommend?
>
>
>
> Sturgis, Grant wrote:
> >> From: Ricardo Stella [mailto:[EMAIL PROTECTED]
> >>
> >
> >
> &g
Just thought I would let you all know that this does work perfectly. My
problem was that I had the server certificate and not the CA certificate.
Thanks,
Grant
> -Original Message-
> From: Sturgis, Grant
> Sent: Friday, January 20, 2006 10:40 AM
> To: 'users
know of a fix for this?
FreeBSD 4.7
Apache 1.3.26
TIA,
-Grant
Actually, I will be moving to Apache 2.2.3 (using deflate)soon, but want to cap
the bandwidth on the server in question until then.
-Grant
- Original Message -
From: Nick Kew
To: users@httpd.apache.org
Sent: Tuesday, May 01, 2007 3:07 PM
Subject: Re: [EMAIL PROTECTED
Hi,
I was wondering if anyone else has seen CPU usage skyrocket after upgrading to
X-Cart 4.x.x ?
I have optimized my Apache conf file about as much as I can, but still the CPU
usage trippled after upgrading.
-Grant
will help speed and memory usage?
TIA - Grant
# Dynamic Shared Object (DSO) Support
LoadModule authn_file_module libexec/apache22/mod_authn_file.so
LoadModule authn_dbm_module libexec/apache22/mod_authn_dbm.so
LoadModule authn_anon_module libexec/apache22/mod_authn_anon.so
LoadModule
- Original Message -
From: Joshua Slive
To: users@httpd.apache.org ; Grant Peel
Sent: Monday, May 14, 2007 10:04 AM
Subject: Re: [EMAIL PROTECTED] Leaner httpd
On 5/14/07, Grant Peel <[EMAIL PROTECTED]> wrote:
>
>
> Hi all,
>
> my server has bee
pages, but, sigh, my partner insists we parseall files a shtml
(Includes),
OpenWebmail using the speedy cgi backend.
a few Userdirs.
SO here is the list of modules loaded. Which ones can be removed? Do you
think it will help speed and memory usage?
TIA - Grant
# Dynamic Shared Object
part of what the point of certificates is (along with encypting data) is to
ensure you are connecting to the domain for which the cert was issued.
mydomain.com is NOT the same in ssl as www.mydomain.com.
The data (assuming the users says 'yes, continue to the site' in thier browser
(when they
Hi all,
It seems mod deflate may be causing some older versions of windows (98, 2000)
to cracsh when pdf's are accessed.
Does any one know of this and any patches/workarounds that might help?
I am running FreeBSD 6.2 and apache 2.2.3.
Mime types pehaps?
-Grant
flate_log deflate
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|gz2|sit|rar)$ no-gzip dont-vary
Any ideas why the logs appear broken?
-Grant
- Original Message -
From: Grant Peel
To: users@httpd.apache.org
S
Hi Tony,
Thanks for the response. I have confirmed with some clients that some pdfs that
were not working are again working.
Just fyi. the lines below can be rewritten as:
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|pdf|PDF|zip|mp3)$ no-gzip
dont-vary
(not that it matters),
-Grant
any way to reduce the size of the final executable?
Thanks in advance,
Grant
--
Grant Rutherford
Iders Incorporated
100-137 Innovation Drive
Winnipeg, MB, Canada R3T 6B6
http://www.iders.ca
tel: 204-779-5400 ext 250
fax: 204-779-5444
Iders Incorporated: Confide
anyone has to give.
Jeremy Grant
Unix System Specialist - Production Support
VML
VML Fact: "One of the 25 Best Companies to Work for in America."
-
The official User-To-User support forum of the Apache HTTP Server Project
Thanks. That was my problem. Now I understand what that is for.
Jeremy Grant
VML
[EMAIL PROTECTED]
Desk: 816-218-3050
-Original Message-
From: Joshua Slive [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 25, 2005 5:48 PM
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED
ring CondPattern
RewriteCond TestString CondPattern
RewriteRule Pattern Substitution
RewriteCond TestString CondPattern
RewriteCond TestString CondPattern
RewriteRule Pattern Substitution
Is there a way to be able to apply more then on rule to a condition?
Jeremy Grant
Unix System Specia
second one breaks the ability to read an email in Openwebmail (v2.51).
Any ideas on this?
# 2. Prevent XSS atacks (HTML/Javascript injection)
#SecFilter "<(.|n)+>"
TIA,
-Grant
-
The official User-To-User s
the logs are
rotated? (I am rotating those log with newsyslog).
Is there something else I am missing?
-Grant
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org
primer on how to set this all up.
TIA,
-Grant
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTEC
right, it does not do that. PLEASE correct me if I am wronge!
-Grant
- Original Message -
From: Matthew A. Bockol
To: users@httpd.apache.org ; Grant Peel
Sent: Monday, October 22, 2007 10:29 AM
Subject: Re: [EMAIL PROTECTED] php and suexec
Hi Grant,
You might also con
Understood,
BUT suexec will not allow a script to be written to outside the users home
directory ... right?
-Grant
- Original Message -
From: Joshua Slive
To: users@httpd.apache.org ; Grant Peel
Sent: Monday, October 22, 2007 11:12 AM
Subject: Re: [EMAIL PROTECTED] php and
ter this directories contents.
- Original Message -
From: Joshua Slive
To: users@httpd.apache.org ; Grant Peel
Sent: Wednesday, October 24, 2007 9:45 AM
Subject: Re: [EMAIL PROTECTED] php and suexec
On 10/24/07, Grant Peel <[EMAIL PROTECTED]> wrote:
>
>
>
Hi all,
I have a security company hounding me to turn of HTDigest.
Any idea how?
Words of wisdom ... please.
-Grant
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org
:/var/tmp/SSLSessionCache
KeepAlive Off
# keKeepAliveTimeout 5
# MaxKeepAliveRequests 500
# TimeOut 30
ServerRoot "/usr/local"
# Ports
Listen *:80
Listen *:443
comments, please.
-Grant
-
The official User-To-User sup
Hi all,
I have a 400 MB resuorce.pag file, and a resourse.dir directory in my /tmp
folder. It appears something is accessing them as I can see the files
timestamp updated.
Are they truely Apache files? DO I need to keep them? Can I delete them?
Any answers will be appreciated.
-Grant
Hi all,
Does any one have any good tips on makeing apache lean and mean from a
memory perspective?
I am using apaceh 2.2 on FreeBSD 6.2.
Each one of my deamons is using about 1.8 - 2.5 % of available memory. (1
GB).
-Grant
a feat?
TIA,
-Grant
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from th
Perfect, that what I thought. So, the .htaccess in the root of the virtual host
will affect all subdirs and files below it right?
Thanks Boyle,
-Grant
- Original Message -
From: Boyle Owen
To: users@httpd.apache.org
Sent: Wednesday, November 21, 2007 11:08 AM
Subject: RE
1 - 100 of 136 matches
Mail list logo
