apache2 sol 10 x86_64
Hi, hat schon jemand von euch Erfahrungen mit dem apache2-httpd auf sol10 amd 64? al ;-) -- Apache HTTP Server Mailing List users-de unsubscribe-Anfragen an [EMAIL PROTECTED] sonstige Anfragen an [EMAIL PROTECTED] --
Re: apache2 sol 10 x86_64
On Mon 19.09.2005 16:08, Paul Puschmann wrote: Viel Erfolg, Paul Danke. al ;-) -- Apache HTTP Server Mailing List users-de unsubscribe-Anfragen an [EMAIL PROTECTED] sonstige Anfragen an [EMAIL PROTECTED] --
Re: [EMAIL PROTECTED] SuExec and symlinks
On 9/19/05, Oscar Haeger [EMAIL PROTECTED] wrote:
What I'd like to know is if SuExec somehow prevents me from running scripts
via
symlinks.
I have a webserver with SuExec installed and I'd like to be able to run
scripts
that resides in other peoples cgi-bin directories. I've tested this but
haven't
been able to get it to work.
Well, yeah. Allowing anything symlinked to get executed by suexec
would violate the basic security model. I agree that neither the
error message nor the docs are very explicit about this, but I think
the assumption is that security-minded people will know that a program
like suexec must forbid symlinks to do its job.
If you know a little c, then reading the suexec.c source code makes
things clear:
/*
* Error out if we cannot stat the program.
*/
if (((lstat(cmd, prg_info)) != 0) || (S_ISLNK(prg_info.st_mode))) {
log_err(cannot stat program: (%s)\n, cmd);
exit(117);
}
Joshua.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Apache 1.3.33 not compiling proxy (only problem...at the moment)
On 9/16/05, Eric Wagar [EMAIL PROTECTED] wrote: But, after the make|make install, I receive these errors: Starting Apache Server for ewm-test.corp.sgi.com /engr/apache/site_conf/ewm-test.corp.sgi.com/start : ewm-test.corp.sgi.com::httpd could not be started Syntax error on line 230 of /engr/apache/site_conf/ewm-test.corp.sgi.com/conf/httpd.conf: Cannot load /engr/apache/libexec/libproxy.so into server: /engr/apache/libexec/libproxy.so: undefined symbol: ap_hook_unregister_I ERROR: can not start ewm-test.corp.sgi.com Line 230: LoadModule proxy_module libexec/libproxy.so After doing so, I look in the libexec dir, and I do not see libproxy.so being updated with the current timestamp. Commenting the proxy lines out of the httpd.conf does not help either. What error message do you get when you comment out line 230? I'm sure it won't say the same thing. This is being compiled with gcc 2.96 on RH7.2. Someone is going to say you need to upgrade. It won't be me b/c I've had Apache compile and run just fine on boxes from RH6.2 up to RHEL 4. I've seen no serious difference in performance (could be just me) and security updates aren't that difficult to keep track of. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] site refresh
On 9/19/05, Muhammad Rizwan [EMAIL PROTECTED] wrote: Hello Is there any way in apache to refresh just one site instead of restarting whole daemon. If you mean reread the configuration for one virtual host, then the answer is no. But a graceful restart should be painless, so it shouldn't be a problem. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Please!! OSX/Unix 1.3 - 2.0 start from scratch ( Uninstall remove)
On Sat, Sep 17, 2005 at 10:56:20PM +1000, Haali Goodsell wrote: configure: creating ./config.status config.status: creating Makefile ./config.status: fork: Resource temporarily unavailable Something went wrong here. Try it again, and try using the latest version, 2.0.54. joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] site refresh
On 9/19/05, Muhammad Rizwan [EMAIL PROTECTED] wrote: Thanks for your reply. So i can just reread the configuration of one virtual host. But i can't understand what 'll happen with in case of graceful restart. 'll it destroys all the sessions of other sites or not. Can you plz. provide me any proof for this painless restart. See: http://httpd.apache.org/docs/2.0/stopping.html#graceful No existing requests are lost. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] site refresh
On Mon, Sep 19, 2005 at 08:33:25PM +0500, Muhammad Rizwan wrote: IS this graceful restart is equal to /etc/rc.d/init.d/httpd restart No it's equal to /etc/rc.d/init.d/httpd gracefull :) -- Dmitriy Kirhlarov OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia P:+7 095 105 7247 F:+7 095 105 7246 E:[EMAIL PROTECTED] OILspace - The resource enriched - www.oilspace.com - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] site refresh
Another thing is that, why apache can refresh just one virtual domain. Like it be done in IIS, One can restart just one single site while using IIS. Thanks On Mon, 2005-09-19 at 20:40, Joshua Slive wrote: On 9/19/05, Muhammad Rizwan [EMAIL PROTECTED] wrote: IS this graceful restart is equal to /etc/rc.d/init.d/httpd restart Probably not. But since that file probably comes with your OS and not with apache-proper, we have no way to know exactly what is in it. As the docs I pointed you to say, apache can be gracefully restarted with apachectl -k graceful or kill -USR1 `cat /full/path/to/httpd.pid` Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] site refresh
Because all the virutalhosts run in the same process, this is not possible. You raise an interesting question, if a per-host MPM was set up to permit this, it would be possible, al la perchild. (Note that the perchild mpm will not support Win32 as written.) Muhammad Rizwan wrote: Another thing is that, why apache can refresh just one virtual domain. Like it be done in IIS, One can restart just one single site while using IIS. Thanks On Mon, 2005-09-19 at 20:40, Joshua Slive wrote: On 9/19/05, Muhammad Rizwan [EMAIL PROTECTED] wrote: IS this graceful restart is equal to /etc/rc.d/init.d/httpd restart Probably not. But since that file probably comes with your OS and not with apache-proper, we have no way to know exactly what is in it. As the docs I pointed you to say, apache can be gracefully restarted with apachectl -k graceful or kill -USR1 `cat /full/path/to/httpd.pid` Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] . - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] unwanted file upload
I am relatively new to this so if this is not the correct forum I would appreciate being pointed to the right place. Over the weekend I discovered an unwanted program running on my server. In the error_log I found this entry: --13:29:54-- http://www.ozdereklam.com/.xpl/dc.txt = `/tmp/dc.txt' Resolving www.ozdereklam.com... 82.222.180.120 Connecting to www.ozdereklam.com[82.222.180.120]:80... connected. HTTP request sent, awaiting response... 200 OK Length: 943 [text/plain] 0K 100%4.62 KB/s 13:29:55 (4.62 KB/s) - `/tmp/dc.txt' saved [943/943] Is this a problem that can be solved with Apache? How can I keep files from being uploaded in this way (and I am not sure what that way is). I am running Apache/2.0.52 on Linux RHEL4 Thanks -- John C. Hammer, MMus, MLIS Automation Librarian Library and Media Services San Antonio College 1001 Howard St. San Antonio, TX 78212 (210)733-2669 (v) (210)733-2597 (f) [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] unwanted file upload
John Hammer [EMAIL PROTECTED] writes: I am relatively new to this so if this is not the correct forum I would appreciate being pointed to the right place. Over the weekend I discovered an unwanted program running on my server. In the error_log I found this entry: --13:29:54-- http://www.ozdereklam.com/.xpl/dc.txt = `/tmp/dc.txt' Resolving www.ozdereklam.com... 82.222.180.120 Connecting to www.ozdereklam.com[82.222.180.120]:80... connected. HTTP request sent, awaiting response... 200 OK Length: 943 [text/plain] 0K 100%4.62 KB/s 13:29:55 (4.62 KB/s) - `/tmp/dc.txt' saved [943/943] Is this a problem that can be solved with Apache? How can I keep files from being uploaded in this way (and I am not sure what that way is). My best guess is that somebody has exploited a bug in one of your CGI scripts in a way that allowed them to execute arbitrary code, and they elected to have this arbitrary code download this dc.txt file, using wget it looks like. The solution is to find and fix your buggy CGI program(s), or to disable executable content from Apache. If you look in your access_log around the time of that error_log entry, you can probably narrow down which programs might be allowing this. mod_security is supposed to be able to protect against some of these attacks: http://www.modsecurity.org/ but I haven't used it, and really the buggy programs should be fixed anyways. Still, it might help. Good luck, ScottG. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Apache stops servicing port 80
I have a very strange problem that I can't resolve. I have Apache 2.0.54 running on Red Hat. Apache is serving the following sites: * http://staticpages.example.com - Simple static XHTML pages. * http://jsp.example.com - JSP pages running via proxy on port 9000 on Tomcat 5.5.9 (JDK 1.5.0_04). * http://servlet.example.com - Servlets running via proxy on port 9100 on Tomcat 5.5.9 (JDK 1.5.0_04). * https://dav.example.com - A WebDAV site accessed via SSL. * https://svn.example.com - A Subversion site accessed via SSL. Periodically the port 80 sites will stop responding. No errors will be in error_log. There will be no record in access_log of my attempts to access the site. The other sites will still work fine. I can access the secure WebDAV site through Apache with no problem. I can access the JSP pages on Tomcat directly like this: http://jsp.example.com:9000 But the connection will time out when trying to access either the static pages on Apache or the proxied Tomcat site via Apache, and no trace of the request can be found in the log files. What is causing this strange problem? I'll be happy to provide more info, if you need it. Sincerely, Garret - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] apache 2 and large file support
I take that back, it appears to be a firefox browser issue... - Charles On Sep 19, 2005, at 1:15 PM, Charles E. Heizer wrote: Hi Joe, I just tried 2.1.7 and it does not support large files. All I did was issue a ./configurre --prefix=/opt/apache217b and it's truncating the file 2.5 gig file to 2gigs. Is there some other flags that I need to add to support large files? Thanks, - Charles On Sep 16, 2005, at 9:26 AM, Joe Orton wrote: On Thu, Sep 15, 2005 at 04:03:46PM -0700, Charles E. Heizer wrote: Hello, I'm running RHEL WS 4.0 and I'm trying to compile apache to support files over 2gig. I go through the compile and everything seems to be OK, but large file support never seems to get enabled. Can someone please tell me what I need to do to get large file support active. Don't use any special CPPFLAGS settings, it works out of the box with the 2.1.7 beta. joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] ldaps auth
Hi Dmitriy, I've been trying to get this to work for 4 weeks now without any success. I highly suspect that just relying on the configure script to do the right thing doesn't work as I've inspected a few different Linux distributions and all of them have had the same log output (e.g. LDAP: SSL support unavailable). I personally have been trying to make configure detect and build it to no avail. I'm about to dig into the code to get this worked out and so I'd appreciate anyone's opinion who has knowledge in this area. Cheers, Craig -Original Message- From: Dmitriy Kirhlarov [mailto:[EMAIL PROTECTED] Sent: Friday, September 16, 2005 6:15 AM To: users@httpd.apache.org Subject: [EMAIL PROTECTED] ldaps auth Hi, list I need use ldap authentication over ssl I have in my httpd.conf LDAPSHaredCacheSize 2 LDAPCacheEntries 1024 LDAPCacheTTL 600 LDAPOpCacheEntries 1024 LDAPOpCacheTTL 600 LDAPTrustedCA /usr/local/etc/ssl/cacert.pem LDAPTrustedCAType BASE64_FILE and in the .htaccess AuthType basic AuthName test AuthLDAPEnabled on AuthLDAPURL ldaps://free2.mow.oilspace.com/ou=users,o=oilspace?uid?one?(Ob jectClass=posixAccount) AuthLDAPAuthoritative off require valid-user I know what my cacert file correct and name of ldap server identical in URI and certificate. But I get in http-error.log LDAP: SSL support unavailable and, after that, apache connected to ldap without encryption. Any ideas? My system: $ uname -rs pkg_info -Ix apache FreeBSD 5.4-STABLE apache-2.0.54_4 Version 2 of Apache web server with prefork MPM. WBR -- Dmitriy Kirhlarov OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia P:+7 095 105 7247 F:+7 095 105 7246 E:[EMAIL PROTECTED] OILspace - The resource enriched - www.oilspace.com - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] site refresh
Muhammad Rizwan wrote: Another thing is that, why apache can refresh just one virtual domain. I haven't tried it myself, but I understand there are modules that will do that. But that's based on storing per-virtual-host config in an SQL database IIRC. -- Nick Kew - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Blocking harrassment
Hello, I've noticed that, for about a week, i am being harrassed by always the same IP, getting my index twenty times in a row but with a sexual-explicit referrer : 69.50.168.130 - - [20/Sep/2005:00:04:38 +0200] GET / HTTP/1.1 200 27087 http://**/; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - 69.50.168.130 - - [20/Sep/2005:00:04:45 +0200] GET / HTTP/1.1 200 27078 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) - As a result, my stats are totally crapped ou. I tried to add a firewall rule to block the guy : iptables -A INPUT -p tcp -s 69.50.168.130 -j DROP However, they're still in my logs and can still access my machine. I guess the IP is spoofed or something. My question is, how can I block that ? I can't believe i should try to filter through MAC.. Perhaps my rule is wrong ? Is there a way in apache to refuse serving a given ip? Thanks, -- Jean-Christophe Montigny Responsable Commission Web, Association Planètes Responsable serveurs assoces.com, Association Planètes Etudiant de deuxième année à Grenoble Ecole de Management Majeure Conseil en Organisation des Systèmes d'Information begin:vcard fn:Jean-Christophe Montigny n:Montigny;Jean-Christophe org;quoted-printable:Association [EMAIL PROTECTED] adr;quoted-printable:;;12, rue Pierre S=C3=A9mard;Grenoble;FR;38000;France email;internet:[EMAIL PROTECTED] title:Responsable Com Web x-mozilla-html:FALSE url:http://planetes.assoces.com/ version:2.1 end:vcard - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Apache stops servicing port 80
Here's an update---I'm even more confused. I shut down the Tomcat server being proxied. If I then restart Apache, it will serve my staticpages.example.com site just fine---for a few minutes. Then it stops accepting requests, with nothing in the error logs. Nothing in the access logs. Nothing in any of the logs. It's as if Apache isn't there, except that my requests time out rather than being rejected (which would happen if Apache weren't running.) If I reboot Apache, it works for about five minutes and then stops responding again. My SSL sites still work fine, but nothing going to my static pages do anything. What can be happening that won't even put an error in the log? Garret Garret Wilson wrote: I have a very strange problem that I can't resolve. I have Apache 2.0.54 running on Red Hat. Apache is serving the following sites: * http://staticpages.example.com - Simple static XHTML pages. * http://jsp.example.com - JSP pages running via proxy on port 9000 on Tomcat 5.5.9 (JDK 1.5.0_04). * http://servlet.example.com - Servlets running via proxy on port 9100 on Tomcat 5.5.9 (JDK 1.5.0_04). * https://dav.example.com - A WebDAV site accessed via SSL. * https://svn.example.com - A Subversion site accessed via SSL. Periodically the port 80 sites will stop responding. No errors will be in error_log. There will be no record in access_log of my attempts to access the site. The other sites will still work fine. I can access the secure WebDAV site through Apache with no problem. I can access the JSP pages on Tomcat directly like this: http://jsp.example.com:9000 But the connection will time out when trying to access either the static pages on Apache or the proxied Tomcat site via Apache, and no trace of the request can be found in the log files. What is causing this strange problem? I'll be happy to provide more info, if you need it. Sincerely, Garret - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Blocking harrassment
On 9/19/05, Jean-Christophe Montigny [EMAIL PROTECTED] wrote: Is there a way in apache to refuse serving a given ip? Yes, there is, but it will still appear in the log. I think you are going about this the wrong way entirely. Your problem is garbage in your log (and, by the way, that is the whole goal of these requests -- put garbage in your log so that the referer will show up). Solve it by fixing your log analysis. For example, just use grep -v to remove the relevant lines before analyzing the log. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Blocking harrassment
Hello, Joshua Slive wrote: I think you are going about this the wrong way entirely. Your problem is garbage in your log (and, by the way, that is the whole goal of these requests -- put garbage in your log so that the referer will show up). Solve it by fixing your log analysis. For example, just use grep -v to remove the relevant lines before analyzing the log. Yeah i'm using webalizer for my own logs. There is stuff in it to ignore requests and ips. However, the thing is, i'm also using a third party log analyser (in my website, there's a call to another website that takes care of analysis) and that's a problem. Since i cannot firewall that ip, or so it seems, i wondered if apache could refuse serving files to an ip... In fact, i believe it's more something about firewalling it. That thing bypasses the firewall and the rules i wrote in it... That's quite of strange. -- Jean-Christophe Montigny Responsable Commission Web, Association Planètes Responsable serveurs assoces.com, Association Planètes Etudiant de deuxième année à Grenoble Ecole de Management Majeure Conseil en Organisation des Systèmes d'Information begin:vcard fn:Jean-Christophe Montigny n:Montigny;Jean-Christophe org;quoted-printable:Association [EMAIL PROTECTED] adr;quoted-printable:;;12, rue Pierre S=C3=A9mard;Grenoble;FR;38000;France email;internet:[EMAIL PROTECTED] title:Responsable Com Web x-mozilla-html:FALSE url:http://planetes.assoces.com/ version:2.1 end:vcard - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Blocking harrassment
What about making a rewrite rule in httpd.conf or a .htaccess file something that redirects them to yahoo.com or something similar? Boysenberry boysenberrys.com | habitatlife.com | selfgnosis.com On Sep 19, 2005, at 6:46 PM, Jean-Christophe Montigny wrote: Hello, Joshua Slive wrote: I think you are going about this the wrong way entirely. Your problem is garbage in your log (and, by the way, that is the whole goal of these requests -- put garbage in your log so that the referer will show up). Solve it by fixing your log analysis. For example, just use grep -v to remove the relevant lines before analyzing the log. Yeah i'm using webalizer for my own logs. There is stuff in it to ignore requests and ips. However, the thing is, i'm also using a third party log analyser (in my website, there's a call to another website that takes care of analysis) and that's a problem. Since i cannot firewall that ip, or so it seems, i wondered if apache could refuse serving files to an ip... In fact, i believe it's more something about firewalling it. That thing bypasses the firewall and the rules i wrote in it... That's quite of strange. -- Jean-Christophe Montigny Responsable Commission Web, Association Planètes Responsable serveurs assoces.com, Association Planètes Etudiant de deuxième année à Grenoble Ecole de Management Majeure Conseil en Organisation des Systèmes d'Information jcm.vcf-- --- The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Blocking harrassment
HI Jean, try using .htaccess file for your required directory, limit GET allow all deny from 69.50.168.130 /limit *** check permissions according to your requirements. save this file as .htaccess in the required directory n make changes in ur httpd.conf accordingly. write me for more details regards Ritesh JhaveriOn 9/20/05, Jean-Christophe Montigny [EMAIL PROTECTED] wrote: Hello, I've noticed that, for about a week, i am being harrassed by always thesame IP, getting my index twenty times in a row but with asexual-explicit referrer :69.50.168.130 - - [20/Sep/2005:00:04:38 +0200] GET / HTTP/1.1 20027087 http://**/ Mozilla/4.0 (compatible; MSIE6.0; Windows NT 5.1) - 69.50.168.130 - - [20/Sep/2005:00:04:45 +0200] GET / HTTP/1.1 20027078 Mozilla/4.0 (compatible; MSIE6.0; Windows NT 5.1) - As a result, my stats are totally crapped ou.I tried to add a firewall rule to block the guy :iptables -A INPUT -p tcp -s 69.50.168.130 -j DROPHowever, they're still in my logs and can still access my machine. I guess the IP is spoofed or something.My question is, how can I block that ? I can't believe i should try tofilter through MAC.. Perhaps my rule is wrong ? Is there a way in apacheto refuse serving a given ip? Thanks,--Jean-Christophe MontignyResponsable Commission Web, Association PlanètesResponsable serveurs assoces.com, Association PlanètesEtudiant de deuxième année à Grenoble Ecole de Management Majeure Conseil en Organisation des Systèmes d'Information-The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info.To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Bug: apache/mod_svn intermittently creates transaction dirs with incorrect permissions or ownership such that the transaction breaks.
I'm seeing strange behavior with an apache module (Subversion's mod_svn). Subversion commits through mod_svn are intermittently failing because files and/or directories are being created with ROOT ownership!! or permissions such that the user apache cannot write. This problem happens frequenlty, but _not_always_, so I know it isn't an outright configuration problem in apache or subversion. Apache is set to run as user apache. I've posted this to the subversion mailing lists and plan to file a bug. It dawned on me that this might be a problem with apache and or configuration. I've tried a minimal config (no virtual hosts, no extra modules like php, etc) and have not been able to find the bug. Should a module get away with creating a file as root when apache is explicitly configured not to do so? Can you suggest anything that I might try to fix or identify this problem? The full details can be found below, which is my second post to the subversion users/dev mailing list. I sure would appreciate it if someone could help me out with this if they can think of an apache cause for this problem. Thanks (details below) -John --- Details: I'm about to file a subversion bug in relation to apache/mod_svn intermittently creating transaction dirs with incorrect permissions or ownership such that the transaction breaks. Many times during the day commits are failing with an error message like the following: [Wed Aug 31 12:55:55 2005] [error] [client 192.189.224.121http://192.189.224.121] Could not create activity /svn/ResultsPlus/!svn/act/a24ba835-0155-2042-a734-13818c448007. [500, #0] [Wed Aug 31 12:55:55 2005] [error] [client 192.189.224.121http://192.189.224.121] could not begin a transaction [500, #13] [Wed Aug 31 12:55:55 2005] [error] [client 192.189.224.121http://192.189.224.121] Can't open file '/svnroot/repos/ResultsPlus/db/transactions/90-1.txn/node.0.0': Permission denied [500, #13] Inspection on the server side reveals one of 2 scenarios: 1. The transaction directory (e.g. /svnroot/repos/reposname/db/transactions/90-1.txn) has the wrong permissions and cannot be populated by the apache user (apache) - i.e. drw-rwSrw- 2. The props file in the transaction directory (e.g. /svnroot/repos/reposname/db/transactions/90-1.txn/props) is owned by the root user and ONLY user has write permissions If the commit is retried, it may or may not succeed. To temporarily fix the problem, I must restart apache, and delete the broken transaction directories. I am now running the latest stable apache(httpd-2.0.54) and subversion(subversion-1.2.3) built from scratch. (This problem was first observed with prebuilt RPMS.) I am running Intel RedHat Enterprise Server 3 (rhel-3). I have audited the system extensively in an effort to identify any external processes that could be causing this problem and found now. I have a little bash script that will repeatedly modify, commit, and sleep 1 second that tests subversion. I can reproduce this error within 10 - 30 commits. I posted this problem before (http://svn.haxx.se/users/archive-2005-09/0228.shtml). More details can be found in that post. This problem was reported by another user as well in June (http://svn.haxx.se/users/archive-2005-06/1629.shtml) -- on Solaris. He was able to work around the problem by using setfacl however, rhel-3 (kernel 2.4) doesn't appear to support setfacl completely. If anyone can help me debug this problem further I'd appreciated it. I'm willing to try almost anything - a debug version of subversion, apache etc. If you'd like more information, please ask me. Otherwise, I'd welcome any tips for successfully logging a bug on subversion.trigris.org. I feel I've exhausted all configuration possibilities between apache-subversion. I've tried creating a test repository from scratch - ensuring all commands out-of-apache-web-server were done as apache (sudo -u apache svnadmin ...). I've tried different file system locations. I've removed all but svn functionality from apache. I've used the simplest svn configuration possible.. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
