Re: [users@httpd] Handling MS "Internet Shortcuts" and "Links"
2015-05-01 16:00 GMT+02:00 David A. Cobb : [...] > However, if I click the URL file in a "Directory List" served from Apache, I > get the plain text file displayed. I can go to the target with one or two > extra steps, but it's a PITA. It's a text file, so that's the expected result, since there are no special handlers for .url-Files in httpd. > It seems what I should do is to parse the file in the server and send a > "Permanently Moved To" redirection to the browser. I don't think you can achieve this with the likes of mod_rewrite, mod_setenvif etc. It should require a proper program, e.g. via CGI, mod_perl mod_php or the likes, plus probably a RewriteRule to start the script whenever a .url file is requested. Or maybe mod_lua and a LuaOutputFilter. > Or, I suppose, I could simply do the redirection; but somehow that feels less > safe. Not sure what you're trying to say here. > Now, if I can be allowed a second question in the same post, can I do the > same thing with Microsoft ".lnk" shortcuts? It would be a simple script > operation to transform the local FileSystem path to a "localhost:8080/" > path. That's actually not trivial in the general case, since it's not necessarily obvious how file system paths map to URLs. rainer - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Handling MS "Internet Shortcuts" and "Links"
On 04-May-15 06:09, Rainer Canavan wrote: 2015-05-01 16:00 GMT+02:00 David A. Cobb : [...] However, if I click the URL file in a "Directory List" served from Apache, I get the plain text file displayed. I can go to the target with one or two extra steps, but it's a PITA. It's a text file, so that's the expected result, since there are no special handlers for .url-Files in httpd. Ahh. I was hoping there was something I had overlooked. It seems what I should do is to parse the file in the server and send a "Permanently Moved To" redirection to the browser. I don't think you can achieve this with the likes of mod_rewrite, mod_setenvif etc. It should require a proper program, e.g. via CGI, mod_perl mod_php or the likes, plus probably a RewriteRule to start the script whenever a .url file is requested. Or maybe mod_lua and a Lua sounds good. I will look into that one. Back when my brain was younger, I earned my keep programming so it is maybe possible. LuaOutputFilter. Or, I suppose, I could simply do the redirection; but somehow that feels less safe. Not sure what you're trying to say here. Neither was I. I thought that once I captured the localhost URL, I could just serve that file. But I think that just adds work duplicating functions already in the browser. Now, if I can be allowed a second question in the same post, can I do the same thing with Microsoft ".lnk" shortcuts? It would be a simple script operation to transform the local FileSystem path to a "localhost:8080/" path. That's actually not trivial in the general case, since it's not necessarily obvious how file system paths map to URLs. In the general case, it would be hairy indeed. But I maintain a pretty simple-minded mapping for documents I harvest. rainer Many thanks, Rainer - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] proxypass strip the URL
HI I am have an issue when the apache 2.2 proxypass the URL with filename has "=". when is proxypass it strip the any character before "=" character E.g https://apple.com/test/file=test1.xml it pass as https://apple.com/test/test1.xml. it stripping all the character before it pass. Any help will be great.Regards, kumar
[users@httpd] LongPolling/WebSockets connection handling & max. connections
Hello everybody, currently I'm having an open question/topic about web sockets and long polling, which I'm not completely sure about the current handling within the Apache web server. The main question is about the mechanism "how websockets connections will be handled from the Apache?". Currently I have the following worker configuration within my Apache webserver (worker mpm): StartServers80 ServerLimit160 MinSpareThreads 25 MaxSpareThreads250 ThreadsPerChild 50 MaxRequestWorkers 8000 MaxConnectionsPerChild 0 This allows me to accept 8000 simultaneous connections and server more then 8000 clients, because from my understand Apache takes the connection on hold after he has proxied the request and until he get's the response. So normally I'm able to serve more than 8000 clients, because not all send requests or get a response simultaneously. But then if I run a client server architecture, which uses web sockets for communication, the socket or connection is normally hold open all the time and from my understanding the Apache webserver is not able to take the connection in a, let's call it, "hold state". So if I use web sockets is Apache still able to server more then 8000 clients/connections with the configuration above, or is he no longer able to set connections on hold when proxying websockets? Also does Apache open one socket within the OS for each connection, because then this would limit the usage of 65k clients on one server anyway, or are there more connections possible? Are there any experiences about the maximum number of web socket connections and best practices for the Apache by using web sockets? Is it better to run apache with the event mpm then the worker mpm within that scenario? Thanks in advance & Best regards, André
Re: [users@httpd] LongPolling/WebSockets connection handling & max. connections
On Mon, May 4, 2015 at 11:36 AM, wrote: > Are there any experiences about the maximum number of web socket connections > and best practices for the Apache by using web sockets? Is it better to run > apache with the event mpm then the worker mpm within that scenario? For websockets the event MPM would not make a difference in 2.4, because the idle connections cannot be offloaded in event because they're not in a state that event can offload. They will tie up a thread. If you're just proxying those websockets connections, there is experimental support in trunk to offload them under Event. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Apache httpd have it's own repo?
It looks like the yum repo for httpd for Red Hat 7 just has httpd 2.4.6 Does Apache have it's own repo? We have looked around a bit but not found it. We assume that would be a more recent version.
Re: [users@httpd] Apache httpd have it's own repo?
On 05/04/2015 01:28 PM, Rose, John B wrote: It looks like the yum repo for httpd for Red Hat 7 just has httpd 2.4.6 Does Apache have it's own repo? We have looked around a bit but not found it. We assume that would be a more recent version. No. The apache org only provides source code for httpd. They do not provide binaries much less provide them through yum/apt/portage/whatever repos. Binaries are provided by third party contributors as they can provide them. One thing to keep in mind, yes, EL7's httpd is 2.4.6, but that doesn't mean the code is stuck at 2.4.6. The various Linux distribution vendors backport critical and security fixes to their "frozen" versions, and occasionally feature releases. They do version freezes for various reasons, some of which are to satisfy "stupid" enterprise customer stability requirements. But yes, it can be somewhat confusing. So you need to examine your actual reasoning for why you want a more recent version before deciding whether or not you actually "need" a more recent version. Andy - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Deny didn't work
Hi,
I tried both of the following methods to block an ip address, but neither
worked. In .htaccess, I put:
Order Deny,Allow
Deny from 123.123.123.123
and
RewriteCond %{REMOTE_ADDR} ^123.123.123.123
RewriteRule .* /maintenance.html [R=503,L]
(I do have the mod_rewrite module installed)
In both cases, I put the rules at the top of the file so that it would be
the first rules executed.
After each one, i did an apachectl stop, then apachectl start.
In both cases, when i monitored my site with the 'server-status' module,
the ip address was still there, with sometimes more than 30 requests, and
all for the same page, which was /login.php. And it continued to be
there for the next 30 minutes until it just dropped off, but i was doing
nothing to stop it at that point.
This method of blocking has worked for me in the past.
Is it possible for someone (ie a hacker…) to bypass my blocking method(s)?
Or is there something more I need to do?
Thank you,
Josh
Re: [users@httpd] Deny didn't work
What version of Apache are you using?
Apache 2.4 changed the access control directives unless you specifically
enable the old style: http://httpd.apache.org/docs/2.4/upgrading.html#access
Also, make sure you have the correct AllowOverride statements.
- Y
On Mon, May 4, 2015 at 7:33 PM, Joshua Smith wrote:
> Hi,
>
>
>
> I tried both of the following methods to block an ip address, but neither
> worked. In .htaccess, I put:
>
>
>
> Order Deny,Allow
>
> Deny from 123.123.123.123
>
>
>
> and
>
>
>
> RewriteCond %{REMOTE_ADDR} ^123.123.123.123
>
> RewriteRule .* /maintenance.html [R=503,L]
>
>
>
> (I do have the mod_rewrite module installed)
>
>
>
> In both cases, I put the rules at the top of the file so that it would be
> the first rules executed.
>
>
>
> After each one, i did an apachectl stop, then apachectl start.
>
>
>
> In both cases, when i monitored my site with the 'server-status' module,
> the ip address was still there, with sometimes more than 30 requests, and
> all for the same page, which was /login.php. And it continued to be
> there for the next 30 minutes until it just dropped off, but i was doing
> nothing to stop it at that point.
>
>
>
> This method of blocking has worked for me in the past.
>
>
>
> Is it possible for someone (ie a hacker…) to bypass my blocking
> method(s)? Or is there something more I need to do?
>
>
>
> Thank you,
>
> Josh
>
>
>
Re: [users@httpd] Deny didn't work
Also "allow/deny" (or the 2.4 equiv) directives only control whether
the server delivers the content, not whether the client can request
an item from the server. I.e., the indication of successful blocking
will be the response code changing from 200 to 403, but you'll still
likely see hits. If you want to block the client from hitting the
server you'd probably need to use firewall settings.
With your rewrite attempt, did you include a statement turning the
rewrite engine on?
Original Message
> Date: Monday, May 04, 2015 09:36:50 PM -0400
> From: Yehuda Katz
>
> What version of Apache are you using?
> Apache 2.4 changed the access control directives unless you
> specifically enable the old style:
> http://httpd.apache.org/docs/2.4/upgrading.html#access
>
> Also, make sure you have the correct AllowOverride statements.
>
> - Y
>
> On Mon, May 4, 2015 at 7:33 PM, Joshua Smith
> wrote:
>
>> Hi,
>>
>> I tried both of the following methods to block an ip address, but
>> neither worked. In .htaccess, I put:
>>
>> Order Deny,Allow
>> Deny from 123.123.123.123
>>
>> and
>>
>> RewriteCond %{REMOTE_ADDR} ^123.123.123.123
>> RewriteRule .* /maintenance.html [R=503,L]
>>
>> (I do have the mod_rewrite module installed)
>>
>> In both cases, I put the rules at the top of the file so that it
>> would be the first rules executed.
>>
>> After each one, i did an apachectl stop, then apachectl start.
>>
>> In both cases, when i monitored my site with the 'server-status'
>> module, the ip address was still there, with sometimes more than
>> 30 requests, and all for the same page, which was /login.php.
>> And it continued to be there for the next 30 minutes until it
>> just dropped off, but i was doing nothing to stop it at that
>> point.
>>
>> This method of blocking has worked for me in the past.
>>
>> Is it possible for someone (ie a hacker…) to bypass my blocking
>> method(s)? Or is there something more I need to do?
>>
>> Thank you,
>> Josh
>>
End Original Message
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
RE: [users@httpd] Deny didn't work
Thanks for your replies.
I'm using apache version 2.2.15 - so I guess I don't have to worry about the
2.4 changes.
I'll have to research AllowOverride
Very interesting - seems obvious now that you say it, but I didn't realize
my efforts were just blocking the response, not the request.
I tried an iptables rule and that seems to have worked.
Re the rewrite engine - also interesting ... I do have the RewriteEngine On
statement, but it's below the RewriteCond statement. Does that make a
difference? IE, does it process sequentially, and so the rewritecond
statements are just ignored unless they come after rewriteengine on ?
Thanks,
Josh
-Original Message-
From: Richard [mailto:lists-apa...@listmail.innovate.net]
Sent: Monday, May 04, 2015 20:27
To: users@httpd.apache.org
Subject: Re: [users@httpd] Deny didn't work
Also "allow/deny" (or the 2.4 equiv) directives only control whether the
server delivers the content, not whether the client can request an item from
the server. I.e., the indication of successful blocking will be the response
code changing from 200 to 403, but you'll still likely see hits. If you want
to block the client from hitting the server you'd probably need to use
firewall settings.
With your rewrite attempt, did you include a statement turning the rewrite
engine on?
Original Message
> Date: Monday, May 04, 2015 09:36:50 PM -0400
> From: Yehuda Katz
>
> What version of Apache are you using?
> Apache 2.4 changed the access control directives unless you
> specifically enable the old style:
> http://httpd.apache.org/docs/2.4/upgrading.html#access
>
> Also, make sure you have the correct AllowOverride statements.
>
> - Y
>
> On Mon, May 4, 2015 at 7:33 PM, Joshua Smith
> wrote:
>
>> Hi,
>>
>> I tried both of the following methods to block an ip address, but
>> neither worked. In .htaccess, I put:
>>
>> Order Deny,Allow
>> Deny from 123.123.123.123
>>
>> and
>>
>> RewriteCond %{REMOTE_ADDR} ^123.123.123.123 RewriteRule .*
>> /maintenance.html [R=503,L]
>>
>> (I do have the mod_rewrite module installed)
>>
>> In both cases, I put the rules at the top of the file so that it
>> would be the first rules executed.
>>
>> After each one, i did an apachectl stop, then apachectl start.
>>
>> In both cases, when i monitored my site with the 'server-status'
>> module, the ip address was still there, with sometimes more than
>> 30 requests, and all for the same page, which was /login.php.
>> And it continued to be there for the next 30 minutes until it just
>> dropped off, but i was doing nothing to stop it at that point.
>>
>> This method of blocking has worked for me in the past.
>>
>> Is it possible for someone (ie a hacker…) to bypass my blocking
>> method(s)? Or is there something more I need to do?
>>
>> Thank you,
>> Josh
>>
End Original Message
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
