suphp, php-cgi und apache
Hallo Leute, Habe vor 3 Wochen einen neuen IntraNet-Server mit courier, apache und php5 und nun habe ich wieder das problem mit dem suphp. Der Rechner hat derzeit rund 180 $USER wobei jeder einen VHost mit seinem login hat und nur normales PHP verwendet werden kann (kein CGI). Der DEFAULT Server ist gleichzeitig der IntranetServer der allerdings nur aus einer EINEN EINZIGEN physikalischen Seite besteht: /index.php Nun habe ich das problem, das ich suphp verwenden muß (sonst kann ich ja nicht auf die Verzeichnise der $USER rw zugreifen) und will das die /index.php als CGI ausgeführt wird... Geht irgendwie nicht... Wenn sie aber in /cgi-bin/index.php ligt gehts aber dann funktioniert 90% der Webseite nicht mehr... Ich will das Intranet definitiv mit http://server/ aufrufen. Frage: Wo muß isch was drehen, damit ich /index.php als CGI mit suphp verwenden kann. Datei /index.php und ein AddHandler funktioniert nicht Ich verwende: Debian GNU/Linux 4.0 Apache 1.3 (2.0 example ist aber auch willkommen) Greetings Michelle Konzack -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSM LinuxMichi 0033/6/6192519367100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature
[EMAIL PROTECTED] Interesting mod_proxy issue with Double decoding.
Hello, I have a configuration utilizing apache 2.2.0 with mod_proxy. What I want to do is protect the server and limit the user to access a single directory, lets say /java_tut/ from a machine running resin. So we have the following configuration: Proxy * Order deny, allow Allow from all /Proxy ProxyPass /java_tut/ http://someotherhost:8080/java_tut/ Everything works, the user can't access other directories outside of java_tut. Unless of course they do /java_tut/%252e%252e/examples/basic/viewsource.jsp. Using a double encoding of .. they are able to gain traverse back a directory. This is not what I want. So I came up with the following rules: ProxyPass /java_tut/%2e%2e ! ProxyPass /java_tut/%2e. ! ProxyPass /java_tut/.%2e ! Which works they can't get out of the directory any more. For those encoding scheme' obviously any rule that requires 3 or more types of deny's is probably flawed because i'm 99% sure there's other encoding tricks to get past these. Has anyone seen or come across such issues and has a better recommendation? Thanks a lot, -Isaac
[EMAIL PROTECTED] Trying to install Apache 2.2.4 on AIX 5.3
Hello, I am trying to install Apache http server 2.2.4 on AIX 5.3 server. When I am trying to configure with following command I am getting following error: ./configure --prefix=/oradata configure: error: no acceptable C compiler found in $PATH See `config.log' for more details. configure failed for srclib/apr Please help me. Thanks and Regards, Sushant Desai Product and Partner Engineer, Network Appliance Systems (India) Pvt. Ltd. Tel: +91-80-41843433 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 13, 2007 3:02 PM To: Desai, Sushant Subject: WELCOME to users@httpd.apache.org Hi! This is the ezmlm program. I'm managing the users@httpd.apache.org mailing list. PLEASE READ! This message contains information specific to this mailing list, and is not your standard form-letter subscription acknowledgement. I have added the address [EMAIL PROTECTED] to the users mailing list. Welcome to [EMAIL PROTECTED] Please save this message so that you know the address you are subscribed under, in case you later want to unsubscribe or change your subscription address. This mailing list is maintained by the Apache Software Foundation as a forum in which users of the Apache HTTP server can ask each other questions, pose problems, and discuss issues. It is NOT, repeat NOT, an official support medium of the Foundation. Please take a look at URL:http://httpd.apache.org/userslist.html to see details about how this list is to be used. Posting is only permitted by subscribed addresses as an anti-spam measure. The list is moderated by volunteers from the Apache Software Foundation; moderation will mostly be notable by its absence. However, blatant abuse of the forum's purpose or the sensibilities of the subscribers will not be tolerated. Any actions taken by the moderators is final, solely at their discretion, and not subject to formal appeal. So.. be excellent to each other, and party on! --- Administrative commands for the users list --- I can handle administrative requests automatically. Please do not send them to the list address! Instead, send your message to the correct command address: To subscribe to the list, send a message to: [EMAIL PROTECTED] To remove your address from the list, send a message to: [EMAIL PROTECTED] Send mail to the following for info and FAQ for this list: [EMAIL PROTECTED] [EMAIL PROTECTED] Similar addresses exist for the digest list: [EMAIL PROTECTED] [EMAIL PROTECTED] To get messages 123 through 145 (a maximum of 100 per request), mail: [EMAIL PROTECTED] To get an index with subject and author for messages 123-456 , mail: [EMAIL PROTECTED] They are always returned as sets of 100, max 2000 per request, so you'll actually get 100-499. To receive all messages with the same subject as message 12345, send a short message to: [EMAIL PROTECTED] The messages do not really need to be empty, but I will ignore their content. Only the ADDRESS you send to is important. You can start a subscription for an alternate address, for example [EMAIL PROTECTED], just add a hyphen and your address (with '=' instead of '@') after the command word: [EMAIL PROTECTED] To stop subscription for this address, mail: [EMAIL PROTECTED] In both cases, I'll send a confirmation message to that address. When you receive it, simply reply to it to complete your subscription. If despite following these instructions, you do not get the desired results, please contact my owner at [EMAIL PROTECTED] Please be patient, my owner is a lot slower than I am ;-) --- Enclosed is a copy of the request I received. Return-Path: [EMAIL PROTECTED] Received: (qmail 4345 invoked by uid 99); 13 Feb 2007 09:32:22 - Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 Feb 2007 01:32:22 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_HELO_PASS,SPF_PASS,UPPERCASE_25_50 X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: domain of [EMAIL PROTECTED] designates 216.240.18.37 as permitted sender) Received: from [216.240.18.37] (HELO mx2.netapp.com) (216.240.18.37) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 Feb 2007 01:32:12 -0800 Received: from smtp2.corp.netapp.com ([10.57.159.114]) by mx2.netapp.com with ESMTP; 13 Feb 2007 01:31:51 -0800 X-IronPort-AV: i=4.14,162,1170662400; d=scan'208,217,145; a=32210059:sNHT156104893 Received: from svlexc03.hq.netapp.com (svlexc03.corp.netapp.com [10.57.156.149]) by smtp2.corp.netapp.com (8.13.1/8.13.1/NTAP-1.6) with ESMTP id l1D9Vp5h024731 for [EMAIL PROTECTED] .apache.org; Tue, 13 Feb 2007 01:31:51 -0800 (PST) Received: from btcexc2.hq.netapp.com ([10.73.157.106]) by svlexc03.hq.netapp.com with Microsoft SMTPSVC(6.0.3790.0); Tue, 13 Feb 2007 01:31:51 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class:
Re: [EMAIL PROTECTED] Timeouts with Threaded Apache 2.2.3
Hi Sander, Thanks for the information. I'll make sure the mod_foo is thread safe, stripped down and retest. On the same subject of 'thread safe' does anyone know if mod_perl is being made thread safe? ( I believe there was a project for a threaded version but it died, so just wondering is the main mod_perl branch was being considered for making thread safe. ) Regards, Neil Sander Temme wrote: On Feb 8, 2007, at 3:08 AM, Neil Martin wrote: so we retested with a dummy module call mod_foo ( attached ) but we still get timeouts. Is this a know issue is the module api in threaded Apache ? You clearly based your mod_foo on mod_example, and just about the only thing you deleted was the comment atop the file that warns the mod_example code is not thread-safe. You should at least remove the call to trace_add() from the handler function, because that uses global variables and can't be used in a threaded server. I'm trying to clean this up for the mod_example.c in our development trunk, but this has not been done for 2.2.x. In a typical module (I think most if not all of your magic is in the handler function?), you don't need to implement any of the handlers unless you're actually using them to do something. You might override child_init to set up your database connection pool, but won't need stuff like post_read_request or http_scheme. You can generate a very small, functional sample module by calling apxs -g -n foo When running your benchmarks, you should make sure that you tune Apache in relation to the load you are sending it. The default worker mpm configuration tops out at 150 concurrent requests, and you are running ab at 200... that may not be a problem given the connection backlog in the kernel, but especially if your module takes some time to do its database thing, you may run out of resources and render ab confused. See conf/extra/httpd-mpm.conf to get an idea of the tunables for the worker MPM. S. -- Regards, Neil J MARTIN [EMAIL PROTECTED] Tel +44 (0)208 757 5817 Fax +44 (0)208 757 5827 Product Support Engineer - Four J's Development Tools (UK) [www.4js.com] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Timeouts with Threaded Apache 2.2.3
Neil Martin wrote: On the same subject of 'thread safe' does anyone know if mod_perl is being made thread safe? ( I believe there was a project for a threaded version but it died, so just wondering is the main mod_perl branch was being considered for making thread safe. ) AFAIK mod_perl *is* thread-safe. http://perl.apache.org/docs/2.0/user/intro/overview.html#Thread_environment_Issues Issac - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Best practice for mod_proxy_ajp/balancer in apache-2.2.4?
Hi all, since this is the first time I have to admin a JBoss Cluster behind an apache proxy, I have several questions regarding configuration for the following scenario: A JBoss 4.0.5 Cluster with 2-n instances as Application Server, Apache 2.2.4 with mod_proxy_ajp and mod_proxy_balancer handling the connections from and to the internet. - which MPM do I use (prefork or worker?) and which settings do I have to adjust? - which parameters to mod_proxy like max, smax, ttl and retry as in http://httpd.apache.org/docs/2.2/mod/mod_proxy.html have to be set (for which MPM)? - other hints regarding performance with mod_proxy_*? Thanks for help, Peter - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Trying to install Apache 2.2.4 on AIX 5.3
Hello, First of all: Posting to this list by replying to your welcome message, including it completely, with HTML version and atachments is really not necessary. On 2/13/07, Desai, Sushant [EMAIL PROTECTED] wrote: Hello, I am trying to install Apache http server 2.2.4 on AIX 5.3 server. When I am trying to configure with following command I am getting following error: ./configure --prefix=/oradata configure: error: no acceptable C compiler found in $PATH See `config.log' for more details. configure failed for srclib/apr Please help me. I would suggest you follow the advise given in the error message, and make sure thare is a C compiler on your PATH. Krist -- [EMAIL PROTECTED] Bremgarten b. Bern, Switzerland -- ...what you don't realize is that in the future Google WILL reach sentience, will [have had] invent[ed] a time machine, and will [have had] travel[ed] back in time to prevent Bill Gates... only to become Bill Gates by accident because of a search engine optimization miscalculation. (Comment on the Dilbert Blog) - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Disable TRACE HTTP method on Apache 1.3.33
try this... http://httpd.apache.org/docs/1.3/mod/core.html#limit Limit TRACE Deny from all /Limit p Yaniv Ofer wrote: Hello Our application is running over Apache 1.3.33. As a result of a failed security test, we have been asked to disable the TRACE HTTP method on our Apache Server. Could you please refer me to a configuration/patch/fix that would disable the TRACE HTTP method for Apache 1.3.33 Server? Our Server should refuse the following HTTP TRACE request: == TRACE /inbox?Uid=379%2D100 HTTP/1.1 Host: 172.17.129.61:50084 == Our current server replies with 200 OK for that request. Thanks Ofer - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Disable TRACE HTTP method on Apache 1.3.33
Thanks!!! -Original Message- From: Pid [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 13, 2007 1:30 PM To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] Disable TRACE HTTP method on Apache 1.3.33 try this... http://httpd.apache.org/docs/1.3/mod/core.html#limit Limit TRACE Deny from all /Limit p Yaniv Ofer wrote: Hello Our application is running over Apache 1.3.33. As a result of a failed security test, we have been asked to disable the TRACE HTTP method on our Apache Server. Could you please refer me to a configuration/patch/fix that would disable the TRACE HTTP method for Apache 1.3.33 Server? Our Server should refuse the following HTTP TRACE request: == TRACE /inbox?Uid=379%2D100 HTTP/1.1 Host: 172.17.129.61:50084 == Our current server replies with 200 OK for that request. Thanks Ofer - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] How to SetEnvIf matching previous matches
On 2/9/07, Lucas Brasilino [EMAIL PROTECTED] wrote: Hi all: I'm trying to make a 'AND' beetween two 'SetEnvIf' matches with no success. In mod_setenv docs it says that the 'attribute' field can be the name of an enviroment variable of a previous match. I've tried many configurations with no success. Maybe I'm misunderstading the docs... SetEnvIf Request_URI \.pdf$ IS_pdf BrowserMatch MSIE IS_ie How can I make a 'AND' beetween 'IS_pdf' and 'IS_ie' to set 'Pragma_NoCache' and do a: Header set Pragma no-cache env=Pragma_NoCache As far as I know you can't do boolean logic in SetEnvIf request. There is workaround however. I had a similar problem, where I needed to set a header based on the presence of two other headers. The trick was to use a ReWriteRule, but solely for its side effects, not rewriting any URLS. The advantage is that you can AND and OR several ReWriteCond statements, but in your case you would only need one, as you can doe the URI machting in the ReWriteRule itself: ReWritecond §{HTTP_USER_AGENT} MSIE ReWriteRule^(.*\.pdf)$$1 [E:Pragma_NoCache=yes] Header set Pragma no-cache env=Pragma_NoCache Krist -- [EMAIL PROTECTED] Bremgarten b. Bern, Switzerland -- ...what you don't realize is that in the future Google WILL reach sentience, will [have had] invent[ed] a time machine, and will [have had] travel[ed] back in time to prevent Bill Gates... only to become Bill Gates by accident because of a search engine optimization miscalculation. (Comment on the Dilbert Blog) - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Disable TRACE HTTP method on Apache 1.3.33
Hi p It says here that the TRACE method cannot be limited. -Ofer http://httpd.apache.org/docs/1.3/mod/core.html#limit === Limit directive Syntax: Limit method [method] ... ... /Limit Context: any Status: core Access controls are normally effective for all access methods, and this is the usual desired behavior. In the general case, access control directives should not be placed within a limit section. The purpose of the Limit directive is to restrict the effect of the access controls to the nominated HTTP methods. For all other methods, the access restrictions that are enclosed in the Limit bracket will have no effect. The following example applies the access control only to the methods POST, PUT, and DELETE, leaving all other methods unprotected: Limit POST PUT DELETE Require valid-user /Limit The method names listed can be one or more of: GET, POST, PUT, DELETE, CONNECT, OPTIONS, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, and UNLOCK. The method name is case-sensitive. If GET is used it will also restrict HEAD requests. The TRACE method cannot be limited. Warning: A LimitExcept section should always be used in preference to a Limit section when restricting access, since a LimitExcept section provides protection against arbitrary methods. === -Original Message- From: Pid [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 13, 2007 1:30 PM To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] Disable TRACE HTTP method on Apache 1.3.33 try this... http://httpd.apache.org/docs/1.3/mod/core.html#limit Limit TRACE Deny from all /Limit p Yaniv Ofer wrote: Hello Our application is running over Apache 1.3.33. As a result of a failed security test, we have been asked to disable the TRACE HTTP method on our Apache Server. Could you please refer me to a configuration/patch/fix that would disable the TRACE HTTP method for Apache 1.3.33 Server? Our Server should refuse the following HTTP TRACE request: == TRACE /inbox?Uid=379%2D100 HTTP/1.1 Host: 172.17.129.61:50084 == Our current server replies with 200 OK for that request. Thanks Ofer - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Trying to install Apache 2.2.4 on AIX 5.3
I installed c compiler on AIX and then I ran the configure command , but the filesystem path I mentioned in configure command doesn't have any data written on it, and there is no error recorded in the config.log file also, what could be wrong. I used following command ./configure --prefix=/oradata Thanks and Regards, Sushant Desai Product and Partner Engineer, Network Appliance Systems (India) Pvt. Ltd. Tel: +91-80-41843433 -Original Message- From: Krist van Besien [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 13, 2007 4:22 PM To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] Trying to install Apache 2.2.4 on AIX 5.3 Hello, First of all: Posting to this list by replying to your welcome message, including it completely, with HTML version and atachments is really not necessary. On 2/13/07, Desai, Sushant [EMAIL PROTECTED] wrote: Hello, I am trying to install Apache http server 2.2.4 on AIX 5.3 server. When I am trying to configure with following command I am getting following error: ./configure --prefix=/oradata configure: error: no acceptable C compiler found in $PATH See `config.log' for more details. configure failed for srclib/apr Please help me. I would suggest you follow the advise given in the error message, and make sure thare is a C compiler on your PATH. Krist -- [EMAIL PROTECTED] Bremgarten b. Bern, Switzerland -- ...what you don't realize is that in the future Google WILL reach sentience, will [have had] invent[ed] a time machine, and will [have had] travel[ed] back in time to prevent Bill Gates... only to become Bill Gates by accident because of a search engine optimization miscalculation. (Comment on the Dilbert Blog) - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Disable TRACE HTTP method on Apache 1.3.33
Try this, then: # Suppress the TRACE and TRACK methods to avoid cross-site scripting vulnerability IfModule mod_rewrite.c RewriteEngine on RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] /IfModule On 13/02/07, Yaniv Ofer [EMAIL PROTECTED] wrote: Hi p It says here that the TRACE method cannot be limited. -Ofer http://httpd.apache.org/docs/1.3/mod/core.html#limit === Limit directive Syntax: Limit method [method] ... ... /Limit Context: any Status: core Access controls are normally effective for all access methods, and this is the usual desired behavior. In the general case, access control directives should not be placed within a limit section. The purpose of the Limit directive is to restrict the effect of the access controls to the nominated HTTP methods. For all other methods, the access restrictions that are enclosed in the Limit bracket will have no effect. The following example applies the access control only to the methods POST, PUT, and DELETE, leaving all other methods unprotected: Limit POST PUT DELETE Require valid-user /Limit The method names listed can be one or more of: GET, POST, PUT, DELETE, CONNECT, OPTIONS, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, and UNLOCK. The method name is case-sensitive. If GET is used it will also restrict HEAD requests. The TRACE method cannot be limited. Warning: A LimitExcept section should always be used in preference to a Limit section when restricting access, since a LimitExcept section provides protection against arbitrary methods. === -Original Message- From: Pid [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 13, 2007 1:30 PM To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] Disable TRACE HTTP method on Apache 1.3.33 try this... http://httpd.apache.org/docs/1.3/mod/core.html#limit Limit TRACE Deny from all /Limit p Yaniv Ofer wrote: Hello Our application is running over Apache 1.3.33. As a result of a failed security test, we have been asked to disable the TRACE HTTP method on our Apache Server. Could you please refer me to a configuration/patch/fix that would disable the TRACE HTTP method for Apache 1.3.33 Server? Our Server should refuse the following HTTP TRACE request: == TRACE /inbox?Uid=379%2D100 HTTP/1.1 Host: 172.17.129.61:50084 == Our current server replies with 200 OK for that request. Thanks Ofer - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Steve Swift http://www.swiftys.org.uk
Re: [EMAIL PROTECTED] Disable TRACE HTTP method on Apache 1.3.33
Steve Swift wrote: Try this, then: # Suppress the TRACE and TRACK methods to avoid cross-site scripting vulnerability IfModule mod_rewrite.c RewriteEngine on RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] /IfModule On 13/02/07, *Yaniv Ofer* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi p It says here that the TRACE method cannot be limited. my bad, apologies. Steve is right above. -Ofer http://httpd.apache.org/docs/1.3/mod/core.html#limit === Limit directive Syntax: Limit method [method] ... ... /Limit Context: any Status: core Access controls are normally effective for all access methods, and this is the usual desired behavior. In the general case, access control directives should not be placed within a limit section. The purpose of the Limit directive is to restrict the effect of the access controls to the nominated HTTP methods. For all other methods, the access restrictions that are enclosed in the Limit bracket will have no effect. The following example applies the access control only to the methods POST, PUT, and DELETE, leaving all other methods unprotected: Limit POST PUT DELETE Require valid-user /Limit The method names listed can be one or more of: GET, POST, PUT, DELETE, CONNECT, OPTIONS, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, and UNLOCK. The method name is case-sensitive. If GET is used it will also restrict HEAD requests. The TRACE method cannot be limited. Warning: A LimitExcept section should always be used in preference to a Limit section when restricting access, since a LimitExcept section provides protection against arbitrary methods. === -Original Message- From: Pid [mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 13, 2007 1:30 PM To: users@httpd.apache.org mailto:users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] Disable TRACE HTTP method on Apache 1.3.33 try this... http://httpd.apache.org/docs/1.3/mod/core.html#limit http://httpd.apache.org/docs/1.3/mod/core.html#limit Limit TRACE Deny from all /Limit p Yaniv Ofer wrote: Hello Our application is running over Apache 1.3.33. As a result of a failed security test, we have been asked to disable the TRACE HTTP method on our Apache Server. Could you please refer me to a configuration/patch/fix that would disable the TRACE HTTP method for Apache 1.3.33 Server? Our Server should refuse the following HTTP TRACE request: == TRACE /inbox?Uid=379%2D100 HTTP/1.1 Host: 172.17.129.61:50084 http://172.17.129.61:50084 == Our current server replies with 200 OK for that request. Thanks Ofer - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- Steve Swift http://www.swiftys.org.uk - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] probably bug in 2.2.4 ??? please confirm ...
Hi all, Scenario: - Standard 2.2.4 installation / config - no firewalls etc. - PHP 5 simple php-page with $_SERVER['REMOTE_ADDR'] inside, results in 0.0.0.0 same picture in access.log 0.0.0.0 - - [12/Feb/2007:10:51:39 +0100] GET / HTTP/1.1 200 44 same picture in error.log [Tue Feb 13 09:21:51 2007] [error] [client 0.0.0.0] File does not exist: C:/Program Files/Apache Software Foundation/Apache2.2/htdocs/favicon.ico any suggestions ? Thanks in advance. Mit freundlichen Grüßen / kind regards Uwe Liebrenz Customer Service - Support Projects Fresenius Netcare GmbH Else-Kröner-Str. 1 61352 Bad Homburg v.d.H. Tel: +49 (0) 6172 608 - 7546 Fax: +49 (0) 6172 608 - 5264 [EMAIL PROTECTED] www.fresenius-netcare.com Hinweis / Note: Die in dieser E-Mail enthaltenen Informationen sind vertraulich. Diese E-Mail ist ausschließlich für den Adressaten bestimmt und jeglicher Zugriff durch andere Personen ist nicht zulässig. Falls Sie nicht einer der genannten Empfänger sind, ist jede Veröffentlichung, Vervielfältigung, Verteilung oder sonstige in diesem Zusammenhang stehende Handlung untersagt und unter Umständen ungesetzlich. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, den Absender unverzüglich zu informieren und die E-Mail zu löschen. The information in this e-mail is confidential. It is intended solely for the addressee and access to the e-mail by anyone else is unauthorised. If you are not a named recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If the notice is not intended for you, please notify the sender immediately and delete the e-mail.
Re: [EMAIL PROTECTED] Timeouts with Threaded Apache 2.2.3
Hi, Sorry, my question was worded badly: The real question is about thread safty of DBI in mod_perl. On Solaris we were getting core dumps from this combination using our ODBC driver and an Informix ODBC driver. Don't get the core dumps when using preforked apache. Regards, Neil Issac Goldstand wrote: Neil Martin wrote: On the same subject of 'thread safe' does anyone know if mod_perl is being made thread safe? ( I believe there was a project for a threaded version but it died, so just wondering is the main mod_perl branch was being considered for making thread safe. ) AFAIK mod_perl *is* thread-safe. http://perl.apache.org/docs/2.0/user/intro/overview.html#Thread_environment_Issues Issac - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Regards, Neil J MARTIN [EMAIL PROTECTED] Tel +44 (0)208 757 5817 Fax +44 (0)208 757 5827 Product Support Engineer - Four J's Development Tools (UK) [www.4js.com] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] probably bug in 2.2.4 ??? please confirm ...
Yes - This is APR bug 41321 which affects Windows 2000. http://issues.apache.org/bugzilla/show_bug.cgi?id=41321 You can work around it (with modest performance cost) by using the Win32DisableAcceptEx directive. -tom- [EMAIL PROTECTED] wrote: Hi all, Scenario: - Standard 2.2.4 installation / config - no firewalls etc. - PHP 5 simple php-page with $_SERVER['REMOTE_ADDR'] inside, results in 0.0.0.0 same picture in access.log 0.0.0.0 - - [12/Feb/2007:10:51:39 +0100] GET / HTTP/1.1 200 44 - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Apache SSL DMZ mod_jk Security concerns
Thanks! I am new to the whole security issue, and, although I have researched it quite a bit it is nice to have some confirmation when it comes to something like credit cards. AFrieze - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] mod_authz_host problem
Hi i'm setting access control on a fresh installed apache 2.2.4 linux box. Setting on a sub-directory this directive: Order deny,allow deny from all doesn't work. What am i wrong? this is a part of my http.conf DocumentRoot /home/www/htdocs # # Each directory to which Apache has access can be configured with respect # to which services and features are allowed and/or disabled in that # directory (and its subdirectories). # # First, we configure the default to be a very restrictive set of # features. # Directory / Options FollowSymLinks AllowOverride None Order deny,allow Deny from all /Directory # # Note that from this point forward you must specifically allow # particular features to be enabled - so if something's not working as # you might expect, make sure that you have specifically enabled it # below. # # # This should be changed to whatever you set DocumentRoot to. # Directory /home/www/htdocs # # Possible values for the Options directive are None, All, # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews # # Note that MultiViews must be named *explicitly* --- Options All # doesn't give it to you. # # The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs/2.2/mod/core.html#options # for more information. # Options Indexes FollowSymLinks # # AllowOverride controls what directives may be placed in .htaccess files. # It can be All, None, or any combination of the keywords: # Options FileInfo AuthConfig Limit # AllowOverride None # # Controls who can get stuff from this server. # Order allow,deny Allow from all /Directory and this of httpd-vhosts.conf: VirtualHost _default_:80 ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/www/xx/htdocs ServerName www.xxx.xxx ServerAlias www.xxx.xxx ErrorLog /home/www/x/logs/-error.log CustomLog /home/www/x/logs/x-access.log combined Directory / Options FollowSymlinks AllowOverride None Order allow,deny Allow from all /Directory Directory /myadm Options FollowSymlinks AllowOverride None Order deny,allow Deny from all /Directory /VirtualHost i did setup .htaccess too but the result is the same. I want to limit access to a myphpadmin sub-directory only to clients of 192.168.0.0/24 subnet but i don't understand how. Thanks NR - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] mod_authz_host problem
Original Message- ---From: Nando Ronsisvalle [mailto:[EMAIL PROTECTED] ---Sent: Tuesday, February 13, 2007 6:00 PM ---To: users@httpd.apache.org ---Subject: [EMAIL PROTECTED] mod_authz_host problem --- ---Hi ---i'm setting access control on a fresh installed apache ---2.2.4 linux box. ---Setting on a sub-directory this directive: ---Order deny,allow ---deny from all --- ---doesn't work. ---What am i wrong? Hi, please try this: Order deny,allow allow from 192.168.0.0/24 deny from all Gruß/Regards, Hermann Maurer - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] mod_authz_host problem
Maurer, Hermann ha scritto: Hi, please try this: Order deny,allow allow from 192.168.0.0/24 deny from all Gruß/Regards, Hermann Maurer Doesn't works! It seems ignore directory /myadm /directory directive. NR -- Saluti / Best regards --- * * / Nando Ronsisvalle / * * / / / / / / I.C.T. Department / / / / / / * * Meridionale Impianti S.p.A. * * Stab. Piano Tavola Bivio Aspro Phone: 095. 756.31 int.211 e-mail: [EMAIL PROTECTED] 3D%22mailto:[EMAIL PROTECTED] --- * NOTA DI RISERVATEZZA * La presente comunicazione, corredata dei relativi allegati, contiene informazioni confidenziali ed =E8 riservata esclusivamente ai destinatari. Qualora abbiate ricevuto il messaggio per errore, vi preghiamo di contattare il mittente e di procedere immediatamente all'eliminazione del messaggio. Vi informiamo che ogni uso, copia, distribuzione o stampa del presente messaggio e' proibito dalla legge (art. 15 Cost., art. 616 cod. pen.). Grazie. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] mod_authz_host problem
Maurer, Hermann ha scritto: Hi, please try this: Order deny,allow allow from 192.168.0.0/24 deny from all Gruß/Regards, Hermann Maurer Doesn't works! It seems ignore directory /myadm /directory directive. NR - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] LDAP Authentication Registration
OK do you all know of any application where a user can do a self-registration and it will create their account within the LDAP server? Thanks, Billy Strader WebPool WebPool Pager: 865-417-5622 Work: 865-425-5178 Pager: 865-417-5012 - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] mod_authz_host problem
On 2/13/07, Nando Ronsisvalle [EMAIL PROTECTED] wrote: Directory /myadm Directory takes a full path relative to the root of the filesystem, not relative to the DocumentRoot. See: http://httpd.apache.org/docs/2.2/sections.html#file-and-web Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] RPMS problem with httpd building
Ok Folks, I am trying to compile httpd-2.2.2-1.2.src.rpm on ppc using fedora system. I get the following error + xmlto -x /root/ydl5full/ybuild3/work/httpd/SOURCES/html.xsl html-nochunks migration.xml I/O error : Attempt to load network entity http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl warning: failed to load external entity http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl; compilation error: file /root/ydl5full/ybuild3/work/httpd/SOURCES/html.xsl line 12 element import xsl:import : unable to load http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl cp: cannot stat `/tmp/xmlto.mD5469/migration.proc': No such file or directory error: Bad exit status from /var/tmp/rpm-tmp.58879 (%build) IS there any reason for this I am using rpmbuild as i want to change something in SPEC - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Trying to install Apache 2.2.4 on AIX 5.3
On 2/13/07, Desai, Sushant [EMAIL PROTECTED] wrote: I installed c compiler on AIX and then I ran the configure command , but the filesystem path I mentioned in configure command doesn't have any data written on it, and there is no error recorded in the config.log file also, what could be wrong. You need to set your PATH variable to something that contains the directory your C compiler has been installed in. Alternatively you can set the CC variable to the location of your compiler. I would advice you to get the gcc compiler. This should work. I used following command ./configure --prefix=/oradata Why do you want to install apache in /oradata? Krist -- [EMAIL PROTECTED] Bremgarten b. Bern, Switzerland -- ...what you don't realize is that in the future Google WILL reach sentience, will [have had] invent[ed] a time machine, and will [have had] travel[ed] back in time to prevent Bill Gates... only to become Bill Gates by accident because of a search engine optimization miscalculation. (Comment on the Dilbert Blog) - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] OpenBSD and threaded apache
Hi all, I am at a loss to get apache 2.2.3 compiled using --with-mpm=worker on OpenBSD 3.9 It compiles and seems to run fine except for seeming to get stuck on the first few requests. After a few requests it might run ok but then seem to get stuck again (takes forever to respond). I am currently running the pre-fork version but its just a bit too slugish in proxying for my needs. Any help appreciated, Thanks. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] remove the http server info banner
On 2/12/07, William A. Rowe, Jr. [EMAIL PROTECTED] wrote: Frightening. FWIW - see http://httpd.apache.org/security/vulnerabilities_13.html Fauziah Mahdan wrote: I have read all the posting regarding this servertokens or hide web banner/header http://marc.theaimsgroup.com/?l=apache-httpdusersw=2r=1s=servertokens q=b Most of them at least get result when they set the servertokens prod Apache without version will appear. But my one still preview the whole complete version It Apache version 1.3.12 under HPUX 11.00. Is there any weakness it did not turn up the result? fauziah - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] . Very frightening indeed. Apache 1.3.12 came out 7 years ago in 12 days (02/25/00). No wonder you are trying to hide your version, i'd be trying to do the same. Makes you wonder though if its just easier compiling a newer version say 1.3.37? - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] how to replace tilde with slash when users' home dirs are different?
Hi I want to replace the tilde symbol with slash in the URL, And I know that I could add this setting AliasMatch ^/([^/]*)/?(.*) /home/$1/public_html/$2 when all users' root directory are the same. Now it's the problem... There are more than 5000 users in my server, in order to avoid that all users' dirs stored in one root directory, their root home directories are separated to 4 parts: user1,user2,user3 and user4 So,the user's home directory is /user[1or2or3or4]/USERNAME/public_html/ Now I can't find any solution with rewrite setting to solve my problem. I think it will be a performance impact if I add more than 5000 alias setting, so I need to find other solutions. Could you give me any suggestions? Thank you very much -- ccyen - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Question about mod_rewrite
hello I need help and advices about using mod_rewrite I have some pdf files on my web site A foreign web site has stored these pdf file on a html file on this foreign web site I would like to redirect its requests to another page so I wrote: IfModule mod_rewrite.c RewriteEngine Off RewriteCond %{HTTP_REFERER} ^http://www.theforeignwebsite.com/*\.html RewriteRule (.+) http://www.theanotherpage.com /IfModule But it doesn't work ! When the foreign web site tries to access , the redirection begins but doesn't finish. in the access log of my web site, the access is repeated 20 times with a 302 number for the redirect On IE, an error message is returned, on firefox, it tells me to check the cookies... However I tested this configuration on the same apache server (2.0.52) on another machine and the redirection works well and it succeded I tried to specify the redirection code 302 or 301 in the append flag R but it is the same Thanks for your help cheers Jean-Philippe Battu Grenoble
[EMAIL PROTECTED] installation query in linux
in http.conf file ,I am geting problem in locating server root - Don't be flakey. Get Yahoo! Mail for Mobile and always stay connected to friends.
Re: [EMAIL PROTECTED] installation query in linux
http://httpd.apache.org/docs/1.3/mod/core.html#serverroot this should get your started. *** REPLY SEPARATOR *** On 2/13/2007 at 11:22 PM imthiaz khan wrote: in http.conf file ,I am geting problem in locating server root Don't be flakey. Get Yahoo! Mail for Mobile and always stay connected to friends.
[EMAIL PROTECTED] uninstall-Apache
how to uninstall Apache web server in linux - No need to miss a message. Get email on-the-go with Yahoo! Mail for Mobile. Get started.