Re: [users@httpd] Possible virus via httpd server

a simple vhost and put a RewiteRule that (for reasons that I > don't > know) it didn't like, then it returned a failure. When I put it back > together, > I'll build up httpd.config slowly. > > Thanks, > Mike. > -- > Michael D. Berger > m.d.ber...@ieee.org &

Re: [users@httpd] Possible virus via httpd server

Was the index.html file modified in anyway? Did it call the executable? Any rewrites or any other files added to the path index.html resided? Sent from my iPhone > On Jan 4, 2016, at 8:21 PM, Michael D. Berger wrote: > > It was not overwritten. If you looked on the

Re: [users@httpd] Re: apache service interruption

You could potentially deny legitimate users access. I limit so many connections per second per source IP. If I knew I were getting a ton of traffic from a University I would have to adjust it accordingly. The setting in pfsense is Maximum new connections / per second(s) - that's per IP. My

Re: [users@httpd] Re: apache service interruption

Truthfully, I've always limited connections from the source IP via a firewall before the traffic is even passed to apache. On 08/01/2013 04:39 AM, Grant wrote: Two different things come to mind. Kingcope found an Apache byterange vulnerability and the PoC code he wrote for it exhausts the

Re: [users@httpd] substituting proxy

Burp Suite will do exactly this. http://portswigger.net/burp/ On 07/31/2013 06:04 AM, Robin Becker wrote: Not sure if I am using the right terminology, but I want to create a forward proxy that will allow me to substitute locally controlled content for some of the requests eg a specific remote

Re: [users@httpd] Re: apache service interruption

Two different things come to mind. Kingcope found an Apache byterange vulnerability and the PoC code he wrote for it exhausts the resources on a server running Apache. Only 1 instance of his perl script had to be ran. LOIC is another that could possible DoS your server from one source.

Re: [users@httpd] Re: apache service interruption

You can always compile from source ;) What version of Apache are you running? On 07/29/2013 02:59 AM, Grant wrote: Was it just an IP exhausting the apache service with too many connections? What do you see in the access logs? I use OSSEC HIDS on my apache servers to mitigate this. In the

Re: [users@httpd] SSL config - HTTPS not working

The only reason I asked was because I had done this before and had the virtualhost created for port 443 but forgot to a2ensite on the virtualhost. On 07/29/2013 02:59 AM, Yuvapriya s wrote: Yes.. I have configured Vhosts for port 443.. On Fri, Jul 26, 2013 at 2:56 PM, Michael D. Wood m

Re: [users@httpd] Re: apache service interruption

Also, you should be able to limit simultaneous client connections with your firewall and pass the traffic in a syn proxy state. There are numerous ways to achieve this. On 07/29/2013 03:18 AM, Michael D. Wood wrote: You can always compile from source ;) What version of Apache are you running

Re: [users@httpd] Re: apache service interruption

You wouldn't keep a syn proxy rule enabled all the time; only under a DoS attack. You could also implement ModSecurity. On 07/29/2013 02:07 PM, Grant wrote: Also, you should be able to limit simultaneous client connections with your firewall and pass the traffic in a syn proxy state. There

Re: [users@httpd] Re: apache service interruption

Was it just an IP exhausting the apache service with too many connections? What do you see in the access logs? I use OSSEC HIDS on my apache servers to mitigate this. -- Sent from my mobile device Michael D. Wood www.itsecuritypros.org Grant emailgr...@gmail.com wrote: My server has 4GB RAM

Re: [users@httpd] SSL config - HTTPS not working

Do you have a virtual host configured for the site SSL/443? On 07/26/2013 05:15 AM, Yuvapriya s wrote: Hi We had done split deployment of apache and tomcat and we are trying to configure ssl on apache. Modified the httpd_ssl.conf file and uncommented the lines to include mod_ssl.so

Re: [users@httpd] Router change issue

The new wireless router is configured the same way as your old router was? As in, the same network configuration and I'm assuming the server you have Apache running on has a static ip in the same network? Not much that has to change - port forward to your server running Apache. What are you