On Fri, Apr 11, 2014 at 10:34 AM Andre Nathan wrote:
> The issue I'm facing is that a malicious user would still be able to find
> the real server address via Apache's SERVER_ADDR environment variable, eg.
> from a PHP script. I tried using SetEnv / SetEnvIf to change it's value or
> unset it,
On Fri, Apr 11, 2014 at 10:55 PM, Reindl Harald h.rei...@thelounge.netwrote:
simply list getenv in disable_functions, put ?php
$_SERVER['SERVER_ADDR']='';?
in a file listed in auto_prepend_file and you are done, no need to touch
httpd for
that and in case of security by obscurity allow to
Am 11.04.2014 15:34, schrieb Andre Nathan:
I'm trying to protect a webserver from DDoS attacks. The plan for this is to
not publish its IP address anywhere
public. DNS records point to a CDN service like CloudFlare. The CDN will sync
to the webserver via a random entry
in the zone, making
Would it be a good idea to allow SERVER_ADDR to optionally not be set? I
could work on a patch to do this if the idea is considered valid.
I think it's a reasonable switch to add, for the concern of
inadvertent disclosure from a script. Maybe just an environment
variable or note rather than a
On Fri, Apr 11, 2014 at 11:01 AM, Eric Covener cove...@gmail.com wrote:
I think it's a reasonable switch to add, for the concern of
inadvertent disclosure from a script. Maybe just an environment
variable or note rather than a directive since that directive would be
in the core.
Thanks. I
On Fri, Apr 11, 2014 at 12:28 PM, Andre Nathan andre...@gmail.com wrote:
On Fri, Apr 11, 2014 at 11:01 AM, Eric Covener cove...@gmail.com wrote:
I think it's a reasonable switch to add, for the concern of
inadvertent disclosure from a script. Maybe just an environment
variable or note rather
On Fri, Apr 11, 2014 at 3:31 PM, Eric Covener cove...@gmail.com wrote:
Should have been more clear, I meant a per-request environment
variable from r-subprocess_env (SetEnvIf/SetEnv) not a native one
I have a working patch for this too, but this would allow a user to use
UnsetEnv in his
On Fri, Apr 11, 2014 at 1:00 PM, Andre Nathan andre...@gmail.com wrote:
On Fri, Apr 11, 2014 at 3:31 PM, Eric Covener cove...@gmail.com wrote:
Should have been more clear, I meant a per-request environment
variable from r-subprocess_env (SetEnvIf/SetEnv) not a native one
I have a working
On Fri, Apr 11, 2014 at 3:00 PM, Andre Nathan andre...@gmail.com wrote:
On Fri, Apr 11, 2014 at 3:31 PM, Eric Covener cove...@gmail.com wrote:
Should have been more clear, I meant a per-request environment
variable from r-subprocess_env (SetEnvIf/SetEnv) not a native one
I have a working
Am 11.04.2014 21:15, schrieb Jeff Trawick:
On Fri, Apr 11, 2014 at 3:00 PM, Andre Nathan andre...@gmail.com
mailto:andre...@gmail.com wrote:
On Fri, Apr 11, 2014 at 3:31 PM, Eric Covener cove...@gmail.com
mailto:cove...@gmail.com wrote:
Should have been more clear, I meant
10 matches
Mail list logo