mod_lua: Accessing multiple Set-Cookie response headers

2015-05-18 Thread Christian Folini
documentation states the return value is of lua-type "table", it is actually of lua-type "userdata" and I can not seem my way around accessing more then a single Set-Cookie header per request. The latter is done via r.headers_out['Set-Cookie'], but now I got stuck. Any i

Re: mod_lua: Accessing multiple Set-Cookie response headers

2015-05-18 Thread Christian Folini
ay 18, 2015 at 06:58:15PM +0200, Daniel Gruno wrote: > This should really go to users@, but anyway... > You might want to take a look at: > > http://modlua.org/api/builtin#getcookie > http://modlua.org/api/builtin#setcookie > > With regards, > Daniel. > > On 2015-

Re: Expression Parser: search and replace with s/PATTERN/REPLACEMENT/FLAGS

2015-10-01 Thread Christian Folini
lable within the expression parser would simplify things a lot (and get rid of timing and hook precedence issues). Ahoj, Christian Folini -- Christian Folini -

Re: "httpd -X" segfaults with 2.4.17

2015-10-16 Thread Christian Folini
Works fine here with event. At least so far. Ahoj, Christian Folini -- The test of every religious, political, or educational system is the man which it forms. -- Henri-Frédéric Amiel

Re: reverse proxy wishlist

2015-12-05 Thread Christian Folini
hat is too late for ProxyErrorOverride AFAICT. Ahoj, Christian Folini -- Christian Folini -

Re: Allow SSLProxy* config in context?

2016-04-13 Thread Christian Folini
Rainer, There is a commercial apache-based reverse proxy in Switzerland (with substantial market share) which is able to use / create a client certificate _per_ session. So the client connects to the RP, performs authentication. When creating the session serverside, the RP creates a client cert

Re: HTTP/1.1 strict ruleset

2016-08-03 Thread Christian Folini
, then the development might be open in this regard (but it would certainly take quite a while to get this out the door). Cheers, Christian Folini -- https://www.feistyduck.com/training/modsecurity-training-course mailto:christian.fol...@netnea.com twitter: @ChrFolini

Problems with SSL environment variable SSL_CLIENT_CERT as http header

2005-12-12 Thread Christian Folini
: Is this a missing feature or a bug? Does it ring a bell? Or is there someone who can point out a better way, how to pass on the certificate to the backend application? best regards, Christian -- Christian Folini - <[EMAIL PROTECTED]>

Re: URL scanning by bots

2013-04-30 Thread Christian Folini
does, that would be a very > big result). > But at the same time, compared to any other kind of tool that can be used > against these > scans, this one seems really cheap to implement, it does not seem to be easy > to > circumvent, and it seems to have at least a potential of bringing big > benefits to the WWW > at large. > > If there are reasonable objections to it, I am quite prepared to accept that, > and drop it. > I have already floated the idea in a couple of other places, and gotten what > could be > described as "tepid" responses. But it seems to me that most of the > negative-leaning > responses which I received so far, were more of the a-priori "it will never > work" kind, > rather than real objections based on real facts. > > So my hope here is that someone has the patience to read through this, and > would have the > additional patience to examine the idea "professionally". > -- Christian Folini -

Re: URL scanning by bots

2013-05-01 Thread Christian Folini
do not have this configured, but I would be really interested to see the effect on average load, connection use and number of scanning attempts on a server. Interesting discussion by the way. Maybe a bit hot, though. Best, Christian Folini -- We have to remember that what we observe is not na

Re: URL scanning by bots

2013-05-02 Thread Christian Folini
On Fri, May 03, 2013 at 09:39:44AM +1000, Noel Butler wrote: > > real-time blacklist lookup (-> ModSecurity's @rbl operator). > > Try using that on busy servers (webhosts/ISP's)... might be fine for a > SOHO, but in a larger commercial world, forget it, the impact is far > far worse than the othe

2.2.25 build problem (was: Re: svn commit: r1497466 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS modules/ssl/ssl_engine_io.c)

2013-07-09 Thread Christian Folini
. Is this going to be fixed before the release? Rainer's proposed patch worked here. Regs, Christian Folini -- Christian Folini -

Re: Tool to analyze and minimize loaded modules.

2017-05-18 Thread Christian Folini
ul for reducing the memory > footprint. > > Thanks, > > Mike Rumph -- Christian Folini -

Re: 2.4.27

2017-07-03 Thread Christian Folini
help with the holiday schedule. Regards, Christian Folini -- Christian Folini -

Re: 2.4.27

2017-07-06 Thread Christian Folini
roxyFCGIBackendType, fixing a regression with PHP-FPM. PR 61202. > [Jacob Champion, Jim Jagielski] > > *) core: Avoid duplicate HEAD in Allow header. > This is a regression in 2.4.24 (unreleased), 2.4.25 and 2.4.26. > PR 61207. [Christophe Jaillet] > > > On Jul

Backporting 1823047 for 2.4.30 / 2.4.3x?

2018-02-16 Thread Christian Folini
part of the problem. He will issue a new release as well. So if you could backport this for 2.4.30 or a following release, it would be very welcome. Best regards, Christian Folini -- https://www.feistyduck.com/training/modsecurity-training-course https://www.feistyduck.com/boo

Re: Backporting 1823047 for 2.4.30 / 2.4.3x?

2018-02-18 Thread Christian Folini
Hey Yann, On Fri, Feb 16, 2018 at 12:56:40PM +0100, Yann Ylavic wrote: > On Fri, Feb 16, 2018 at 12:54 PM, Yann Ylavic wrote: > > On Fri, Feb 16, 2018 at 11:47 AM, Christian Folini > > wrote: > >> > >> We have just been told, that a regression affecting several

Re: Backporting 1823047 for 2.4.30 / 2.4.3x?

2018-02-28 Thread Christian Folini
your good work! Christian On Fri, Feb 16, 2018 at 12:56:40PM +0100, Yann Ylavic wrote: > On Fri, Feb 16, 2018 at 12:54 PM, Yann Ylavic wrote: > > On Fri, Feb 16, 2018 at 11:47 AM, Christian Folini > > wrote: > >> > >> We have just been told, that a regres

Re: [Fwd: Slowloris]

2009-06-22 Thread Christian Folini
es too. And it should be possible to set these timeouts in a way that a subsequent header or a single post payload byte is not resetting them to zero again. Just my 2 cents Christian Folini -- If you shut your door to all errors truth will be shut out. --- Rabindranath Tagore

[PATCH] Logging the handler in the access log

2010-01-31 Thread Christian Folini
Hello all, In a heterogenous setup with multiple servers and reverse proxies, life can be a burden. At times, the access log could help by sharing some insight on the handler involved with the response. Unfortunately, mod_log_config does not give an easy way to log this information. Therefore I

Re: [PATCH] Logging the handler in the access log

2010-02-01 Thread Christian Folini
On Mon, Feb 01, 2010 at 01:20:21AM +0200, Graham Leggett wrote: > Definitely sounds good in principle. thanks. > Would it be possible to update the > documentation for this as well? It involves updating the XML files in the > documentation tree. Sure. Here you go: /data/svn/apache-2.2.x-docs/

Re: [PATCH] Logging the handler in the access log

2010-02-01 Thread Christian Folini
On Tue, Feb 02, 2010 at 12:06:33AM +0200, Graham Leggett wrote: > On 01 Feb 2010, at 10:59 PM, Christian Folini wrote: > >> Sure. Here you go: > > Committed to trunk, and proposed for backport to v2.2. Thanks for this. My pleasure. Thank you. Best, Christian -- We must be

A timestamp for mod_log_forensic (?)

2011-03-30 Thread Christian Folini
|yQtJf8CoAB4AAFNXBIEA|GET /manual/de/ ... or +yQtJf8CoAB4AAFNXBIEA|956166333.123456|GET /manual/de/ ... or +yQtJf8CoAB4AAFNXBIEA|GET /manual/de/ ... |956166333.123456| Best regards, Christian Folini -- Christian Folini -

Re: A timestamp for mod_log_forensic (?)

2011-03-30 Thread Christian Folini
think I could add a small timestamp patch for mod_log_forensic for future convenience. regs, Christian -- Christian Folini -

Re: Proposal: adoption of mod_firehose subproject

2011-12-13 Thread Christian Folini
solve this problem too. Regards, Christian Folini -- First you make it, then it works, then you invite people to make it better. -- Eben Moglen, Free Software Foundation

Re: Rethinking "be liberal in what you accept"

2012-11-08 Thread Christian Folini
n a request, a bogus request line may pass beneath the threshold of the Core-Rules. A simple, single directive to stop any protocol violations once and for all is preferable in my eyes. regs, Christian Folini > > -Original Message- From: Stefan Fritsch > Sent: Wednesday, Novembe

Re: Add bandwidth information to access_log

2013-01-18 Thread Christian Folini
ed its timestamps but it is still possible to get a value which more or less represents up- and downstream bandwidth. Still, you should not trust it too much. Regs, Christian Folini -- Christian Folini -

Re: Add bandwidth information to access_log

2013-01-18 Thread Christian Folini
mailinglist for help. This list is for httpd development. Cheers, Christian Folini Then you should turn to the ModSecurity On Fri, Jan 18, 2013 at 09:33:04AM +, Chau Pham wrote: > Thank you, I saw this line below in access log while it was playing m3u3 > file, one of chunk below. 172.16.