"Jeffrey W. Baker" wrote:
On Tue, 4 Apr 2000, BT wrote:
I've generally created a cgi script per page. Is that a mistake?
(I embed the perl in my html so I can edit pages with an html editor)
I need a better technique for invoking traversals to other pages.
Right now all I can do is
From: Gunther Birznieks [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: Nicolas MONNET [EMAIL PROTECTED]
CC: Valter Mazzola [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: NT/IIS/PerlEx vs ASP : stupid benckmark
Date: Thu, 06 Apr 2000 22:03:12 -0400
It may be a "stupid" benchmark. But no
hi,
I was wondering how to map PerlTransHandler only for certain type of files.
( I'm doing URI rewriting not URI-filename translation ?!!)
Something like :
Location
Files ~ "xml$"
PerlTransHandler Apache::MyHandler
/Files
/Location
Yes I know this is wrong...can this be done in some
On Fri, 7 Apr 2000, Mark Imbriaco wrote:
|That opens up a nasty Denial of Service attack though. All I have to do
|is try to log into the "gunther" account three times in rapid succession
|with a bogus password, and WHAM, the real Gunther is locked out. Granted,
|it's possible to work around
[EMAIL PROTECTED] (Mark Imbriaco) wrote:
On Thu, 6 Apr 2000, Gunther Birznieks wrote:
Vivek,
Is it possible that a special auth handler could be written that
stores the number of bad authorizations for a userid and the last
time of the hit in a DBM file for quick lookup? Then, configure
[EMAIL PROTECTED] (Ken Williams) wrote:
I should point out that if someone feels the need to use a 3-strikes system,
then cookies are inherently a bad decision unless you get really fancy.
And I should amend my statement to say that cookies can be a good idea in this
case (and lots of others),
hi,
I was wondering how to map PerlTransHandler only for certain type of files.
( I'm doing URI rewriting not URI-filename translation ?!!)
Something like :
Location
Files ~ "xml$"
PerlTransHandler Apache::MyHandler
/Files
/Location
Yes I know this is wrong...can this be
On Fri, 7 Apr 2000, Gunther Birznieks wrote:
Yeah, but this is the same with any X strikes solution on any other
platform. It's a tradeoff. One would assume that if a DoS were being
played, that other information would be gathered about the person doing a
DoS.
According to that theory,
Ahem, now if we have to take AOL users into account ... j/k.
Actually, I don't see how cookies could be implemented; if the attacker
rejects cookies, how are you going to do it? ...
On Fri, 7 Apr 2000, Mark Imbriaco wrote:
|What about folks who are behind proxies? (ie: AOL) It is not all
Also, some legitimate people turn off cookies. In addition, weird browsers
(especially PDAs with limited memory) tend not to implement cookies. So those
are considerations for locking out users that may be legitimate.
However, I would rather think that the cookies would be an advisory security
Hi, I also changed Perl to 5.005_03, and this problem still exists, so I
think it is the problem between Apache 1.3.12, mod_perl 1.22, and DBI or
DBD::mysql. More likely, I think it is with DBI, because if I put
"PerlModule Apache::DBI" in my httpd.conf, this error will also occur if I
visit an
"Rusty" == Rusty Foster [EMAIL PROTECTED] writes:
Rusty NameVirtualHost 216.181.35.174 # IP of www.kuro5hin.org
Rusty # Redirect all hostless requests to www VHost
Rusty VirtualHost 216.181.35.174
Rusty ServerName kuro5hin.org
Rusty Redirect permanent / http://www.kuro5hin.org/
Rusty
"Drew" == Drew Taylor [EMAIL PROTECTED] writes:
Drew The dual VirtualHost configuration is exactly the solution I will take! It
Drew will also apply it to the main domain as well - thinkstock.com, .org, and
Drew .net. That will solve my problem, as well as any future ones, and I can
Drew just
"Christopher" == Christopher Taranto [EMAIL PROTECTED] writes:
Christopher Well, this is my personal hack to generate an id based on
Christopher some code by Randal Schwartz.
Uh, what part of it was based on my code? I didn't recognize
*anything* there, especially not the "map in a void
"NM" == Nicolas MONNET [EMAIL PROTECTED] writes:
NM |it's possible to work around this, but the best way is probably going to
NM |be cookie based like Vivek suggested.
NM Obviously, you want to count attempts PER IP addresses.
You don't deal much with AOL or MSN proxies do ya? Millions of
use IPO::Shareable qw(:NYSE);
my $ipo = IPO::Shareable-new($company);
$ipo-is_internet();
hype $ipo; # dangerous indirect syntax!
my $shares = $ipo-invest($LITTLE);
$ipo-inflate($HUGE); # Note that HUGE is not really a constant
$ipo-sell($shares); # may need to use
Randal,
Thanks for the tip. So my question is: what is the best solution? I want
to redirect http://cloudstock.com/ to http://www.cloudstock.com/.
Should I take out the permanent in the Redirect directive? Should the
www entry come first? Do I need to get another IP address?
Or do you know
On Fri, 7 Apr 2000, Drew Taylor wrote:
Randal,
Thanks for the tip. So my question is: what is the best solution? I want
to redirect http://cloudstock.com/ to http://www.cloudstock.com/.
Should I take out the permanent in the Redirect directive? Should the
www entry come first? Do I need
I want to call traceroute to the remote_host from within a mod_perl
script, being a C/C++ programmer I don't the best way to do that. Is
there a traceroute object I could use? If so, how? Otherwise how do I
run traceroute from within a perl script?
Sam
I think I'll follow this path. You mean turn the string into a number using
the chr value?
Marshall Dudley wrote:
The easiest way to do a crypt with plain vanilla 4 funtion math is to turn
the string into a number, then divide the number by a large prime number.
Then take the decimal part of
On Fri, 7 Apr 2000, Sam Carleton wrote:
I want to call traceroute to the remote_host from within a mod_perl
script, being a C/C++ programmer I don't the best way to do that. Is
there a traceroute object I could use? If so, how? Otherwise how do I
run traceroute from within a perl script?
Steven Champeon wrote:
On Fri, 7 Apr 2000, Sam Carleton wrote:
I want to call traceroute to the remote_host from within a mod_perl
script, being a C/C++ programmer I don't the best way to do that. Is
there a traceroute object I could use? If so, how? Otherwise how do I
run traceroute
Why not track IP instead of user name in failed attempts? e.g. Lock out IP
www.xxx.yyy.zzz for an hour if it makes 6 successive bad attempts?
I realize the attacker could change his IP, but that takes time.
I realize that two people can share an IP (e.g. proxy users), it opens for
the
On Apr 07, Randal L. Schwartz wrote:
I think this also suffers from placing the burden on the client. The
[R] there with an external rewrite means that the client will get
redirected if it doesn't tell you the right "Host:" header. But
HTTP/1.0 and older browsers (and some spiders) will NOT
Jim Winstead wrote:
An important point is that although "Host:" wasn't required until
HTTP/1.1, all of the common browsers have sent it with 1.0 requests
for some time.
Yes, but I've had problems with corporate proxy servers that don't send
it.
- Perrin
I would recompile all of your perl from scratch, as
well as modperl apache. The RedHat guys are notorious
for building perls and modperl that don't work sometimes.
--Joshua
Yu Di wrote:
Hi, I also changed Perl to 5.005_03, and this problem still exists, so I
think it is the problem
Oops. Meant to send this to the list. :-)
Bill Moseley wrote:
At 07:29 PM 04/06/00 -0400, Rusty Foster wrote:
What I ended up doing was targeting cookies at a host (i.e.
domain=www.kuro5hin.org), and setting up VirtualHost sections as
follows:
NameVirtualHost 216.181.35.174 # IP of
According to John Darrow:
I need to be able to run the same sets of pages in several different
environments (basically just different environment variables). The problem
is that once a process is initiated in a certain environment it can't be
changed for the life of the process. The first
I got this from the URL I mentioned in a previous post. I have modified
it a bit to what looks like a solution. I guessing that the condition
are met w/ no Host: header or a Host: cloudstock.com header. It looks
like it would solve the no Host: header problem as well as do my primary
task of
I'm using Apache::Session within a large Web application (consisting of many
scripts). We also have multiple developers on this project, some of whom
are junior developers with only a bit of mod_perl experience.
In any case, I've written a custom session package that wraps to
Apache::Session.
On Fri, 7 Apr 2000, Russell D. Weiss wrote:
I'm using Apache::Session within a large Web application (consisting of many
scripts). We also have multiple developers on this project, some of whom
are junior developers with only a bit of mod_perl experience.
In any case, I've written a
One of the reasons that I always like the nph- construction is that is
showed the traceroute 'live' like it would from a console. Last I checked
perl doesn't show the traceroute result until the sessions complete which
could be a long time if there is trouble in the trace. Did you find a way
to
Dear Mod_Perl'lers
I hate to bug the list with this simple problem, but I am at my wits end. I
have The Good Book (Aka: Apache Modules with Perl and C. Aka: The Eagle
Book) but have some questions that are just killing me.
I would like to do something like the program on page 104 - 110 and also
At 1:01 PM -0400 4/7/00, Rusty Foster wrote:
Oops. Meant to send this to the list. :-)
you recall that the original problem was cookies. I had to target my
cookies to 'www.kuro5hin.org', because there are other virtual hosts in
the same domain that get a different cookie with the same name. They
It would appear, from the lack of response to this message, that I've
either asked:
1) a really dumb question that's been beaten to death and I just haven't
noticed the previous thread.
or
2) a really hard question that no one has the answer to. (Given
On Fri, 7 Apr 2000, Russell D. Weiss wrote:
Normally, this works great. No problem at all. This object goes out of
scope at the end of the script (it's scoped lexically with "my"). It also
goes out of scope when "die" is explicitly called. If I add "die 'Blah blah
blah'" to an app, things
you are calling Apache::Request-new incorrectly - see the docs :)
-Original Message-
From: Jason Murphy [mailto:[EMAIL PROTECTED]]
Sent: Friday, April 07, 2000 2:07 PM
To: [EMAIL PROTECTED]
Subject: $r-args troubles...
Dear Mod_Perl'lers
I hate to bug the list with this
It goes like this:
my $r = Apache-request;
my $apr = Apache::Request-new($r);
--
Doug Kyle - Information Systems
Grand Rapids Public Library
"We're superheros man, we don't have time to be charming . . . we're public
servants, not glamour boys" - The Tick.
Jason Murphy wrote:
Dear
At 12:51 PM 4/7/00 -0400, Paul G. Weiss wrote:
Is there any way to determine from the Apache::Request object
what phase of handling we'er in? I have some code that is used
during more than one phase and I'd like it to behave differently
for each phase.
the current_callback() method (Eagle
So shoot me for not hunting through the achives first
Upgrading to apache1.3.12 and mod_perl1.2.22 today, I suddenly get the
following:
apxs:Error: Sorry, no DSO support for Apache available
apxs:Error: under your platform. Make sure the Apache
apxs:Error: module mod_so is
Hi, my modperl apache are compiled by myself, Perl 5.005_03 was included
in Redhat, Perl 5.6.0 was compiled by myself.
I will try modperl 1.21 and apache 1.3.11, and see which one's new version
is causing troubles.
Di, Yu
4.7
On Fri, 7 Apr 2000, Joshua Chamas wrote:
I would recompile all of
"Stas" == Stas Bekman [EMAIL PROTECTED] writes:
Stas This is not a fatal error. It was fixed in the current CVS
Stas version. Get it from http://perl.apache.org/from-cvs/modperl
Thanks, Stas. Bleeding edge here I come :)
--
Stephen
"So if she weighs the same as a duck, she's made of
Web developers needed for terrific Boston startups pre IPO in growth stages
after second round of VC funding. Need senior and junior web developers
(many) to script in Perl to develop applications. NOT shell script. In
short, must know how to write apps in perl on UNIX to Interface Apache
Hello,
We recently bought a new Raq3 server. We have
developed a script to add users directly from the web interface. IT is bombing
out as the script should be run as 'root'.
I want to know if the script can be set with setuid
as root for execution.
Thanks for any help.
VIjay
of note, 1.21_01 introduced $r-notes('PERL_CUR_HOOK'), but why that was
introduced when there is current_callback() I don't know (it's not in
Changes as far as I can see)
--Geoff
-Original Message-
From: Simon Rosenthal [mailto:[EMAIL PROTECTED]]
Sent: Friday, April 07, 2000 2:03 PM
I want to know if the script can be set with setuid as root for
execution.
Since you asked this on this list, I will assume the script is a mod_perl
script. Unless the whole web server runs as root, I don't think the
script can run as root.
Here's what you can do instead. Have the mod_perl
On 7 Apr 2000, Randal L. Schwartz wrote:
Rusty NameVirtualHost 216.181.35.174 # IP of www.kuro5hin.org
Rusty # Redirect all hostless requests to www VHost
Rusty VirtualHost 216.181.35.174
Rusty ServerName kuro5hin.org
Rusty Redirect permanent / http://www.kuro5hin.org/
Rusty
I get an intermittent error using Apache::Session while trying to tie a
session. It occurs sometimes and the only way to fix it I've found is to
reboot. The weird thing is that I change nothing and rebooting fixes it.
Looks like a semaphore problem. Why would the call:
new IPC::Semaphore
On Fri, 7 Apr 2000, Mark Imbriaco wrote:
|That opens up a nasty Denial of Service attack though. All I have to do
|is try to log into the "gunther" account three times in rapid succession
|with a bogus password, and WHAM, the real Gunther is locked out. Granted,
|it's possible to work
On Fri, 7 Apr 2000, Adi wrote:
I get an intermittent error using Apache::Session while trying to tie a
session. It occurs sometimes and the only way to fix it I've found is to
reboot. The weird thing is that I change nothing and rebooting fixes it.
Looks like a semaphore problem. Why
On Fri, 7 Apr 2000, Ask Bjoern Hansen wrote:
|And the other way around, there is three gazillion open proxies you can
|abuse to make requests from different ip addresses.
|
|Or a determined attacker might have a lot of different local ip addresses
|at his disposal he can make requests from.
On Sat, 8 Apr 2000, Nicolas MONNET wrote:
On Fri, 7 Apr 2000, Ask Bjoern Hansen wrote:
|And the other way around, there is three gazillion open proxies you can
|abuse to make requests from different ip addresses.
|
|Or a determined attacker might have a lot of different local ip addresses
On Fri, Apr 07, 2000 at 11:01:59AM -0700, Karyn Ulriksen wrote:
One of the reasons that I always like the nph- construction is that is
showed the traceroute 'live' like it would from a console. Last I checked
perl doesn't show the traceroute result until the sessions complete which
could be
When attempting to use prepare_cached along with Apache::DBI, it
returns this error once it has ran through each of the apache
children.
[Wed Apr 5 ...] [error] prepare_cached(...) statement handle
DBI::st=HASH(0x8296788) is still active at /home/... line ...
You should only
"Kee" == Kee Hinckley [EMAIL PROTECTED] writes:
Kee Well, the good news is that if they don't support Host:, they
Kee certainly aren't going to support cookies!
Why? Those are orthogonal features. HTTP/1.0 did not require
"host:". And certainly, browsers that handled HTTP/1.0 had cookies.
You could try using a PerlCleanupHandler to kill any open locks.
$r-register_cleanup( \clear_locks );
- Perrin
Perrin,
Thanks a lot. This worked great :-). Actually, as I say, I'm wrapping to
Apache::Session with another object that handles cookies, expiration, etc.
I just registered a
Soulhuntre wrote:
Hiya :)
OK... mod_perl embeds an instance of Perl inside the Apache system, and with
Apache::ASP allows us to mix perl/html. Good :)
The problem is that these processes are 'heavy'.
Is there any way to simulate the actions of "Velocigen" in that we could
have a few
57 matches
Mail list logo
