RE: [EMAIL PROTECTED] how to compile mod_security 2.x

2007-12-14 Thread Ryan Barnett
You are correct, the install instructions have changed for Mod 2.x. We address this issue in the documentation and in the FAQ - http://www.modsecurity.org/documentation/faq.html#d0e224 Additionally, you should probably sign up for the Mod mail-list and ask questions there - http://www.modsecurit

[EMAIL PROTECTED] how to compile mod_security 2.x

2007-12-14 Thread Qingshan Xie
I could compile mod_security-1.9.4 with Apache-2.0.61 on Solaris 8 easily but failed on 2.1.4. Seems 2.1.4 compilation is very different from 1.9.4. If some one has such experience, could you share it with me? Many Thx, Q.Xie

Re: [EMAIL PROTECTED] Question about installing apache 2.0.59 on solaris 10

2007-12-14 Thread Dragon
pdt_p wrote: Hi... Thank you for answering my question. The reason why i am not compile by my self because i don't have permission to install any application. basically i don't have permission to any root, usr and etc. I only have access to my home account. If I download the source, In my case

Re: [EMAIL PROTECTED] Question about installing apache 2.0.59 on solaris 10

2007-12-14 Thread pdt_p
Hi... Thank you for answering my question. The reason why i am not compile by my self because i don't have permission to install any application. basically i don't have permission to any root, usr and etc. I only have access to my home account. If I download the source, In my case above, is there

[EMAIL PROTECTED] Apache 2.2 DAV/2 problem

2007-12-14 Thread Russell E Glaue
I have a problem. Apache 2.2 DAV/2 changed the way it handles file properties, and now mod_dav does not work with NFS mounted partition anymore. When files are uploaded via WebDAV, and the properties are modified, a ".DAV" directory with associated property file(s) are created. Apache 2.0.* used:

[EMAIL PROTECTED] caching of static images

2007-12-14 Thread monarchs
A question about the caching of static images, if the response header contains both Expires and Etag, will the client browser make call to server to validate Etag is fresh. I want to avoid the 304 requests as I know the files will never change, and want to know if setting both headers causes any i

Re: [EMAIL PROTECTED] Question about installing apache 2.0.59 on solaris 10

2007-12-14 Thread Dragon
pdt_p wrote: Hi... I download binary distribution for Apache HTTP server version 2.0.55. i download it from : http://apache.wildit.net.au/httpd/binaries/solaris/ in the readme.bindist and install.bindist file, it say that i have to run install-bindist.sh in this case my path for apahce is /hom

Re: [EMAIL PROTECTED] Question about installing apache 2.0.59 on solaris 10

2007-12-14 Thread Joshua Slive
On Dec 14, 2007 1:34 AM, pdt_p <[EMAIL PROTECTED]> wrote: > > Hi... > > I download binary distribution for Apache HTTP server version 2.0.55. > i download it from : http://apache.wildit.net.au/httpd/binaries/solaris/ > in the readme.bindist and install.bindist file, it say that i have to run > inst

Re: [EMAIL PROTECTED] Running 2 VirtualHosts under different Users.

2007-12-14 Thread Joshua Slive
On Dec 14, 2007 2:47 AM, Christian Folini <[EMAIL PROTECTED]> wrote: > Hi there, > > I'd work with multiple apaches and possibly a proxy setup, > where the code writing one sits behind in the 2nd layer. Yep: http://wiki.apache.org/httpd/PrivilegeSeparation Joshua. ---

Re: [EMAIL PROTECTED] access.log problem

2007-12-14 Thread Steve Reilly
> > > Try the following: > > root> su - apache > apache> cd /var/log/apache > apache> echo test > access.log well, I think I might be making some progress, the above did in fact write test to the access.log (i physically made this log, not apache) > > That of course assumes that 'apache' is a wor

Re: [EMAIL PROTECTED] Content-length with 401 response.

2007-12-14 Thread Nick Kew
On Fri, 14 Dec 2007 15:23:05 +0530 "Pradeep" <[EMAIL PROTECTED]> wrote: > We have implemented a filter on Apache web server to force the basic > authentication for all the resources in the doc root folder. Why would you use a filter for that? > As per the RFC, we need to return 401 response to

Re: [EMAIL PROTECTED] RewriteRule exposing system directories

2007-12-14 Thread Neil A. Hillard
Hi, Vincent Bray wrote: > On 14/12/2007, Neil A. Hillard <[EMAIL PROTECTED]> wrote: >> To me this doesn't make sense. All rewriting is relative to the >> DocumentRoot anyway so you shouldn't have to include it in the >> RewriteRule. You can't use RewriteRule to map to arbitrary directories >> in

[EMAIL PROTECTED] Content-length with 401 response.

2007-12-14 Thread Pradeep
Hi , We have implemented a filter on Apache web server to force the basic authentication for all the resources in the doc root folder. As per the RFC, we need to return 401 response to any request for a file in doc root folder. Currently we are returning WWW-Authenticate as a mandatory fiel

Re: [EMAIL PROTECTED] RewriteRule exposing system directories

2007-12-14 Thread Vincent Bray
On 14/12/2007, Neil A. Hillard <[EMAIL PROTECTED]> wrote: > To me this doesn't make sense. All rewriting is relative to the > DocumentRoot anyway so you shouldn't have to include it in the > RewriteRule. You can't use RewriteRule to map to arbitrary directories > in the filesystem. Hi Neil, Tha

Re: [EMAIL PROTECTED] RewriteRule exposing system directories

2007-12-14 Thread Neil A. Hillard
Hi, Samuel Vogel wrote: > It seems like Apache just forgets about the "../". A relative path to > "../wcf/" called from "wbb.samy.domain.de" results in the following: > [Thu Dec 13 21:26:24 2007] [error] [client 160.94.18.117] File does not > exist: /data/apache/users/domain.de/samy/www/wbb/wcf, r