Users,
I found this in my access log this morning. The server is
Apache-1.3.19+mod_ssl-2.8.1 with mod_dav under Win2K
and hosts both HTTP and HTTPS.
63.251.5.48 - - [22/Mar/2001:05:40:58 -0500] "GET
http://www.yahoo.com/index.html HTTP/1.1" 200 1048
Has anyone else seen this, or know what
Never seen it before, but it looks like someone has their DNS set to your
server and thinks your server can return www.yahoo.com to their browser.
I'm assuming you aren't hosting www.yahoo.com on your server? The last two
figures are the html error code (200) and the size of the page returned
Most likely, somebody is trying to see if they can use your Apache server as
a web proxy. Based on the status code and file size returned, I would guess
that your server is not running the proxy module and the default virtual host
responded instead.
--- Deocs Postmaster [EMAIL PROTECTED]
hi
i'm problems starting Apache v1.3.19 compiled with mod_ssl v2.8.1-1.3.19
(OpenSSL v0.9.6) on HP-UX B.11.00 and SunOS v5.6 platforms. Apache starts
normally the mod_ssl SSL configuration is read (-DSSL option), but when
Apache is started without reading the SSL configs
-- Forwarded message --
Date: Thu, 22 Mar 2001 10:56:43 -0500
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Reselling Verisign Global SGC certs
From today to March 28, Equifax is selling Versign 128-bit Global
Server Gated Crytpo certificates at cost. The Verisign
Someone was testing to see if your machine is an open proxy. It appears
(from the 200 result code) that it is. 63.251.5.48 = InterNap, and I'm
guessing they are not authorized users?
It's not an ssl issue. You should look at the mod_proxy documentation to
make sure you are configured correctly.
What is 'at cost'?
I'm glad to see EquiFax offering competitive rates, but seriously, IMNSHO
these prices are still marked up several times what it actually costs
them.
Given my experiences of Verisign's customer service, I often wonder what
exactly they do for me.
thornton
On Thu, 22 Mar
Sounds like a job for ... OpenCA!!!
-Original Message-
From: Thornton Prime [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 22, 2001 08:21
To: [EMAIL PROTECTED]
Subject: Re: FYI - Equifax reselling Verisign Global SGC certs at cost!
What is 'at cost'?
I'm glad to see EquiFax
- Original Message -
From: "Deocs Postmaster" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, March 22, 2001 12:16 PM
Subject: what is this?
Users,
I found this in my access log this morning. The server is
Apache-1.3.19+mod_ssl-2.8.1 with mod_dav under Win2K
and hosts
Jon Lawrence wrote:
What has happened is that someone has telneted into your web server and
issued a get command. AFAIK no great mischief can be done by this. I believe
that I'm correct in saying that this is a feature of apache.
It is a feature of *all* HTTP servers. They are all open to
People;
Is anyone aware of a tool like apache bench (ab) for SSL?
Jeff Burgoyne
[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List
Is anyone aware of a tool like apache bench (ab) for SSL?
Try running ab thru stunnel
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL
Hi all.
I have been tuning my web farm (for the past 6 months now), and have had the
typical MSIE SSL issues along the way. I stumbled across a post today
regarding the SSLSessionCache (my config is below), and my question is which
session cache will give the best performance for my system?
I
Take a look at the program siege, (search on freshmeat.net), it benchmarks
web servers over SSL pretty well.
-Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Jeffrey Burgoyne
People;
Is anyone aware of a tool like apache bench (ab) for
Hi Max,
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Max Clark
Hi all.
I have been tuning my web farm (for the past 6 months now), and
have had the
typical MSIE SSL issues along the way. I stumbled across a post today
regarding the
Hi,
What has happened is that someone has telneted into your web server and
issued a get command. AFAIK no great mischief can be done by this. I believe
that I'm correct in saying that this is a feature of apache.
Try it for yourself.
I have a test server called testweb, if I do the following
I'm not really looking at benchmarking web servers, but to run performance
analysis on some of our on-line systems.
stunnell seems workable. Year end hours must make my brain fuzzy because I
should have thought of that.
I also considered putting SSL into the ab program itself. It doesn't
Hey thanks David,
Quick follow up:
(I've attached my build instructions with the modifications for
SSL_EXPERIMENTAL below, can you check?)
Should I assume that the "shmcb" cache would look something like this?
SSLSessionCache shmcb:/u1/httpd/logs/ssl_scache(1024000)
Given my experiences of Verisign's customer service, I often
wonder what
exactly they do for me.
Well, they gave me something to laugh about this morning.
http://www.microsoft.com/technet/security/bulletin/MS01-017.asp
--
Paul McGarrymailto:[EMAIL PROTECTED]
Systems Integrator
Browsing through the mod_ssl source code, I notice that ssl_engine_config.c
has a reference to stdin. Unfortunately I don't know lex/flex well enough
to understand why. What's up? When does mod_ssl need to read stdin?
I know that the default SSLPassPhraseDialog setup will cause it to prompt
Your configuration looks good, but I'm pretty sure
that --enable-rule=SSL_EXPERIMENTAL should be part of your APACI_ARGS when
configuring mod_perl, not when configuring mod_ssl.
Of course, if it works, maybe Ralf moved shmcb out of the SSL_EXPERIMENTAL
code? I'll have to look at the source to
Hello there,
I have spent hours pouring over the archives of this
list to find an answer to this problem. It seems that
none of the answers, so far, match this problem "exactly."
In other words, I have tried everything and nothing works.
No matter what I do, I get "Server not accepting
It sounds like you are not running "apachectl startssl", and just running
"apachectl start".
Personally, I've found those IfDefine SSL statements a PITA.
What I do is replace all IfDefine SSL statements with IfModule
mod_ssl.c, except for the ones around the mod_ssl LoadModule and AddModule
Thanks Dave,
Here are the results...
I have been starting the server with
/usr/local/sbin/apahectl sslstart
Then
/usr/local/sbin/apahectl start
(Am I supposed to do both - in that order?)
I installed curl (http://curl.haxx.se/) and
tested via the terminal
When I type...
Hey there,
Warning: long mail ahead. I've been meaning to explain some details of shmcb for
a while and here it is. I can now recede further into my woodwork knowing that
I've brain dumped a little :-) If you're at all interested in this stuff please
take a squint through this. It may also help
You definately don't need to be running both sslstart and then start, just
running sslstart should start up both http and https servers running on port
80 and 443.
You should have these statements in your httpd.conf
Port 80
IfDefine SSL
Listen 80
Listen 443
/IfDefine
If not, something else
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Geoff Thorpe
lots of good info snipped
Thanks for the lowdown on both session caches, Geoff.
It really seems to me that at this point, the shmcb cache should no longer
be part of the SSL_EXPERIMENTAL
Have you looked at Siege?
http://www.joedog.org/siege/index.html
It does pretty much the same thing as the Apache ab tool, and more.
-Dave
-Original Message-
From: [EMAIL PROTECTED]
I'm not really looking at benchmarking web servers, but to run performance
analysis on some of our
Hello ,
Iam using "openssl req" command to generate a
private key and certificate request for a
pache-nod_ssl server. Here I have to specify the
keysize in bits...if a keysize less than 384 is given
openssl reports that the size should atleast be 384.
If a size of 384 is given the key and
29 matches
Mail list logo
