On Wed, Oct 13, 2021 at 4:22 PM Usha Nayak wrote:
>
> Need help in understanding the highlighted parameters:
>
> ProxyPass "/example" "http://backend.example.com; timeout=3600 keepalive=On
>
> keepalive parameter - As I understand relates to TCP or socket keep alive
> probes that are sent to
Thanks Nick for your response.
I recently started looking to webserver and getting hands-on with these
things.
So I thought I can get higher exposure if I learn more about these CVEs and
implications. So I posted the question in this forum.
With Regards,
Venkatesh
On Tue, Oct 19, 2021 at 4:05 PM
Hi
I use a different approach to these types of requests.
The back end request immediately returns a status message ”Request Received”
On Subsequent Requests returns a status message ”Working”
Finally, Subsequent Request returns a status message ”Ready” with results.
John Orendt
Hello
Thank you for your response. However, I'm still a bit fuzzy when it comes
to the keepalive and timeout attribute.
I understand keepalive=On attribute by itself but in combination with
timeout is where I'm unclear.
In the scenario that I presented with following:
- timeout=3600
On Tue, Oct 19, 2021 at 1:44 PM Mason Hayes wrote:
>
> Hi, All
>
> When Apache is accessed via a CDN (Akamai), I would like to record the IP of
> the accessing client in the Apache logs.
> In order to display the True-Client-IP header sent by Akamai in the access
> log like X-Forward-For, do I
On 10/19/2021 7:43 AM, Mason Hayes wrote:
Hi, All
When Apache is accessed via a CDN (Akamai), I would like to record the
IP of the accessing client in the Apache logs.
In order to display the True-Client-IP header sent by Akamai in the
access log like X-Forward-For, do I have to change the
With haproxy you have an option to enable a proxy protocol, this transmits the
client ip. I guess something similar must exist in your case.
>
> When Apache is accessed via a CDN (Akamai), I would like to record the
> IP of the accessing client in the Apache logs.
> In order to display the
Hi, All
When Apache is accessed via a CDN (Akamai), I would like to record the IP
of the accessing client in the Apache logs.
In order to display the True-Client-IP header sent by Akamai in the access
log like X-Forward-For, do I have to change the Logformat setting in
httpd.conf as follows?
Nobody here is going to tell you how to exploit vulnerabilities.
If you can't figure it out by reading the code then upgrade to the fixed
version.
Nick
On Tue, Oct 19, 2021 at 2:49 AM alchemist vk wrote:
> Hi All,
> I understand that, CVE-2021-40438 is fixed in httpd release 2.4.50
> onwards.
Hi
Looks like the step 2 in your process is not working in the upgraded
version of apache.
Therefore it is vomiting out the following:
server reached MaxRequestWorkers setting, consider raising the
MaxRequestWorkers setting
Deepak
"The greatness of a nation can be judged by the way its animals
Hi All,
I understand that, CVE-2021-40438 is fixed in httpd release 2.4.50 onwards.
But I would like to know more about, how this issue can be exploitable in
prior versions and can I know the commit id/patch details for this issue.
Tried looking into commit details in github apache repo, but
11 matches
Mail list logo