Re: [Newbie Question] Setting up mod_ssl

On Mon, May 07, 2001 at 04:01:40PM -0600, John Whitnack wrote: > I have looked though all of the documentation and I have yet to find an > answer for my problem. > > I need apache setup so that when a user logs on they have a secure > connection with out the user requiring a certificate. I have a

Re: Questions about running cgi's

On Mon, 7 May 2001, Mark on GCI Server wrote: > I would like to run cgi scripts within the Virtual server. Which directive > do I modify with what path. I thought if I set it to use anywhere, that > should do the trick, it didn't. I would like the ability to run cgi scripts > on the secured ser

Questions about running cgi's

Hello all, Hey firstly, I'd like to thank Owen for the info, that did the trick, my SSL server is now up and accepting requests with its own subdirectory. A big Thanks. I would like to run cgi scripts within the Virtual server. Which directive do I modify with what path. I thought if I set it

RE:

hey nice post -Original Message- From: [EMAIL PROTECTED] Sent: Monday, May 07, 2001 6:07 PM To: [EMAIL PROTECTED] Subject: __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing

How to finish the httpd.conf setup for ssl on Window2000professi onal?

Hi, I have installed the Apache1.3.19 with openssl0.9.6a and mod_ssl2.8.2 on Window 2000 professional. It runs and shows: Hey, it worked ! The SSL/TLS-aware Apache webserver was successfully installed on this website but when I try: https://localhost/ it fails to find the file and it seems the

No Subject

__ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]

[Newbie Question] Setting up mod_ssl

I have looked though all of the documentation and I have yet to find an answer for my problem. I need apache setup so that when a user logs on they have a secure connection with out the user requiring a certificate. I have a certificate for the server, so all I need is ssl setup so that when a us

Re: HEAD / HTTP/1.0

On Mon, 7 May 2001, DAve Goodrich wrote: > on 5/7/01 12:32 PM, R. DuFresne at [EMAIL PROTECTED] wrote: > > > > > Then why pray tell is OS finger printing so important to a cracker? Why > > are the major vendors beefing up issues such as tcp sequence number > > prediction and obscuring their OS

Re: HEAD / HTTP/1.0

on 5/7/01 12:32 PM, R. DuFresne at [EMAIL PROTECTED] wrote: > > Then why pray tell is OS finger printing so important to a cracker? Why > are the major vendors beefing up issues such as tcp sequence number > prediction and obscuring their OS's from easy OS type determination? Even > the DNS/Bi

Re: SSL on Reverse Proxy -> Forward of Client Cert Serial No

On Mon, May 07, 2001 at 04:41:22PM +0100, Darko Krizic wrote: > > Hello! > > I run Apache 1.3.19 with mod_ssl 2.8.2 as reverse proxy. This reverse proxy does the >SSL part of the web application. On a specific URL the reverse proxy requests a >client certificate from the browser using this con

Re: HEAD / HTTP/1.0

Then why pray tell is OS finger printing so important to a cracker? Why are the major vendors beefing up issues such as tcp sequence number prediction and obscuring their OS's from easy OS type determination? Even the DNS/Bind folks have added the ability to their deamon to hide it's verson and

Re: [apache+ssl+jserv]

"Allen Chan" <[EMAIL PROTECTED]> wrote: > I'm not sure if this is the right address to ask. I'm trying to > download a preconfigured apache with SSL and Jserv from > www.modssl.org/contrib/ web site. But all of the binaries > are in .rpm extension. Anyone knows how to extract the > files. App

http on port 443 works but https doesn't

I'm trying to set up an apache 1.3.17 server with mod_ssl and running into some troubles here is the virtual host info for the server (it's the only server on the machine) SSLEngine On SSLCertificateFile conf/ssl.crt/server.crt SSLCertificateKeyFile conf/ssl.key/server.key SSLLog

Re: ANNOUNCE: mod_ssl 2.8.3 - PLEASE DISREGARD

It turned out that my problem below was an issue with my setup here. Please disregard my question. Sorry for the noise. Jay >Date: Mon, 07 May 2001 09:47:28 -0500 >To: [EMAIL PROTECTED] >From: Jay Burgess <[EMAIL PROTECTED]> >Subject: Re: ANNOUNCE: mod_ssl 2.8.3 > >I downloaded 2.8.3 and reb

Re: HEAD / HTTP/1.0

on 5/7/01 7:50 AM, James Hastings-Trew at [EMAIL PROTECTED] wrote: > on 5/7/01 5:34 AM, Deocs Postmaster at [EMAIL PROTECTED] wrote: > >> From telnet this command returns the type of server, >> installed modules, and other information. That info >> is tabulated and tracked by www.netcraft.com (

Re: HEAD / HTTP/1.0

James, I think you're mis-reading his use of telnet, I think what he means to say is 'when I telnet to port 80 ..' In any case I can see why one would want to make it harder for someone to exploit unknown exploits (if that makes sense) If you wish to modify the string returned by HEAD simply edit

Re: HEAD / HTTP/1.0

on 5/7/01 5:34 AM, Deocs Postmaster at [EMAIL PROTECTED] wrote: > From telnet this command returns the type of server, > installed modules, and other information. That info > is tabulated and tracked by www.netcraft.com (who also > infers the operating system) and can help an attacker > find a w

Re: ANNOUNCE: mod_ssl 2.8.3

I downloaded 2.8.3 and rebuilt. However, when I start Apache, it's still announcing itself as 2.8.2: Apache/1.3.19 (Win32) ApacheJServ/1.1.2 mod_ssl/2.8.2 OpenSSL 0.9.6a running... Viewing MOD_SSL.SO in a binary editor, there appears to be two instances of the string "2.8.3", but there i

SSL on Reverse Proxy -> Forward of Client Cert Serial No

Hello! I run Apache 1.3.19 with mod_ssl 2.8.2 as reverse proxy. This reverse proxy does the SSL part of the web application. On a specific URL the reverse proxy requests a client certificate from the browser using this configuration: SSLVerifyClient require SSLVerifyDepth 1 SSLCAC

Re: HEAD / HTTP/1.0

Deocs Postmaster wrote: > > At 07:54 AM 05/07/2001 , you wrote: > >Deocs Postmaster wrote: > > > From telnet HEAD / HTTP/1.0 returns the type of server, > > > installed modules, and other information. > > > > > Why is this information so openly disclosed, and is > > > there an easy way to disabl

Re: HEAD / HTTP/1.0

At 07:54 AM 05/07/2001 , you wrote: >Deocs Postmaster wrote: > > From telnet HEAD / HTTP/1.0 returns the type of server, > > installed modules, and other information. > > > Why is this information so openly disclosed, and is > > there an easy way to disable or modify it? > >Do you think hiding yo

Re: HEAD / HTTP/1.0

Deocs Postmaster wrote: > From telnet HEAD / HTTP/1.0 returns the type of server, > installed modules, and other information. > Why is this information so openly disclosed, and is > there an easy way to disable or modify it? Do you think hiding your apache version number will save you from ha

HEAD / HTTP/1.0

Users, From telnet this command returns the type of server, installed modules, and other information. That info is tabulated and tracked by www.netcraft.com (who also infers the operating system) and can help an attacker find a website's vulnerabilities. Why is this information so openly discl

Re: modssl 2.8.2 + apache 1.3.19 + FreeBSD 4.3 = core dump

On Mon, Apr 30, 2001 at 11:27:10PM -0400, Charles Sprickman wrote: > > I'm not too handy with gdb, but can follow directions to build with > debugging symbols and whatnot... > See http://www.modssl.org/docs/2.8/ssl_faq.html#core-dumped and http://www.modssl.org/docs/2.8/ssl_faq.html#report-backt

Re: Newbie question

Mark on GCI Server wrote: > >>Syntax error on line 1048 of /misc/secured/apache_1.3.19/conf/httpd.conf; > >>Invalid command 'SSLEngine', perhaps mis-spelled or defined by a module not > >>included in the server configuration > >>./apachectl startssl: httpd could not be started It looks like you d