a vendor is setting up on-prem internal servers for us:
vendor told us he needs SSL certs for the 5 servers (there's 5 URLs
given) not for users to access but for server to server communications
Q1:
Shall we use self-signed certs in this case & usually for how long
these certs should be valid (eve
Also,
can we safely say CVE-2019-0217 & CVE-2019-0215 affects "2.4.17 through
2.4.38 with MPM event, worker or prefork" only (just like CVE-2019-0211)?
How do I check if we have "MPM event, worker or prefork" in our Apache?
On Sat, Apr 6, 2019 at 10:59 PM Sunhux G wr
Are above CVEs affecting Apache httpd (ie web servers) 2.4.x only
& other lower versions (eg: our Solaris 10's Apache/2.0.63) are not
affected?
Can point me to where to get the patches for RHEL7/RHEL6
in Red Hat support portal or anywhere else that's reliable??
Sun
Understand Apache web servers (runs on Unix only) & Apache Struts
(can run in Windows & appliances) are different things:
Q1:
Can the various VA scanners (like Nessus & McAfee Vulnerability Manager)
detect the presence of Struts or you'll need to login to individual servers/
endpoints or have an a
After making changes to httpd.conf, can I just issue
1) "kill -HUP httpd_instance_pid" for the change to take effect or
2) "service httpd reload" or
3) "service httpd restart"
Select one or more of the above correct options
Thanks
Sun
-
Thanks.
I'll verify on Mon using the tool Zeek suggested or openssl:
openssl s_client -cipher '!DH:!ADH:RC4+RSA:HIGH:MEDIUM:
!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM'
-
The official User-To-User support forum of the Apache HTTP Ser
ay 29, 2011 at 10:48 PM, sunhux G wrote:
> I'm newbie to encryption & beginner to Apache.
>
>
> Length: 81
> Handshake Protocol: Server Hello
> Handshake Type: Server Hello (2)
> Length: 77
> Version: TLS 1.0 (0x0301)
> Random
> gmt_unix_time: May 23,
I'm new to Apache & to my environment too.
We run 4 Apache V2.0.52 & I've seeing high load averages (of 3 to 13)
reported by "top" on the Linux RHES 4.6 for the 1, 5 & 15 minutes avgs
on 3 of our webservers. All the servers' CPU are generally idle except
one webserver which sometimes hit 90-100%
Note that in my current Apache config file, there's a line below which does not
mention anything on Diffie-Hellman, so my guess is Apache must have selected
/enabled DH by default. How can I explicitly turn it off?
SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
I'm thinking of usi
I'm newbie to encryption & beginner to Apache.
Length: 81
Handshake Protocol: Server Hello
Handshake Type: Server Hello (2)
Length: 77
Version: TLS 1.0 (0x0301)
Random
gmt_unix_time: May 23, 2011 11:01:51.00
random_bytes: C0C48BA2.
Session ID Length: 32
Session
Yes, there are entries. So I have to get our monitoring team to
tune CA to poll every 30 secs for 10 mins to be sure we don't
get false alerts?
U
On Sun, Dec 26, 2010 at 2:40 AM, Joost de Heer wrote:
> On 12/25/2010 05:08 PM, sunhux G wrote:
>
>> Question is how do I det
I configured my Apache to listen on tcp 83, 446 & 86.
Our monitoring team uses CA Unicentre (awservices) to monitor the
Apache's ports & I often get the alerts below which always recover
within 2-5 minutes.
Our monitoring team asserts that there's nothing wrong with their
monitoring tool (CA) as
12 matches
Mail list logo