up Apache supporters; your patience is appreciated by
the majority of us! And we don't swear and blame you when we can't
come to grips with reality!
Regards,
John
--
*Kevin A. McGrail*
/CEO Emeritus/
*Peregrine Computer Consultants Corporation*
+1.703.798.0171
On 6/14/2015 8:47 AM, Kevin A. McGrail wrote:
Happy to report that after the server issue and then then SVN
maintenance ruined rules for too long, we are back to publishing as of
last night.
My apologies. I apparently can't keep lists straight
Happy to report that after the server issue and then then SVN
maintenance ruined rules for too long, we are back to publishing as of
last night.
Regards,
KAM
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For
FYI:
wget http://apache.mesi.com.ar//httpd/httpd-2.2.29.tar.gz
--2015-05-15 10:33:31-- http://apache.mesi.com.ar//httpd/httpd-2.2.29.tar.gz
Resolving apache.mesi.com.ar... 2400:cb00:2048:1::681c:1647,
2400:cb00:2048:1::681c:1747, 104.28.23.71, ...
Connecting to
riaditeľ
Hroznová 4664/9
902 01 Pezinok
+421 948 605 300
i...@odpadovyhospodar.sk mailto:i...@odpadovyhospodar.sk
www.odpadovyhospodar.sk http://www.odpadovyhospodar.sk/
*From:*Kevin A. McGrail [mailto:kmcgr...@pccc.com]
*Sent:* Wednesday, April 15, 2015 4:10 PM
*To:* Odpadový hospodár s.r.o
Vernon, do you have a recommended score for the implementation of DCC
with SA? There are concerns that bulk mail from good senders has been
hit by DCC which is completely by design.
Vernon replied off-list so I wanted to bring the relevant portion back
to the list:
My general suggestion is
On 4/16/2015 6:54 AM, Kevin A. McGrail wrote:
Vernon, do you have a recommended score for the implementation of DCC
with SA? There are concerns that bulk mail from good senders has been
hit by DCC which is completely by design.
Vernon replied off-list so I wanted to bring the relevant
Sorry again to the httpd team. It's not my intention to troll for more
committers on the SA project by posting here. ;-)
Nope, my issue is a very simple problem some other Thunderbird users
might understand in that there have been problems where the address book
has suddenly forgotten the
Anyone use this RBL or familiar with it? Pros/cons? Efficacy data?
regards,
KAM
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
On 3/18/2015 10:07 AM, Kevin A. McGrail wrote:
Anyone use this RBL or familiar with it? Pros/cons? Efficacy data?
Incorrectly posted to Http, please ignore.
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
Hello All,
We are protecting server-status and info with basic auth using a config
block similar to the following:
Location /server-info
SetHandler server-info
#Order deny,allow
#Deny from all
#Allow from .example.com
AuthType basic
AuthName Apache Info
On 6/18/2013 10:11 PM, Jim Albert wrote:
This should be relevant:
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslrequiressl
Thanks Jim. That worked like a charm.
regards,
KAM
-
To unsubscribe, e-mail:
On 4/19/2013 9:44 AM, Neil Aggarwal wrote:
This is strange. I did a fresh install of CentOS 6.4 on a virtual
server and then did a yum install httpd.
The apache server responds to local requests but not requests
over eth0. I checked the Listen directive in httpd.conf and
it is not restricted.
On 2/27/2013 2:10 PM, Matthew Smith wrote:
Trying to get openssl to work locally. This is the error in my log file:
[warn] Init: Session Cache is not configured [hint: SSLSessionCache]
It led me to this via google, and I tried to make sure it was
implemented properly:
On 2/27/2013 3:27 PM, Matthew Smith wrote:
I meant to have it off the base path.
Then remove the leading slash. I wonder if you are loading the module
for mod_ssl.c earlier in your config? I seem to remember I get this
error even on servers where I don't have mod_ssl enabled.
regards,
KAM
Thanks Nick!
Sounds a lot like this much more detailed account:
http://blog.unmaskparasites.com/2012/09/10/malicious-apache-module-injects-iframes/
Regards,
KAM
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
http://arstechnica.com/security/2012/12/apache-plugin-turns-legit-sites-into-bank-attack-platforms/
Annoyingly, the article doesn't say what plugin names to look for.
Anyone know if this is something we should be looking for? Any specific
plugin names, etc.?
Regards,
KAM
On 11/13/2012 11:12 AM, Lester Caine wrote:
Ben Johnson wrote:
You, good sir, would be well-served to install mod_info, which will tell
you exactly which directives are being applied to which containers. We
can guess at this all day, but there are a number of reasons for which
you might be
On 11/1/2012 12:59 AM, ABHISHEK GUPTA wrote:
I want to configure apache in a way that all the request from mobile
browsers are redirected to a separate virtualhost and requests from
desktop browsers are served from another virtualhost.
Abhishek,
Because I recommend that the mobile site have
On 10/2/2012 7:34 AM, Regev Ayelet wrote:
Even after installing httpd patch provided by Apache, nessus scanning system is
claiming:
You have to email your scanning company and let them know it is
patched. They are only checking the version of Apache and most scanners
are pretty stupid at
On 10/2/2012 7:41 AM, Regev Ayelet wrote:
Thank you for the quick response...
Do you know when 2.0.65 will be ready?
Other than the same information you have that they are working on a
release, no.
-
To unsubscribe, e-mail:
On 9/14/2012 12:24 AM, val john wrote:
im hosting close to 20 zip files in my site each close to 180MB in
size , some times when i download one of the files .. its stops in
the middle ( after 80MB ) ,And some times it get downloaded full file
without any problem . is there any thing that i
On 9/14/2012 10:37 AM, Tom Evans wrote:
Timeout is for individual read/writes. You can still download files
that take longer than Timeout seconds to download :)
Good point. I use a cgi that runs and actually sends the files which I
think is why I run afoul of this.
Regards,
KAM
On 8/28/2012 7:59 PM, Jeff Trawick wrote:
IIRC, this has always been the behavior of mod_cgid -- anything the
mod_cgid daemon process needs to log is written to its stderr, which
is the main server error log.
Makes sense. Any thoughts on the impact of switching away from an event
based MPM
Morning All,
From the docs at http://httpd.apache.org/docs/current/logs.html, we have:
If |CustomLog
http://httpd.apache.org/docs/current/mod/mod_log_config.html#customlog| or
|ErrorLog http://httpd.apache.org/docs/current/mod/core.html#errorlog|
directives are placed inside a |VirtualHost
On 8/28/2012 11:06 AM, Eric Covener wrote:
The same errors duplicated, or a mix? Are you sure the only local
interface used is 1.2.3.4? If it's munged.com on any other
interface, it won't use that VH.
Different errors and using multiple IPs sorry.
A more complete config file is attached with
On 8/28/2012 12:15 PM, Eric Covener wrote:
Perhaps all the captured stderr is somehow getting redirected to the default
error log? Perhaps something to do with using suexec?
Yes, stderr can only go one place, and it's the main server error log.
This is independent of suexec.
This changed for
On 8/28/2012 12:30 PM, Jeff Trawick wrote:
Are you using mod_cgid or mod_cgi with 2.0 and 2.2?
Aha! No, I don't think so, no. Spot checking a 2.2 server, I do not
have mod_cgi(d). However, on this 2.4 server, I do have mod_cgid
enabled right now because without it, my cgis were not being
On 8/28/2012 1:50 PM, Jeff Trawick wrote:
On Tue, Aug 28, 2012 at 1:21 PM, Kevin A. McGrail kmcgr...@pccc.com wrote:
On 8/28/2012 12:30 PM, Jeff Trawick wrote:
Are you using mod_cgid or mod_cgi with 2.0 and 2.2?
Aha! No, I don't think so, no. Spot checking a 2.2 server, I do not have
mod_cgi
I have a set of pictures that I protect with .htaccess. This is
currently configured using Basic Auth. The .htaccess file protects ONLY
the images/thumbnails but not the html that loads the images and thumbnails.
AuthName POAC-NoVA Members Only
AuthType Basic
AuthUserFile
How exactly do you protect the resources? Via Directory or FileMatch?
the /photos/ dir has a .htaccess file in it that uses this .htaccess file:
AuthName POAC-NoVA Members Only
AuthType Basic
AuthUserFile /var/opt/htdocs/poac/.htpasswd
require valid-user
That would be via Directory, yes?
On 1/16/2012 4:29 PM, Igor Cicimov wrote:
I have a feeling that IE and FF exibit the same behavor its just that
FF automatically supplies the credentials without prompting you all
the time.
I had similar thoughts. However, with IE, I typically will get some
password error log entries
any idea how to start researching which is the leaky script
Checking the access log for the same ip that was getting the errors you
found in the error_log is a good start.
-
The official User-To-User support
Anyway, I am more wondering if 2.2.22 is even on track to address
these issues. Or if there are patches for 2.2.X (I found trunk
patches but they only dealt with some of the CVE and didn't address
the 2.2 branch). The amount of information available for these CVEs
since sparse compared to
Good Morning,
I was wondering if there was any update on CVE-2011-3607
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3607 and
CVE-2011-4415
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4415 which
are bugs in mod_setenvif?
Our server is being flagged for PCI
On 12/21/2011 1:18 PM, Pete Houston wrote:
On Wed, Dec 21, 2011 at 12:42:02PM -0500, Kevin A. McGrail wrote:
Our server is being flagged for PCI non-compliance because of these
CVE's but there doesn't appear to be a fix, a workaround or any
information I can find.
There seem to be 2 obvious
36 matches
Mail list logo
