[users@httpd] Verizon Digital Voice
Verizon wants to replace my FIOS phone line with Digital Voice. I think this means my house phone will work over the internet. Does anyone have any experience with this? Advice would be much appreciated. Also, if you know a better place to post this query, please let me know. Thanks, Mike --- Michael D. Berger m.d.ber...@ieee.org <mailto:m.d.ber...@ieee.org> http://www.rosemike.net
Re: [users@httpd] Public viewing when it should be private
Thanks for the responses Daniel and Michael. I will look into those links and see where I get. On Wed, May 19, 2021, 11:42 PM Michael Wechner wrote: > Hi Michael > > I think it depends on your SSO app, more specifically what standards it > supports. > > For example you could use *mod_auth_kerb** and * > > *mod_auth_gssapi * > https://active-directory-wp.com/docs/Networking/Single_Sign_On/Kerberos_SSO_with_Apache_on_Linux.html > https://wiki.centos.org/HowTos/HttpKerberosAuth > > Another possibility might be to use JWT > > https://www.miniorange.com/apache-adfs-single-sign-on(sso) > > or > > https://github.com/zmartzone/mod_auth_openidc > > Also have a look at > > https://httpd.apache.org/docs/trunk/howto/auth.html > > I am not sure what other possibilities exist which work together with your > SSO app, but it might be less effort to just move your documentation into > your app servers. > > HTH > > Michael > > > > Am 20.05.21 um 06:46 schrieb Michael D.: > > Hello user group. > > I maintain a website that authenticates users through an internal > single-sign-on app. > > I have a documentation page that is publically viewable but I only want it > viewable after authentication. I've looked into .htaccess but I don't want > a separate login process for users to view documentation. I want them to be > able to login through our internal SSO and automatically have access to > those documents that are currently stored on the web server. > > Is this possible to do through Apache or should these static documentation > pages be put on our app servers and then served up for authenticated users? > > I'm not finding a way to avoid a second authentication process just to > view documentation that is private info for only authorized users > > (Fyi we have thousands of users that need access to this documentation.) > > >
[users@httpd] Public viewing when it should be private
Hello user group. I maintain a website that authenticates users through an internal single-sign-on app. I have a documentation page that is publically viewable but I only want it viewable after authentication. I've looked into .htaccess but I don't want a separate login process for users to view documentation. I want them to be able to login through our internal SSO and automatically have access to those documents that are currently stored on the web server. Is this possible to do through Apache or should these static documentation pages be put on our app servers and then served up for authenticated users? I'm not finding a way to avoid a second authentication process just to view documentation that is private info for only authorized users (Fyi we have thousands of users that need access to this documentation.)
RE: [users@httpd] Possible virus via httpd server
Problem solved, and it was not a virus. I have a complex cgi writen in C++. While DBAN was running, it occured to me that the binary file I was getting was around the same size as my cgi binary. After the reinstallation, diff informed that it was in fact the cgi I was getting, the notwithstanding the peculiar names. I reread the cgi documentation and spent some time trying variations in my config. I then decided to take a look at 01-cgi.conf, which is included in httpd.conf . There I read that what it did depended on the results of 00-mpm.config . I immediately (after wasting 2-3 days) suspected an order problem in the includes, and sure enough, they were out of order, which I corrected in under one minute. It now works with no problem. Thanks for your efforts and interest. Mike. -- Michael D. Berger m.d.ber...@ieee.org http://www.rosemike.net/ _ From: Michael D. Wood [mailto:m...@itsecuritypros.org] Sent: Monday, January 04, 2016 21:13 To: users@httpd.apache.org Subject: Re: [users@httpd] Possible virus via httpd server Interestinglet us know what you find. Sent from my iPhone On Jan 4, 2016, at 9:06 PM, Michael D. Berger <m.d.ber...@ieee.org> wrote: I don't think index.html was changed, but I only took a quick look. I have it backed up in a tgz file, so when the Linux box comes back up (maybe tomorrow), I'll take a closer look It is also possible that there was something wrong with httpd.config . It is quite complex, with numerous RewriteRule, etc. However, even when I commented out ALL the virtual hosts, the problem persisted. But if I left a simple vhost and put a RewiteRule that (for reasons that I don't know) it didn't like, then it returned a failure. When I put it back together, I'll build up httpd.config slowly. Thanks, Mike. -- Michael D. Berger m.d.ber...@ieee.org http://www.rosemike.net/ _ From: Michael D. Wood [mailto:m...@itsecuritypros.org] Sent: Monday, January 04, 2016 20:27 To: users@httpd.apache.org Subject: Re: [users@httpd] Possible virus via httpd server Was the index.html file modified in anyway? Did it call the executable? Any rewrites or any other files added to the path index.html resided? Sent from my iPhone On Jan 4, 2016, at 8:21 PM, Michael D. Berger <m.d.ber...@ieee.org> wrote: It was not overwritten. If you looked on the server, it was just fine. But an executable was delivered instead. In any case, it is gone with the wind -- DBAN is now running on the server. Hopefully, the reinstallation will work better. Mike. -- Michael D. Berger m.d.ber...@ieee.org http://www.rosemike.net/ _ From: Dino B. [mailto:mypascal2...@gmail.com] Sent: Monday, January 04, 2016 19:36 To: users@httpd.apache.org Subject: RE: [users@httpd] Possible virus via httpd server Hmmm, index. Html is just default page??? Strange that that it got overwritten by some executable -- Dino Buljubasic -- Dino Buljubasic Cell 604 441 3560 Please pardon my brevity - sent from my mobile device. Please excuse any typos. On Jan 4, 2016 12:38, "Michael D. Berger" <m.d.ber...@ieee.org> wrote: Following your suggestion, I made use of my daily backups to install the httpd.conf from two days ago, when all was well. The problem was the same. I tried sublitting a file to sophos, but I would have to join, and I am not ready for that. See also my next email. Still heading toward DBAN. Thanks, Mike. -- Michael D. Berger m.d.ber...@ieee.org http://www.rosemike.net/ > -Original Message- > From: Keith Roberts [mailto:keith.robe...@ecric.nhs.uk] > Sent: Monday, January 04, 2016 11:25 > To: users@httpd.apache.org > Subject: Re: [users@httpd] Possible virus via httpd server > > Hi Mike. > > You might like to send this to sophos for analysis: > > https://www.sophos.com/en-us/support/knowledgebase/11490.aspx > > As index.html is the default page if nothing else is > configured, has your httpd.conf file been modified to server > this binary file instead of index.html? > > HTH, > > Keith Roberts > > On 4 Jan 2016, at 16:18, Michael D. Berger > <m.d.ber...@ieee.org> wrote: > > > Warning: This message contains unverified links which may > not be safe. You should only click links if you are sure > they are from a trusted source. > > Examining with Lemmy (A Windows version of VI), it looks > like a binary file. > > Size is 181.4 KB. > > I am considering my favorite virus remover: DBAN, but it would take > > several days work to recover from that. > > > > Mike. > > -- > > Michael D. Berger > > m.d.ber...@ieee.org > > http://www.rosemike.net/ > > > > > >> -Original Message- > >> From: Daniel Beardsmore [mailto:dan...@trustnetworks.co.uk] > >> Sent: Monday, January 04, 2016 05:03 > >> To: us
RE: [users@httpd] Possible virus via httpd server
I tried the submission you suggest. It said it is an executable file, suitable for my Linux box. I don't think I am about to run it. Note that my ESET NOD32 virus software finds nothing wrong with it. Thanks, Mike. -- Michael D. Berger m.d.ber...@ieee.org http://www.rosemike.net/ > -Original Message- > From: Kent Frazier [mailto:frazier...@sbcglobal.net] > Sent: Monday, January 04, 2016 13:57 > To: users@httpd.apache.org > Subject: Re: [users@httpd] Possible virus via httpd server > > > You might try submitting the file at > https://www.virustotal.com and see what it detects. > > On 1/4/16 8:18 AM, Michael D. Berger wrote: > > Examining with Lemmy (A Windows version of VI), it looks > like a binary file. > > Size is 181.4 KB. > > I am considering my favorite virus remover: DBAN, but it would take > > several days work to recover from that. > > > > Mike. > > -- > > Michael D. Berger > > m.d.ber...@ieee.org > > http://www.rosemike.net/ > > > > > >> -Original Message- > >> From: Daniel Beardsmore [mailto:dan...@trustnetworks.co.uk] > >> Sent: Monday, January 04, 2016 05:03 > >> To: users@httpd.apache.org > >> Subject: RE: [users@httpd] Possible virus via httpd server > >> > >> Well, what do you see if you examine the file in a text editor? > >> > >>> -Original Message- > >>> From: Michael D. Berger [mailto:m.d.ber...@ieee.org] > >>> Sent: 04 January 2016 05:03 > >>> To: Apache-Users > >>> Subject: [users@httpd] Possible virus via httpd server > >>> > >>> Using my WinXP Firefox client to access my previously > working httpd > >>> 2.4 server on Fedora 23 gets a file named 1OfvyQ5L instead of my > >>> index.html . Do you think I have a virus on my Linux box? I did > >>> notice that my iptables is not as tight as it should be. > >>> > >>> -- > >>> Michael D. Berger > >>> m.d.ber...@ieee.org > >>> http://www.rosemike.net/ > >>> > >>> > >>> > >>> > >> > - > >> > >> > > > > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [users@httpd] Possible virus via httpd server
Following your suggestion, I made use of my daily backups to install the httpd.conf from two days ago, when all was well. The problem was the same. I tried sublitting a file to sophos, but I would have to join, and I am not ready for that. See also my next email. Still heading toward DBAN. Thanks, Mike. -- Michael D. Berger m.d.ber...@ieee.org http://www.rosemike.net/ > -Original Message- > From: Keith Roberts [mailto:keith.robe...@ecric.nhs.uk] > Sent: Monday, January 04, 2016 11:25 > To: users@httpd.apache.org > Subject: Re: [users@httpd] Possible virus via httpd server > > Hi Mike. > > You might like to send this to sophos for analysis: > > https://www.sophos.com/en-us/support/knowledgebase/11490.aspx > > As index.html is the default page if nothing else is > configured, has your httpd.conf file been modified to server > this binary file instead of index.html? > > HTH, > > Keith Roberts > > On 4 Jan 2016, at 16:18, Michael D. Berger > <m.d.ber...@ieee.org> wrote: > > > Warning: This message contains unverified links which may > not be safe. You should only click links if you are sure > they are from a trusted source. > > Examining with Lemmy (A Windows version of VI), it looks > like a binary file. > > Size is 181.4 KB. > > I am considering my favorite virus remover: DBAN, but it would take > > several days work to recover from that. > > > > Mike. > > -- > > Michael D. Berger > > m.d.ber...@ieee.org > > http://www.rosemike.net/ > > > > > >> -Original Message- > >> From: Daniel Beardsmore [mailto:dan...@trustnetworks.co.uk] > >> Sent: Monday, January 04, 2016 05:03 > >> To: users@httpd.apache.org > >> Subject: RE: [users@httpd] Possible virus via httpd server > >> > >> Well, what do you see if you examine the file in a text editor? > >> > >>> -Original Message- > >>> From: Michael D. Berger [mailto:m.d.ber...@ieee.org] > >>> Sent: 04 January 2016 05:03 > >>> To: Apache-Users > >>> Subject: [users@httpd] Possible virus via httpd server > >>> > >>> Using my WinXP Firefox client to access my previously > working httpd > >>> 2.4 server on Fedora 23 gets a file named 1OfvyQ5L instead of my > >>> index.html . Do you think I have a virus on my Linux box? I did > >>> notice that my iptables is not as tight as it should be. > >>> > >>> -- > >>> Michael D. Berger > >>> m.d.ber...@ieee.org > >>> http://www.rosemike.net/ > >>> > >>> > >>> > >>> > >> > - > >>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > >>> For additional commands, e-mail: users-h...@httpd.apache.org > >>> > >>> > >> > - > >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > >> For additional commands, e-mail: users-h...@httpd.apache.org > >> > > > > > > > - > > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > > For additional commands, e-mail: users-h...@httpd.apache.org > > > > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [users@httpd] Possible virus via httpd server
It was not overwritten. If you looked on the server, it was just fine. But an executable was delivered instead. In any case, it is gone with the wind -- DBAN is now running on the server. Hopefully, the reinstallation will work better. Mike. -- Michael D. Berger m.d.ber...@ieee.org http://www.rosemike.net/ _ From: Dino B. [mailto:mypascal2...@gmail.com] Sent: Monday, January 04, 2016 19:36 To: users@httpd.apache.org Subject: RE: [users@httpd] Possible virus via httpd server Hmmm, index. Html is just default page??? Strange that that it got overwritten by some executable -- Dino Buljubasic -- Dino Buljubasic Cell 604 441 3560 Please pardon my brevity - sent from my mobile device. Please excuse any typos. On Jan 4, 2016 12:38, "Michael D. Berger" <m.d.ber...@ieee.org> wrote: Following your suggestion, I made use of my daily backups to install the httpd.conf from two days ago, when all was well. The problem was the same. I tried sublitting a file to sophos, but I would have to join, and I am not ready for that. See also my next email. Still heading toward DBAN. Thanks, Mike. -- Michael D. Berger m.d.ber...@ieee.org http://www.rosemike.net/ > -Original Message- > From: Keith Roberts [mailto:keith.robe...@ecric.nhs.uk] > Sent: Monday, January 04, 2016 11:25 > To: users@httpd.apache.org > Subject: Re: [users@httpd] Possible virus via httpd server > > Hi Mike. > > You might like to send this to sophos for analysis: > > https://www.sophos.com/en-us/support/knowledgebase/11490.aspx > > As index.html is the default page if nothing else is > configured, has your httpd.conf file been modified to server > this binary file instead of index.html? > > HTH, > > Keith Roberts > > On 4 Jan 2016, at 16:18, Michael D. Berger > <m.d.ber...@ieee.org> wrote: > > > Warning: This message contains unverified links which may > not be safe. You should only click links if you are sure > they are from a trusted source. > > Examining with Lemmy (A Windows version of VI), it looks > like a binary file. > > Size is 181.4 KB. > > I am considering my favorite virus remover: DBAN, but it would take > > several days work to recover from that. > > > > Mike. > > -- > > Michael D. Berger > > m.d.ber...@ieee.org > > http://www.rosemike.net/ > > > > > >> -Original Message- > >> From: Daniel Beardsmore [mailto:dan...@trustnetworks.co.uk] > >> Sent: Monday, January 04, 2016 05:03 > >> To: users@httpd.apache.org > >> Subject: RE: [users@httpd] Possible virus via httpd server > >> > >> Well, what do you see if you examine the file in a text editor? > >> > >>> -Original Message- > >>> From: Michael D. Berger [mailto:m.d.ber...@ieee.org] > >>> Sent: 04 January 2016 05:03 > >>> To: Apache-Users > >>> Subject: [users@httpd] Possible virus via httpd server > >>> > >>> Using my WinXP Firefox client to access my previously > working httpd > >>> 2.4 server on Fedora 23 gets a file named 1OfvyQ5L instead of my > >>> index.html . Do you think I have a virus on my Linux box? I did > >>> notice that my iptables is not as tight as it should be. > >>> > >>> -- > >>> Michael D. Berger > >>> m.d.ber...@ieee.org > >>> http://www.rosemike.net/ > >>> > >>> > >>> > >>> > >> > - > >>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > >>> For additional commands, e-mail: users-h...@httpd.apache.org > >>> > >>> > >> > - > >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > >> For additional commands, e-mail: users-h...@httpd.apache.org > >> > > > > > > > - > > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > > For additional commands, e-mail: users-h...@httpd.apache.org > > > > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Possible virus via httpd server
Interestinglet us know what you find. Sent from my iPhone > On Jan 4, 2016, at 9:06 PM, Michael D. Berger <m.d.ber...@ieee.org> wrote: > > I don't think index.html was changed, but I only took a quick look. > I have it backed up in a tgz file, so when the Linux box comes back up > (maybe tomorrow), I'll take a closer look > > It is also possible that there was something wrong with httpd.config . > It is quite complex, with numerous RewriteRule, etc. However, even > when I commented out ALL the virtual hosts, the problem persisted. > But if I left a simple vhost and put a RewiteRule that (for reasons that I > don't > know) it didn't like, then it returned a failure. When I put it back > together, > I'll build up httpd.config slowly. > > Thanks, > Mike. > -- > Michael D. Berger > m.d.ber...@ieee.org > http://www.rosemike.net/ > > > From: Michael D. Wood [mailto:m...@itsecuritypros.org] > Sent: Monday, January 04, 2016 20:27 > To: users@httpd.apache.org > Subject: Re: [users@httpd] Possible virus via httpd server > > Was the index.html file modified in anyway? Did it call the executable? Any > rewrites or any other files added to the path index.html resided? > > Sent from my iPhone > >> On Jan 4, 2016, at 8:21 PM, Michael D. Berger <m.d.ber...@ieee.org> wrote: >> >> It was not overwritten. If you looked on the server, it was just fine. >> But an executable was delivered instead. In any case, it is gone >> with the wind -- DBAN is now running on the server. Hopefully, >> the reinstallation will work better. >> >> Mike. >> >> -- >> Michael D. Berger >> m.d.ber...@ieee.org >> http://www.rosemike.net/ >> >> >> >> From: Dino B. [mailto:mypascal2...@gmail.com] >> Sent: Monday, January 04, 2016 19:36 >> To: users@httpd.apache.org >> Subject: RE: [users@httpd] Possible virus via httpd server >> >> Hmmm, index. Html is just default page??? Strange that that it got >> overwritten by some executable >> >> -- >> Dino Buljubasic >> >> -- >> Dino Buljubasic >> Cell 604 441 3560 >> >> Please pardon my brevity - sent from my mobile device. Please excuse any >> typos. >> >>> On Jan 4, 2016 12:38, "Michael D. Berger" <m.d.ber...@ieee.org> wrote: >>> Following your suggestion, I made use of my daily backups to install >>> the httpd.conf from two days ago, when all was well. The problem was >>> the same. I tried sublitting a file to sophos, but I would have to >>> join, and I am not ready for that. See also my next email. >>> >>> Still heading toward DBAN. >>> >>> Thanks, >>> Mike. >>> >>> -- >>> Michael D. Berger >>> m.d.ber...@ieee.org >>> http://www.rosemike.net/ >>> >>> >>> > -Original Message- >>> > From: Keith Roberts [mailto:keith.robe...@ecric.nhs.uk] >>> > Sent: Monday, January 04, 2016 11:25 >>> > To: users@httpd.apache.org >>> > Subject: Re: [users@httpd] Possible virus via httpd server >>> > >>> > Hi Mike. >>> > >>> > You might like to send this to sophos for analysis: >>> > >>> > https://www.sophos.com/en-us/support/knowledgebase/11490.aspx >>> > >>> > As index.html is the default page if nothing else is >>> > configured, has your httpd.conf file been modified to server >>> > this binary file instead of index.html? >>> > >>> > HTH, >>> > >>> > Keith Roberts >>> > >>> > On 4 Jan 2016, at 16:18, Michael D. Berger >>> > <m.d.ber...@ieee.org> wrote: >>> > >>> > > Warning: This message contains unverified links which may >>> > not be safe. You should only click links if you are sure >>> > they are from a trusted source. >>> > > Examining with Lemmy (A Windows version of VI), it looks >>> > like a binary file. >>> > > Size is 181.4 KB. >>> > > I am considering my favorite virus remover: DBAN, but it would take >>> > > several days work to recover from that. >>> > > >>> > > Mike. >>> > > -- >>> > > Michael D. Berger >>> > > m.d.ber...@ieee.org >>> > > http://www.rosemike.net/ >>> > > >>> > > >>> > >>
Re: [users@httpd] Possible virus via httpd server
Was the index.html file modified in anyway? Did it call the executable? Any rewrites or any other files added to the path index.html resided? Sent from my iPhone > On Jan 4, 2016, at 8:21 PM, Michael D. Berger <m.d.ber...@ieee.org> wrote: > > It was not overwritten. If you looked on the server, it was just fine. > But an executable was delivered instead. In any case, it is gone > with the wind -- DBAN is now running on the server. Hopefully, > the reinstallation will work better. > > Mike. > > -- > Michael D. Berger > m.d.ber...@ieee.org > http://www.rosemike.net/ > > > > From: Dino B. [mailto:mypascal2...@gmail.com] > Sent: Monday, January 04, 2016 19:36 > To: users@httpd.apache.org > Subject: RE: [users@httpd] Possible virus via httpd server > > Hmmm, index. Html is just default page??? Strange that that it got > overwritten by some executable > > -- > Dino Buljubasic > > -- > Dino Buljubasic > Cell 604 441 3560 > > Please pardon my brevity - sent from my mobile device. Please excuse any > typos. > >> On Jan 4, 2016 12:38, "Michael D. Berger" <m.d.ber...@ieee.org> wrote: >> Following your suggestion, I made use of my daily backups to install >> the httpd.conf from two days ago, when all was well. The problem was >> the same. I tried sublitting a file to sophos, but I would have to >> join, and I am not ready for that. See also my next email. >> >> Still heading toward DBAN. >> >> Thanks, >> Mike. >> >> -- >> Michael D. Berger >> m.d.ber...@ieee.org >> http://www.rosemike.net/ >> >> >> > -Original Message- >> > From: Keith Roberts [mailto:keith.robe...@ecric.nhs.uk] >> > Sent: Monday, January 04, 2016 11:25 >> > To: users@httpd.apache.org >> > Subject: Re: [users@httpd] Possible virus via httpd server >> > >> > Hi Mike. >> > >> > You might like to send this to sophos for analysis: >> > >> > https://www.sophos.com/en-us/support/knowledgebase/11490.aspx >> > >> > As index.html is the default page if nothing else is >> > configured, has your httpd.conf file been modified to server >> > this binary file instead of index.html? >> > >> > HTH, >> > >> > Keith Roberts >> > >> > On 4 Jan 2016, at 16:18, Michael D. Berger >> > <m.d.ber...@ieee.org> wrote: >> > >> > > Warning: This message contains unverified links which may >> > not be safe. You should only click links if you are sure >> > they are from a trusted source. >> > > Examining with Lemmy (A Windows version of VI), it looks >> > like a binary file. >> > > Size is 181.4 KB. >> > > I am considering my favorite virus remover: DBAN, but it would take >> > > several days work to recover from that. >> > > >> > > Mike. >> > > -- >> > > Michael D. Berger >> > > m.d.ber...@ieee.org >> > > http://www.rosemike.net/ >> > > >> > > >> > >> -Original Message- >> > >> From: Daniel Beardsmore [mailto:dan...@trustnetworks.co.uk] >> > >> Sent: Monday, January 04, 2016 05:03 >> > >> To: users@httpd.apache.org >> > >> Subject: RE: [users@httpd] Possible virus via httpd server >> > >> >> > >> Well, what do you see if you examine the file in a text editor? >> > >> >> > >>> -Original Message- >> > >>> From: Michael D. Berger [mailto:m.d.ber...@ieee.org] >> > >>> Sent: 04 January 2016 05:03 >> > >>> To: Apache-Users >> > >>> Subject: [users@httpd] Possible virus via httpd server >> > >>> >> > >>> Using my WinXP Firefox client to access my previously >> > working httpd >> > >>> 2.4 server on Fedora 23 gets a file named 1OfvyQ5L instead of my >> > >>> index.html . Do you think I have a virus on my Linux box? I did >> > >>> notice that my iptables is not as tight as it should be. >> > >>> >> > >>> -- >> > >>> Michael D. Berger >> > >>> m.d.ber...@ieee.org >> > >>> http://www.rosemike.net/ >> > >>> >> > >>> >> > >>> >> > >>> >> > >> >> > - >> > >>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> > >>> For additional commands, e-mail: users-h...@httpd.apache.org >> > >>> >> > >>> >> > >> >> > - >> > >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> > >> For additional commands, e-mail: users-h...@httpd.apache.org >> > >> >> > > >> > > >> > > >> > - >> > > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> > > For additional commands, e-mail: users-h...@httpd.apache.org >> > > >> > >> > >> > - >> > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> > For additional commands, e-mail: users-h...@httpd.apache.org >> > >> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org
RE: [users@httpd] Possible virus via httpd server
I don't think index.html was changed, but I only took a quick look. I have it backed up in a tgz file, so when the Linux box comes back up (maybe tomorrow), I'll take a closer look It is also possible that there was something wrong with httpd.config . It is quite complex, with numerous RewriteRule, etc. However, even when I commented out ALL the virtual hosts, the problem persisted. But if I left a simple vhost and put a RewiteRule that (for reasons that I don't know) it didn't like, then it returned a failure. When I put it back together, I'll build up httpd.config slowly. Thanks, Mike. -- Michael D. Berger m.d.ber...@ieee.org http://www.rosemike.net/ _ From: Michael D. Wood [mailto:m...@itsecuritypros.org] Sent: Monday, January 04, 2016 20:27 To: users@httpd.apache.org Subject: Re: [users@httpd] Possible virus via httpd server Was the index.html file modified in anyway? Did it call the executable? Any rewrites or any other files added to the path index.html resided? Sent from my iPhone On Jan 4, 2016, at 8:21 PM, Michael D. Berger <m.d.ber...@ieee.org> wrote: It was not overwritten. If you looked on the server, it was just fine. But an executable was delivered instead. In any case, it is gone with the wind -- DBAN is now running on the server. Hopefully, the reinstallation will work better. Mike. -- Michael D. Berger m.d.ber...@ieee.org http://www.rosemike.net/ _ From: Dino B. [mailto:mypascal2...@gmail.com] Sent: Monday, January 04, 2016 19:36 To: users@httpd.apache.org Subject: RE: [users@httpd] Possible virus via httpd server Hmmm, index. Html is just default page??? Strange that that it got overwritten by some executable -- Dino Buljubasic -- Dino Buljubasic Cell 604 441 3560 Please pardon my brevity - sent from my mobile device. Please excuse any typos. On Jan 4, 2016 12:38, "Michael D. Berger" <m.d.ber...@ieee.org> wrote: Following your suggestion, I made use of my daily backups to install the httpd.conf from two days ago, when all was well. The problem was the same. I tried sublitting a file to sophos, but I would have to join, and I am not ready for that. See also my next email. Still heading toward DBAN. Thanks, Mike. -- Michael D. Berger m.d.ber...@ieee.org http://www.rosemike.net/ > -Original Message- > From: Keith Roberts [mailto:keith.robe...@ecric.nhs.uk] > Sent: Monday, January 04, 2016 11:25 > To: users@httpd.apache.org > Subject: Re: [users@httpd] Possible virus via httpd server > > Hi Mike. > > You might like to send this to sophos for analysis: > > https://www.sophos.com/en-us/support/knowledgebase/11490.aspx > > As index.html is the default page if nothing else is > configured, has your httpd.conf file been modified to server > this binary file instead of index.html? > > HTH, > > Keith Roberts > > On 4 Jan 2016, at 16:18, Michael D. Berger > <m.d.ber...@ieee.org> wrote: > > > Warning: This message contains unverified links which may > not be safe. You should only click links if you are sure > they are from a trusted source. > > Examining with Lemmy (A Windows version of VI), it looks > like a binary file. > > Size is 181.4 KB. > > I am considering my favorite virus remover: DBAN, but it would take > > several days work to recover from that. > > > > Mike. > > -- > > Michael D. Berger > > m.d.ber...@ieee.org > > http://www.rosemike.net/ > > > > > >> -Original Message- > >> From: Daniel Beardsmore [mailto:dan...@trustnetworks.co.uk] > >> Sent: Monday, January 04, 2016 05:03 > >> To: users@httpd.apache.org > >> Subject: RE: [users@httpd] Possible virus via httpd server > >> > >> Well, what do you see if you examine the file in a text editor? > >> > >>> -Original Message- > >>> From: Michael D. Berger [mailto:m.d.ber...@ieee.org] > >>> Sent: 04 January 2016 05:03 > >>> To: Apache-Users > >>> Subject: [users@httpd] Possible virus via httpd server > >>> > >>> Using my WinXP Firefox client to access my previously > working httpd > >>> 2.4 server on Fedora 23 gets a file named 1OfvyQ5L instead of my > >>> index.html . Do you think I have a virus on my Linux box? I did > >>> notice that my iptables is not as tight as it should be. > >>> > >>> -- > >>> Michael D. Berger > >>> m.d.ber...@ieee.org > >>> http://www.rosemike.net/ > >>> > >>> > >>> > >>> > >> > - > >>> To unsubscribe, e-mail: users-unsubscr...@httpd.ap
RE: [users@httpd] Possible virus via httpd server
Examining with Lemmy (A Windows version of VI), it looks like a binary file. Size is 181.4 KB. I am considering my favorite virus remover: DBAN, but it would take several days work to recover from that. Mike. -- Michael D. Berger m.d.ber...@ieee.org http://www.rosemike.net/ > -Original Message- > From: Daniel Beardsmore [mailto:dan...@trustnetworks.co.uk] > Sent: Monday, January 04, 2016 05:03 > To: users@httpd.apache.org > Subject: RE: [users@httpd] Possible virus via httpd server > > Well, what do you see if you examine the file in a text editor? > > > -Original Message- > > From: Michael D. Berger [mailto:m.d.ber...@ieee.org] > > Sent: 04 January 2016 05:03 > > To: Apache-Users > > Subject: [users@httpd] Possible virus via httpd server > > > > Using my WinXP Firefox client to access my previously working httpd > > 2.4 server on Fedora 23 gets a file named 1OfvyQ5L instead of my > > index.html . Do you think I have a virus on my Linux box? I did > > notice that my iptables is not as tight as it should be. > > > > -- > > Michael D. Berger > > m.d.ber...@ieee.org > > http://www.rosemike.net/ > > > > > > > > > - > > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > > For additional commands, e-mail: users-h...@httpd.apache.org > > > > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Possible virus via httpd server
Using my WinXP Firefox client to access my previously working httpd 2.4 server on Fedora 23 gets a file named 1OfvyQ5L instead of my index.html . Do you think I have a virus on my Linux box? I did notice that my iptables is not as tight as it should be. -- Michael D. Berger m.d.ber...@ieee.org http://www.rosemike.net/ - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [users@httpd] LogMessage not working
> -Original Message- > From: Rainer Jung [mailto:rainer.j...@kippdata.de] > Sent: Friday, January 01, 2016 19:07 > To: users@httpd.apache.org > Subject: Re: [users@httpd] LogMessage not working > > Am 01.01.2016 um 22:55 schrieb Michael D. Berger: > >> -Original Message- > >> From: Rainer Jung [mailto:rainer.j...@kippdata.de] > >> Sent: Friday, January 01, 2016 05:56 > >> To: users@httpd.apache.org > >> Subject: Re: [users@httpd] LogMessage not working > >> > >> Am 01.01.2016 um 03:55 schrieb Michael D. Berger: > >>> I am converting my old complex httpd.config from 2.2 to 2.4, and > >>> having numerous problems. I added mod_log_debug, but I > cannot get > >>> LogMessage to work. Here is one of numerous things I tried > >> inside a > >>> VirtualHost that is working up to a point: > >>> > >>> > >>> LogMessage "herebefore02 httpdViMn" > hook=type_checker expr=true > >>> > >>> > >>> The message does not appear the log files. I have seen > on the web > >>> that I have to "enable" mod_log_debug, but I have not seen > >> how to do > >>> that. > >>> > >>> Thanks for any advice. Perhaps there is another way to > >> print things > >>> from various parts of the config file? > >> > >> How is LogLevel set in your config? > >> > >> Quoting from the docs, the messages logged by mod_log_debug "are > >> logged at loglevel info." So if your server runs with "LogLevel > >> warn", they won't be logged. In that case use > >> > >> LogLevel warn log_debug:info > >> > >> instead, and start wth a simple > >> > >> > >> LogMessage "herebefore02 httpdViMn" > >> > >> > >> before trying more complex constructs. > >> > >> Regards, > >> > >> Rainer > > > > Thanks, but the above suggestions did not work. > > > > I also tried: > > > > LogLevel info > > > > which also didn't work. I did follow your suggestion for a > simpler message. > > FWIW, I forgot to mention that I am on Fedora 23. > > > > Any other suggestions? > > Do your requests actually hit the right vhost, the one into > which you had put the LogMessage? Can you see the request in > the access log if you add a separate access log in the same vhost? > > Or in case you put the LogMessage into the global server: > could it be that your request hits a vhost instead? > > Regards, > > Rainer Yes that was it! I was hitting the wrong vhost, which I confirmed by commenting out all the other vhosts. Problem solved. Thanks, Mike. -- Michael D. Berger m.d.ber...@ieee.org http://www.rosemike.net/ - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [users@httpd] LogMessage not working
> -Original Message- > From: Rainer Jung [mailto:rainer.j...@kippdata.de] > Sent: Friday, January 01, 2016 05:56 > To: users@httpd.apache.org > Subject: Re: [users@httpd] LogMessage not working > > Am 01.01.2016 um 03:55 schrieb Michael D. Berger: > > I am converting my old complex httpd.config from 2.2 to 2.4, and > > having numerous problems. I added mod_log_debug, but I cannot get > > LogMessage to work. Here is one of numerous things I tried > inside a > > VirtualHost that is working up to a point: > > > > > > LogMessage "herebefore02 httpdViMn" hook=type_checker expr=true > > > > > > The message does not appear the log files. I have seen on the web > > that I have to "enable" mod_log_debug, but I have not seen > how to do > > that. > > > > Thanks for any advice. Perhaps there is another way to > print things > > from various parts of the config file? > > How is LogLevel set in your config? > > Quoting from the docs, the messages logged by mod_log_debug > "are logged at loglevel info." So if your server runs with > "LogLevel warn", they won't be logged. In that case use > >LogLevel warn log_debug:info > > instead, and start wth a simple > > > LogMessage "herebefore02 httpdViMn" > > > before trying more complex constructs. > > Regards, > > Rainer Thanks, but the above suggestions did not work. I also tried: LogLevel info which also didn't work. I did follow your suggestion for a simpler message. FWIW, I forgot to mention that I am on Fedora 23. Any other suggestions? Mike. -- Michael D. Berger m.d.ber...@ieee.org http://www.rosemike.net/ - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] LogMessage not working
I am converting my old complex httpd.config from 2.2 to 2.4, and having numerous problems. I added mod_log_debug, but I cannot get LogMessage to work. Here is one of numerous things I tried inside a VirtualHost that is working up to a point: LogMessage "herebefore02 httpdViMn" hook=type_checker expr=true The message does not appear the log files. I have seen on the web that I have to "enable" mod_log_debug, but I have not seen how to do that. Thanks for any advice. Perhaps there is another way to print things from various parts of the config file? Happy New Year! Mike. -- Michael D. Berger m.d.ber...@ieee.org http://www.rosemike.net/ - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Re: apache service interruption
You could potentially deny legitimate users access. I limit so many connections per second per source IP. If I knew I were getting a ton of traffic from a University I would have to adjust it accordingly. The setting in pfsense is Maximum new connections / per second(s) - that's per IP. My site I wouldn't say is pegged with University traffic sharing the same IP. I'm just giving you examples and tailor to your needs. If you get a bunch of traffic from a shared IP, obviously, this would not be the best way to go. I try to mitigate using rate limiting. I don't like to wait for the traffic to pass to Apache and have to configure a module to fix it. Apache should be handling web requests, not having to deal with tons of traffic (bruteforce/DoS). I try to handle that stuff before it even gets passed to Apache. From the Cisco side you could implement ACL's and rate limiting. http://www.debian-administration.org/articles/187 On 08/02/2013 01:49 AM, Grant wrote: Truthfully, I've always limited connections from the source IP via a firewall before the traffic is even passed to apache. Do you do this only when under DoS attack or all the time? Won't you potentially prevent legitimate users from making a single connection if they're connecting with a shared IP from a university campus (for example)? How is this accomplished with iptables? - Grant Two different things come to mind. Kingcope found an Apache byterange vulnerability and the PoC code he wrote for it exhausts the resources on a server running Apache. Only 1 instance of his perl script had to be ran. LOIC is another that could possible DoS your server from one source. What IP address was hitting your box when this happened? I'd rather not post the IP if that's OK. I did notice my access_log entries were out of chronological order for the IP address in question. Does that indicate a Slowloris attack? Maybe it's just the result of the server bogging down in response to so many requests in a short amount of time. So I'm sure I understand, a regular browser or unsophisticated script shouldn't be able to interrupt apache service by simply requesting a large number of pages in a short amount of time? If not, how does apache prevent that from happening? - Grant You wouldn't keep a syn proxy rule enabled all the time; only under a DoS attack. You could also implement ModSecurity. ModSecurity looks good and I think it works with nginx as well as apache. Is everyone who isn't running OSSEC HIDS or ModSecurity vulnerable to a single client requesting too many pages and interrupting the service? - Grant Also, you should be able to limit simultaneous client connections with your firewall and pass the traffic in a syn proxy state. There are numerous ways to achieve this. Is that the best way to go besides OSSEC HIDS? I can imagine that sort of thing could cause problems. - Grant You can always compile from source ;) What version of Apache are you running? On 07/29/2013 02:59 AM, Grant wrote: Was it just an IP exhausting the apache service with too many connections? What do you see in the access logs? I use OSSEC HIDS on my apache servers to mitigate this. In the access log I see the same IP made many requests during the service interruption and I think that exhausted the apache service. It looks like there isn't a Gentoo ebuild for OSSEC HIDS. Is there another way to prevent this sort of thing? - Grant My server has 4GB RAM and uses nginx as a reverse proxy to apache. A little while ago my website became inaccessible for about 30 minutes. I checked my munin graphs and it looks like apache processes spiked to about 29 during this time which is many times greater than usual. I have MaxClients at 30 and the error log verifies that MaxClients was not reached. The strange part is system disk latency shows a spike during the interruption which is only very slightly greater than other spikes which did not interrupt service. System CPU, memory, and swap usage don't show anything interesting at all. Does this make sense to anyone? Should I decrease MaxClients? - Grant I've looked over my access_log and I can see there is a particular IP which was making many requests during the interruption. Since munin does not show there was an excessive amount of memory or CPU usage, lowering MaxClients won't help? - Grant - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Re: apache service interruption
Truthfully, I've always limited connections from the source IP via a firewall before the traffic is even passed to apache. On 08/01/2013 04:39 AM, Grant wrote: Two different things come to mind. Kingcope found an Apache byterange vulnerability and the PoC code he wrote for it exhausts the resources on a server running Apache. Only 1 instance of his perl script had to be ran. LOIC is another that could possible DoS your server from one source. What IP address was hitting your box when this happened? I'd rather not post the IP if that's OK. I did notice my access_log entries were out of chronological order for the IP address in question. Does that indicate a Slowloris attack? Maybe it's just the result of the server bogging down in response to so many requests in a short amount of time. So I'm sure I understand, a regular browser or unsophisticated script shouldn't be able to interrupt apache service by simply requesting a large number of pages in a short amount of time? If not, how does apache prevent that from happening? - Grant You wouldn't keep a syn proxy rule enabled all the time; only under a DoS attack. You could also implement ModSecurity. ModSecurity looks good and I think it works with nginx as well as apache. Is everyone who isn't running OSSEC HIDS or ModSecurity vulnerable to a single client requesting too many pages and interrupting the service? - Grant Also, you should be able to limit simultaneous client connections with your firewall and pass the traffic in a syn proxy state. There are numerous ways to achieve this. Is that the best way to go besides OSSEC HIDS? I can imagine that sort of thing could cause problems. - Grant You can always compile from source ;) What version of Apache are you running? On 07/29/2013 02:59 AM, Grant wrote: Was it just an IP exhausting the apache service with too many connections? What do you see in the access logs? I use OSSEC HIDS on my apache servers to mitigate this. In the access log I see the same IP made many requests during the service interruption and I think that exhausted the apache service. It looks like there isn't a Gentoo ebuild for OSSEC HIDS. Is there another way to prevent this sort of thing? - Grant My server has 4GB RAM and uses nginx as a reverse proxy to apache. A little while ago my website became inaccessible for about 30 minutes. I checked my munin graphs and it looks like apache processes spiked to about 29 during this time which is many times greater than usual. I have MaxClients at 30 and the error log verifies that MaxClients was not reached. The strange part is system disk latency shows a spike during the interruption which is only very slightly greater than other spikes which did not interrupt service. System CPU, memory, and swap usage don't show anything interesting at all. Does this make sense to anyone? Should I decrease MaxClients? - Grant I've looked over my access_log and I can see there is a particular IP which was making many requests during the interruption. Since munin does not show there was an excessive amount of memory or CPU usage, lowering MaxClients won't help? - Grant - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] substituting proxy
Burp Suite will do exactly this. http://portswigger.net/burp/ On 07/31/2013 06:04 AM, Robin Becker wrote: Not sure if I am using the right terminology, but I want to create a forward proxy that will allow me to substitute locally controlled content for some of the requests eg a specific remote javascript file (which I wish to debug). My normal approach would be to save all html using a browser, but this site is very dynamic with ajax etc and I am unable to save a decent replica. I imagine this can be done using a proxy setup with some specific requests being diverted to a local web server, but I'm not exactly sure how that should be done. I can set up a forward proxy easliy enough, but don't know how to get mod_rewrite or whatever to interfere with the proxy. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Re: apache service interruption
Two different things come to mind. Kingcope found an Apache byterange vulnerability and the PoC code he wrote for it exhausts the resources on a server running Apache. Only 1 instance of his perl script had to be ran. LOIC is another that could possible DoS your server from one source. What IP address was hitting your box when this happened? On 07/30/2013 02:25 AM, Grant wrote: You wouldn't keep a syn proxy rule enabled all the time; only under a DoS attack. You could also implement ModSecurity. ModSecurity looks good and I think it works with nginx as well as apache. Is everyone who isn't running OSSEC HIDS or ModSecurity vulnerable to a single client requesting too many pages and interrupting the service? - Grant Also, you should be able to limit simultaneous client connections with your firewall and pass the traffic in a syn proxy state. There are numerous ways to achieve this. Is that the best way to go besides OSSEC HIDS? I can imagine that sort of thing could cause problems. - Grant You can always compile from source ;) What version of Apache are you running? On 07/29/2013 02:59 AM, Grant wrote: Was it just an IP exhausting the apache service with too many connections? What do you see in the access logs? I use OSSEC HIDS on my apache servers to mitigate this. In the access log I see the same IP made many requests during the service interruption and I think that exhausted the apache service. It looks like there isn't a Gentoo ebuild for OSSEC HIDS. Is there another way to prevent this sort of thing? - Grant My server has 4GB RAM and uses nginx as a reverse proxy to apache. A little while ago my website became inaccessible for about 30 minutes. I checked my munin graphs and it looks like apache processes spiked to about 29 during this time which is many times greater than usual. I have MaxClients at 30 and the error log verifies that MaxClients was not reached. The strange part is system disk latency shows a spike during the interruption which is only very slightly greater than other spikes which did not interrupt service. System CPU, memory, and swap usage don't show anything interesting at all. Does this make sense to anyone? Should I decrease MaxClients? - Grant I've looked over my access_log and I can see there is a particular IP which was making many requests during the interruption. Since munin does not show there was an excessive amount of memory or CPU usage, lowering MaxClients won't help? - Grant - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Re: apache service interruption
You can always compile from source ;) What version of Apache are you running? On 07/29/2013 02:59 AM, Grant wrote: Was it just an IP exhausting the apache service with too many connections? What do you see in the access logs? I use OSSEC HIDS on my apache servers to mitigate this. In the access log I see the same IP made many requests during the service interruption and I think that exhausted the apache service. It looks like there isn't a Gentoo ebuild for OSSEC HIDS. Is there another way to prevent this sort of thing? - Grant My server has 4GB RAM and uses nginx as a reverse proxy to apache. A little while ago my website became inaccessible for about 30 minutes. I checked my munin graphs and it looks like apache processes spiked to about 29 during this time which is many times greater than usual. I have MaxClients at 30 and the error log verifies that MaxClients was not reached. The strange part is system disk latency shows a spike during the interruption which is only very slightly greater than other spikes which did not interrupt service. System CPU, memory, and swap usage don't show anything interesting at all. Does this make sense to anyone? Should I decrease MaxClients? - Grant I've looked over my access_log and I can see there is a particular IP which was making many requests during the interruption. Since munin does not show there was an excessive amount of memory or CPU usage, lowering MaxClients won't help? - Grant - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] SSL config - HTTPS not working
The only reason I asked was because I had done this before and had the virtualhost created for port 443 but forgot to a2ensite on the virtualhost. On 07/29/2013 02:59 AM, Yuvapriya s wrote: Yes.. I have configured Vhosts for port 443.. On Fri, Jul 26, 2013 at 2:56 PM, Michael D. Wood m...@itsecuritypros.org wrote: Do you have a virtual host configured for the site SSL/443? On 07/26/2013 05:15 AM, Yuvapriya s wrote: Hi We had done split deployment of apache and tomcat and we are trying to configure ssl on apache. Modified the httpd_ssl.conf file and uncommented the lines to include mod_ssl.so and the conf file in httpd.conf and restarted apache. Now we are getting below errors while loading the url https:/BOE/CMC - HTTP 403 Forbidden Error https:/BOE/BI - HTTP 404 Not Found Where as using http works fine for the same url When checked on the logs, found the below error messages. [client ::1] Directory index forbidden by Options directive: G:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs/BOE/CMC/ [client ::1] File does not exist: G:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs/BOE/BI Could you please help on what needs to be done to resolve the same? Thanks
Re: [users@httpd] Re: apache service interruption
Also, you should be able to limit simultaneous client connections with your firewall and pass the traffic in a syn proxy state. There are numerous ways to achieve this. On 07/29/2013 03:18 AM, Michael D. Wood wrote: You can always compile from source ;) What version of Apache are you running? On 07/29/2013 02:59 AM, Grant wrote: Was it just an IP exhausting the apache service with too many connections? What do you see in the access logs? I use OSSEC HIDS on my apache servers to mitigate this. In the access log I see the same IP made many requests during the service interruption and I think that exhausted the apache service. It looks like there isn't a Gentoo ebuild for OSSEC HIDS. Is there another way to prevent this sort of thing? - Grant My server has 4GB RAM and uses nginx as a reverse proxy to apache. A little while ago my website became inaccessible for about 30 minutes. I checked my munin graphs and it looks like apache processes spiked to about 29 during this time which is many times greater than usual. I have MaxClients at 30 and the error log verifies that MaxClients was not reached. The strange part is system disk latency shows a spike during the interruption which is only very slightly greater than other spikes which did not interrupt service. System CPU, memory, and swap usage don't show anything interesting at all. Does this make sense to anyone? Should I decrease MaxClients? - Grant I've looked over my access_log and I can see there is a particular IP which was making many requests during the interruption. Since munin does not show there was an excessive amount of memory or CPU usage, lowering MaxClients won't help? - Grant - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Re: apache service interruption
You wouldn't keep a syn proxy rule enabled all the time; only under a DoS attack. You could also implement ModSecurity. On 07/29/2013 02:07 PM, Grant wrote: Also, you should be able to limit simultaneous client connections with your firewall and pass the traffic in a syn proxy state. There are numerous ways to achieve this. Is that the best way to go besides OSSEC HIDS? I can imagine that sort of thing could cause problems. - Grant You can always compile from source ;) What version of Apache are you running? On 07/29/2013 02:59 AM, Grant wrote: Was it just an IP exhausting the apache service with too many connections? What do you see in the access logs? I use OSSEC HIDS on my apache servers to mitigate this. In the access log I see the same IP made many requests during the service interruption and I think that exhausted the apache service. It looks like there isn't a Gentoo ebuild for OSSEC HIDS. Is there another way to prevent this sort of thing? - Grant My server has 4GB RAM and uses nginx as a reverse proxy to apache. A little while ago my website became inaccessible for about 30 minutes. I checked my munin graphs and it looks like apache processes spiked to about 29 during this time which is many times greater than usual. I have MaxClients at 30 and the error log verifies that MaxClients was not reached. The strange part is system disk latency shows a spike during the interruption which is only very slightly greater than other spikes which did not interrupt service. System CPU, memory, and swap usage don't show anything interesting at all. Does this make sense to anyone? Should I decrease MaxClients? - Grant I've looked over my access_log and I can see there is a particular IP which was making many requests during the interruption. Since munin does not show there was an excessive amount of memory or CPU usage, lowering MaxClients won't help? - Grant - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Re: apache service interruption
Was it just an IP exhausting the apache service with too many connections? What do you see in the access logs? I use OSSEC HIDS on my apache servers to mitigate this. -- Sent from my mobile device Michael D. Wood www.itsecuritypros.org Grant emailgr...@gmail.com wrote: My server has 4GB RAM and uses nginx as a reverse proxy to apache. A little while ago my website became inaccessible for about 30 minutes. I checked my munin graphs and it looks like apache processes spiked to about 29 during this time which is many times greater than usual. I have MaxClients at 30 and the error log verifies that MaxClients was not reached. The strange part is system disk latency shows a spike during the interruption which is only very slightly greater than other spikes which did not interrupt service. System CPU, memory, and swap usage don't show anything interesting at all. Does this make sense to anyone? Should I decrease MaxClients? - Grant I've looked over my access_log and I can see there is a particular IP which was making many requests during the interruption. Since munin does not show there was an excessive amount of memory or CPU usage, lowering MaxClients won't help? - Grant - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] SSL config - HTTPS not working
Do you have a virtual host configured for the site SSL/443? On 07/26/2013 05:15 AM, Yuvapriya s wrote: Hi We had done split deployment of apache and tomcat and we are trying to configure ssl on apache. Modified the httpd_ssl.conf file and uncommented the lines to include mod_ssl.so and the conf file in httpd.conf and restarted apache. Now we are getting below errors while loading the url https:/BOE/CMC - HTTP 403 Forbidden Error https:/BOE/BI - HTTP 404 Not Found Where as using http works fine for the same url When checked on the logs, found the below error messages. [client ::1] Directory index forbidden by Options directive: G:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs/BOE/CMC/ [client ::1] File does not exist: G:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs/BOE/BI Could you please help on what needs to be done to resolve the same? Thanks
Re: [users@httpd] Router change issue
The new wireless router is configured the same way as your old router was? As in, the same network configuration and I'm assuming the server you have Apache running on has a static ip in the same network? Not much that has to change - port forward to your server running Apache. What are you getting when trying to access the site? Connection timed out, just doesn't connect at all? On 07/24/2013 05:02 PM, James Coyle wrote: I installed a new wireless router last night from Comcast. Previously I had been using an Apple Airport Extreme as a router along with a regular cable modem. I have duplicated the IP scheme on this new router and have opened up the appropriate port so that Apache can serve up my web site, but so far I have had no luck in getting the pages to display. As I said, I've confirmed that the correct port for my web hop via DYNDns is open (port 8102) and it is mapped to my internal IP address. I have not changed my Apache config file or anything else. The only thing I can think of here is that Apache is confused by the change in hardware since both the Airport Extreme and the new Comcast wireless router are/were using the same 10.0.0.x range of addresses. My old Airport is now in bridge mode and is not acting as a router. I am reluctant to call Comcast, first of all because they are Comcast, and secondly because they are now pushing a higher level of paid support that I'm not interested in. I'd appreciate any help anyone could provide. Thanks.
[users@httpd] RewriteCond to select by username
On my fedora 16 box using httpd.x86_64 2.2.21-1.fc16, using SSL, I tried: Directory whatever ... RewriteCond %{REMOTE_USER} ^mike$ RewriteRule something known to work ... /Directory and variations thereof. My intention is to have the RewriteRule run iff mike is logged on. It didn't work. Thanks for your advice. Mike. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [users@httpd] RewriteCond to select by username
-Original Message- From: Eric Covener [mailto:cove...@gmail.com] Sent: Saturday, July 13, 2013 12:43 To: users@httpd.apache.org Subject: Re: [users@httpd] RewriteCond to select by username On Sat, Jul 13, 2013 at 12:41 PM, Michael D. Berger m.d.ber...@ieee.org wrote: On my fedora 16 box using httpd.x86_64 2.2.21-1.fc16, using SSL, I tried: Directory whatever ... RewriteCond %{REMOTE_USER} ^mike$ RewriteRule something known to work ... /Directory and variations thereof. My intention is to have the RewriteRule run iff mike is logged on. It didn't work. Check out the Look-ahead examples in the manual. [...] Following this suggestion, I tried: RewriteCond %{LA-U:REMOTE_USER} ^mike$ and a few related things. It still fails. Thanks for additional information. Mike. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [users@httpd] RewriteCond to select by username FIXED
-Original Message- From: Michael D. Berger [mailto:m.d.ber...@ieee.org] Sent: Saturday, July 13, 2013 13:12 To: users@httpd.apache.org Subject: RE: [users@httpd] RewriteCond to select by username -Original Message- From: Eric Covener [mailto:cove...@gmail.com] Sent: Saturday, July 13, 2013 12:43 To: users@httpd.apache.org Subject: Re: [users@httpd] RewriteCond to select by username On Sat, Jul 13, 2013 at 12:41 PM, Michael D. Berger m.d.ber...@ieee.org wrote: On my fedora 16 box using httpd.x86_64 2.2.21-1.fc16, using SSL, I tried: Directory whatever ... RewriteCond %{REMOTE_USER} ^mike$ RewriteRule something known to work ... /Directory and variations thereof. My intention is to have the RewriteRule run iff mike is logged on. It didn't work. Check out the Look-ahead examples in the manual. [...] Following this suggestion, I tried: RewriteCond %{LA-U:REMOTE_USER} ^mike$ and a few related things. It still fails. Thanks for additional information. Mike. Correction: LA-U in fact solves the problem. The previous test was contaminated by another fix I forgot to remove. Thanks, Mike. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Chrome 300 Problem
Running: # rpm -q httpd httpd-2.2.3-31.el5.centos.4 On: # uname -a Linux mbrc20 2.6.18-164.15.1.el5 #1 SMP Wed Mar 17 11:37:14 EDT 2010 i686 athlon i386 GNU/Linux Accessing a directory: www.myplace.net/here/there/ where both here and there require httpd access, while www.myplace.net/ does not, Using Chrome, the user gets a 300 Multiple Choices response, (with no choices offered) while when using Firefox, there is no problem, and a proper login is requested. I note that the directory there contains numerous subdirectories, but only one other file: there/there.html . Any suggestions? Thanks, Mike. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] cannot run mod_status
On my CentOS 5 box with: #rpm -q httpd httpd-2.2.3-43.el5.centos.3 I tried to activate mod_status with: ExtendedStatus On Location /server-status SetHandler server-status Order deny,allow Deny from all Allow from 192.168.9.0/24 127.0.0.1 /Location I already have: LoadModule status_module modules/mod_status.so I tried access from the local box as well as another box on 192.168.9.0/24 . I get 403. Any suggestions on what to look at? BTW, I am using VirtualHost. Thanks, Mike. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Re: cannot run mod_status
On Tue, 05 Apr 2011 09:56:08 -0400, Yehuda Katz wrote: The first thing I always try is removing/commenting the access control directives, something like this: Location /server-status SetHandler server-status # Order deny,allow # Deny from all # Allow from 192.168.9.0/24 127.0.0.1 /Location Then you will know if it is a problem with those directives or somewhere else. Thanks. I tried it and I still get 403. Mike. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Re: cannot run mod_status
On Tue, 05 Apr 2011 10:31:01 -0400, Yehuda Katz wrote: Thanks. I tried it and I still get 403. The next thing that I try is explicitly setting Allow from all: Order allow,deny Allow from all Same result, 403 when I do: http://my.stuff.net/server-status I note that I also get 403 for: http://my.stuff.net/AnyOldJunk Since I have no file or directory named server-status, I assume that Apache is supposed to give this name special treatment, but it is not doing it. Mike. Mike. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Re: cannot run mod_status
On Tue, 05 Apr 2011 14:28:34 -0400, Yehuda Katz wrote: [[RESEND]] On Tue, Apr 5, 2011 at 10:43 AM, Michael D. Berger m_d_berger_1...@yahoo.com wrote: Same result, 403 when I do: /server-status I note that I also get 403 for: /AnyOldJunk Since I have no file or directory named server-status, I assume that Apache is supposed to give this name special treatment, but it is not doing it. You should get a 404 when you go to /AnyOldJunk, not a 403. Because you get a 403, there is probably some other configuration error in the vhost. [...] PROBLEM SOLVED. Following suggestion, I took a close look at VirtualHost. It was not the problem, but I note that the reason I get the 403 is because the last line in my VirtualHost is: RewriteRule ^.*$ - [F,L] It is the 'F' that generates the 403. To make the server-status work, in the VirtualHost I need: RewriteRule ^/server-status.*$ - [L] somewhere near the top. But that is not all. In Directory /var/www/html/www I need: RewriteRule ^server-status.*$ - [L] Note the difference in the '/' between VirtualHost and Directory. It must be exactly as shown or it will not work. Thanks again for your help. Mike. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[EMAIL PROTECTED] Problem with ./configure Apache 2.2.6
Hi, I'm having a problem installing a new webserver. I'm doing the exact same procedure that I've used in the past (v 2.0.55, 2.0.59, and 2.2.4), but it no longer seems to be working. I'm doing a custom layout. I've edited the config.layout file to match what I'd done in the past, copying the format used in that file. I'm using prefix: /usr/local/apache2 exec_prefix: ${prefix} bindir: ${exec_prefix}/bin I run the configure script: ./configure --enable-layout=myLayout ... I get the following error msg: configure: error: expected an absolute directory name for --bindir: NONE:/bin configure failed for srclib/apr What gives? Is this a bug? This worked perfectly for 2.2.4. If this functionality has been removed then all the stuff in config.layout will fail. Michael Reeves USAF Peterson AFB 719.556.4562 [EMAIL PROTECTED] The Project Uncertainty Principle: If you understand a project, you can't know it's cost. If you know the cost, you don't understand the project. ~~ Dilbert :-)
[EMAIL PROTECTED] RE: Problem with ./configure Apache 2.2.6
I did a little bit more playing around with this. If I put the full path in the bindir variable in the config.layout file (bindir: /usr/local/apache2/bin), I still get the exact same error message. Has anyone ever seen this before? Thanks greatly for any help on this Mike -Original Message- From: Reeves, Michael D Civ 517 SMXS/MXDEC [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 09, 2008 8:20 AM To: users@httpd.apache.org Subject: [EMAIL PROTECTED] Problem with ./configure Apache 2.2.6 Hi, I'm having a problem installing a new webserver. I'm doing the exact same procedure that I've used in the past (v 2.0.55, 2.0.59, and 2.2.4), but it no longer seems to be working. I'm doing a custom layout. I've edited the config.layout file to match what I'd done in the past, copying the format used in that file. I'm using prefix: /usr/local/apache2 exec_prefix: ${prefix} bindir: ${exec_prefix}/bin I run the configure script: ./configure --enable-layout=myLayout ... I get the following error msg: configure: error: expected an absolute directory name for --bindir: NONE:/bin configure failed for srclib/apr What gives? Is this a bug? This worked perfectly for 2.2.4. If this functionality has been removed then all the stuff in config.layout will fail. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] To upgrade or not to upgrade
You should not need an update to Apache to run PHP 5.2.x All you should need to do is rebuild/install PHP. To test, put a phpinfo() script in your root directory. If it runs, you can look at the top of the output and figure out which version of PHP you're accessing. -Original Message- From: Troy Moseley [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 09, 2008 1:09 PM To: users@httpd.apache.org Subject: [EMAIL PROTECTED] To upgrade or not to upgrade Good Day, I'm running Apache 2.0.47 (a OpenSA install) on a Windows 2000 Server Box. I need to be able to access our SQL 2000 server via a PHP or Perl script. I have already updated PHP to the latest version, do I also need to update Apache or should it work as is. If upgrading is my best option does anyone have a windows installer for Apache version 2.2.6 or some good installation instructions? Thanks Troy Moseley - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] apache problem with soft link
The appropriate directories all have SymLinksIfOwnerMatch (and all owners match). In my debugging effort I tried FollowSymLinks. In case the last link made might be the problem, changed the order by changing the first letter of the directory in question to upper case (they are usually lower case). It made no difference. Any suggestions would be much appreciated. Did you have at look at on your httpd's log? Could give more details regarding your set-up, like the relevante httpd.conf lines, path of your pictures directories, ... Regards, Gaƫl A good suggestion. The httpd logs show correct delivery, including an exactly correct file length, despite failure. This suggested that the problem might be on the receiving end. The failure is seen two two boxes of different hardware, but with similar win2k systems. I did test it with firefox on the server box using file:///... and it works correctly. I don't have another linux box I can test it with. The strangest thing is that the problem is critically dependent on the soft link name. I have tried numerous combinations, and can make no sense of it. For example: These fail: img src=Ad_land_small_1/01590004FS.jpg img src=ad_land_small_1/01590004FS.jpg Thess work: img src=Bd_land_small_1/01590004FS.jpg img src=a_land_small_1/01590004FS.jpg In all cases, the correct links are in place. You can see where my work-around is comming from. Thanks for your help. Mike. -- Michael D. Berger [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] apache problem with soft link
Using Fedora Core 2.6.14-1.1653_FC4 and apache httpd-2.0.54-10.3 I have a web site in which there are soft links from directories containing http files to directories containing jpg files. These links are all constructed using a simple installation script, and there are many such links. They all work except the last one that I added. The jpg file is properly displayed if I move it to the http directory, but not through the link. The appropriate directories all have SymLinksIfOwnerMatch (and all owners match). In my debugging effort I tried FollowSymLinks. In case the last link made might be the problem, changed the order by changing the first letter of the directory in question to upper case (they are usually lower case). It made no difference. Any suggestions would be much appreciated. Mike. -- Michael D. Berger [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] ServerAlias: length limit ???
Apache/1.3.33 ServerAlias [A] Is there a limit to how long a ServerAlias can be? Characters? Words? [B] Can I use multiple (more than one) ServerAlias line? For large numbers of aliases, this may improve readability and manageability. What do you think? -- Best Regards, mds mds resource 877.596.8237 - Dare to fix things before they break . . . - Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . -- signature.asc Description: Digital signature
RE: [EMAIL PROTECTED] unexpected RewriteRule behavior
[...] Do not change anything with picts in it. You might try prefacing the entire thing with RewriteRule picts - [L] For the rule above: Change to /index.cgi for: / anything that both begins and ends in /, i.e. /.*/ That might be: RewriteRule ^/$ /index.cgi [PT,QSA] RewriteRule ^/.+/$ /index.cgi [PT,QSA] Thanks for these suggestions; I'll try them. I note that on my system, QUERY_STRING appears if there are arguments, without the QSA specification. Why do you use PT rather than L? The other rule, not shown here, was incorrect. The corrected version is: RewriteRule ^/.*\.html(\?.*$)? /index.cgi$1 [L] This will call /index.cgi for any URL that begins in /, ends in .html, and optionally has argumenmts following a ?. If there are arguments, they will be passed to index.cgi. There's one problem with this approach. The arguments following a ? are not part of what you are allowed to consider in a RewriteRule. That is, RewriteRule considers the REQUEST_URI, not including the http:// or the hostname or the QUERY_STRING (the QUERY_STRING is the bit starting with the ?). If you want to retain the QUERY_STRING, you need to use the QSA flag (QUERY STRING APPEND) to do that. Granted, there's a chance that it appeared to be working anyway, because of the trailing ? making the whole thing optional. I have read that the arguments should not be used, and no doubt it is best to follow this directive. I note, however, that, as verified by debug logging, the arguments following ? do appear in argv of index.cgi (C++), suggesting that RewriteRule does see the arguments. Aside from that, I wonder if there is any reason not to use argv[0] to determine the current directory? (I note that in some cases other than those discussed here, , cgi is called from directories other than / .) [...] - -- Rich Bowen Mike. -- Michael D. Berger [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] unexpected RewriteRule behavior
-Original Message- From: Michael D. Berger [mailto:[EMAIL PROTECTED] [...] [...] From: Rich Bowen [mailto:[EMAIL PROTECTED] [...] Michael D. Berger wrote: The following: RewriteCond %{REQUEST_URI} !^.*/picts/.*$ RewriteRule ^/(.*/)?$ /index.cgi [L] sends GET /favicon.ico to index.cgi . I would not expect this because it does not appear to match any pattern. Wherein do I err? The REQUEST_URI is /favicon.ico, and this matches !^.*/picts/.*$ - that is, it's a string that doesn't contain /picts/ anywhere in it. It also matches the RewriteRule pattern ^/(.*/)?$ because it starts with a slash, and doesn't contain the optional something followed by a slash. So, according to this ruleset, it's supposed to rewrite that to /index.cgi So it seems that it's doing exactly what you asked for it to do. The real question is what you're trying to do with this rewrite ruleset, since that's not really evident. The picts line is functioning as expected. Such lines are handled differently elsewhere. With regard to the RewriteRule line, this is functioning correctly only of you ignore the '$' end-of-line anchor. From a linux box: echo // | grep -P ^/(.*/)?$ // echo / | grep -P ^/(.*/)?$ / echo /x.y | grep -P ^/(.*/)?$ echo /x.y/ | grep -P ^/(.*/)?$ /x.y/ Notice the one line that doesn't echo. BTW, this is exactly what I am trying to do. The question is why the difference between grep -P and RewriteRule? I have yet to follow the advice in another response and turn on logging. In my attempts to log the problem, I find that I cannot reproduce it. It is now functioning correctly. I added some more detail to the error log and we can only wait. Since my daily traffic averages about 5 legitimate hits, and 50 attacks (herbs: you are not alone), patience may be required. Mike. -- Michael D. Berger [EMAIL PROTECTED] [...] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] unexpected RewriteRule behavior
-Original Message- From: Rich Bowen [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 01, 2005 7:24 PM To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] unexpected RewriteRule behavior -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael D. Berger wrote: [...] From: Rich Bowen [mailto:[EMAIL PROTECTED] [...] Michael D. Berger wrote: The following: RewriteCond %{REQUEST_URI} !^.*/picts/.*$ RewriteRule ^/(.*/)?$ /index.cgi [L] ... The picts line is functioning as expected. Such lines are handled differently elsewhere. With regard to the RewriteRule line, this is functioning correctly only of you ignore the '$' end-of-line anchor. From a linux box: echo // | grep -P ^/(.*/)?$ // echo / | grep -P ^/(.*/)?$ / echo /x.y | grep -P ^/(.*/)?$ That's correct. It doesn't match, because the (.*/) is optional, and when it's *not* there, then the regex is equivalent to ^/$ - ie, it insists that it ends with the slash, which this string does not do. echo /x.y/ | grep -P ^/(.*/)?$ /x.y/ Notice the one line that doesn't echo. BTW, this is exactly what I am trying to do. The question is why the difference between grep -P and RewriteRule? I have yet to follow the advice in another response and turn on logging. I'm sorry, it's still not clear what you're trying to accomplish with these rules. Can you state in words what the rules are supposed to solve? - -- Rich Bowen [EMAIL PROTECTED] What the rules are supposed to solve is not relevant to this discussion. This is what they are supposed to do. Do not change anything with picts in it. For the rule above: Change to /index.cgi for: / anything that both begins and ends in /, i.e. /.*/ The other rule, not shown here, was incorrect. The corrected version is: RewriteRule ^/.*\.html(\?.*$)? /index.cgi$1 [L] This will call /index.cgi for any URL that begins in /, ends in .html, and optionally has argumenmts following a ?. If there are arguments, they will be passed to index.cgi. Perhaps there is difficulty because it is not obvious why I would want to do this. Suffice it to say that index.cgi is rather complex. Mike. -- Michael D. Berger [EMAIL PROTECTED] [...] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] unexpected RewriteRule behavior
The following: ... RewriteEngine on RewriteCond %{REQUEST_URI} !^.*/picts/.*$ RewriteRule ^/.*\.html(\?.*$)? /index.cgi$2 [L] RewriteCond %{REQUEST_URI} !^.*/picts/.*$ RewriteRule ^/(.*/)?$ /index.cgi [L] /VirtualHost sends GET /favicon.ico to index.cgi . I would not expect this because it does not appear to match any pattern. Wherein do I err? Thanks for your help. Mike. -- Michael D. Berger [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] unexpected RewriteRule behavior
Sorry, I forgot to mention: RH-E-WS-4 httpd-2.0.52-9.ent Mike. -- Michael D. Berger [EMAIL PROTECTED] -Original Message- From: Michael D. Berger [mailto:[EMAIL PROTECTED] Sent: Monday, October 31, 2005 9:24 PM To: Apache-Users Subject: [EMAIL PROTECTED] unexpected RewriteRule behavior The following: ... RewriteEngine on RewriteCond %{REQUEST_URI} !^.*/picts/.*$ RewriteRule ^/.*\.html(\?.*$)? /index.cgi$2 [L] RewriteCond %{REQUEST_URI} !^.*/picts/.*$ RewriteRule ^/(.*/)?$ /index.cgi [L] /VirtualHost sends GET /favicon.ico to index.cgi . I would not expect this because it does not appear to match any pattern. Wherein do I err? Thanks for your help. Mike. -- Michael D. Berger [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] NTLMSSP attacks
On RH-E-WS-4 using Apache 2.0 running a very small web site, using a virtual host and a cgi that sees all inputs, but only allows GET. I have been receiving NTLMSSP attacks as often as several per hour. Sniffing with tethereal, and examining with ethereal, I see: GET / HTTP/1.0\r\n Host: is visible Authorization: Negotiate apparent crypt followed by repeated nonsense NTLMSSP identifter: a few codes NTLM Message type: Unknown followed by some codes Unrecognized NTLMSSP Message a large amount of either apparent crypt or repeated nonsense in numerous continuation packets I respond as for a normal GET. I would like to: 1. Not respond. So far, the only way my cgi can distinguish these from my usual traffic is by the absence of both User-Agent and Accept headers. I tried several environment variables, but I have not been able to see the Authorization header. * Should I use the information I have to reject? * Is there a better way? 2. Drop the connection before I get the continuation packets. I can do this with Netfilter QUEUE, put this requires parsing many packets twice: once in Netfilter, and once in Apache. * Is there a way to detect the first attack packet and close the connection in Apache? Any other suggestions? Thanks in advance for your help. Mike. -- Michael D. Berger [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Block File Types
-Original Message- From: Joshua Slive [mailto:[EMAIL PROTECTED] Sent: Saturday, August 06, 2005 11:40 AM To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] Block File Types On 8/6/05, Michael D. Berger [EMAIL PROTECTED] wrote: I would like to prevent Apache 2.0 from sending any file of a particular type. In my VirtualHost I put: RewriteEngine on RewriteCond %{REQUEST_URI} ^.*notThis\?*$ RewriteRule ^.*$ /zzz [L] Is there a better way? FilesMatch ^.*notThis\?* Order Allow,Deny Deny from all /FilesMatch But watch for configuration merging issues (this could be overriden by Location sections). Also, I have no idea what the \? is supposed to be doing. Joshua. Thanks for this help; it works as advertised. The \?* deals with the situation in which there are arguments in the request. Experiment shows that with yout method, the \?* is not necessary. Mike. -- Michael D. Berger [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Block File Types
-Original Message- From: Joshua Slive [mailto:[EMAIL PROTECTED] Sent: Saturday, August 06, 2005 10:19 PM To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] Block File Types On 8/6/05, Michael D. Berger [EMAIL PROTECTED] wrote: Thanks for this help; it works as advertised. The \?* deals with the situation in which there are arguments in the request. Experiment shows that with yout method, the \?* is not necessary. I was afraid of that. The query string is not matched either in Files or in %{REQUEST_URI}. If you need to match against the query string, then you need to use mod_rewrite's %{QUERY_STRING} variable. But I guess in your case it doesn't matter. Joshua. You are correct. In this case, I only wanted to prevent the argument string from intefering with detection of the file I do not want to send. Should I perhaps use both methods, since in any case, I have the RewriteEngine running for other reasons? Thanks, Mike. -- Michael D. Berger [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[users@httpd] logging from cgi
In order to get logging from my cgi I proceeded as shown below. Is this correct? It did not seem to be working all of the time, but I am not sure. In syslog.conf: local0.* /var/log/httpd/cgi In c++ cgi: openlog(cgi,LOG_PID|LOG_NDELAY|LOG_NOWAIT,LOG_LOCAL0); syslog(LOG_INFO,entered); closelog(); Thanks, Mike. -- Michael D. Berger [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [users@httpd] Missing User-Agent:
-Original Message- From: Joshua Slive [mailto:[EMAIL PROTECTED] Sent: Sunday, June 05, 2005 9:52 PM To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] Missing User-Agent: On 6/5/05, Michael D. Berger [EMAIL PROTECTED] wrote: On 6/4/05, Michael D. Berger [EMAIL PROTECTED] wrote: I notice that Apache 2.0 rejects, with a 403, a GET that does not have a User-Agent header, and I to get some of these. Why do I get them? Why are they rejected? Apache 2 certainly does not do this by default. There must be someplace in your config that your are restricting based on User-Agent. Joshua. cd /etc/httpd/conf vi httpd.conf :set ignorecase /user /agent I find nothing in the config file that suggests this. What about Include'd config files? Other than that, you haven't mentioned the relevant error log and access log messages. You also haven't mentioned if you are running a proxy in front of apache, or if apache is proxying to another server, etc. As I said, apache doesn't do this by default. Joshua. I am using the configuration supplied with RH-E-W-3, with a few changes, inclusing a virtual host and blocking of directory listing. As you can see from the log lines below, the block of directory listing is involved. It is as if when a User-Agent is not supplied, it tries to list the direcory, even though there is an index.html. Why would this be? I don't know about the Include'd config files -- whatever RH set up. Sorry for the long silence. Mike. halls-129-31-65-108.hor.ic.ac.uk - - [07/Jun/2005:09:42:01 -0400] GET / HTTP/1.1 200 808 - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.8) Gecko/20050511 Firefox/1.0.4 adsl-68-72-134-32.dsl.chcgil.ameritech.net - - [07/Jun/2005:13:52:47 -0400] GET / HTTP/1.0 403 202 - - [Tue Jun 07 13:52:47 2005] [error] [client 68.72.134.32] Directory index forbidden by rule: /var/www/html/ -- Michael D. Berger [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [users@httpd] Newbie CGI: nested href
Problem solved by pathcing the href in the outgoing response. Mike. -- Michael D. Berger [EMAIL PROTECTED] -Original Message- From: Michael D. Berger [mailto:[EMAIL PROTECTED] Sent: Saturday, June 04, 2005 12:34 AM To: users@httpd.apache.org Subject: RE: [EMAIL PROTECTED] Newbie CGI: nested href I have a legacy tree with numerous branches, and many relative links. I was hoping to get it all with one CGI. Mike. -- Michael D. Berger [EMAIL PROTECTED] -Original Message- From: Dan Mahoney, System Admin [mailto:[EMAIL PROTECTED] Sent: Saturday, June 04, 2005 12:32 AM To: Apache-Users Subject: Re: [EMAIL PROTECTED] Newbie CGI: nested href On Sat, 4 Jun 2005, Michael D. Berger wrote: Try putting the cgi in the same directory as the html file and turning on execCGI in that directory? That's the easy answer. I suppose there's something harder involving mod_rewrite. But since you're parsing the html anyway, you could rewrite them on the fly, too. Your call. I wrote a CGI that opens an html file, reads it and sends it out (with some modification). Now these files contain relative links of the form: a href=someFile.htmlsomething/a Now when the client clicks on something, only the relative paths appear to the CGI, and I cannot open the file. What should I do? 1. I could carry the last path in a cookie and construct the full path. But this would only work for nodes that accept cookies. 2. I could change all the paths to absolute. Much much work. Any better suggestions? Thanks in advance. Mike. -- Michael D. Berger [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- [23:49:00] LarpGM: Did my little TP comment scare you off? [23:49:22] ilzarion: no, the shrieking retarded child eating people did -Feb 06, 2001, times apparent. Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org --- - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [users@httpd] Newbie CGI: nested href
Indeed, one non-standard link had to be corrected. Later I'll run find...grep to check for other problems. Mike. -- Michael D. Berger [EMAIL PROTECTED] -Original Message- From: Dan Mahoney, System Admin [mailto:[EMAIL PROTECTED] Sent: Saturday, June 04, 2005 10:37 AM To: users@httpd.apache.org Subject: RE: [EMAIL PROTECTED] Newbie CGI: nested href On Sat, 4 Jun 2005, Michael D. Berger wrote: Problem solved by pathcing the href in the outgoing response. Mike. It was either that, or come up with some complex mod_rewrite answer so your users wouldn't see the cgi url but rather the url of some page. I figured just tweaking the links (as long as you knew their style to be consistent) was easiest, even if it's not the correct answer. -Dan -- Michael D. Berger [EMAIL PROTECTED] -Original Message- From: Michael D. Berger [mailto:[EMAIL PROTECTED] Sent: Saturday, June 04, 2005 12:34 AM To: users@httpd.apache.org Subject: RE: [EMAIL PROTECTED] Newbie CGI: nested href I have a legacy tree with numerous branches, and many relative links. I was hoping to get it all with one CGI. Mike. -- Michael D. Berger [EMAIL PROTECTED] -Original Message- From: Dan Mahoney, System Admin [mailto:[EMAIL PROTECTED] Sent: Saturday, June 04, 2005 12:32 AM To: Apache-Users Subject: Re: [EMAIL PROTECTED] Newbie CGI: nested href On Sat, 4 Jun 2005, Michael D. Berger wrote: Try putting the cgi in the same directory as the html file and turning on execCGI in that directory? That's the easy answer. I suppose there's something harder involving mod_rewrite. But since you're parsing the html anyway, you could rewrite them on the fly, too. Your call. I wrote a CGI that opens an html file, reads it and sends it out (with some modification). Now these files contain relative links of the form: a href=someFile.htmlsomething/a Now when the client clicks on something, only the relative paths appear to the CGI, and I cannot open the file. What should I do? 1. I could carry the last path in a cookie and construct the full path. But this would only work for nodes that accept cookies. 2. I could change all the paths to absolute. Much much work. Any better suggestions? Thanks in advance. Mike. -- Michael D. Berger [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- [23:49:00] LarpGM: Did my little TP comment scare you off? [23:49:22] ilzarion: no, the shrieking retarded child eating people did -Feb 06, 2001, times apparent. Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org --- - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- What's with the server farm down in the basement? -Spider, Three Skulls Commons at Selden House, 4/15/00 Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org --- - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official
[users@httpd] X's in HTTP GET
Here is an excerpt from a GET packet from IE-6.0-SP-1 on Win2k: Accept-Language: en-us\r\n XXX: X\r\n User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)\r\n What are all these X's? Thanks, Mike. -- Michael D. Berger [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[users@httpd] Newbie CGI: nested href
I wrote a CGI that opens an html file, reads it and sends it out (with some modification). Now these files contain relative links of the form: a href=someFile.htmlsomething/a Now when the client clicks on something, only the relative paths appear to the CGI, and I cannot open the file. What should I do? 1. I could carry the last path in a cookie and construct the full path. But this would only work for nodes that accept cookies. 2. I could change all the paths to absolute. Much much work. Any better suggestions? Thanks in advance. Mike. -- Michael D. Berger [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [users@httpd] Newbie CGI: nested href
I have a legacy tree with numerous branches, and many relative links. I was hoping to get it all with one CGI. Mike. -- Michael D. Berger [EMAIL PROTECTED] -Original Message- From: Dan Mahoney, System Admin [mailto:[EMAIL PROTECTED] Sent: Saturday, June 04, 2005 12:32 AM To: Apache-Users Subject: Re: [EMAIL PROTECTED] Newbie CGI: nested href On Sat, 4 Jun 2005, Michael D. Berger wrote: Try putting the cgi in the same directory as the html file and turning on execCGI in that directory? That's the easy answer. I suppose there's something harder involving mod_rewrite. But since you're parsing the html anyway, you could rewrite them on the fly, too. Your call. I wrote a CGI that opens an html file, reads it and sends it out (with some modification). Now these files contain relative links of the form: a href=someFile.htmlsomething/a Now when the client clicks on something, only the relative paths appear to the CGI, and I cannot open the file. What should I do? 1. I could carry the last path in a cookie and construct the full path. But this would only work for nodes that accept cookies. 2. I could change all the paths to absolute. Much much work. Any better suggestions? Thanks in advance. Mike. -- Michael D. Berger [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- [23:49:00] LarpGM: Did my little TP comment scare you off? [23:49:22] ilzarion: no, the shrieking retarded child eating people did -Feb 06, 2001, times apparent. Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org --- - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [users@httpd] one cookie for all html
-Original Message- From: Joshua Slive [mailto:[EMAIL PROTECTED] Sent: Sunday, May 22, 2005 12:01 PM To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] one cookie for all html On 5/20/05, Michael D. Berger [EMAIL PROTECTED] wrote: I would like to manage one cookie for all the myriad files in my tree. This would be easy if the one cgi script in the root were called irrespective of the contents of the GET. Can this be done? How? This can be done with Action, ScriptAlias, or RewriteRule, depending on your needs. (They increase with flexibility and complexity in that order.) For example: ScriptAlias / /full/filesystem/path/to/cgiscript.cgi (Note this will hit .gif/.jpg/etc as well as html requests.) Joshua. Thanks for this information. I read up on RewriteRule, and I now have it working in a preliminary way. Any URI calls my one cgi. HOWEVER, I get a different cookie file name on the client for each URI. I would like the same cookie file on the client for all URIs. Can this be done? The client is IE 6.0. Thanks again for your help. Mike. -- Michael D. Berger [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[users@httpd] Redhat WS compime problem
I downloaded httpd-2.0.54.tar.gz and I am using it to replace the present version on RH-E-WS-4. My main reason is to get --enable-ext-filter. Here is my config command: ./configure --prefix=/usr --enable-expires --enable-ext-filter --enable-headers --enable-logio I then: make make install There is plenty of action, but my old version is not replaced. For what it is worth, in the make directory, I note a new file named httpd, with a size of 6389. This seems rather small. Thanks in advance for your advice. Mike. -- Michael D. Berger [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[users@httpd] one cookie for all html
I would like to manage one cookie for all the myriad files in my tree. This would be easy if the one cgi script in the root were called irrespective of the contents of the GET. Can this be done? How? Thanks, Mike. -- Michael D. Berger [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]