[users@httpd] How to implement multi-language support for column names generated by auto indexing?
Hi How does one implement multi-language support for column names generated by auto indexing? e.g. auto indexing produces columns "Name", "LastModified", & "Size", but how does one configure Apache web server to generate these in another language, if requested by the client browser? Thanks, Bryce Powell - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] unsubscribe
Mod(S), Please unsubscribe this address if received. Mail server returns NDR with high ranking spam verdict and fails to auto unsubscribe. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Single User DoS. How is this happening?
Unfortunately we aren't capturing the UserAgent in any of our logs. That's something I'll want to adjust. On Tue, Sep 24, 2013 at 11:41 AM, john gale wrote: > > Sometimes client bugs can manifest itself this way, say if a malformed > redirect continues redirecting them back to the same page, and a client bug > prevents noticing this. > > What was the UserAgent of the user ? > > ~ john > > On Sep 24, 2013, at 10:37 AM, Ryan Merrell wrote: > >> We've had a problem occur maybe 5 times over the last year where a >> single user is DoS'ing our web server (unintentionally) and I'm having >> a hard time figuring out how it's happening. >> >> >> Background Info: >> >> We're an online school with moderate traffic levels (800+ unique IPs >> with 18,000 GET/POST over the last hour as of this post). >> We're running Apache/2.2.15 Release 15.el6_2.1 from RHEL. We're >> running RHEL 6.3. >> >> >> The few times that this has happened, we've looked at the offending >> user's traffic and noticed that before they DoS'd us, they were logged >> in doing their course work as expected. But then we would suddenly get >> thousands of GET requests for the home page, which showed up in the >> access logs like this: >> >> [18/Sep/2013:19:30:57 +] "GET / HTTP/1.1" 200 16496 >> [18/Sep/2013:19:30:57 +] "GET / HTTP/1.1" 200 16496 >> [18/Sep/2013:19:30:57 +] "GET / HTTP/1.1" 200 16496 >> >> In this last case, it was repeated over 7000 times in a span of about >> 18 minutes (generally around 10 requests per second). What ended up >> happening is that we reached our MaxServerLimit number and Apache >> eventually died. I've started looking at some tools, such as >> mod_evasive, to protect us from such problems. But then I got thinking >> about what was actually happening here, tried to reproduce the problem >> myself, but couldn't! I used JMeter to simulate a heavy attack (more >> connections at a faster rate -- around the ballpark of 25000 requests) >> and I never spawned more than 15 child processes or so. My test >> environment handled it perfectly. But something about how the student >> did it made httpd spawn children like crazy, which eventually killed >> it. >> >> Here are some of my server configs that I feel are relevant. Any >> advice on what is actually happening here and what I can do to >> alleviate the problem would be appreciated. >> >> KeepAlive On >> MaxKeepAliveRequests 100 >> KeepAliveTimeout 5 >> >> >> StartServers 8 >> MinSpareServers5 >> MaxSpareServers 20 >> ServerLimit 2000 >> MaxClients 2000 >> MaxRequestsPerChild 4000 >> >> >> >> >> >> Ryan Merrell >> >> - >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> > > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Single User DoS. How is this happening?
Sometimes client bugs can manifest itself this way, say if a malformed redirect continues redirecting them back to the same page, and a client bug prevents noticing this. What was the UserAgent of the user ? ~ john On Sep 24, 2013, at 10:37 AM, Ryan Merrell wrote: > We've had a problem occur maybe 5 times over the last year where a > single user is DoS'ing our web server (unintentionally) and I'm having > a hard time figuring out how it's happening. > > > Background Info: > > We're an online school with moderate traffic levels (800+ unique IPs > with 18,000 GET/POST over the last hour as of this post). > We're running Apache/2.2.15 Release 15.el6_2.1 from RHEL. We're > running RHEL 6.3. > > > The few times that this has happened, we've looked at the offending > user's traffic and noticed that before they DoS'd us, they were logged > in doing their course work as expected. But then we would suddenly get > thousands of GET requests for the home page, which showed up in the > access logs like this: > > [18/Sep/2013:19:30:57 +] "GET / HTTP/1.1" 200 16496 > [18/Sep/2013:19:30:57 +] "GET / HTTP/1.1" 200 16496 > [18/Sep/2013:19:30:57 +] "GET / HTTP/1.1" 200 16496 > > In this last case, it was repeated over 7000 times in a span of about > 18 minutes (generally around 10 requests per second). What ended up > happening is that we reached our MaxServerLimit number and Apache > eventually died. I've started looking at some tools, such as > mod_evasive, to protect us from such problems. But then I got thinking > about what was actually happening here, tried to reproduce the problem > myself, but couldn't! I used JMeter to simulate a heavy attack (more > connections at a faster rate -- around the ballpark of 25000 requests) > and I never spawned more than 15 child processes or so. My test > environment handled it perfectly. But something about how the student > did it made httpd spawn children like crazy, which eventually killed > it. > > Here are some of my server configs that I feel are relevant. Any > advice on what is actually happening here and what I can do to > alleviate the problem would be appreciated. > > KeepAlive On > MaxKeepAliveRequests 100 > KeepAliveTimeout 5 > > > StartServers 8 > MinSpareServers5 > MaxSpareServers 20 > ServerLimit 2000 > MaxClients 2000 > MaxRequestsPerChild 4000 > > > > > > Ryan Merrell > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Single User DoS. How is this happening?
We've had a problem occur maybe 5 times over the last year where a single user is DoS'ing our web server (unintentionally) and I'm having a hard time figuring out how it's happening. Background Info: We're an online school with moderate traffic levels (800+ unique IPs with 18,000 GET/POST over the last hour as of this post). We're running Apache/2.2.15 Release 15.el6_2.1 from RHEL. We're running RHEL 6.3. The few times that this has happened, we've looked at the offending user's traffic and noticed that before they DoS'd us, they were logged in doing their course work as expected. But then we would suddenly get thousands of GET requests for the home page, which showed up in the access logs like this: [18/Sep/2013:19:30:57 +] "GET / HTTP/1.1" 200 16496 [18/Sep/2013:19:30:57 +] "GET / HTTP/1.1" 200 16496 [18/Sep/2013:19:30:57 +] "GET / HTTP/1.1" 200 16496 In this last case, it was repeated over 7000 times in a span of about 18 minutes (generally around 10 requests per second). What ended up happening is that we reached our MaxServerLimit number and Apache eventually died. I've started looking at some tools, such as mod_evasive, to protect us from such problems. But then I got thinking about what was actually happening here, tried to reproduce the problem myself, but couldn't! I used JMeter to simulate a heavy attack (more connections at a faster rate -- around the ballpark of 25000 requests) and I never spawned more than 15 child processes or so. My test environment handled it perfectly. But something about how the student did it made httpd spawn children like crazy, which eventually killed it. Here are some of my server configs that I feel are relevant. Any advice on what is actually happening here and what I can do to alleviate the problem would be appreciated. KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 5 StartServers 8 MinSpareServers5 MaxSpareServers 20 ServerLimit 2000 MaxClients 2000 MaxRequestsPerChild 4000 Ryan Merrell - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Apache2 hidden files & folders
Not work for me in Firefox, but I run /etc/init.d/apache2 restart apache2 -v Server version: Apache/2.2.22 (Debian) Server built: Mar 4 2013 21:32:29 2013/9/24 Pete Houston : > On Tue, Sep 24, 2013 at 06:39:09PM +0200, Sós Dániel wrote: >> This not work, not listing dot files: IndexIgnore *~ *# HEADER* >> README* RCS CVS *,v *,t > > It works for me in Apache 2.2.24. > > Which specific version are you running? > Are you sure there are no other IndexIgnore directives in your > configuration? Note that the documentation states: > > Multiple IndexIgnore directives add to the list, rather than the > replacing the list of ignored files. > > Pete > -- > Openstrike - improving business through open source > http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Apache2 hidden files & folders
On Tue, Sep 24, 2013 at 06:39:09PM +0200, Sós Dániel wrote: > This not work, not listing dot files: IndexIgnore *~ *# HEADER* > README* RCS CVS *,v *,t It works for me in Apache 2.2.24. Which specific version are you running? Are you sure there are no other IndexIgnore directives in your configuration? Note that the documentation states: Multiple IndexIgnore directives add to the list, rather than the replacing the list of ignored files. Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpa1_3F5tdoz.pgp Description: PGP signature
Re: [users@httpd] Apache2 hidden files & folders
Thanks your answer! I know not recommended. htaccess files source code is only my localhost (not internet, only local). This not work, not listing dot files: IndexIgnore *~ *# HEADER* README* RCS CVS *,v *,t My /etc/apache2/sites-available/localhost file is: ServerName localhost ServerAlias *.localhost DocumentRoot /var/www/ AddDefaultCharset UTF-8 # IndexIgnore * ErrorLog /var/www/.error CustomLog /var/log/apache2/localhost combined HostnameLookups Off UseCanonicalName Off ServerSignature Off Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny Allow from all 2013/9/24 Pete Houston : > On Tue, Sep 24, 2013 at 06:21:23PM +0200, Sós Dániel wrote: >> IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t > > The first term there will prohibit display of your dotfiles. Try > removing it and use this instead: > > IndexIgnore *~ *# HEADER* README* RCS CVS *,v *,t > > Also, be very careful with this: > >> >> order allow,deny >> allow from all >> > > That is not recommended. > > Good luck, > > Pete > -- > Openstrike - improving business through open source > http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Apache2 hidden files & folders
On Tue, Sep 24, 2013 at 06:21:23PM +0200, Sós Dániel wrote: > IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t The first term there will prohibit display of your dotfiles. Try removing it and use this instead: IndexIgnore *~ *# HEADER* README* RCS CVS *,v *,t Also, be very careful with this: > > order allow,deny > allow from all > That is not recommended. Good luck, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgp3beFYCvLwv.pgp Description: PGP signature
[users@httpd] Apache2 hidden files & folders
Hi, Sorry, I speak a little english. My native language is Hungarian. I'm use Debian Wheezy (apache2) and Mozilla Firefox. I would like see listing my hidden files and hidden folders in my Firefox browsers at localhost. All files and folders (include . first character). Example: I see now Firefox: http://localhost/archive/ directory-1 dir-2 file.txt file I would like see Firefox: http://localhost/archive/ directory-1 dir-2 .dir-3 file.txt file .htaccess .example.txt My http://localhost/archive/.htaccess file is now: IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t php_flag engine off AddType text/plain php order allow,deny allow from all Please help me and help me edit this .htaccess file and I know view my hidden files & folders. Thanks your answer! - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Downloads for Apache 2.4.6 w/ OpenSSL 1.0.1e !!
Hi, We want to ship Apache 2.4.6 w/ OpenSSL 1.0.1e binaries with our product for Windows platform. I could see in URL http://httpd.apache.org/docs/2.4/platform/windows.html that Apache recommends following URLs to download these binary packages. Are these locations safe to download the Apache 2.4.6 w/ OpenSSL 1.0.1e? http://www.apachehaus.com/cgi-bin/download.plx http://www.apachelounge.com/download/ Thanks, Praveen
Re: [users@httpd] Apache 2.4 | "require" and AuthMerging
Location has higher precedence than Directory. It's merged after, not before. On Tue, Sep 24, 2013 at 6:05 AM, King Holger (CI/AFP2) wrote: > Dear Apache community, > > we just wonder why when using the following configuration: > > # allow using the "/" directory of this virtual host by all > > Require all granted > > > Alias /fslogs /opt/wcms/fs4/log > > IndexIgnore .. fs4.pid fs-wrapper.log fs-gc.log > IndexOptions +FancyIndexing > Options +Indexes > > AuthType Basic > AuthName "Restricted access" > AuthBasicProvider file > AuthUserFile /tmp/passwd > Require valid-user > > > the default handling of overwriting access directives in sub contexts does > not work properly (AuthMerging off). Might it be due to the two directives > "Location" and "Directory"? We expected that for "/opt/wcms/fs4/log" just > authenticated and valid users should have access. So, access should be > limited. Instead we see that everybody can browse the directory. > > Kind regards, > Holger King > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > -- Eric Covener cove...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Apache 2.4 | "require" and AuthMerging
Dear Apache community, we just wonder why when using the following configuration: # allow using the "/" directory of this virtual host by all Require all granted Alias /fslogs /opt/wcms/fs4/log IndexIgnore .. fs4.pid fs-wrapper.log fs-gc.log IndexOptions +FancyIndexing Options +Indexes AuthType Basic AuthName "Restricted access" AuthBasicProvider file AuthUserFile /tmp/passwd Require valid-user the default handling of overwriting access directives in sub contexts does not work properly (AuthMerging off). Might it be due to the two directives "Location" and "Directory"? We expected that for "/opt/wcms/fs4/log" just authenticated and valid users should have access. So, access should be limited. Instead we see that everybody can browse the directory. Kind regards, Holger King - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
