documentation states the return value is of lua-type "table",
it is actually of lua-type "userdata" and I can not seem my way
around accessing more then a single Set-Cookie header per
request. The latter is done via r.headers_out['Set-Cookie'],
but now I got stuck.
Any i
ay 18, 2015 at 06:58:15PM +0200, Daniel Gruno wrote:
> This should really go to users@, but anyway...
> You might want to take a look at:
>
> http://modlua.org/api/builtin#getcookie
> http://modlua.org/api/builtin#setcookie
>
> With regards,
> Daniel.
>
> On 2015-
lable
within the expression parser would simplify things a lot
(and get rid of timing and hook precedence issues).
Ahoj,
Christian Folini
--
Christian Folini -
Works fine here with event. At least so far.
Ahoj,
Christian Folini
--
The test of every religious, political, or educational system is the
man which it forms.
-- Henri-Frédéric Amiel
hat is too late for
ProxyErrorOverride AFAICT.
Ahoj,
Christian Folini
--
Christian Folini -
Rainer,
There is a commercial apache-based reverse proxy in Switzerland
(with substantial market share) which is able to use / create
a client certificate _per_ session.
So the client connects to the RP, performs authentication. When
creating the session serverside, the RP creates a client cert
, then the
development might be open in this regard (but it would certainly take
quite a while to get this out the door).
Cheers,
Christian Folini
--
https://www.feistyduck.com/training/modsecurity-training-course
mailto:christian.fol...@netnea.com
twitter: @ChrFolini
: Is this a missing feature or a bug? Does it
ring a bell? Or is there someone who can point out a better way,
how to pass on the certificate to the backend application?
best regards,
Christian
--
Christian Folini - <[EMAIL PROTECTED]>
does, that would be a very
> big result).
> But at the same time, compared to any other kind of tool that can be used
> against these
> scans, this one seems really cheap to implement, it does not seem to be easy
> to
> circumvent, and it seems to have at least a potential of bringing big
> benefits to the WWW
> at large.
>
> If there are reasonable objections to it, I am quite prepared to accept that,
> and drop it.
> I have already floated the idea in a couple of other places, and gotten what
> could be
> described as "tepid" responses. But it seems to me that most of the
> negative-leaning
> responses which I received so far, were more of the a-priori "it will never
> work" kind,
> rather than real objections based on real facts.
>
> So my hope here is that someone has the patience to read through this, and
> would have the
> additional patience to examine the idea "professionally".
>
--
Christian Folini -
do not have this configured, but I would be really
interested to see the effect on average load, connection
use and number of scanning attempts on a server.
Interesting discussion by the way. Maybe a bit hot, though.
Best,
Christian Folini
--
We have to remember that what we observe is not na
On Fri, May 03, 2013 at 09:39:44AM +1000, Noel Butler wrote:
> > real-time blacklist lookup (-> ModSecurity's @rbl operator).
>
> Try using that on busy servers (webhosts/ISP's)... might be fine for a
> SOHO, but in a larger commercial world, forget it, the impact is far
> far worse than the othe
.
Is this going to be fixed before the release?
Rainer's proposed patch worked here.
Regs,
Christian Folini
--
Christian Folini -
ul for reducing the memory
> footprint.
>
> Thanks,
>
> Mike Rumph
--
Christian Folini -
help with the holiday schedule.
Regards,
Christian Folini
--
Christian Folini -
roxyFCGIBackendType, fixing a regression with PHP-FPM. PR 61202.
> [Jacob Champion, Jim Jagielski]
>
> *) core: Avoid duplicate HEAD in Allow header.
> This is a regression in 2.4.24 (unreleased), 2.4.25 and 2.4.26.
> PR 61207. [Christophe Jaillet]
>
> > On Jul
part of the problem. He will issue
a new release as well.
So if you could backport this for 2.4.30 or a following release, it would
be very welcome.
Best regards,
Christian Folini
--
https://www.feistyduck.com/training/modsecurity-training-course
https://www.feistyduck.com/boo
Hey Yann,
On Fri, Feb 16, 2018 at 12:56:40PM +0100, Yann Ylavic wrote:
> On Fri, Feb 16, 2018 at 12:54 PM, Yann Ylavic wrote:
> > On Fri, Feb 16, 2018 at 11:47 AM, Christian Folini
> > wrote:
> >>
> >> We have just been told, that a regression affecting several
your good work!
Christian
On Fri, Feb 16, 2018 at 12:56:40PM +0100, Yann Ylavic wrote:
> On Fri, Feb 16, 2018 at 12:54 PM, Yann Ylavic wrote:
> > On Fri, Feb 16, 2018 at 11:47 AM, Christian Folini
> > wrote:
> >>
> >> We have just been told, that a regres
es too.
And it should be possible to set these timeouts in a way that a
subsequent header or a single post payload byte is not resetting
them to zero again.
Just my 2 cents
Christian Folini
--
If you shut your door to all errors truth will be shut out.
--- Rabindranath Tagore
Hello all,
In a heterogenous setup with multiple servers and reverse
proxies, life can be a burden. At times, the access log could help
by sharing some insight on the handler involved with
the response.
Unfortunately, mod_log_config does not give an easy way to log
this information.
Therefore I
On Mon, Feb 01, 2010 at 01:20:21AM +0200, Graham Leggett wrote:
> Definitely sounds good in principle.
thanks.
> Would it be possible to update the
> documentation for this as well? It involves updating the XML files in the
> documentation tree.
Sure. Here you go:
/data/svn/apache-2.2.x-docs/
On Tue, Feb 02, 2010 at 12:06:33AM +0200, Graham Leggett wrote:
> On 01 Feb 2010, at 10:59 PM, Christian Folini wrote:
>
>> Sure. Here you go:
>
> Committed to trunk, and proposed for backport to v2.2. Thanks for this.
My pleasure. Thank you.
Best,
Christian
--
We must be
|yQtJf8CoAB4AAFNXBIEA|GET /manual/de/ ...
or
+yQtJf8CoAB4AAFNXBIEA|956166333.123456|GET /manual/de/ ...
or
+yQtJf8CoAB4AAFNXBIEA|GET /manual/de/ ... |956166333.123456|
Best regards,
Christian Folini
--
Christian Folini -
think I could add a small timestamp patch for
mod_log_forensic for future convenience.
regs,
Christian
--
Christian Folini -
solve this problem
too.
Regards,
Christian Folini
--
First you make it, then it works, then you invite people to
make it better.
-- Eben Moglen, Free Software Foundation
n a request, a bogus request line may pass beneath the threshold
of the Core-Rules.
A simple, single directive to stop any protocol violations once
and for all is preferable in my eyes.
regs,
Christian Folini
>
> -Original Message- From: Stefan Fritsch
> Sent: Wednesday, Novembe
ed its timestamps
but it is still possible to get a value which more or less represents
up- and downstream bandwidth. Still, you should not trust it too much.
Regs,
Christian Folini
--
Christian Folini -
mailinglist for help. This list is for httpd development.
Cheers,
Christian Folini
Then you should turn to the ModSecurity
On Fri, Jan 18, 2013 at 09:33:04AM +, Chau Pham wrote:
> Thank you, I saw this line below in access log while it was playing m3u3
> file, one of chunk below. 172.16.
28 matches
Mail list logo
