These are protected files so we have to use authentication and authorization
that is done by mod_perl. And Internet Explorer that use most of our customers
has bug that prevents displaying of PDF (and any other large non-dynamic
non-HTML) files if the URL to that file was result of Redirect.
I have need of a module that will redirect to https anytime
basic authentication is required.
I figure the best way to do this is to step in at the authentication
phase, and should authentication be required and the method be http,
redirect to https for any and all basic authentication traffic.
Please forgive the broadcast nature of this message, but I have a
suggestion.
Our nation is strong. Our economy is strong.
Both of these things were targeted by the attacks on the World Trade
Center one week ago.
Yesterday, Monday, Spetember 17th, 2001, as the stock market reopened,
trading was
-- Mat [EMAIL PROTECTED]
Hi everyone,
I'd like to know if there is a simple way to find if an apache server
is compiled with mod_perl and with which version. My aim is to write a
script which compile mod_perl if it is not installed.For the moment
I've found only two ways, launch
Stas Bekman [EMAIL PROTECTED] wrote:
Also check the archives for 'lingerd' keyword. Here is what I've but it
didn't enter the guide yet, since it's waiting to be reviewed by Roger
Espel Llima, the author of lingerd. ...and waiting, and waiting, and
waiting :(
sorry, I've had a bunch of
Sorry for the off-topic post; there was a lot of discussion here of
CodeRed and Reuven's module to report attempted attacks.
Since this a.m. I have had hundreds of requests like:
/scripts/root.exe?/c+dir
/MSADC/root.exe?/c+dir
/c/winnt/system32/cmd.exe?/c+dir
/d/winnt/system32/cmd.exe?/c+dir
Hello ,
I have a quistion abous $Session objects. Is it possible to us this objects
in a custom Authentication handler.
The idea is to use a ASP script to login the user and put some user info into
the session object if the user is valid. After that i redirect the user 1
level
Putting it into the auth phase would be appropriate, but I have to wonder
why this module is needed other than to refrain from keeping your
configuration file clean. Your unsecure virtual host should have no auth
statements in it if you want all auth to be on your secure virtual host...
You'll
Or you could do:
perl -nle 'print $_\n if m/mod_perl/' /path/to/error_log
where /path/to/error_log is the file pointed at by the ErrorLog directive in
you httpd.conf file.
--Joe Breeden
--
Sent from my Outlook 2000 Wired Deskheld (www.microsoft.com)
-Original
-Original Message-
From: Nick Tonkin [mailto:[EMAIL PROTECTED]]
Sorry for the off-topic post; there was a lot of discussion here of
CodeRed and Reuven's module to report attempted attacks.
Since this a.m. I have had hundreds of requests like:
/scripts/root.exe?/c+dir
Nick Tonkin wrote:
Sorry for the off-topic post; there was a lot of discussion here of
CodeRed and Reuven's module to report attempted attacks.
Since this a.m. I have had hundreds of requests like:
/scripts/root.exe?/c+dir
/MSADC/root.exe?/c+dir
/c/winnt/system32/cmd.exe?/c+dir
Slashdot has a report on this now, looks like a similar worm to CodeRed,
but this one tries to hit numerous vulnerabilities, including backdoors
left open by CodeRed.
Brian Nilsen
[EMAIL PROTECTED]
On Tue, 18 Sep 2001, Nick Tonkin wrote:
Sorry for the off-topic post; there was
Am I assuming correctly, that Perl could communicate with a MS Access
database file via ODBC, on a Windows box? If so, are there any
particular gotchas or limitations to this approach that I should be
aware of? I typically use MySQL or PostgreSQL on a Linux or FreeBSD
box, so this is sorta
-- Brice D Ruth [EMAIL PROTECTED] on 09/18/01 10:57:26 -0500
Am I assuming correctly, that Perl could communicate with a MS Access
database file via ODBC, on a Windows box? If so, are there any
particular gotchas or limitations to this approach that I should be aware
of? I typically use
The problem with that solution is that we have 2 virtual hosts, one http, one https,
on one
machine. https is the only available transport outside of our network, while the http
server is available internally.
This is a production webserver, with existing information, applications, etc. We
Hi,
I apologize if I address my question to a wrong newsgroups. I was trying
to enable mod_perl Roaming user with Apache running on i386/RedHat7.x. I
followed all the steps in order to do so but when run Netscape-4.72 I
get the following in the Apache error log file:
Hi, I have been running an Access DB on a Win2K box, and using perl to
populate an LDAP server on a Solaris server. The standard perl/DBI
distribution on the Windows machine comes with something called
DBI::Proxy. You run it as a daemon on the Windows box and any Unix based
perl script using DBI
I wish someone would just write a worm that would put these IIS machines out
of their misery and stop causing the rest of us such a headache.
Nick Tonkin wrote:
Sorry for the off-topic post; there was a lot of discussion here of
CodeRed and Reuven's module to report attempted attacks.
.htaccess is the default access file name. It is possible to change this
using the AccessFileName directive, but you'll very likely break something
as a result. The recommended solution is to use a different name for your
password file.
Thanks,
Tim Tompkins
A realm is defined by the following three things:
1) AuthName
2) ServerName (well, the server name in the URL actually)
3) Port (well, the port to which the browser is talking)
If these three things are not always the same, the browser will prompt the
user to re-authenticate. So, you cannot
You're tellin' me, I've now had word come down that we need to do a full
audit of our Apache and *nix installations to make sure that they're okay.
Nevermind the fact that the only problems we have so far is people opening
up files called readme.exe in their e-mail.
*slapsforeheadinfrustration*
http://www.torkington.com/vermicide.txt has a mod_perl handler to
catch the requests as soon as they arrive, and discard them with a
minimum of work to Apache. If your web server is struggling under the
load, this might help.
The heuristic it uses for requests to ignore with prejudice is the
Hi,
I have been following this thread with interest because I have been
struggling with the same problem. I define it this way.
* To achieve secure authentication which is widely supported, you need
to use Basic authentication over SSL
* All URLs which can be accessed with HTTPS can be
[Apologies if you get this twice--mailed it first from my oreilly.com
account, which may not be the address subscribed to this list]
http://www.torkington.com/vermicide.txt has a mod_perl handler to
catch the requests as soon as they arrive, and discard them with a
minimum of work to Apache. If
Adi Fairbank wrote:
I wish someone would just write a worm that would put these
IIS machines out of their misery and stop causing the rest
of us such a headache.
I think that it would be a lot easier to write a worm that puts IIS admins
out of their misery--they're already busy applying
you know guys, seems to me micro$not users should be thinking of
product liability claim.. i mean, if you buy cigs and get cancer and
can
win a lawsuit or if you buy hot coffee and put it between your legs
and
can win, this should a real slam dunk.
At 12:09 PM 9/18/2001 -0700, Tom Servo wrote:
Redirects in the non-secure virtual host to the secure virtual host would
certainly do the trick. The module does have value (better name would be
Apache::AuthRedirect, IMO), but it would be built for people to be lazy
about their configurations.
Regards,
Christian
--
On Mon, 17 Sep 2001, Ask Bjoern Hansen wrote:
[...]
try,
export LD_PRELOAD=/usr/local/lib/libdb3.so
before you start apache.
It worked doing that. I first solved the problem by moving the db2 libs
and headers before I compiled, but you solution seams cleaner to me apart
from that I
On Tue, Sep 18, 2001 at 04:08:30PM -0400, Stephen Adkins wrote:
Hi,
I have been following this thread with interest because I have been
struggling with the same problem. I define it this way.
* To achieve secure authentication which is widely supported, you need
to use Basic
-- Jeremy Howard [EMAIL PROTECTED] on 09/19/01 06:37:15 +1000
This one's gonna grind the net to a halt pretty quick. I hate to think
what
this will mean for people running web servers at home over DSL (including
me
soon).
Any suggestions on how we should respond? Update
Well, I had already hacked Reuven's CodeRed.pm because I disagreed that
one should only send mail to the bozos once a day.
So I hacked around some more and made a new module heavily based on
CodeRed.pm that recognizes CodeRed and this new worm (Nimda?) and can be
extended to carp about the new
Tim Peoples writes:
This 'Apache::Vermicide' module, installed as a 'PerlPostReadRequestHandler',
seems to be preventing any 'PerlSetEnv' directives from being parsed out
of a '.htaccess' file (or equivalent). IOW, the ENV vars aren't getting
set properly.
I'm investigating how to remedy
On Tue, 18 Sep 2001, Emad Fanous wrote:
any reason why the private address spaces between
172.16.0.0-172.31.255.255 wasn't in your list of ignored
ips?
Thanks
Emad
That came from the original author's CodeRed.pm. But it's considered a
configurable variable.
~~~
Nick Tonkin
On Tue, 18 Sep 2001, Nick Tonkin wrote:
I used a real ugly mod_rewrite hack to grab the requests (I didn't want to
lump all reqs for root.exe or cmd.exe into the same 'worm') ... I'm sure
others can improve on that. (BTW am I right in thinking that RewriteEngine
on needs to be specified for
Tim Peoples writes:
I tried doing the s/OK/DECLINED/ thing and it didn't do the trick. :-(
You're right, it was the restart that did it. OK/DECLINED makes no
difference in that handler.
I'm seeing, with or without my handler, the PerlSetEnv stuff only
happening once per connection rather
On Tue, 18 Sep 2001, Ask Bjoern Hansen wrote:
On Tue, 18 Sep 2001, Nick Tonkin wrote:
I used a real ugly mod_rewrite hack to grab the requests (I didn't want to
lump all reqs for root.exe or cmd.exe into the same 'worm') ... I'm sure
others can improve on that. (BTW am I right in
Heh, as Nat maybe saw the worm doesn't always request ?/c+dir, so until I
can figure out a better way to identify it we'll have to go with
cmd.exe|root.exe
so my httpd.conf is now:
Location /default.ida
SetHandler perl-script
PerlHandler Apache::MSIISProbes
Hello, I have just installed mod_perl into my Apache 1.3.20 install :).. I
have apache+mod_ssl+mod_frontpage+php.
When ever I apachectl start it start up fine but when I try to load a
webpage, it says it cannot access the specified URL, here is a capture of
the error_log.
Any ideas are
On Tue, 18 Sep 2001, brooks roy wrote:
Hello, I have just installed mod_perl into my Apache 1.3.20 install :).. I
have apache+mod_ssl+mod_frontpage+php.
When ever I apachectl start it start up fine but when I try to load a
webpage, it says it cannot access the specified URL, here is a
willems Luc wrote:
Hello ,
I have a quistion abous $Session objects. Is it possible to us this objects
in a custom Authentication handler.
The idea is to use a ASP script to login the user and put some user info into
the session object if the user is valid. After that i
I'm seeing, with or without my handler, the PerlSetEnv stuff only
happening once per connection rather than once per request.
I think this was addressed for 1.26
http://marc.theaimsgroup.com/?t=9946915503w=2r=1
however, as you can see at the end of the thread, I don't think the
On Tue, 18 Sep 2001, Roger Espel Llima wrote:
Stas Bekman [EMAIL PROTECTED] wrote:
Also check the archives for 'lingerd' keyword. Here is what I've but it
didn't enter the guide yet, since it's waiting to be reviewed by Roger
Espel Llima, the author of lingerd. ...and waiting, and
stas01/09/18 08:20:12
Modified:t/protocol eliza.t
Log:
- test_module has gone, s/test_module/have_module/
Revision ChangesPath
1.2 +1 -1 modperl-2.0/t/protocol/eliza.t
Index: eliza.t
stas01/09/18 09:12:51
Modified:util apr_arg_check.pl apr_pool_check.pl cvsize.pl
source_stats.pl
Log:
adding shebang and making most of the utils executable, since they can use
generic perl
Revision ChangesPath
1.2 +2 -0
stas01/09/18 09:16:18
Added: util perl_bloat.pl
Log:
adding a useful utility that reports how much bloat some perl code adds
Revision ChangesPath
1.1 modperl-2.0/util/perl_bloat.pl
Index: perl_bloat.pl
stas01/09/18 08:54:11
modperl-2.0/build - New directory
46 matches
Mail list logo