for your good work!
Christian
On Fri, Feb 16, 2018 at 12:56:40PM +0100, Yann Ylavic wrote:
> On Fri, Feb 16, 2018 at 12:54 PM, Yann Ylavic <ylavic@gmail.com> wrote:
> > On Fri, Feb 16, 2018 at 11:47 AM, Christian Folini
> > <christian.fol...@netnea.com> wrote:
>
Hey Yann,
On Fri, Feb 16, 2018 at 12:56:40PM +0100, Yann Ylavic wrote:
> On Fri, Feb 16, 2018 at 12:54 PM, Yann Ylavic <ylavic@gmail.com> wrote:
> > On Fri, Feb 16, 2018 at 11:47 AM, Christian Folini
> > <christian.fol...@netnea.com> wrote:
> >>
> >&
will issue
a new release as well.
So if you could backport this for 2.4.30 or a following release, it would
be very welcome.
Best regards,
Christian Folini
--
https://www.feistyduck.com/training/modsecurity-training-course
https://www.feistyduck.com/books/modsecurity-handbook/
mailto:christian.fol
roxyFCGIBackendType, fixing a regression with PHP-FPM. PR 61202.
> [Jacob Champion, Jim Jagielski]
>
> *) core: Avoid duplicate HEAD in Allow header.
> This is a regression in 2.4.24 (unreleased), 2.4.25 and 2.4.26.
> PR 61207. [Christophe Jaillet]
>
> >
d help with the holiday schedule.
Regards,
Christian Folini
--
Christian Folini - <christian.fol...@netnea.com>
r reducing the memory
> footprint.
>
> Thanks,
>
> Mike Rumph
--
Christian Folini - <christian.fol...@netnea.com>
n in this regard (but it would certainly take
quite a while to get this out the door).
Cheers,
Christian Folini
--
https://www.feistyduck.com/training/modsecurity-training-course
mailto:christian.fol...@netnea.com
twitter: @ChrFolini
Rainer,
There is a commercial apache-based reverse proxy in Switzerland
(with substantial market share) which is able to use / create
a client certificate _per_ session.
So the client connects to the RP, performs authentication. When
creating the session serverside, the RP creates a client cert
for
ProxyErrorOverride AFAICT.
Ahoj,
Christian Folini
--
Christian Folini - <christian.fol...@netnea.com>
Works fine here with event. At least so far.
Ahoj,
Christian Folini
--
The test of every religious, political, or educational system is the
man which it forms.
-- Henri-Frédéric Amiel
lable
within the expression parser would simplify things a lot
(and get rid of timing and hook precedence issues).
Ahoj,
Christian Folini
--
Christian Folini - <christian.fol...@netnea.com>
, 2015 at 06:58:15PM +0200, Daniel Gruno wrote:
This should really go to users@, but anyway...
You might want to take a look at:
http://modlua.org/api/builtin#getcookie
http://modlua.org/api/builtin#setcookie
With regards,
Daniel.
On 2015-05-18 16:53, Christian Folini wrote:
Hello
to be fixed before the release?
Rainer's proposed patch worked here.
Regs,
Christian Folini
--
Christian Folini - christian.fol...@netnea.com
On Fri, May 03, 2013 at 09:39:44AM +1000, Noel Butler wrote:
real-time blacklist lookup (- ModSecurity's @rbl operator).
Try using that on busy servers (webhosts/ISP's)... might be fine for a
SOHO, but in a larger commercial world, forget it, the impact is far
far worse than the other
this configured, but I would be really
interested to see the effect on average load, connection
use and number of scanning attempts on a server.
Interesting discussion by the way. Maybe a bit hot, though.
Best,
Christian Folini
--
We have to remember that what we observe is not nature herself, but
nature
professionally.
--
Christian Folini - christian.fol...@netnea.com
timestamps
but it is still possible to get a value which more or less represents
up- and downstream bandwidth. Still, you should not trust it too much.
Regs,
Christian Folini
--
Christian Folini - christian.fol...@netnea.com
mailinglist for help. This list is for httpd development.
Cheers,
Christian Folini
Then you should turn to the ModSecurity
On Fri, Jan 18, 2013 at 09:33:04AM +, Chau Pham wrote:
Thank you, I saw this line below in access log while it was playing m3u3
file, one of chunk below. 172.16.33.168
in a request, a bogus request line may pass beneath the threshold
of the Core-Rules.
A simple, single directive to stop any protocol violations once
and for all is preferable in my eyes.
regs,
Christian Folini
-Original Message- From: Stefan Fritsch
Sent: Wednesday, November 7, 2012 12:26
this problem
too.
Regards,
Christian Folini
--
First you make it, then it works, then you invite people to
make it better.
-- Eben Moglen, Free Software Foundation
|yQtJf8CoAB4AAFNXBIEA|GET /manual/de/ ...
or
+yQtJf8CoAB4AAFNXBIEA|956166333.123456|GET /manual/de/ ...
or
+yQtJf8CoAB4AAFNXBIEA|GET /manual/de/ ... |956166333.123456|
Best regards,
Christian Folini
--
Christian Folini - christian.fol...@netnea.com
timestamp patch for
mod_log_forensic for future convenience.
regs,
Christian
--
Christian Folini - christian.fol...@netnea.com
On Tue, Feb 02, 2010 at 12:06:33AM +0200, Graham Leggett wrote:
On 01 Feb 2010, at 10:59 PM, Christian Folini wrote:
Sure. Here you go:
Committed to trunk, and proposed for backport to v2.2. Thanks for this.
My pleasure. Thank you.
Best,
Christian
--
We must be diligent, we must keep
Hello all,
In a heterogenous setup with multiple servers and reverse
proxies, life can be a burden. At times, the access log could help
by sharing some insight on the handler involved with
the response.
Unfortunately, mod_log_config does not give an easy way to log
this information.
Therefore
or a single post payload byte is not resetting
them to zero again.
Just my 2 cents
Christian Folini
--
If you shut your door to all errors truth will be shut out.
--- Rabindranath Tagore
is: Is this a missing feature or a bug? Does it
ring a bell? Or is there someone who can point out a better way,
how to pass on the certificate to the backend application?
best regards,
Christian
--
Christian Folini - [EMAIL PROTECTED]
26 matches
Mail list logo