Re: [users@httpd] Avoiding host header exploit in apache

Define servername with the ip if necessary and do not use RewriteRules which use %{HTTP_HOST} variable, specify your ip/host manually in the rewrite. El vie, 27 ago 2021 a las 10:42, alchemist vk () escribió: > > Hi All, > I am running Apache 2.4.46 and below is the problem statement. > system

[users@httpd] Re: apache2 / httpd graceful/reload failures on Ubuntu 21.04

Digging further, using LogLevel slotmem_shm:debug [Fri Aug 27 11:10:25.724715 2021] [slotmem_shm:debug] [pid 176913:tid 139917097439872] mod_slotmem_shm.c(408): AH02611: create: apr_shm_create(/var/run/apache2/slotmem-shm-pd38fd8d0_wdprd_ssn_example_org_2.shm) succeeded [Fri Aug 27

Re: [users@httpd] SSL Cipher configuration issue

JFI The important ssl.conf options I ended up with (ie no weak ciphers)... as of 27Aug21 SSLCipherSuite

Re: [users@httpd] SSL Cipher configuration issue

Apache fans, Delighted so report I have got to the bottom of my problem. So to share a few nuggets! My confs-enabled/ssl.conf was being overridden by a LetsEncrypt ssl-options include in the VirtualHost. Once I have commented out that, I made changes to ssl.conf which were reflected in the

Re: [users@httpd] Intermittently the TLS handshake results in plaintext 400 Bad Request response

Hello, I just wanted to provide a resolution to this problem for future searches etc. So the behaviour we were seeing is totally normal for httpd. If you do a HTTPS request to httpd on a socket that it is listening on, but doesn't have a VirtualHost configured, it will return a plaintext

Re: [users@httpd] Fwd: apache2 / httpd graceful/reload failures on Ubuntu 21.04

Reading the source code: >From mod_slotmem_shm: ... 401 apr_shm_remove(fname, pool); 402 rv = apr_shm_create(, size, fname, gpool); ... 408 ap_log_error(APLOG_MARK, rv == APR_SUCCESS ? APLOG_DEBUG : APLOG_ERR, 409 rv, ap_server_conf,

[users@httpd] Fwd: apache2 / httpd graceful/reload failures on Ubuntu 21.04

Hi, I've been experiencing a failed apache2 service on Ubuntu 21.04 when performing a reload using the `systemctl reload apache2` command. The command does not always fail, but seems to be failing more often as the number of vhosts increases (currently ca 120). My The `systemctl reload apache2`

[users@httpd] Avoiding host header exploit in apache

Hi All, I am running Apache 2.4.46 and below is the problem statement. system IP: 10.10.10.10 Client IP: 10.10.10.20 When I make a request like *curl -vk 'https://10.10.10.10 ' -H "Host: badsite.com "*, its redirecting to