Frontpage and jails and possible alternatives
I just learned that if you run Apache+Frontpage, you can't teach Apache to only listen on a single IP address. For some reason, Frontpage causes Apache to always bind to all IP addresses. Somehow, this stupidity doesn't really surprise me too much. The reason I wanted to do this is because I have a machine I want to set jails up on, so I can run multiple instances of Apache. But I didn't want to mess with the existing Apache installation right now. Anyway ... in the long run I've got two choices: 1) Get Apache+Frontpage running in a jail so it will quit fscking up the other stuff I'm trying to do on this machine 2) Find some alternative to frontpage to provide frontpage services that behaves like a proper server. My questions are (respectively): 1) Does anyone have Apache+Frontpage successfully running in a jail? I just thought I'd ask before I spent (wasted?) a lot of time trying to make it work. 2) Can anyone suggest an alternative to Apache+Frontpage? I prefer scp myself (and there are even spiffy GUI scp clients for Windows) but many of these clients _insist_ on using Frontpage, so I _must_ continue to cater to them. TIA for any answers. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Frontpage and jails and possible alternatives
On Thu, 10 Jun 2004 10:38:18 -0400 Bill Moran [EMAIL PROTECTED] granted us these pearls of wisdom: I just learned that if you run Apache+Frontpage, you can't teach Apache to only listen on a single IP address. For some reason, Frontpage causes Apache to always bind to all IP addresses. Somehow, this stupidity doesn't really surprise me too much. The reason I wanted to do this is because I have a machine I want to set jails up on, so I can run multiple instances of Apache. But I didn't want to mess with the existing Apache installation right now. Anyway ... in the long run I've got two choices: 1) Get Apache+Frontpage running in a jail so it will quit fscking up the other stuff I'm trying to do on this machine 2) Find some alternative to frontpage to provide frontpage services that behaves like a proper server. My questions are (respectively): 1) Does anyone have Apache+Frontpage successfully running in a jail? I just thought I'd ask before I spent (wasted?) a lot of time trying to make it work. 2) Can anyone suggest an alternative to Apache+Frontpage? I prefer scp myself (and there are even spiffy GUI scp clients for Windows) but many of these clients _insist_ on using Frontpage, so I _must_ continue to cater to them. TIA for any answers. Sorry if this is off track but one wonders if you need to have clients upload to a production box with FP. Can you set up a staging server so that clients can upload and view content then give them a simple admin page where they can push a button that sets off an rsync script to the production box. Your production machine could have all kinds of jails and fancy stuff but no FP extentions. Any old piece of junk could be pressed into service as a staging box. At least that way you could do away with FP on the production box and apache could be jailed for life. HTH LukeK -- Luke Kearney [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Frontpage and jails and possible alternatives
Luke Kearney [EMAIL PROTECTED] wrote: On Thu, 10 Jun 2004 10:38:18 -0400 Bill Moran [EMAIL PROTECTED] granted us these pearls of wisdom: I just learned that if you run Apache+Frontpage, you can't teach Apache to only listen on a single IP address. For some reason, Frontpage causes Apache to always bind to all IP addresses. Somehow, this stupidity doesn't really surprise me too much. The reason I wanted to do this is because I have a machine I want to set jails up on, so I can run multiple instances of Apache. But I didn't want to mess with the existing Apache installation right now. Anyway ... in the long run I've got two choices: 1) Get Apache+Frontpage running in a jail so it will quit fscking up the other stuff I'm trying to do on this machine 2) Find some alternative to frontpage to provide frontpage services that behaves like a proper server. My questions are (respectively): 1) Does anyone have Apache+Frontpage successfully running in a jail? I just thought I'd ask before I spent (wasted?) a lot of time trying to make it work. 2) Can anyone suggest an alternative to Apache+Frontpage? I prefer scp myself (and there are even spiffy GUI scp clients for Windows) but many of these clients _insist_ on using Frontpage, so I _must_ continue to cater to them. TIA for any answers. Sorry if this is off track but one wonders if you need to have clients upload to a production box with FP. Can you set up a staging server so that clients can upload and view content then give them a simple admin page where they can push a button that sets off an rsync script to the production box. Your production machine could have all kinds of jails and fancy stuff but no FP extentions. Any old piece of junk could be pressed into service as a staging box. At least that way you could do away with FP on the production box and apache could be jailed for life. Thanks, Luke. That's definately a good idea. The problem is that the old pieces of junk, pressed into service are the very reason I'm doing this project. We already have a number of older machines doing various stuff, and I'm trying to rearrange things to make better use of each of the various machines and it's capabilities. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Frontpage and jails and possible alternatives
Bill, Not sure what you mean that frontpage caused apache to bind to all IP's...it shouldn't... The frontpage apache module should respect any of the virtual hosts or virtual IP's that you have set up in apache. The module is just a way for apache to run the fp.exe wrapper script around the frontpage binary. I don't know how it would even be able to force apache to bind to anything... Are you sure about that ??? Tim. At 07:38 AM 6/10/2004, Bill Moran wrote: I just learned that if you run Apache+Frontpage, you can't teach Apache to only listen on a single IP address. For some reason, Frontpage causes Apache to always bind to all IP addresses. Somehow, this stupidity doesn't really surprise me too much. The reason I wanted to do this is because I have a machine I want to set jails up on, so I can run multiple instances of Apache. But I didn't want to mess with the existing Apache installation right now. Anyway ... in the long run I've got two choices: 1) Get Apache+Frontpage running in a jail so it will quit fscking up the other stuff I'm trying to do on this machine 2) Find some alternative to frontpage to provide frontpage services that behaves like a proper server. My questions are (respectively): 1) Does anyone have Apache+Frontpage successfully running in a jail? I just thought I'd ask before I spent (wasted?) a lot of time trying to make it work. 2) Can anyone suggest an alternative to Apache+Frontpage? I prefer scp myself (and there are even spiffy GUI scp clients for Windows) but many of these clients _insist_ on using Frontpage, so I _must_ continue to cater to them. TIA for any answers. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] SimpleNet's Back ! http://www.simplenet.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Frontpage and jails and possible alternatives
On Thu, Jun 10, 2004 at 10:38:18AM -0400, Bill Moran wrote: 2) Can anyone suggest an alternative to Apache+Frontpage? I prefer scp myself (and there are even spiffy GUI scp clients for Windows) but many of these clients _insist_ on using Frontpage, so I _must_ continue to cater to them. How about: http://www.webdav.org/projects/ On the server side, mod_dav comes standard with Apache2 and there's a port of mod_dav for Apache 1.3.x There are several WebDAV enabled client packages available, and it's supported in IE 5.0 and MS Office. See also the www/neon port. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgpBYJIIh6D7A.pgp Description: PGP signature
Re: Frontpage and jails and possible alternatives
Tim Traver [EMAIL PROTECTED] wrote: Bill, Not sure what you mean that frontpage caused apache to bind to all IP's...it shouldn't... I agree. The frontpage apache module should respect any of the virtual hosts or virtual IP's that you have set up in apache. It definately should. The module is just a way for apache to run the fp.exe wrapper script around the frontpage binary. I don't know how it would even be able to force apache to bind to anything... Nor do I. Are you sure about that ??? Yes. When I configured Apache to only listen on 1 IP address, sockstat then showed it listening on that address in addition to *:80. The exact same config changes on a machine without fp installed resulted in the expected behaviour. Now, I haven't been idle since I made that first post ... It seems there are two frontpage ports, apache_fp and mod_frontpage. I've got apache_fp installed. Anyone using mod_frontpage that can say whether it's better or worse? At 07:38 AM 6/10/2004, Bill Moran wrote: I just learned that if you run Apache+Frontpage, you can't teach Apache to only listen on a single IP address. For some reason, Frontpage causes Apache to always bind to all IP addresses. Somehow, this stupidity doesn't really surprise me too much. The reason I wanted to do this is because I have a machine I want to set jails up on, so I can run multiple instances of Apache. But I didn't want to mess with the existing Apache installation right now. Anyway ... in the long run I've got two choices: 1) Get Apache+Frontpage running in a jail so it will quit fscking up the other stuff I'm trying to do on this machine 2) Find some alternative to frontpage to provide frontpage services that behaves like a proper server. My questions are (respectively): 1) Does anyone have Apache+Frontpage successfully running in a jail? I just thought I'd ask before I spent (wasted?) a lot of time trying to make it work. 2) Can anyone suggest an alternative to Apache+Frontpage? I prefer scp myself (and there are even spiffy GUI scp clients for Windows) but many of these clients _insist_ on using Frontpage, so I _must_ continue to cater to them. TIA for any answers. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] SimpleNet's Back ! http://www.simplenet.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Frontpage and jails and possible alternatives
Bill, I use the latest mod_frontpage module with Apache 1.3.31... I haven't tested whether or not it binds to *:80 or not when I specify an IP. How are you specifying the IP in the conf file ? Are you just using Listen xxx.xxx.xxx.xxx:80 ? t At 09:42 AM 6/10/2004, Bill Moran wrote: Tim Traver [EMAIL PROTECTED] wrote: Bill, Not sure what you mean that frontpage caused apache to bind to all IP's...it shouldn't... I agree. The frontpage apache module should respect any of the virtual hosts or virtual IP's that you have set up in apache. It definately should. The module is just a way for apache to run the fp.exe wrapper script around the frontpage binary. I don't know how it would even be able to force apache to bind to anything... Nor do I. Are you sure about that ??? Yes. When I configured Apache to only listen on 1 IP address, sockstat then showed it listening on that address in addition to *:80. The exact same config changes on a machine without fp installed resulted in the expected behaviour. Now, I haven't been idle since I made that first post ... It seems there are two frontpage ports, apache_fp and mod_frontpage. I've got apache_fp installed. Anyone using mod_frontpage that can say whether it's better or worse? At 07:38 AM 6/10/2004, Bill Moran wrote: I just learned that if you run Apache+Frontpage, you can't teach Apache to only listen on a single IP address. For some reason, Frontpage causes Apache to always bind to all IP addresses. Somehow, this stupidity doesn't really surprise me too much. The reason I wanted to do this is because I have a machine I want to set jails up on, so I can run multiple instances of Apache. But I didn't want to mess with the existing Apache installation right now. Anyway ... in the long run I've got two choices: 1) Get Apache+Frontpage running in a jail so it will quit fscking up the other stuff I'm trying to do on this machine 2) Find some alternative to frontpage to provide frontpage services that behaves like a proper server. My questions are (respectively): 1) Does anyone have Apache+Frontpage successfully running in a jail? I just thought I'd ask before I spent (wasted?) a lot of time trying to make it work. 2) Can anyone suggest an alternative to Apache+Frontpage? I prefer scp myself (and there are even spiffy GUI scp clients for Windows) but many of these clients _insist_ on using Frontpage, so I _must_ continue to cater to them. TIA for any answers. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] SimpleNet's Back ! http://www.simplenet.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Frontpage and jails and possible alternatives
Tim Traver [EMAIL PROTECTED] wrote: Bill, I use the latest mod_frontpage module with Apache 1.3.31... I haven't tested whether or not it binds to *:80 or not when I specify an IP. How are you specifying the IP in the conf file ? Are you just using Listen xxx.xxx.xxx.xxx:80 ? Both of the following: Listen xx.xx.xx.xx:80 BindAddress xx.xx.xx.xx I have another server here (used for development) with a fairly vanilla Apache install, and changing those same two settings causes it to do what I'd expect. I can't find any directives in the Frontpage Apache config that might cause this ... but I suppose it's possible that I'm missing something. At 09:42 AM 6/10/2004, Bill Moran wrote: Tim Traver [EMAIL PROTECTED] wrote: Bill, Not sure what you mean that frontpage caused apache to bind to all IP's...it shouldn't... I agree. The frontpage apache module should respect any of the virtual hosts or virtual IP's that you have set up in apache. It definately should. The module is just a way for apache to run the fp.exe wrapper script around the frontpage binary. I don't know how it would even be able to force apache to bind to anything... Nor do I. Are you sure about that ??? Yes. When I configured Apache to only listen on 1 IP address, sockstat then showed it listening on that address in addition to *:80. The exact same config changes on a machine without fp installed resulted in the expected behaviour. Now, I haven't been idle since I made that first post ... It seems there are two frontpage ports, apache_fp and mod_frontpage. I've got apache_fp installed. Anyone using mod_frontpage that can say whether it's better or worse? At 07:38 AM 6/10/2004, Bill Moran wrote: I just learned that if you run Apache+Frontpage, you can't teach Apache to only listen on a single IP address. For some reason, Frontpage causes Apache to always bind to all IP addresses. Somehow, this stupidity doesn't really surprise me too much. The reason I wanted to do this is because I have a machine I want to set jails up on, so I can run multiple instances of Apache. But I didn't want to mess with the existing Apache installation right now. Anyway ... in the long run I've got two choices: 1) Get Apache+Frontpage running in a jail so it will quit fscking up the other stuff I'm trying to do on this machine 2) Find some alternative to frontpage to provide frontpage services that behaves like a proper server. My questions are (respectively): 1) Does anyone have Apache+Frontpage successfully running in a jail? I just thought I'd ask before I spent (wasted?) a lot of time trying to make it work. 2) Can anyone suggest an alternative to Apache+Frontpage? I prefer scp myself (and there are even spiffy GUI scp clients for Windows) but many of these clients _insist_ on using Frontpage, so I _must_ continue to cater to them. TIA for any answers. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] SimpleNet's Back ! http://www.simplenet.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Frontpage and jails and possible alternatives
One possibility is to run an ftp service instead of frontpage extensions. FrontPage clients can directly connect to ftp servers, although some of the functionality is lost including generating email forms, etc. Of course ftp is not as secure as scp, but users running FrontPage don't care about security anyway. Personally, I find it odd to run frontpage extensions on a unix host. If people want microsoft technology, they should pay for NT hosting. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Frontpage and jails and possible alternatives
Lucas Holt wrote: [ ... ] Personally, I find it odd to run frontpage extensions on a unix host. If people want microsoft technology, they should pay for NT hosting. I would very much rather administer a Unix box running software which plays nice with Windows protocols (if that is what the client has is paying for), than admin a Windows box. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Frontpage and jails and possible alternatives
Bill, ok, I tested this out for ya, and I couldn't duplicate the issue. FreeBSD 4.8... I put an additional IP on the main interface, and started apache with Listen IP:80 for each IP. The server has mod_frontpage using apache 1.3.29. I even tried have the BindAddress in the conf file as well. Sorry, I don't have the extra time to install 1.3.31 and recompile for ya, but I think there is something else going on there... Where in the conf file is your Listen directive ? What OS ? Is there anything listening on port 80 when you have apache off ? Is your IP an alias to the primary interface ? I really don't think that the frontpage module even has the ability to change what apache binds to... Anyways, thought I would let you know that I couldn't reproduce it... Tim. At 10:38 AM 6/10/2004, Bill Moran wrote: Tim Traver [EMAIL PROTECTED] wrote: Bill, I use the latest mod_frontpage module with Apache 1.3.31... I haven't tested whether or not it binds to *:80 or not when I specify an IP. How are you specifying the IP in the conf file ? Are you just using Listen xxx.xxx.xxx.xxx:80 ? Both of the following: Listen xx.xx.xx.xx:80 BindAddress xx.xx.xx.xx I have another server here (used for development) with a fairly vanilla Apache install, and changing those same two settings causes it to do what I'd expect. I can't find any directives in the Frontpage Apache config that might cause this ... but I suppose it's possible that I'm missing something. At 09:42 AM 6/10/2004, Bill Moran wrote: Tim Traver [EMAIL PROTECTED] wrote: Bill, Not sure what you mean that frontpage caused apache to bind to all IP's...it shouldn't... I agree. The frontpage apache module should respect any of the virtual hosts or virtual IP's that you have set up in apache. It definately should. The module is just a way for apache to run the fp.exe wrapper script around the frontpage binary. I don't know how it would even be able to force apache to bind to anything... Nor do I. Are you sure about that ??? Yes. When I configured Apache to only listen on 1 IP address, sockstat then showed it listening on that address in addition to *:80. The exact same config changes on a machine without fp installed resulted in the expected behaviour. Now, I haven't been idle since I made that first post ... It seems there are two frontpage ports, apache_fp and mod_frontpage. I've got apache_fp installed. Anyone using mod_frontpage that can say whether it's better or worse? At 07:38 AM 6/10/2004, Bill Moran wrote: I just learned that if you run Apache+Frontpage, you can't teach Apache to only listen on a single IP address. For some reason, Frontpage causes Apache to always bind to all IP addresses. Somehow, this stupidity doesn't really surprise me too much. The reason I wanted to do this is because I have a machine I want to set jails up on, so I can run multiple instances of Apache. But I didn't want to mess with the existing Apache installation right now. Anyway ... in the long run I've got two choices: 1) Get Apache+Frontpage running in a jail so it will quit fscking up the other stuff I'm trying to do on this machine 2) Find some alternative to frontpage to provide frontpage services that behaves like a proper server. My questions are (respectively): 1) Does anyone have Apache+Frontpage successfully running in a jail? I just thought I'd ask before I spent (wasted?) a lot of time trying to make it work. 2) Can anyone suggest an alternative to Apache+Frontpage? I prefer scp myself (and there are even spiffy GUI scp clients for Windows) but many of these clients _insist_ on using Frontpage, so I _must_ continue to cater to them. TIA for any answers. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] SimpleNet's Back ! http://www.simplenet.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Bill Moran Potential Technologies http://www.potentialtech.com
Re: Frontpage and jails and possible alternatives
Tim Traver [EMAIL PROTECTED] wrote: Bill, ok, I tested this out for ya, and I couldn't duplicate the issue. FreeBSD 4.8... Thanks for taking time to research this, Tim. I put an additional IP on the main interface, and started apache with Listen IP:80 for each IP. The server has mod_frontpage using apache 1.3.29. I even tried have the BindAddress in the conf file as well. The only (potential) problem here is that I'm not running mod_frontpage, I'm running the apache13-fp port. I've got a feeling that mod_frontpage is better behaved. Sorry, I don't have the extra time to install 1.3.31 and recompile for ya, but I think there is something else going on there... Where in the conf file is your Listen directive ? I just uncommented the one from the default config file and put the correct IP in it. What OS ? 4.9-RELEASE-p7 Is there anything listening on port 80 when you have apache off ? No. Is your IP an alias to the primary interface ? No. I only have one NIC with one IP at this time ... this is going to change soon, though ... that's why I'm trying to sort this out. I really don't think that the frontpage module even has the ability to change what apache binds to... Like I said, you wouldn't think so. I have a feeling the apache13_fp port somehow compiles Frontpage int Apache, or something ... Anyways, thought I would let you know that I couldn't reproduce it... Like I said. I really appreciate you taking time to look into this. I'm going to find time to try out the mod_frontpage port to see if it's better behaved. Tim. At 10:38 AM 6/10/2004, Bill Moran wrote: Tim Traver [EMAIL PROTECTED] wrote: Bill, I use the latest mod_frontpage module with Apache 1.3.31... I haven't tested whether or not it binds to *:80 or not when I specify an IP. How are you specifying the IP in the conf file ? Are you just using Listen xxx.xxx.xxx.xxx:80 ? Both of the following: Listen xx.xx.xx.xx:80 BindAddress xx.xx.xx.xx I have another server here (used for development) with a fairly vanilla Apache install, and changing those same two settings causes it to do what I'd expect. I can't find any directives in the Frontpage Apache config that might cause this ... but I suppose it's possible that I'm missing something. At 09:42 AM 6/10/2004, Bill Moran wrote: Tim Traver [EMAIL PROTECTED] wrote: Bill, Not sure what you mean that frontpage caused apache to bind to all IP's...it shouldn't... I agree. The frontpage apache module should respect any of the virtual hosts or virtual IP's that you have set up in apache. It definately should. The module is just a way for apache to run the fp.exe wrapper script around the frontpage binary. I don't know how it would even be able to force apache to bind to anything... Nor do I. Are you sure about that ??? Yes. When I configured Apache to only listen on 1 IP address, sockstat then showed it listening on that address in addition to *:80. The exact same config changes on a machine without fp installed resulted in the expected behaviour. Now, I haven't been idle since I made that first post ... It seems there are two frontpage ports, apache_fp and mod_frontpage. I've got apache_fp installed. Anyone using mod_frontpage that can say whether it's better or worse? At 07:38 AM 6/10/2004, Bill Moran wrote: I just learned that if you run Apache+Frontpage, you can't teach Apache to only listen on a single IP address. For some reason, Frontpage causes Apache to always bind to all IP addresses. Somehow, this stupidity doesn't really surprise me too much. The reason I wanted to do this is because I have a machine I want to set jails up on, so I can run multiple instances of Apache. But I didn't want to mess with the existing Apache installation right now. Anyway ... in the long run I've got two choices: 1) Get Apache+Frontpage running in a jail so it will quit fscking up the other stuff I'm trying to do on this machine 2) Find some alternative to frontpage to provide frontpage services that behaves like a proper server. My questions are (respectively): 1) Does anyone have Apache+Frontpage successfully running in a jail? I just thought I'd ask before I spent (wasted?) a lot of time trying to make it work. 2) Can anyone suggest an alternative to Apache+Frontpage? I prefer scp myself (and there are even spiffy GUI scp clients for Windows) but many of these clients _insist_ on using Frontpage, so I _must_ continue to cater to them. TIA for any answers. -- Bill Moran Potential Technologies http://www.potentialtech.com
Re: Frontpage and jails and possible alternatives
Chuck Swiger [EMAIL PROTECTED] wrote: Lucas Holt wrote: [ ... ] Personally, I find it odd to run frontpage extensions on a unix host. If people want microsoft technology, they should pay for NT hosting. I would very much rather administer a Unix box running software which plays nice with Windows protocols (if that is what the client has is paying for), than admin a Windows box. I would second this. At least I know the core OS is secure and stable. The only thing I need to worry about is the Frontpage extension itself. Customers are customers ... they want what they want, and if I don't give it to them, they'll take their money elsewhere. That's one more reason to get it running in a jail. I will report back my success or failure ... -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Frontpage and jails and possible alternatives
I would second this. At least I know the core OS is secure and stable. The only thing I need to worry about is the Frontpage extension itself. Customers are customers ... they want what they want, and if I don't give it to them, they'll take their money elsewhere. I just remember working at a hosting company a few years back. I didn't administer the linux servers, but I recall the linux admin had a great deal of trouble with unix frontpage extensions and getting them upgraded periodically. He often sat on stale software because it was a pain. I don't believe any operating system is more secure than another. It all depends who is setting them up. My former boss was very lax about security and his linux systems were often rooted. My NT servers were never rooted as i took proper security precautions and patched regularly. People can get in through services more often than exploiting OS vulnerabilities. of course anyone can get rooted, I was just rather lucky. Don't misinterpret this as a plug for microsoft. I like FreeBSD quite a bit. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Frontpage and jails and possible alternatives
Lucas Holt [EMAIL PROTECTED] wrote: I would second this. At least I know the core OS is secure and stable. The only thing I need to worry about is the Frontpage extension itself. Customers are customers ... they want what they want, and if I don't give it to them, they'll take their money elsewhere. I just remember working at a hosting company a few years back. I didn't administer the linux servers, but I recall the linux admin had a great deal of trouble with unix frontpage extensions and getting them upgraded periodically. He often sat on stale software because it was a pain. I don't believe any operating system is more secure than another. It all depends who is setting them up. My former boss was very lax about security and his linux systems were often rooted. My NT servers were never rooted as i took proper security precautions and patched regularly. People can get in through services more often than exploiting OS vulnerabilities. of course anyone can get rooted, I was just rather lucky. From the way you're talking, it doesn't sound like luck, it sounds like you were smart. I agree with the general statement ... that any OS can be secure if properly adminned. I just find that it's much, much more work to properly admin a MS system than FreeBSD! Find me anything similar to portaudit in the Windows world. The tools in FreeBSD a just plain better. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Frontpage and jails and possible alternatives
This is for the archives ... I have good news and bad news. The bad news is that I can't repeat the bizaar IP binding behaviour on a test box. On this test box, it works as expected. Figures ... the only time it won't work right is on a production box! grumble grumble The good news is that jails rock! Apache_fp runs happily inside a jail and is incapable of binding to other IPs on the machine (aside from the one IP assigned to the jail). Of course, this is also chroot in nature, so any exploits that may show up are limited to the directory tree I set aside for the jail. So, I'm kind of frustrated that I have this mysterious behaviour that I can't explain, but I'm pretty happy that I have a solution/workaround to move forward in spite of the issue. In a few days, the troublesome installation won't even exist anymore, it'll have been replaced with a jail! Bill Moran [EMAIL PROTECTED] wrote: Tim Traver [EMAIL PROTECTED] wrote: Bill, ok, I tested this out for ya, and I couldn't duplicate the issue. FreeBSD 4.8... Thanks for taking time to research this, Tim. I put an additional IP on the main interface, and started apache with Listen IP:80 for each IP. The server has mod_frontpage using apache 1.3.29. I even tried have the BindAddress in the conf file as well. The only (potential) problem here is that I'm not running mod_frontpage, I'm running the apache13-fp port. I've got a feeling that mod_frontpage is better behaved. Sorry, I don't have the extra time to install 1.3.31 and recompile for ya, but I think there is something else going on there... Where in the conf file is your Listen directive ? I just uncommented the one from the default config file and put the correct IP in it. What OS ? 4.9-RELEASE-p7 Is there anything listening on port 80 when you have apache off ? No. Is your IP an alias to the primary interface ? No. I only have one NIC with one IP at this time ... this is going to change soon, though ... that's why I'm trying to sort this out. I really don't think that the frontpage module even has the ability to change what apache binds to... Like I said, you wouldn't think so. I have a feeling the apache13_fp port somehow compiles Frontpage int Apache, or something ... Anyways, thought I would let you know that I couldn't reproduce it... Like I said. I really appreciate you taking time to look into this. I'm going to find time to try out the mod_frontpage port to see if it's better behaved. Tim. At 10:38 AM 6/10/2004, Bill Moran wrote: Tim Traver [EMAIL PROTECTED] wrote: Bill, I use the latest mod_frontpage module with Apache 1.3.31... I haven't tested whether or not it binds to *:80 or not when I specify an IP. How are you specifying the IP in the conf file ? Are you just using Listen xxx.xxx.xxx.xxx:80 ? Both of the following: Listen xx.xx.xx.xx:80 BindAddress xx.xx.xx.xx I have another server here (used for development) with a fairly vanilla Apache install, and changing those same two settings causes it to do what I'd expect. I can't find any directives in the Frontpage Apache config that might cause this ... but I suppose it's possible that I'm missing something. At 09:42 AM 6/10/2004, Bill Moran wrote: Tim Traver [EMAIL PROTECTED] wrote: Bill, Not sure what you mean that frontpage caused apache to bind to all IP's...it shouldn't... I agree. The frontpage apache module should respect any of the virtual hosts or virtual IP's that you have set up in apache. It definately should. The module is just a way for apache to run the fp.exe wrapper script around the frontpage binary. I don't know how it would even be able to force apache to bind to anything... Nor do I. Are you sure about that ??? Yes. When I configured Apache to only listen on 1 IP address, sockstat then showed it listening on that address in addition to *:80. The exact same config changes on a machine without fp installed resulted in the expected behaviour. Now, I haven't been idle since I made that first post ... It seems there are two frontpage ports, apache_fp and mod_frontpage. I've got apache_fp installed. Anyone using mod_frontpage that can say whether it's better or worse? At 07:38 AM 6/10/2004, Bill Moran wrote: I just learned that if you run Apache+Frontpage, you can't teach Apache to only listen on a single IP address. For some reason, Frontpage causes Apache to always bind to all IP addresses. Somehow, this stupidity doesn't really surprise me too much. The reason I wanted to do this is because I have a machine I want to set jails up on, so I can run multiple instances of Apache. But I
