Re: undefined error with mod_python
Thanks cd34 for your ideas. I use mod_python for other stuff on my server, but that doesn't prevent me from also using mod_wsgi. Especially, as it is already very well supported across python applications and is said to perform better than mod_python. Nonetheless, using mod_wsgi didn't help, I only got 500 codes. No error output in any log file although I even get info messages. I tested on a different system (should have done that much earlier), there I got error output and found, it's the EvalException middleware which I forgot to disable with [DEFAULT] debug = false That's it. Haven't tested with mod_python any more, but it works well with mod_wsgi. Does anybody have any further idea why I don't get error output on my production system? Thanks again Tim On 25 Apr., 02:29, cd34 mcd...@gmail.com wrote: LogLevel error or, at worst: LogLevel debug in your apache config might produce more results in your error logs. Your config looks right, but, the error logs are probably set to crit which is why you're not seeing anything of value in the logs. Remember you can also specify an ErrorLog directive in your virtualhost to cut down on messages. If you are not using mod_python for anything else on the server, you might also considerhttp://code.google.com/p/modwsgi/ -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group athttp://groups.google.com/group/pylons-discuss?hl=en. -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: DOS attacks
Sounds like you were hit by Slowloris (http://ha.ckers.org/slowloris/ ). AFAIK there is no way to defend against it with Apache, other than using some external service or a reverse proxy that is not vulnerable to it. Perhaps this might help: http://www.funtoo.org/en/security/slowloris/ Also, it was not necessarily distributed since the nature of attack could allow single machine used to attack. What do your logs say, how many IPs were involved? Vlad On 04/26/10 05:36, cd34 wrote: After dealing with a DDOS today on a site (non-pylons, but the issue is still the same), it became very evident that there are very few hooks in apache that allow you to drop a connection where it needs to be dropped. mod_security/mod_evasive don't hook apache early enough in the request phase to actually do what is needed. While fail2ban will work, IF you can identify the traffic, it does require the request to hit the logs. The problem with this attack was that the requests never hit the logs, but, apache was dispatching to the child waiting for the request to complete. I guess I could have run mod_forensic to see what the connections were, but, it wasn't compiled for this machine's architecture. iptables --recent support would have worked, but, the server was much too busy for that to work. In the end, I had to move over to nginx and use their limit_conn rule to prevent the attacks from overloading the machine. While I generally loathe throttling to control a DDOS, it did seem to handle it. Any load balancer may have prevented the traffic from hitting the origin server. Using varnish probably would have worked, but, would have required backend changes due to the IP address always showing the varnish server's IP. mod_rpaf would allow that to be remedied, but, Varnish changes things in mysterious ways at times. -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: undefined error with mod_python
On Apr 26, 7:01 pm, Tim-Erwin p...@tim-erwin.de wrote: Thanks cd34 for your ideas. I use mod_python for other stuff on my server, but that doesn't prevent me from also using mod_wsgi. Especially, as it is already very well supported across python applications and is said to perform better than mod_python. Nonetheless, using mod_wsgi didn't help, I only got 500 codes. No error output in any log file although I even get info messages. I tested on a different system (should have done that much earlier), there I got error output and found, it's the EvalException middleware which I forgot to disable with [DEFAULT] debug = false That's it. Haven't tested with mod_python any more, but it works well with mod_wsgi. Does anybody have any further idea why I don't get error output on my production system? Possibly because Paste server does special configuration of logging module which isn't done if one uses loadapp() by itself to generate a WSGI application entry point. See: http://wiki.pylonshq.com/display/pylonscookbook/Logging+under+mod_wsgi So, if you aren't already, introduce the fileConfig() call as described along with appropriate .ini file entries. Graham Thanks again Tim On 25 Apr., 02:29, cd34 mcd...@gmail.com wrote: LogLevel error or, at worst: LogLevel debug in your apache config might produce more results in your error logs. Your config looks right, but, the error logs are probably set to crit which is why you're not seeing anything of value in the logs. Remember you can also specify an ErrorLog directive in your virtualhost to cut down on messages. If you are not using mod_python for anything else on the server, you might also considerhttp://code.google.com/p/modwsgi/ -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group athttp://groups.google.com/group/pylons-discuss?hl=en. -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group athttp://groups.google.com/group/pylons-discuss?hl=en. -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Filter of @jsonify
How to filter log messages JSON responses with Array envelopes are susceptible to cross-site data leak attacks, see http://pylonshq.com/warnings/JSONArray; The log's is too large -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: YUI CSS grids deprecated in 3.1?
On Sat, Apr 24, 2010 at 3:21 PM, JohnWShipman j...@nmt.edu wrote: Should I stay with 2.8.0r4? Can anyone tell me why this package is deprecated, or suggest a suitable alternative that has the features of YUI's CSS Reset stylesheet and a grid layout? First, notice that Reset (and Fonts) has not been deprecated; just the grids: you can still use reset. I don't know why it's deprecated, but I have some suspicions: 1. So few layouts correspond perfectly with their grid system. I've noticed this in my own work; I WANT to use the YUI grids, and I start doing so, and eventually need to tweak something in a way that is not compatible with grids... and then I end up fighting with the framework. 2. CSS support is getting SO much better in browsers, that perhaps they figured we don't need grids anymore. Finally, you might try adding the old grids css to your stack after the reset from YUI 3.1... it might just work. -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: Filter of @jsonify
You might find this thread might solve the issue: http://groups.google.com/group/pylons-discuss/browse_thread/thread/744a1bea7928a223/ The URL in the error is also incorrect and should probably point to: http://wiki.pylonshq.com/display/pylonsfaq/Warnings -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: YUI CSS grids deprecated in 3.1?
We have worked now for a couple of projects with Blueprint, http://www.blueprintcss.org/ - I can really recommend that, it makes the layout just so easy you don't really have to think about it, especially if you have a grid-like layout with a fixed with (which most of our projects have). Jens -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: DOS attacks
On Apr 26, 5:03 am, Haron Media i...@haronmedia.com wrote: Also, it was not necessarily distributed since the nature of attack could allow single machine used to attack. What do your logs say, how many IPs were involved? Directly involved from slowloris, 2241 based on firewall counters. Total DDOS had 77861 originating IPs. While this isn't the first time I've seen slowloris from multiple machines, it is the first time I've seen it from very geographically diverse machines. While we did have clumps of machines involved, the breadth of machines involved was surprising. Varnish or Squid in front of the origin would have prevented the attack from getting to the Origin. My preference would have been Varnish since I can write VCL to filter out other requests. A layer 7 load balancer could also be used, but, again required changes to the backend. We ended up deploying Nginx in this case. My intended, but poorly communicated intent, was to explain that fail2ban is not a panacea to DDOS attacks. Since apache doesn't log the request early enough in the request processing, fail2ban will sit there 'failing 2 ban' the attackers. I think fail2ban must have some affiliate program based on the fact that every time anything regarding security is mentioned, half a dozen people suggest it. :) -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: DOS attacks
Varnish or Squid in front of the origin would have prevented the attack from getting to the Origin. My preference would have been Varnish since I can write VCL to filter out other requests. A layer 7 load balancer could also be used, but, again required changes to the backend. We ended up deploying Nginx in this case. Nginx is a good choice. My intended, but poorly communicated intent, was to explain that fail2ban is not a panacea to DDOS attacks. Since apache doesn't log the request early enough in the request processing, fail2ban will sit there 'failing 2 ban' the attackers. I think fail2ban must have some affiliate program based on the fact that every time anything regarding security is mentioned, half a dozen people suggest it. :) I never use fail2ban. I think lots of people suggest it is because it is mentioned in lots of (old) tutorials on system administration. :) And it is meaningless against slowloris, precisely because the logs don't show anything until well after the beginning of the attack, or when it is over. Anyways, so I was wondering how soon before the botnets start deploying slowloris. Seems like they already have. Vlad -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
SQLAlchemy DB locking via pylons
Hello, I am told that I should disable connection pooling this should help with DB locking. poolclass=NullPool Within the development.ini config file. Do I just set the below: sqlalchemy.poolclass=NullPool Much appreciated, Garyc -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: DOS attacks
On Apr 26, 4:19 pm, Haron Media i...@haronmedia.com wrote: Anyways, so I was wondering how soon before the botnets start deploying slowloris. Seems like they already have. So far, every machine we've checked that was hitting the machine with slowloris is running linux. Since Windows can't handle more than 130 sockets, its usefulness in slowloris is questionable. It does appear that one of the botnet payloads that runs on compromised linux machines does have the python code. Now if I could just find an IP or two in the USA that was involved. :) -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: DOS attacks
Since I originally posted this. I ported my servers to a new VPS. There was no real way to avoid the attacks on the VPS. Ideally I need to port my servers to a dedicated machine with an IDS infront to filter the blighters out. Soft-based solutions woul still take a hit on performance. On Apr 26, 3:35 pm, cd34 mcd...@gmail.com wrote: On Apr 26, 4:19 pm, Haron Media i...@haronmedia.com wrote: Anyways, so I was wondering how soon before the botnets start deploying slowloris. Seems like they already have. So far, every machine we've checked that was hitting the machine with slowloris is running linux. Since Windows can't handle more than 130 sockets, its usefulness in slowloris is questionable. It does appear that one of the botnet payloads that runs on compromised linux machines does have the python code. Now if I could just find an IP or two in the USA that was involved. :) -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group athttp://groups.google.com/group/pylons-discuss?hl=en. -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: YUI CSS grids deprecated in 3.1?
On Mon, Apr 26, 2010 at 1:29 PM, Jens Hoffrichter jens.hoffrich...@gmail.com wrote: We have worked now for a couple of projects with Blueprint, http://www.blueprintcss.org/ - I can really recommend that, it makes I really like the ideas of Blueprint and also the 960 one mentioned earlier. But both suffer from a pretty fundamental flaw: they cannot scale. They make pretty sites so long as you don't scale them too much. (Try it herehttp://www.blueprintcss.org/tests/parts/grid.html .) I don't mean scale like a database scales; I mean when you zoom-in on the browser to make the type and other elements bigger, the grids fall apart. They mostly fall apart gracefully, but what makes them attractive disappears (the vertical meter and so-forth). In my opinion, any decent css web grid system needs to be done in ems or percentages so this can work. Also, a nitpick about blueprint; it assumes a very small pixel size to start with (12px). Smaller text (like the demo sidebar herehttp://www.blueprintcss.org/tests/parts/sample.html) is even smaller. On some displays (like a 17 1920x1200 laptop) this is way too tiny. Of course most people don't have these displays, and as implied by the 960 most are still targeting 1024x768. But still. 12px is too small at 96dpi, let alone at higher ppi. Zoom-ability matters to me, and I think it should matter to anybody laying out pages. There is a derivative of the 960 one that is purports to be scalable... which I discovered today because of Doug earlier. Thanks! -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
using sessions to monitor progress of a long running controller action
Hi all, I have a controller action that takes a while to perform, since it does some heavy data processing to create analysis of data sets. I would like to be able to update the user as to the progress of the action, but I am having trouble. Currently, I have the long running controller action updating the beaker session object with its progress, and some client-side ajax to fetch the status from the session. The problem I am running into is that the session object does not appear to be updated until the end of the request, so none of the updates by the long running controller action get seen by the ajax call. I looked in the beaker documentation and tried switching all my calls from session.save() to session.persist() to force the session to immediately save to the back-end, but it still doesnt work properly. Maybe I am going about this all wrong, but any help would be greatly appreciated. -Charlie -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: YUI CSS grids deprecated in 3.1?
I've recently just finished a project using YUI-CSS version 2.8 (or whatever the last pre-version 3 is). It still works very well. I've used blueprintcss too. I found that full page width layouts were practically impossible to do, and was also frustrated by the fiddling involved with page width changes etc. Personally I would just use YUI 2 and wait for YUI 3 to get a grids engine... Michael On Apr 27, 8:58 am, Matt Feifarek matt.feifa...@gmail.com wrote: On Mon, Apr 26, 2010 at 1:29 PM, Jens Hoffrichter jens.hoffrich...@gmail.com wrote: We have worked now for a couple of projects with Blueprint, http://www.blueprintcss.org/- I can really recommend that, it makes I really like the ideas of Blueprint and also the 960 one mentioned earlier. But both suffer from a pretty fundamental flaw: they cannot scale. They make pretty sites so long as you don't scale them too much. (Try it herehttp://www.blueprintcss.org/tests/parts/grid.html .) I don't mean scale like a database scales; I mean when you zoom-in on the browser to make the type and other elements bigger, the grids fall apart. They mostly fall apart gracefully, but what makes them attractive disappears (the vertical meter and so-forth). In my opinion, any decent css web grid system needs to be done in ems or percentages so this can work. Also, a nitpick about blueprint; it assumes a very small pixel size to start with (12px). Smaller text (like the demo sidebar herehttp://www.blueprintcss.org/tests/parts/sample.html) is even smaller. On some displays (like a 17 1920x1200 laptop) this is way too tiny. Of course most people don't have these displays, and as implied by the 960 most are still targeting 1024x768. But still. 12px is too small at 96dpi, let alone at higher ppi. Zoom-ability matters to me, and I think it should matter to anybody laying out pages. There is a derivative of the 960 one that is purports to be scalable... which I discovered today because of Doug earlier. Thanks! -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group athttp://groups.google.com/group/pylons-discuss?hl=en. -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: using sessions to monitor progress of a long running controller action
use cache instead On Tue, Apr 27, 2010 at 8:06 AM, Charlie Meyer cemey...@gmail.com wrote: Hi all, I have a controller action that takes a while to perform, since it does some heavy data processing to create analysis of data sets. I would like to be able to update the user as to the progress of the action, but I am having trouble. Currently, I have the long running controller action updating the beaker session object with its progress, and some client-side ajax to fetch the status from the session. The problem I am running into is that the session object does not appear to be updated until the end of the request, so none of the updates by the long running controller action get seen by the ajax call. I looked in the beaker documentation and tried switching all my calls from session.save() to session.persist() to force the session to immediately save to the back-end, but it still doesnt work properly. Maybe I am going about this all wrong, but any help would be greatly appreciated. -Charlie -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.compylons-discuss%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en. -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: IIS + Pylons
I installed Pylons 9.6 on IIS6 on Windows Server 2003 and 2008 last winter. The crucial up-to-date component is the isapi-wsgi http://code.google.com/p/isapi-wsgi/ Be sure to install 4.1 or higher for the patch of appl_md_path I followed the instruction by Graham Higgins for Serving a Pylons app with IIS http://wiki.pylonshq.com/display/pylonscookbook/Serving+a+Pylons+app+with+IIS It is a very good how-to and worth carefully understanding and following each step. You don't get to run Pylons through wsgi until you've taken a bunch of baby steps, but they should give you confidence about what you are doing. Except for being placed somewhere in the IIS directory structure, Pylons under wsgi behaves the same as running with the paste server. The pain comes at the end, if you want to have more than one Web site on your IIS server. In the IIS directory structure, I couldn't see an easy way to do anything but put one Pylons project in IIS virtual directory ProjectA, accessible as http://ProjectA, and another Pylons project in IIS virtual directory ProjectB, etc. (And be sure each virtual directory has a separate resource pool.) Perhaps someone else has had an easier time with multiple Web sites. -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.