At 03:19 PM 4/28/2005, Greg Ames wrote:
>[EMAIL PROTECTED] wrote:
>
>> * don't propagate input headers describing a body to a GET subrequest
>> with no body
>>@@ -219,12 +220,34 @@
>> -1: jerenkrantz (read_length isn't a sufficient check to see if a body
>>is
In the old days, apr lived in httpd/srclib. Now it can be anywhere, but ../apr
is a sensible alternative, hence buildconf's good choice of:
apr_src_dir="srclib/apr ../apr"
Let's say source directories are /zzz/httpd and /zzz/apr. buildconf will
happily find the apr source in ../apr, and copy ..
> I know that you hate further tips on doing this differently, but I would
> propose to
> simply lower the value of Timeout and KeepAliveTimeout to 3 seconds.
> Even if it would be possible to write a filter which does this job (which I
> doubt) you
> would have to define some kind of "Timeout" a
Ivan Barrera A. wrote:
[..cut..]
>>
>>
>>So run the mod_status data and count connections per IP address. This
>>will be way more reliable than any network-performance criteria, IMHO.
>>
There is already a module for this called mod_limitipcon. I did some
improvements
to it for myself and it
[EMAIL PROTECTED] wrote:
* don't propagate input headers describing a body to a GET subrequest
with no body
@@ -219,12 +220,34 @@
-1: jerenkrantz (read_length isn't a sufficient check to see if a body
is present in the request; presence of T-E and C-L in
>> That is true. But the idea beneath this, is detecting the atacckers.
>> Then, issuing the ip to a text file, which will be read by another
>> script that will fed the firewall to block connections.
>> Although it should increase the resources being used, it should be
>> minimal, as they aren't t
Ivan Barrera A. wrote:
That is true. But the idea beneath this, is detecting the atacckers.
Then, issuing the ip to a text file, which will be read by another
script that will fed the firewall to block connections.
Although it should increase the resources being used, it should be
minimal, as they
>> I've made my peace with trying to read a request byte to byte. However,
>> i'm still trying to get the time between line-input from sockets.
>> It is pretty easy to DoS Apache, with a small
>> (put-your-favorite-scripting-language-here) script, where i input a line
>> .. wait a little less that
Ivan Barrera A. wrote:
Hi..
I've made my peace with trying to read a request byte to byte. However,
i'm still trying to get the time between line-input from sockets.
It is pretty easy to DoS Apache, with a small
(put-your-favorite-scripting-language-here) script, where i input a line
.. wait a litt
Hi..
I've made my peace with trying to read a request byte to byte. However,
i'm still trying to get the time between line-input from sockets.
It is pretty easy to DoS Apache, with a small
(put-your-favorite-scripting-language-here) script, where i input a line
.. wait a little less that the timeo
Hi,
I'm facing an annoying issue during a PKI deployment and integration
within an organization.
The CA is created with the authority key identifier set as a critical
extension.
OpenSSL (including 0.9.7g) chokes (voluntarily) on critical extensions
and as a default issue an error such as "Cert
2.1 is logging a message for every connection which is closed with no
request sent: since that's exactly what the dummy_connection() does this
leaves a lot of weird-looking spam in the error_log when a server load
spike passes with prefork.
I think this should at least be downgraded to APLOG_DEBUG
12 matches
Mail list logo
