-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Moin,
dachte eigentlich es wäre ganz einfach, aber irgendwie willes mal
wieder gar nicht :)
Ich muss einen URL umleiten, der so aussieht:
http://www.dom.tld/pfad/zur/suchen.jsp?einParameter=anochEiner=b
Daraus soll werden:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Marcus Franke wrote:
Nun, URL umschreiben, so dachte ich mir, ist ja gar nicht so schwer,
einfach eine Regel hinzugefügt:
RewriteCond %{REQUEST_URI} ^/pfad/zur/suchen.jsp
RewriteCond %{HTTP_USER_AGENT} Marcus
According to Marcus:
RewriteCond %{REQUEST_URI} ^/pfad/zur/suchen.jsp
RewriteCond %{HTTP_USER_AGENT} Marcus
RewriteRule ^/pfad/zur/suchen\.jsp\?(.*)
http://www.dom.tld/pfadB/Search/?$1neuerDritter= [L,R=301]
Der Pattern wird nicht auf den Query-String gematcht. Du
Moin
Habe da so´n paar Spassvögel die mir ne ganze Applikation unter Vollast setzen.
Apache stellt ein Abfrageformular zu Verfügung. Angreifer nutzen wechselnde
IP´s/Providernetze.
Gibt es eine Möglichkeit eine aus den Logfiles generierete Black-List zu
verwenden mit der man dem den Apache
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Lars Eilebrecht wrote:
According to Marcus:
RewriteCond %{REQUEST_URI} ^/pfad/zur/suchen.jsp
RewriteCond %{HTTP_USER_AGENT} Marcus
RewriteRule ^/pfad/zur/suchen\.jsp\?(.*)
hi thomas,
schau doch mal in den daten von denen ob es da nicht gemeinsamkeien gibt ...
vermute eine ähnliche / gleiche browserkennung ...
und die nehm ich dann immer für einen zeitraum raus ...
wenn in der browserkennung 'xxyyxx' steht dann -
hoffe es hilft ein wenig
grüße
h1
Hallo,
könnt ihr mich mal bitte aus Eurem Verteiler rausnehmen. Danke
Marcus
--
Apache HTTP Server Mailing List users-de
unsubscribe-Anfragen an [EMAIL PROTECTED]
sonstige Anfragen an
According to Marcus:
könnt ihr mich mal bitte aus Eurem Verteiler rausnehmen. Danke
Einfach eine E-Mail an die unsubscribe-Adresse schicken
(von der Adresse aus mit der Du Dich ursprünglich eingetragen
hast). Steht unten in jedem Footer drin.
ciao...
--
Lars Eilebrecht
[EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Marcus Franke wrote:
LÖSUNG (warum auch immer *gg*)
RewriteCond %{REQUEST_URI} ^/pfad/zur/suchen.jsp
RewriteRule ^/pfad/zur/suchen.jsp?(.*) \
http://www.dom.tld/pfadB/Search/?$1neuerDritter= [L,R=301,QSA]
Ich habe im Grunde
Hallo Thomas,
auf heise-Online stand mal ein Artikel zu dem Modul mod_security und darin wird
auch eine Blacklist erwähnt.
http://www.heise.de/security/artikel/69070/0
Die Apache-Firewall: Web-Server mit mod_security absichern
Unter Umständen ist es allerdings sinnvoller von vornherein die
das mit der browserkenning hab ich schon gemacht
war offensichtlich irgendso n Scriptool
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 27, 2006 12:39 PM
To: users-de@httpd.apache.org
Subject: AW: Script Kids, Massenabfragen auf Web-Server
hab das mod_security schon runtergeladen un kompiliert, danke für den Tipp mit
dem Artikel. Das wird helfen die richtige Konfig zu finden...
Ich berichte euch dann von meinen Erfahrungen damit
thx
-Original Message-
From: Dirk Weikard [mailto:[EMAIL PROTECTED]
Sent: Thursday, July
Hallo Thomas bzw. wen es sonst noch interessiert,
habe nun einen Hinweis auf die automatische Aktualisierung von Blacklists
mittels Perl-Skript für die IPTables gefunden:
http://www.apachesecurity.net/tools/index.html
- Apache httpd Tools
- blacklist - uses iptables to create a temporarily
Hi,
On Don 27.07.2006 12:19, Vogel, Thomas (BOT) wrote:
[snipped]
Jemand ne Idee/Info?
Da du leider nicht erwaehnt hast fuer welche httpd Version gebe ich dir
mal ne Liste *ohne* auf die Version zu achten ;-)
---http://www.steve.org.uk/Software/mod_ifier/
mod_ifier is an Apache2 module
According to Marcus:
RewriteCond %{REQUEST_URI} ^/pfad/zur/suchen.jsp
RewriteRule ^/pfad/zur/suchen.jsp?(.*) \
http://www.dom.tld/pfadB/Search/?$1neuerDritter= [L,R=301,QSA]
Wenn Du nur was im Query-String hinzufügen willst, dann geht auch
folgendes (ohne RewriteCond):
thx, es ist die 2.0.53
-Original Message-
From: Alexander Lazic [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 27, 2006 2:36 PM
To: users-de@httpd.apache.org
Subject: Re: Script Kids, Massenabfragen auf Web-Server
Hi,
On Don 27.07.2006 12:19, Vogel, Thomas (BOT) wrote:
[snipped]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Lars Eilebrecht wrote:
RewriteRule ^/pfad/zur/suchen.jsp
http://www.dom.tld/pfadB/Search/?neuerDritter= [QSA,L,R=301]
Wie bereits in meiner vorherigen Mail geschrieben wir auf den
Query-String _nicht_ gematcht, d.h. da ein ?(.*) zu
hmmm also das mit mod_security haut zwar generell hin aber die Problematik
bleibt dieselbe.
Ich will eine bestimmte IP erst dann aussperren (ohne lokale Firewall) wenn
diese mehr als 50
mal POST xxx/yyy/formularname gemacht hat.
Diese IP´s kann ich per Shellscript und cronjob periodisch
hi,
frage: das formular ist in php ?
also warum dann nicht in php lösen.
bei diesen massenanfragen ist die anfrage anders ...
das kann man zur abwehr nutzen ;-)
grüße
h1
-Ursprüngliche Nachricht-
Von: Vogel, Thomas (BOT) [mailto:[EMAIL PROTECTED]
Gesendet: Donnerstag, 27. Juli 2006
ne, da hängt ein kommerzieller applikationsserver dahinter, mehr darf ich nicht
verraten ;-)
probiers gerade mit mod_evasive ...
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 27, 2006 4:09 PM
To: users-de@httpd.apache.org
Subject: AW: Script
On Don 27.07.2006 16:05, Vogel, Thomas (BOT) wrote:
hmmm also das mit mod_security haut zwar generell hin aber die
Problematik bleibt dieselbe.
Ich will eine bestimmte IP erst dann aussperren (ohne lokale Firewall)
wenn diese mehr als 50 mal POST xxx/yyy/formularname gemacht hat.
Aber es
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ich schon wieder :)
Ok, diesmal sogar mit einem QUERY_STRING und diesmal will mich
die Kiste total veräppeln.
Ich brauche die Zahl, die in der Variablen name übergeben wird
RewriteCond %{QUERY_STRING} ^name=([0-9]+)
RewriteRule ^altes.php$
* Marcus Franke [EMAIL PROTECTED] wrote:
Ich brauche die Zahl, die in der Variablen name übergeben wird
RewriteCond %{QUERY_STRING} ^name=([0-9]+)
RewriteRule ^altes.php$ http://www.dom.tld/pfad/$1.html [L,R=301]
Doch, was passiert, wenn ich den URL im alten Format aufrufe?
Er
ja klar! das mod_evasive macht die Sache prächtig.
Man kann festlegen in welche Zeitraum er misst, bezogen auf die ganze Site oder
auf einzelne seiten.
Natürlich dann auch für beides den max. count. und für wie lange er dann die
IP mit ner 403 versorgt. Ich teste das gerade noch.
Thomas
On Don 27.07.2006 20:06, Vogel, Thomas (BOT) wrote:
ja klar! das mod_evasive macht die Sache prächtig.
Yep ;-)
Man kann festlegen in welche Zeitraum er misst, bezogen auf die ganze
Site oder auf einzelne seiten.
Natürlich dann auch für beides den max. count. und für wie lange er
dann die IP
Hi guys,
I'm not sure if this one is possible, I'm attempting to use
a mod_rewrite rule to proxy to another URL, but for the
request it proxies to, I need it to keep the original source
IP address intact. At present, I have something along the
lines of:
RewriteRule ^/$
-Original Message-
From: Andrew Walmsley [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 27, 2006 11:48 AM
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] Best Practice Question
We are porting a (mostly) perl application from Apache 1.X to
Apache 2.X and decided to put all
or include your includes in httpd.conf manually, in the right order.
2.2 uses conf/extra for additional includes.
also, if you know that the module is configured and installed, what
advantage does the IfModule offer?
Boyle Owen wrote:
-Original Message-
From: Andrew Walmsley
What was suggested below didn't make it work.
userdir.conf
==
IfModule mod_userdir.c
UserDir public_html
UserDir disabled root
Directory /home/*/public_html
On 7/27/06, Greg Boug [EMAIL PROTECTED] wrote:
Hi guys,
I'm not sure if this one is possible, I'm attempting to use
a mod_rewrite rule to proxy to another URL, but for the
request it proxies to, I need it to keep the original source
IP address intact. At present, I have something along the
On 7/27/06, chouck [EMAIL PROTECTED] wrote:
If I load http://bingiwas.binghamton.edu/~chouck into a browser I get an
error in my /var/apache2/error.log:
[Thu Jul 27 08:54:05 2006] [error] [client xxx.xxx.xx.xx] File does not
exist: /var/www/bingiwas/~chouck
/var/www/bingiwas is the
I don't know if this query ever got posted..but i didn't get any reply so far.Dear Forum,I am posting a query for the first time. That too only because i didn't find any other resource for help!!I have successfully setup Virtualhost definition on my fedora 4 machine by modifyin the
httpd.conf
,
Hi,
I'm currently using Apache 2.0 as an accelerator and performing a
certain amount of HTTP / HTML rewriting successfully. I'm currently
building a replacement server and am attempting to move to Apache 2.2
but appear to be having some problems using filters.
I need to insert
Josh;
Thanks for the help.
If you look back at the email you responded to I included httpd.conf and I
have the same entry there as userdir.conf.
What files should I be including to get this problem solved?
thanks
Craig
At 09:21 AM 7/27/2006 -0400, Joshua Slive wrote:
On 7/27/06, chouck [EMAIL
On 7/27/06, Craig M. Houck [EMAIL PROTECTED] wrote:
Josh;
Thanks for the help.
If you look back at the email you responded to I included httpd.conf and I
have the same entry there as userdir.conf.
No, you do not. Read your httpd.conf again.
Joshua.
Nick Kew wrote:
On Thursday 27 July 2006 01:16, Marc Perkel wrote:
OK - So - this is a bug and needs to be fixed? You would think that an
HTTP server as popular as Apache would be able to support case
insensitive URLs.
There is no such thing as a "case insensitive
In 2.0 Apache mod spaling made the URL case insensitive. In 2.2 it
doesn't. That means that mod speling in 2.2 is broken.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See
I went back before this email and realized it wasn't the same.
I changed it so httpd.conf looks like:
# This is here for backwards compatability reasons and to support
# installing 3rd party modules directly via apxs2, rather than
# through the /etc/apache2/mods-{available,enabled} mechanism.
#
-Original Message-
From: Marc Perkel [mailto:[EMAIL PROTECTED]
I want case insensitive URLs.
Just out of interest, why?
The only reason I can imagine is that you have inherited a legacy
filesystem where people have been using haphazard file-naming
conventions and so you have a lot
I am trying to put a symbolic link in the Directory directive's
argument list but it will not recognize it. Is there anyway to
accomplish this idea?
And yes, I tried, FollowSymLinks .. :)
I am using Apache 2.0 on SuSE 10.0 BTW ...
Thanks,
LDB
Hey Folks,
We believe we've found a bug in mod_proxy_html 2.5.2 that causes an
Error in bucket read. A patch is attached with verbose comments.
- Ryan
--- proxy_old/mod_proxy_html.c 2006-07-27 11:20:15.0 -0500
+++ proxy/mod_proxy_html.c 2006-07-27 11:22:09.0 -0500
@@
I am new to this site and have been reading through all the information
presented here, but my search didn't answer my question.
I run my site on an apache server and I have access to the raw apache
logs. Lately I've been analyzing these by hand to see a more complete
picture of where traffic
sridevi polavaram skrev:
I am surpirsed that nobody has responded to my query since yesterday.
I am so desperate for help!!
If it is that urgent, I recommend you hire an consultant instead of
complaining about how people should handle their own free time.
N.
On 7/27/06, Craig M. Houck [EMAIL PROTECTED] wrote:
I went back before this email and realized it wasn't the same.
I changed it so httpd.conf looks like:
# This is here for backwards compatability reasons and to support
# installing 3rd party modules directly via apxs2, rather than
# through
On 7/27/06, Marc Perkel [EMAIL PROTECTED] wrote:
Yeah - run Windows based servers and you get case insensitive URLs.
No, you don't. You get a server that serves the same content for many
different URLs. That can have bad consequences on caches, search
engines, etc.
Joshua.
On 7/27/06, LDB [EMAIL PROTECTED] wrote:
I am trying to put a symbolic link in the Directory directive's
argument list but it will not recognize it. Is there anyway to
accomplish this idea?
And yes, I tried, FollowSymLinks .. :)
I am using Apache 2.0 on SuSE 10.0 BTW ...
More details please.
Just an update of my current case with Perl data-files.
I decided that suEXEC is a bit too advanced for me.
Instead, I created a folder with sufficient permissions outside the
document root to write/create/store the data-files.
I wonder how much a security risk this is compared to suEXEC.
The
Greetings,I'm running Apache 2.2.0-21 under SuSE, and having trouble with directory authentication. I want to authenticate user according to a remote ldap server.These are the parts I added to my httpd.conf
in order to make the authentication work:LoadModule ldap_module
On 7/27/06, LDB [EMAIL PROTECTED] wrote:
Joshua Slive wrote:
On 7/27/06, LDB [EMAIL PROTECTED] wrote:
I am trying to put a symbolic link in the Directory directive's
argument list but it will not recognize it. Is there anyway to
accomplish this idea?
And yes, I tried, FollowSymLinks .. :)
On 7/27/06, Anton Piatek [EMAIL PROTECTED] wrote:
Hi,
I was messing around with my config earlier and seem to have screwed
something up. Apache2-ctl says the config is syntactically correct, but
the root of the server / does not serve any pages - I get file not
found even if the file is
I am not sure if this is the right place to ask or not. How do I go
about disabling the use of web accelerators like FasterFox or the Google
Web Accelerator? I have noticed that several sites now have a warning pop
up if you are using such a device and refuse you access until it is
turned off.
My current situation of mod_authnz_ldap is still not good.
The issue was the ldap libraries which I had downloaded from the
OpenLDAP source.
The libraries were being installed in /usr/local/lib.
I had to point LDFLAGS to -L/usr/local/lib, and CPPFLAGS and CFLAGS to
-I/usr/local/include.
The
On Thursday 27 July 2006 14:39, Neil A. Hillard wrote:
Hi,
I'm currently using Apache 2.0 as an accelerator and performing a
certain amount of HTTP / HTML rewriting successfully. I'm currently
building a replacement server and am attempting to move to Apache 2.2
but appear to be
Joshua Slive wrote:
On 7/27/06, LDB [EMAIL PROTECTED] wrote:
Joshua Slive wrote:
On 7/27/06, LDB [EMAIL PROTECTED] wrote:
I am trying to put a symbolic link in the Directory directive's
argument list but it will not recognize it. Is there anyway to
accomplish this idea?
And yes, I
On 7/27/06, LDB [EMAIL PROTECTED] wrote:
Joshua Slive wrote:
On 7/27/06, LDB [EMAIL PROTECTED] wrote:
Joshua Slive wrote:
On 7/27/06, LDB [EMAIL PROTECTED] wrote:
I am trying to put a symbolic link in the Directory directive's
argument list but it will not recognize it. Is there
I think most sites which block it do it by checking the User-Agent header.
See http://httpd.apache.org/docs/2.2/howto/access.html and also the docs for
mod_access if thats what you really want.
However if the web program changes its User-Agent to match that of a well
known browser like IE or
56 matches
Mail list logo