Re: Apache web server being attacked
On Wed, May 19, 2010 at 6:36 PM, Aiza wrote: > Nothing is worse than someone insinuating the original poster don't know > what they are talking about. I find your remarks totally un-necessary. Your > telling the poster they don't know what their doing when it's you who don't > know what options are offered by their register. How can you say something > is not available when you are not the one using or providing the register > service. For you information port forwarding is common function when the > domain name is specified to a dynamic ip address. Check out No you are wrong. Matthew is correct. Perhaps you are confusing URL forwarding/redirect with port forwarding, but they are completely different. Domains on dynamic ip address REQUIRE some method of intervention to update the DNS record when it changes eg dns/ipcheck. The only way a registrar could avoid doing such thing would be if they controlled address assignment and since registrar and ISP are rarely if ever the same organization you are forced to use the Internet in Matthew's reality. As far as URL forwarding goes, there are several different methods to accomplish it. The safest way is to simply host the vhost and http 301 it to the correct place. Other methods are hackish and may not be able to be tracked if so desired as well as other limitations. -- Adam Vande More ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Apache web server being attacked
Matthew Seaman wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 19/05/2010 04:55:26, Aiza wrote: I take a totally different approach to this problem for my production web sites. This is the result of people running scripts that roll through a large block of ip address scanning each ip address for open [STANDARD\] ports, and when they find port 80 open, they then attack the web server. The simple solution is not to have your web server use the standard port 80. Your web site is not know by it's ip address but by it's url (ie; www.domain-name.com.). My domain name register has option to associate my "www.domain-name.com" with any port number I want to use at the specified ip address. This way my web site has total access by anyone who knows it's URl, the URL is scanned by yahoo and google indexing bot and becomes know to the public. Nobody knows or cares that the web site is not using port 80. I then close inbound port 80 in my firewall thus locking out all the script kiddies who run the port scan on standard ports. This method has worked for me the last 10 years without ever having my production web servers attacked. Sure some nay sayers will counter by saying all the scanners have to do is scan all the ports. Yah sure that can be done, but in 10 years it has never occurred. If the URL for your site is http://www.domain-name.com/ then any client that attempts to access it will try to connect to port 80. That's the point of having well known ports. Now, you can explicitly state a different port in the URL: http://www.domain-name.com:8080/ but this is generally only useful amongst a closed group of users: the general public will on the whole just get confused, so it's not often encountered on general access websites. Your domain registrar can't control anything to do with port numbers. For some unknown reason this is a common misconception, particularly among management types. The DNS only associates hostnames with ip numbers and vice versa[*]. Now, it may be the case that your server is behind some sort of NAT/PAT gateway or HTTP reverse proxy, and that locally you are running apache bound to some arbitrary port numbers. Which is fine, but unless you are specifically telling people to use a different port in your URLs, then the world at large is accessing your site through port 80. Which means that port scanners can certainly find it and attempt to attack it. Guess what? Because the attacks are in the form of valid HTTP queries, they'd go straight through any sort of port address translation just like your normal traffic. What I think you're actually doing is that all your web sites use name based virtual hosts. So a query to the IP number of your server gets directed to a different bit of the apache config (and probably rejected) compared to a query to a site by name. That's actually a pretty good design, and if you combine it with a reverse proxy which knows about what hosts and URLs should be behind it, you can filter out a lot of bad traffic very effectively before it gets anywhere near your real web server. Cheers, Matthew Matthew Nothing is worse than someone insinuating the original poster don't know what they are talking about. I find your remarks totally un-necessary. Your telling the poster they don't know what their doing when it's you who don't know what options are offered by their register. How can you say something is not available when you are not the one using or providing the register service. For you information port forwarding is common function when the domain name is specified to a dynamic ip address. Check out http://www.zoneedit.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Apache web server being attacked
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 19/05/2010 04:55:26, Aiza wrote: > I take a totally different approach to this problem for my production > web sites. This is the result of people running scripts that roll > through a large block of ip address scanning each ip address for open > [STANDARD\] ports, and when they find port 80 open, they then attack the > web server. The simple solution is not to have your web server use the > standard port 80. Your web site is not know by it's ip address but by > it's url (ie; www.domain-name.com.). My domain name register has option > to associate my "www.domain-name.com" with any port number I want to use > at the specified ip address. This way my web site has total access by > anyone who knows it's URl, the URL is scanned by yahoo and google > indexing bot and becomes know to the public. Nobody knows or cares that > the web site is not using port 80. I then close inbound port 80 in my > firewall thus locking out all the script kiddies who run the port scan > on standard ports. This method has worked for me the last 10 years > without ever having my production web servers attacked. Sure some nay > sayers will counter by saying all the scanners have to do is scan all > the ports. Yah sure that can be done, but in 10 years it has never > occurred. If the URL for your site is http://www.domain-name.com/ then any client that attempts to access it will try to connect to port 80. That's the point of having well known ports. Now, you can explicitly state a different port in the URL: http://www.domain-name.com:8080/ but this is generally only useful amongst a closed group of users: the general public will on the whole just get confused, so it's not often encountered on general access websites. Your domain registrar can't control anything to do with port numbers. For some unknown reason this is a common misconception, particularly among management types. The DNS only associates hostnames with ip numbers and vice versa[*]. Now, it may be the case that your server is behind some sort of NAT/PAT gateway or HTTP reverse proxy, and that locally you are running apache bound to some arbitrary port numbers. Which is fine, but unless you are specifically telling people to use a different port in your URLs, then the world at large is accessing your site through port 80. Which means that port scanners can certainly find it and attempt to attack it. Guess what? Because the attacks are in the form of valid HTTP queries, they'd go straight through any sort of port address translation just like your normal traffic. What I think you're actually doing is that all your web sites use name based virtual hosts. So a query to the IP number of your server gets directed to a different bit of the apache config (and probably rejected) compared to a query to a site by name. That's actually a pretty good design, and if you combine it with a reverse proxy which knows about what hosts and URLs should be behind it, you can filter out a lot of bad traffic very effectively before it gets anywhere near your real web server. Cheers, Matthew [*] I speak loosely. That's the way it works for the HTTP(S) protocol used by websites. For some more recently specified protocols like XMPP the situation is different. - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvzrt8ACgkQ8Mjk52CukIwnyACdFFVhVuGjxebfZXpHG1zfGUaY 0HYAnAiqXjsT2XowGUNpYdjfDZg2UhPT =2Drn -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Apache web server being attacked
Hi, Am 19.05.10 05:00, schrieb Aiza: Where do I find documentation on how to enable and use apache mods rewrite and redirect? have you tried the apache.org website? There is a lot of information and examples available: http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html Also google helps a lot answering this questions or find examples. Bye, Matthias -- "Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the universe trying to produce bigger and better idiots. So far, the universe is winning." -- Rich Cook ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Apache web server being attacked
Matthew Seaman wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 18/05/2010 11:00:16, Aiza wrote: I put apache13 in a jail and left inbound port 80 open in my firewall. There is no domain name pointing to my web server. The content there is a small apache web application that fools web email address harvest programs into harvesting bogus email address from web page. http://www.monkeys.com/wpoison This is what I am doing. Since setting this up I have not had any bots scan the site for email address. But have had port 80 attacks that did not work. MY Apache access and error logs follow. [lots of logfile traces elided] Yes. Unfortunately this sort of thing is the norm on the web nowadays. It's all automated: first they program their botnets to scan for a web server listening on port 80. Then they use them to attempt to compromise whatever they find -- in your case, most of what you're seeing is an attempt to gather information on what PHP capabilities your web server might have. What they are doing is trying in turn a lot of the popular locations for installing apps like phpmyadmin or phppgadmin. Yes, they are doing this in a particularly clueless fashion -- what exactly did you expect of the sort of people that think creating botnets is a good idea? They'll probably grow out of it when they hit puberty. In the mean time, as you don't have phpmyadmin or anything similar installed, this is just an annoyance for you -- it clutters up your log files but does nothing else. If you did want to install phpmyadmin on that server, you should take care to 1) Keep it up to date -- there haven't been any PMA security advisories for some months, but at one point they were coming out about one a week. PMA does have some very active developers though, and new versions appear every month or two. 2) Be sure to use access controls in your apache config to limit where PMA can be accessed from. Ideally, run it over HTTPS as well -- by its nature, you will tend to send DB passwords etc. to this application, and you want to avoid having them snooped. 3) If you use the on-line phpmyadmin configurator, be sure to clean up after yourself once you've generated a config file. To use the on-line configurator you have to create a directory /usr/local/www/phpMyAdmin/config which you make read/write by the user the webserver runs as. Once you've created the config.inc.php in that directory, you need to move it up one level in the directory heirarchy, and then delete the config directory you created. (That's what your attacker is so desperate to find -- because the directory is read-write by the webserver process, they can use it to upload malware to your system.) Cheers, Matthew - -- I take a totally different approach to this problem for my production web sites. This is the result of people running scripts that roll through a large block of ip address scanning each ip address for open [STANDARD\] ports, and when they find port 80 open, they then attack the web server. The simple solution is not to have your web server use the standard port 80. Your web site is not know by it's ip address but by it's url (ie; www.domain-name.com.). My domain name register has option to associate my "www.domain-name.com" with any port number I want to use at the specified ip address. This way my web site has total access by anyone who knows it's URl, the URL is scanned by yahoo and google indexing bot and becomes know to the public. Nobody knows or cares that the web site is not using port 80. I then close inbound port 80 in my firewall thus locking out all the script kiddies who run the port scan on standard ports. This method has worked for me the last 10 years without ever having my production web servers attacked. Sure some nay sayers will counter by saying all the scanners have to do is scan all the ports. Yah sure that can be done, but in 10 years it has never occurred. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Apache web server being attacked
Michael Powell wrote:
Aiza wrote:
I put apache13 in a jail and left inbound port 80 open in my firewall.
There is no domain name pointing to my web server. The content there is
a small apache web application that fools web
email address harvest programs into harvesting bogus email address from
web page. http://www.monkeys.com/wpoison This is what I am doing.
Since setting this up I have not had any bots scan the site for email
address. But have had port 80 attacks that did not work. MY Apache
access and error logs follow.
[snip log content]
As you can see looks like a script kiddy is running something they dont
understand. "/usr/local/www/data//phpmyadmin2/config.inc.php"
there should only be a single / between data/phpmyadmin2.
But beside that looks like php config.inc.php file is a target and
phpmyadmin also is a target. The apache return code 404 means not found
so no effect to me.
Has anyone seen this junk hitting their apache web servers or have any
different explanation of what this means?
Sorry to tell you this, but this kind of thing goes on all the time. You can
fine tune mod_security for some control for SQL injection techniques, as
well as many other generic forms of locking down the web server in general.
Generally speaking, the bulk of this does nothing more than filling the logs
- BUT - all it takes is for one app to let the attacker "leak" onto your
hard drive and they're in. I see a lot of scans for roundcube and
phpMyAdmin. Have also seen a lot of phpBB in the past.
The attackers spew lots of requests but the needle in the haystack they are
looking for is that one app that has a known vulnerability. In addition to
securing the web server itself you should monitor any app running on it for
reported security flaws and keep them updated to the latest "safe" versions.
You can also add to the hardening of your web server (if Apache) with
various .htaccess + mod_rewrite tricks. Examples include:
# block all smarty templates (no reason to have these exposed)
RedirectMatch gone ^/.*\.tpl$
# block all .log (log files), .sql (sql dump/export) and .conf (config
files) files in case some day these files move to another directory
RedirectMatch gone ^.*\.(sql|log|conf)$
# block access to the 'Smarty-*' directory
RedirectMatch gone ^.*Smarty.*$
# block common files present that you don't want served
RedirectMatch gone CHANGELOG.*
RedirectMatch gone COPYRIGHT.*
RedirectMatch gone INSTALL.*
RedirectMatch gone NEW.*
RedirectMatch gone README.*
RedirectMatch gone UPGRADE.*
RedirectMatch gone VERSION.*
# block access to directories
Redirect gone /upgrade
Redirect gone /tmp
Redirect gone /var
Redirect gone /sql
#Redirect pesky stuff based on referrer
Options -MultiViews -Indexes
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_USER_AGENT} ^Twiceler [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Morfeus [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Toata [NC]
RewriteRule .* - [F,L]
There is much and many more, just a couple of examples for ideas. :-)
-Mike
Where do I find documentation on how to enable and use apache mods
rewrite and redirect?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Apache web server being attacked
--On Tuesday, May 18, 2010 18:00:16 +0800 Aiza wrote: Has anyone seen this junk hitting their apache web servers or have any different explanation of what this means? Any webserver on the internet will see that crap. Generally it's preceded by a syn scan to identify hosts listening on port 80, then everything but the kitchen sink shows up. -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. *** "It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead." Thomas Jefferson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Apache web server being attacked
Aiza wrote:
> I put apache13 in a jail and left inbound port 80 open in my firewall.
> There is no domain name pointing to my web server. The content there is
> a small apache web application that fools web
> email address harvest programs into harvesting bogus email address from
> web page. http://www.monkeys.com/wpoison This is what I am doing.
>
> Since setting this up I have not had any bots scan the site for email
> address. But have had port 80 attacks that did not work. MY Apache
> access and error logs follow.
>
[snip log content]
> As you can see looks like a script kiddy is running something they dont
> understand. "/usr/local/www/data//phpmyadmin2/config.inc.php"
> there should only be a single / between data/phpmyadmin2.
>
> But beside that looks like php config.inc.php file is a target and
> phpmyadmin also is a target. The apache return code 404 means not found
> so no effect to me.
>
> Has anyone seen this junk hitting their apache web servers or have any
> different explanation of what this means?
Sorry to tell you this, but this kind of thing goes on all the time. You can
fine tune mod_security for some control for SQL injection techniques, as
well as many other generic forms of locking down the web server in general.
Generally speaking, the bulk of this does nothing more than filling the logs
- BUT - all it takes is for one app to let the attacker "leak" onto your
hard drive and they're in. I see a lot of scans for roundcube and
phpMyAdmin. Have also seen a lot of phpBB in the past.
The attackers spew lots of requests but the needle in the haystack they are
looking for is that one app that has a known vulnerability. In addition to
securing the web server itself you should monitor any app running on it for
reported security flaws and keep them updated to the latest "safe" versions.
You can also add to the hardening of your web server (if Apache) with
various .htaccess + mod_rewrite tricks. Examples include:
# block all smarty templates (no reason to have these exposed)
RedirectMatch gone ^/.*\.tpl$
# block all .log (log files), .sql (sql dump/export) and .conf (config
files) files in case some day these files move to another directory
RedirectMatch gone ^.*\.(sql|log|conf)$
# block access to the 'Smarty-*' directory
RedirectMatch gone ^.*Smarty.*$
# block common files present that you don't want served
RedirectMatch gone CHANGELOG.*
RedirectMatch gone COPYRIGHT.*
RedirectMatch gone INSTALL.*
RedirectMatch gone NEW.*
RedirectMatch gone README.*
RedirectMatch gone UPGRADE.*
RedirectMatch gone VERSION.*
# block access to directories
Redirect gone /upgrade
Redirect gone /tmp
Redirect gone /var
Redirect gone /sql
#Redirect pesky stuff based on referrer
Options -MultiViews -Indexes
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_USER_AGENT} ^Twiceler [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Morfeus [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Toata [NC]
RewriteRule .* - [F,L]
There is much and many more, just a couple of examples for ideas. :-)
-Mike
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Apache web server being attacked
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 18/05/2010 11:00:16, Aiza wrote: > I put apache13 in a jail and left inbound port 80 open in my firewall. > There is no domain name pointing to my web server. The content there is > a small apache web application that fools web > email address harvest programs into harvesting bogus email address from > web page. http://www.monkeys.com/wpoison This is what I am doing. > > Since setting this up I have not had any bots scan the site for email > address. But have had port 80 attacks that did not work. MY Apache > access and error logs follow. [lots of logfile traces elided] Yes. Unfortunately this sort of thing is the norm on the web nowadays. It's all automated: first they program their botnets to scan for a web server listening on port 80. Then they use them to attempt to compromise whatever they find -- in your case, most of what you're seeing is an attempt to gather information on what PHP capabilities your web server might have. What they are doing is trying in turn a lot of the popular locations for installing apps like phpmyadmin or phppgadmin. Yes, they are doing this in a particularly clueless fashion -- what exactly did you expect of the sort of people that think creating botnets is a good idea? They'll probably grow out of it when they hit puberty. In the mean time, as you don't have phpmyadmin or anything similar installed, this is just an annoyance for you -- it clutters up your log files but does nothing else. If you did want to install phpmyadmin on that server, you should take care to 1) Keep it up to date -- there haven't been any PMA security advisories for some months, but at one point they were coming out about one a week. PMA does have some very active developers though, and new versions appear every month or two. 2) Be sure to use access controls in your apache config to limit where PMA can be accessed from. Ideally, run it over HTTPS as well -- by its nature, you will tend to send DB passwords etc. to this application, and you want to avoid having them snooped. 3) If you use the on-line phpmyadmin configurator, be sure to clean up after yourself once you've generated a config file. To use the on-line configurator you have to create a directory /usr/local/www/phpMyAdmin/config which you make read/write by the user the webserver runs as. Once you've created the config.inc.php in that directory, you need to move it up one level in the directory heirarchy, and then delete the config directory you created. (That's what your attacker is so desperate to find -- because the directory is read-write by the webserver process, they can use it to upload malware to your system.) Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEUEARECAAYFAkvybzsACgkQ8Mjk52CukIylCQCWJdEPLjihb2bSWUjUz5XcJ7eA eQCeLm59yL859kW9S9UkK7y1bjsZtTg= =tj/p -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Apache web server being attacked
I put apache13 in a jail and left inbound port 80 open in my firewall. There is no domain name pointing to my web server. The content there is a small apache web application that fools web email address harvest programs into harvesting bogus email address from web page. http://www.monkeys.com/wpoison This is what I am doing. Since setting this up I have not had any bots scan the site for email address. But have had port 80 attacks that did not work. MY Apache access and error logs follow. access log i97-173.shosting.systech.hu - - [06/May/2010:12:28:34 +0800] "GET //phpmyadmin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 239 "-" i97-173.shosting.systech.hu - - [06/May/2010:12:28:35 +0800] "GET //phpMyAdmin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 239 "-" i97-173.shosting.systech.hu - - [06/May/2010:12:28:36 +0800] "GET //PMA/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 232 "-" i97-173.shosting.systech.hu - - [06/May/2010:12:28:36 +0800] "GET //pma/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 232 "-" 53.163.158.61.ha.cnc - - [10/May/2010:16:05:42 +0800] "GET http://www.baidu.com/ HTTP/1.1" 404 206 "-" 60.190.59.240 - - [11/May/2010:03:50:54 +0800] "GET http://www.sina.com.cn/ HTTP/1.1" 404 206 "-" 91.212.127.100 - - [13/May/2010:10:09:08 +0800] "GET http://allrequestsallowed.com/?PHPSESSID=5gh6ncjh00043SRQHP__FEG%5CUFT HTTP/1.1" 404 206 "-" scanner-4.hacktory.cs.columbia.edu - - [15/May/2010:14:10:28 +0800] "GET / HTTP/1.1" 404 206 "-" "-" 118.100.82.70 - - [15/May/2010:15:07:58 +0800] "|\xab\x1a\x06\xf5\xdd\x8a|\xfd\xde\xf9V\xf7\xf5\xaf\xe1\x8f\x0eF\xef\x18\xc8" 501 - "-" "-" 110.rmaxonline.com - - [16/May/2010:11:07:21 +0800] "GET //phpmyadmin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 239 "-" 110.rmaxonline.com - - [16/May/2010:11:07:21 +0800] "GET //phpMyAdmin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 239 "-" 110.rmaxonline.com - - [16/May/2010:11:07:22 +0800] "GET //PMA/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 232 "-" 110.rmaxonline.com - - [16/May/2010:11:07:22 +0800] "GET //pma/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 232 "-" 110.rmaxonline.com - - [16/May/2010:11:07:23 +0800] "GET //phpmyadmin2/config.inc.php?p=phpinfo(); HTTP/1.1" 404 233 "-" 110.rmaxonline.com - - [16/May/2010:11:07:23 +0800] "GET //phpMyAdmin2/config.inc.php?p=phpinfo(); HTTP/1.1" 404 233 "-" 110.rmaxonline.com - - [16/May/2010:11:07:23 +0800] "GET //mysqladmin/config.inc.php?p=phpinfo(); HTTP/1.1" 404 232 "-" 110.rmaxonline.com - - [16/May/2010:11:07:24 +0800] "GET //myadmin/config.inc.php?p=phpinfo(); HTTP/1.1" 404 229 "-" 110.rmaxonline.com - - [16/May/2010:11:07:24 +0800] "GET //MyAdmin/config.inc.php?p=phpinfo(); HTTP/1.1" 404 229 "-" 110.rmaxonline.com - - [16/May/2010:11:07:25 +0800] "GET //myAdmin/config.inc.php?p=phpinfo(); HTTP/1.1" 404 229 "-" 110.rmaxonline.com - - [16/May/2010:11:07:25 +0800] "GET //phpAdmin/config.inc.php?p=phpinfo(); HTTP/1.1" 404 230 "-" 110.rmaxonline.com - - [16/May/2010:11:07:26 +0800] "GET //mysql/config.inc.php?p=phpinfo(); HTTP/1.1" 404 227 "-" 110.rmaxonline.com - - [16/May/2010:11:07:26 +0800] "GET //phpAdmin/config.inc.php?p=phpinfo(); HTTP/1.1" 404 230 "-" net151.255.92-61.perm.ertelecom.ru - - [16/May/2010:13:43:05 +0800] "GET http://icqnums.freehostia.com/azenv.php HTTP/1.1" 404 215 "-" " 211.100.28.240 - - [17/May/2010:08:38:45 +0800] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 335 "-" "-" sd-17275.dedibox.fr - - [17/May/2010:11:27:02 +0800] "GET /roundcubemail/README HTTP/1.1" 404 226 "-" "Morfeus strikes again." sd-17275.dedibox.fr - - [17/May/2010:11:27:03 +0800] "GET /rc/README HTTP/1.1" 404 215 "-" "Morfeus strikes again." sd-17275.dedibox.fr - - [17/May/2010:11:27:04 +0800] "GET /webmail/README HTTP/1.1" 404 220 "-" "Morfeus strikes again." sd-17275.dedibox.fr - - [17/May/2010:11:27:05 +0800] "GET /roundcube/README HTTP/1.1" 404 222 "-" "Morfeus strikes again." sd-17275.dedibox.fr - - [17/May/2010:11:27:05 +0800] "GET /mail/README HTTP/1.1" 404 217 "-" "Morfeus strikes again." sd-17275.dedibox.fr - - [17/May/2010:11:27:06 +0800] "GET /README HTTP/1.1" 404 212 "-" "Morfeus strikes again." net151.255.92-61.perm.ertelecom.ru - - [17/May/2010:17:52:03 +0800] "GET http:/
dtrace and web server
Hello List,
I try to locate (potential) bottlenecks at a web server:
-
% uname -a
FreeBSD bbserver.ipt.ru 8.0-STABLE FreeBSD 8.0-STABLE #3 r203959: Sun Feb 21
11:53:57 MSK 2010 r...@bbserver.ipt.ru:/z/obj/z/src/sys/BBSERVER amd64
% top -jd1 | head -20
last pid: 47907; load averages: 2.30, 1.88, 1.90 up 1+17:44:3611:31:05
177 processes: 4 running, 172 sleeping, 1 zombie
Mem: 916M Active, 558M Inact, 2899M Wired, 2656K Cache, 31M Buf, 3502M Free
Swap: 4096M Total, 4096M Free
PID JID USERNAME THR PRI NICE SIZERES STATE C TIME WCPU COMMAND
22148 4 88 25 440 735M 530M ucond 3 23:05 7.81% mysqld
47705 4 www 1 540 223M 58476K select 2 0:07 7.76% httpd
47845 4 www 1 510 225M 48800K accept 1 0:02 7.47% httpd
47857 4 www 1 530 221M 44308K select 3 0:01 7.47% httpd
47797 4 www 1 510 225M 56276K accept 1 0:03 6.59% httpd
47843 4 www 1 500 221M 43580K select 3 0:01 6.30% httpd
47873 4 www 1 510 233M 52424K CPU22 0:01 5.96% httpd
47633 4 www 1 490 221M 56476K select 3 0:08 5.76% httpd
47878 4 www 1 470 221M 43480K accept 2 0:01 4.30% httpd
47708 4 www 1 520 221M 56756K accept 2 0:06 4.20% httpd
47880 4 www 1 520 223M 39516K accept 2 0:01 4.05% httpd
47875 4 www 1 490 235M 45080K CPU33 0:00 4.05% httpd
-
Let's use dtrace to understand what's going on within 10 seconds
interval and normalize to 1 second:
-
% cat top-10-count-periodic.d
#pragma D option quiet
BEGIN
{
last = timestamp;
}
syscall:::entry
{
@func[execname] = count();
}
tick-10sec
{
trunc(@func, 10);
normalize(@func, (timestamp - last) / 10);
printa(@func);
clear(@func);
last = timestamp;
}
-
The result is here:
ftp://ftp.bsam.ru/pub/tmp/top-10-count-periodic.1.log.txt
OK, seems that we are mostly interested at mysqld and httpd processes
(well, not a surprise).
The following script is intended to test and quantize mysqld process:
-
% cat quant.d
syscall:::entry
/ execname == "mysqld" /
{
self->ts = timestamp;
}
syscall:::return
/ self->ts && execname == "mysqld" /
{
@time[probefunc] = quantize(timestamp - self->ts);
self->ts = 0;
}
-
The result: ftp://ftp.bsam.ru/pub/tmp/quant.mysqld.1.log.txt
The same D script but for httpd process:
ftp://ftp.bsam.ru/pub/tmp/quant.httpd.1.log.txt
And now can you advise me what to do next? What should I pay
attention to? Thanks!
--
WBR, Boris Samorodov (bsam)
Research Engineer, http://www.ipt.ru Telephone & Internet SP
FreeBSD Committer, http://www.FreeBSD.org The Power To Serve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: best firewall for a web server
Thank you all for your help. Two for PF and one for IPFILTER - I'll have to do some math now :) All best, Iv ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: best firewall for a web server
Iv Ray wrote: We will be running a web server - - FreeBSD 8.x - Apache 2.x - php 5.x - PostgreSQL 8.x - Postfix 2.x - The server will run nearly 98% of the time below 25% load (no high performance firewall is needed). - Access to the server will be done only via ssh w/ key (there will be no public ftp, etc.). I read several threads on FreeBSD Questions and checked the Handbook, and my conclusion is that PF seems the most straightforward for such "classic" situation. Am I right? Thanks, Iv___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" I would use ipfilter. Its rules are the same as PF but its log is easier to read. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: best firewall for a web server
Hello, - Original Message > From: Iv Ray > To: freebsd-questions@freebsd.org > Sent: Fri, February 5, 2010 11:24:52 PM > Subject: best firewall for a web server > > We will be running a web server - > > - FreeBSD 8.x > - Apache 2.x > - php 5.x > - PostgreSQL 8.x > - Postfix 2.x > > - The server will run nearly 98% of the time below 25% load (no high > performance > firewall is needed). > - Access to the server will be done only via ssh w/ key (there will be no > public > ftp, etc.). > > I read several threads on FreeBSD Questions and checked the Handbook, and my > conclusion is that PF seems the most straightforward for such "classic" > situation. > > Am I right? > > Thanks, > Iv Right, PF is the way to GO! ;) Regards, -Abdullah Ibn Hamad Al-Marri Arab Portal http://www.WeArab.Net/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
best firewall for a web server
We will be running a web server - - FreeBSD 8.x - Apache 2.x - php 5.x - PostgreSQL 8.x - Postfix 2.x - The server will run nearly 98% of the time below 25% load (no high performance firewall is needed). - Access to the server will be done only via ssh w/ key (there will be no public ftp, etc.). I read several threads on FreeBSD Questions and checked the Handbook, and my conclusion is that PF seems the most straightforward for such "classic" situation. Am I right? Thanks, Iv___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Web server password management
On Jan 2, 2009, at 2:36 AM, stan wrote: I am setting up an Aoache2 webserver, and I want to require authenticon for some of it's contents. I am thinking of using htaccess. Is there a package that I can install that will allow users to request that various account management tasks be done. What I have in mind is a page that let's people request accounts, allows me to approve these request, and updates the users for for htpassword? I don't use either of these, but have looked at them in the past. Maybe one will do what you need: http://www.syscp.org/ http://www.webmin.com/ -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Web server password management
I am setting up an Aoache2 webserver, and I want to require authenticon for some of it's contents. I am thinking of using htaccess. Is there a package that I can install that will allow users to request that various account management tasks be done. What I have in mind is a page that let's people request accounts, allows me to approve these request, and updates the users for for htpassword? -- One of the main causes of the fall of the roman empire was that, lacking zero, they had no way to indicate successful termination of their C programs. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: no access to web server behind ipfw
Hi Christer, I followed the example from the handbook. Yes, it is OK to divert in and out separately. skipto is used to point to the divert out rule number when it is outbound. I run into problem only when with natd to redirect from gateway to local machine. tcpdump shows that packets of both directions are actually go through fine, but only head is there, body was ripped off. I am looking into OpenBSD's PF right now. It is such a simple goal to reach but seems not so easy. -Chen * Christer Hermansson <[EMAIL PROTECTED]> [081017 14:54]: > Chen Xu wrote: > > $cmd 100 divert natd ip from any to any in via $pif > > $cmd 101 check-state > > > > > > > You use "in via $pif", I'm not 100% sure but I think you should only use > "via $pif". > > # Authorized inbound packets > > $cmd 421 allow tcp from any to 192.168.1.10 80 in via $pif setup limit > > src-addr 5 > > > > > > > I think it's bad to use statefull rules for inbound connections. > > -- > > Christer Hermansson > > http://www.chdevelopment.se > > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: no access to web server behind ipfw
Chen Xu wrote: $cmd 100 divert natd ip from any to any in via $pif $cmd 101 check-state You use "in via $pif", I'm not 100% sure but I think you should only use "via $pif". # Authorized inbound packets $cmd 421 allow tcp from any to 192.168.1.10 80 in via $pif setup limit src-addr 5 I think it's bad to use statefull rules for inbound connections. -- Christer Hermansson http://www.chdevelopment.se ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
no access to web server behind ipfw
Dear All, I think I need help from the group. The situation is kind of simple, but I can not get it work for me. I wanted to access to a web server behind of firewall/gateway 191.168.1.1 (firewall/gateway/natd) 192.168.1.10 (internal web server) 191.168.1.1 has these info. = FreeBSD 5.3-RELEASE-p26 Kernel complied with following lines: optionsIPFIREWALL optionsIPFIREWALL_VERBOSE optionsIPFIREWALL_VERBOSE_LIMIT=5 optionsIPDIVERT rc.conf has those lines: - # Add stuff for firewall - ipfw firewall_enable="YES" firewall_type="OPEN" firewall_script="/etc/ipfw.rules" firewall_logging="YES" gateway_enable="YES" # Enable natd. natd_enable="YES" natd_interface="fxp0" #natd_flags="-dynamic -m" # preserve port numbers if possible natd_flags="-f /etc/natd.conf" # preserve port numbers if possible /etc/natd.conf port 8668 interface fxp0 redirect_port tcp 192.168.1.10:80 80 /etc/ipfw.rules #!/bin/sh ipfw -q -f flush cmd="ipfw -q add" skip="skipto 500" pif=fxp0 ks="keep-state" good_tcpo="22" ipfw -q -f flush $cmd 002 allow all from any to any via em0 # exclude LAN traffic $cmd 003 allow all from any to any via lo0 # exclude loopback traffic $cmd 100 divert natd ip from any to any in via $pif $cmd 101 check-state # Authorized outbound packets $cmd 120 $skip udp from any to x.x.x.11 53 out via $pif $ks $cmd 121 $skip udp from any to x.x.x.12 53 out via $pif $ks ## --> block only one PC running windows (192.168.1.2) $cmd 123 deny tcp from 192.168.1.2 to any 80 out via $pif $cmd 124 $skip tcp from any to any 80 out via $pif setup $ks # $cmd 129 $skip tcp from any to any $good_tcpo out via $pif setup $ks $cmd 130 $skip icmp from any to any out via $pif $ks $cmd 135 $skip udp from any to any 123 out via $pif $ks # root can do cvsup etc. like a GOD $cmd 140 allow tcp from me to any out via $pif $ks uid root # Deny all inbound traffic from non-routable reserved address spaces $cmd 300 deny all from 192.168.0.0/16 to any in via $pif #RFC 1918 private IP $cmd 301 deny all from 172.16.0.0/12 to any in via $pif #RFC 1918 private IP $cmd 302 deny all from 10.0.0.0/8 to any in via $pif #RFC 1918 private IP $cmd 303 deny all from 127.0.0.0/8 to any in via $pif #loopback $cmd 304 deny all from 0.0.0.0/8 to any in via $pif #loopback $cmd 305 deny all from 169.254.0.0/16 to any in via $pif #DHCP auto-config $cmd 306 deny all from 192.0.2.0/24to any in via $pif #reserved for docs $cmd 307 deny all from 204.152.64.0/23 to any in via $pif #Sun cluster $cmd 308 deny all from 224.0.0.0/3 to any in via $pif #Class D & E multicast # Authorized inbound packets $cmd 421 allow tcp from any to 192.168.1.10 80 in via $pif setup limit src-addr 5 $cmd 450 deny log ip from any to any # This is skipto location for outbound stateful rules $cmd 500 divert natd ip from any to any out via $pif $cmd 510 allow ip from any to any end of rules ## apparently rule 421 is not enough to access the webserver 192.168.1.10 at port 80. I need help here. Thanks, Chen ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Asus eee (was Re: G4 Quicksilver as Web Server?)
Al Plant wrote: Manolis Kiagias wrote: Matthias Apitz wrote: El día Tuesday, May 27, 2008 a las 04:16:44PM +0200, Matthias Apitz escribió: El día Friday, May 23, 2008 a las 01:18:06PM +0300, Manolis Kiagias escribió: Yes, I am already planning to upgrade :) At this time, it is not available in Greece (though I have spotted a few on ebay). Even more important than the 20Gb SSD is the 9 inch display with a resolution of 1024x600. 800x480 is really small for anything more other than taking notes. Maybe you know this page, Manolis: http://www.eeeuser.com/2008/05/04/eeeusercom-eeepc-900-in-depth-review/ it has a detailed technical report about all items of which the 900 20GB model is made of; Ah, nice! Thanks for the link. It will be a good read. a dealer in CH will get next week the original US version: http://www.stegcomputer.ch/details.asp?prodid=asu-e900-w There are a few sold on ebay. I believe this model will also appear in Greek eshops soon. take care, there is an issue about the battery having only 4400 mAh (because of some fire in an ASUS supplier) while the original model have had a 5800 mAh battery; matthias I will wait then. I prefer to get a model with a larger battery. The one I have now, lasts more or less 2 - 2.30 hours and I believe it has the same 4400mAh battery. The larger screen and SSD will probably make this even less on the 900. Unlike larger laptops, I really like to work the eee on battery only. In fact having to carry only this small laptop instead of all the usual accessories is a big plus to me. On a side note, I am thinking of writing a complete article about installing FreeBSD 7.0 on the eeepc, including customizations and optimizations, different installations methods, with links to download ready-built customized kernels etc. Don't know whether it will have any real audience though ;) Most people run some Linux distro on it or even (gasp) Windows... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" Aloha, I would be interested in a how to for FreeBSD on the Asus eee OK, I am already set to write this. My time is kind of limited until the end of June, but I'll try to start on this ASAP. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Asus eee (was Re: G4 Quicksilver as Web Server?)
Manolis Kiagias wrote: Matthias Apitz wrote: El día Tuesday, May 27, 2008 a las 04:16:44PM +0200, Matthias Apitz escribió: El día Friday, May 23, 2008 a las 01:18:06PM +0300, Manolis Kiagias escribió: Yes, I am already planning to upgrade :) At this time, it is not available in Greece (though I have spotted a few on ebay). Even more important than the 20Gb SSD is the 9 inch display with a resolution of 1024x600. 800x480 is really small for anything more other than taking notes. Maybe you know this page, Manolis: http://www.eeeuser.com/2008/05/04/eeeusercom-eeepc-900-in-depth-review/ it has a detailed technical report about all items of which the 900 20GB model is made of; Ah, nice! Thanks for the link. It will be a good read. a dealer in CH will get next week the original US version: http://www.stegcomputer.ch/details.asp?prodid=asu-e900-w There are a few sold on ebay. I believe this model will also appear in Greek eshops soon. take care, there is an issue about the battery having only 4400 mAh (because of some fire in an ASUS supplier) while the original model have had a 5800 mAh battery; matthias I will wait then. I prefer to get a model with a larger battery. The one I have now, lasts more or less 2 - 2.30 hours and I believe it has the same 4400mAh battery. The larger screen and SSD will probably make this even less on the 900. Unlike larger laptops, I really like to work the eee on battery only. In fact having to carry only this small laptop instead of all the usual accessories is a big plus to me. On a side note, I am thinking of writing a complete article about installing FreeBSD 7.0 on the eeepc, including customizations and optimizations, different installations methods, with links to download ready-built customized kernels etc. Don't know whether it will have any real audience though ;) Most people run some Linux distro on it or even (gasp) Windows... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" Aloha, I would be interested in a how to for FreeBSD on the Asus eee -- ~Al Plant - Honolulu, Hawaii - Phone: 808-284-2740 + http://hawaiidakine.com + http://freebsdinfo.org + + http://aloha50.net - Supporting - FreeBSD 6.* - 7.* - 8.* + < email: [EMAIL PROTECTED] > "All that's really worth doing is what we do for others."- Lewis Carrol ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Asus eee (was Re: G4 Quicksilver as Web Server?)
Matthias Apitz wrote: El día Tuesday, May 27, 2008 a las 04:16:44PM +0200, Matthias Apitz escribió: El día Friday, May 23, 2008 a las 01:18:06PM +0300, Manolis Kiagias escribió: Yes, I am already planning to upgrade :) At this time, it is not available in Greece (though I have spotted a few on ebay). Even more important than the 20Gb SSD is the 9 inch display with a resolution of 1024x600. 800x480 is really small for anything more other than taking notes. Maybe you know this page, Manolis: http://www.eeeuser.com/2008/05/04/eeeusercom-eeepc-900-in-depth-review/ it has a detailed technical report about all items of which the 900 20GB model is made of; Ah, nice! Thanks for the link. It will be a good read. a dealer in CH will get next week the original US version: http://www.stegcomputer.ch/details.asp?prodid=asu-e900-w There are a few sold on ebay. I believe this model will also appear in Greek eshops soon. take care, there is an issue about the battery having only 4400 mAh (because of some fire in an ASUS supplier) while the original model have had a 5800 mAh battery; matthias I will wait then. I prefer to get a model with a larger battery. The one I have now, lasts more or less 2 - 2.30 hours and I believe it has the same 4400mAh battery. The larger screen and SSD will probably make this even less on the 900. Unlike larger laptops, I really like to work the eee on battery only. In fact having to carry only this small laptop instead of all the usual accessories is a big plus to me. On a side note, I am thinking of writing a complete article about installing FreeBSD 7.0 on the eeepc, including customizations and optimizations, different installations methods, with links to download ready-built customized kernels etc. Don't know whether it will have any real audience though ;) Most people run some Linux distro on it or even (gasp) Windows... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Asus eee (was Re: G4 Quicksilver as Web Server?)
El día Tuesday, May 27, 2008 a las 04:16:44PM +0200, Matthias Apitz escribió: > El día Friday, May 23, 2008 a las 01:18:06PM +0300, Manolis Kiagias escribió: > > > Yes, I am already planning to upgrade :) > > At this time, it is not available in Greece (though I have spotted a few > > on ebay). > > Even more important than the 20Gb SSD is the 9 inch display with a > > resolution of 1024x600. > > 800x480 is really small for anything more other than taking notes. > > Maybe you know this page, Manolis: http://www.eeeuser.com/2008/05/04/eeeusercom-eeepc-900-in-depth-review/ it has a detailed technical report about all items of which the 900 20GB model is made of; a dealer in CH will get next week the original US version: http://www.stegcomputer.ch/details.asp?prodid=asu-e900-w take care, there is an issue about the battery having only 4400 mAh (because of some fire in an ASUS supplier) while the original model have had a 5800 mAh battery; matthias -- Matthias Apitz Manager Technical Support - OCLC GmbH Gruenwalder Weg 28g - 82041 Oberhaching - Germany t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211 e <[EMAIL PROTECTED]> - w http://www.oclc.org/ http://www.UnixArea.de/ b http://gurucubano.blogspot.com/ «...una sola vez, que es cuanto basta si se trata de verdades definitivas.» «...only once, which is enough if it has todo with definite truth.» José Saramago, Historia del Cerca de Lisboa ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Asus eee (was Re: G4 Quicksilver as Web Server?)
Matthias Apitz wrote: El día Wednesday, May 21, 2008 a las 07:44:31PM +0300, Manolis Kiagias escribió: ... - Note you can install either to SSD or an external SDHC. The SSD is somewhat faster though. (But you can get larger SDHCs). I am dual booting Linux and FreeBSD on mine right now. Linux is on the SSD and FreeBSD on an 8GB SDHC. In this Wiki page they show already a model 900 with up to 20 GByte SSD; maybe it's a good idea to go for this model, even if it is a bit more expensive (~400 euros): http://en.wikipedia.org/wiki/Eeepc matthias Yes, I am already planning to upgrade :) At this time, it is not available in Greece (though I have spotted a few on ebay). Even more important than the 20Gb SSD is the 9 inch display with a resolution of 1024x600. 800x480 is really small for anything more other than taking notes. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Asus eee (was Re: G4 Quicksilver as Web Server?)
El día Wednesday, May 21, 2008 a las 07:44:31PM +0300, Manolis Kiagias escribió: ... > - Note you can install either to SSD or an external SDHC. The SSD is > somewhat faster though. (But you can get larger SDHCs). I am dual > booting Linux and FreeBSD on mine right now. Linux is on the SSD and > FreeBSD on an 8GB SDHC. In this Wiki page they show already a model 900 with up to 20 GByte SSD; maybe it's a good idea to go for this model, even if it is a bit more expensive (~400 euros): http://en.wikipedia.org/wiki/Eeepc matthias -- Matthias Apitz Manager Technical Support - OCLC GmbH Gruenwalder Weg 28g - 82041 Oberhaching - Germany t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211 e <[EMAIL PROTECTED]> - w http://www.oclc.org/ http://www.UnixArea.de/ b http://gurucubano.blogspot.com/ «...una sola vez, que es cuanto basta si se trata de verdades definitivas.» «...only once, which is enough if it has todo with definite truth.» José Saramago, Historia del Cerca de Lisboa ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Asus eee (was Re: G4 Quicksilver as Web Server?)
Matthias Apitz wrote: El día Friday, January 18, 2008 a las 10:41:28PM -0500, Garance A Drosehn escribió: At 9:14 AM -0500 1/2/08, Ed Maste wrote: On Tue, Jan 01, 2008 at 06:20:22PM +, James Jeffery wrote: Before i end the toipic, anyone got any feeback on the Asus Eee (mini laptops) with FreeBSD? It works, but no drivers exist for the wireless or wired Ethernet ports. The wireless is a newer Atheros part and ath(4) should gain support for it, but I have no idea what the timeline will be. The wired Ethernet is an Atheros (formerly Attansic) L2 10/100, and I'm not aware of any concrete plans for a driver for it. I've used a Linksys USB200M USB ethernet (axe(4) driver) with mine and that works well. One of the guys I know is running FreeBSD on the Eee, and has written up the following information for anyone who is interested in doing what he did: http://nighthack.org/wiki/EeeBSD This includes tips on how to get the wireless working, and sound, and some oddities with how X11 works. Thanks for that hint. I'm thinking in buying such a device to have it with me as a typewriter, mostly; normally I use FreeBSD 7.0-REL on my laptop with around 200 compiled ports: KDE, OpenOffice, Lyx, StarDict, ... the compilation normally takes 2-3 days to have it all ready; of course, on that limited device with 4 or 8 GByte SSD it is not an option to compile the stuff up from /usr/ports on the system itself, not only from the point of view of disk space, but also because of the limited lifetime write cycles of the SSD; in short: what would be the easiest way to move the installed ports from my laptop to such an Eee PC? can I make, for example, packages from my ports and install them? Thx matthias [Sending this a second time to the list only, since it had too many recipients the first time and was probably rejected] I happen to have an eeePC and have successfully installed FreeBSD on it. It can be done in various ways (even without a CDROM, if you have an external USB disk). I can attest the instructions in nighthack.org work: Sound and wireless work fine. There are a few things you can do it to speed it up: - The SSD is too small for the classic partitioning scheme of FreeBSD. Probably a large '/' partition or a '/' and '/home' will do. Do not use swap. - Turn of logging (syslogd_enable="NO" in /etc/rc.conf) - Edit /etc/ttys and reduce the number of virtual terminals. You probably don't need them. - Do not compile anything on the eee. It wil be a test of its abilities and your patience. Compile the kernel on another a PC and copy it via a USB key. Either use ready made packages (possibly after setting PACKAGESITE to packages-7-stable) or use 'make package' on your main pc to create packages and transfer them. - The eee will happily run X and any environment you choose. I have tried XFCE and GNOME with no problem. More memory will be better, but not absolutely necessary. - As others have said, the wired LAN does not currently work. - Note you can install either to SSD or an external SDHC. The SSD is somewhat faster though. (But you can get larger SDHCs). I am dual booting Linux and FreeBSD on mine right now. Linux is on the SSD and FreeBSD on an 8GB SDHC. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Asus eee (was Re: G4 Quicksilver as Web Server?)
El día Friday, January 18, 2008 a las 10:41:28PM -0500, Garance A Drosehn escribió: > At 9:14 AM -0500 1/2/08, Ed Maste wrote: > >On Tue, Jan 01, 2008 at 06:20:22PM +, James Jeffery wrote: > > > >> Before i end the toipic, anyone got any feeback on the Asus Eee (mini > >> laptops) with FreeBSD? > > > >It works, but no drivers exist for the wireless or wired Ethernet ports. > >The wireless is a newer Atheros part and ath(4) should gain support for > >it, but I have no idea what the timeline will be. The wired Ethernet > >is an Atheros (formerly Attansic) L2 10/100, and I'm not aware of any > >concrete plans for a driver for it. > > > >I've used a Linksys USB200M USB ethernet (axe(4) driver) with mine and > >that works well. > > One of the guys I know is running FreeBSD on the Eee, and has written > up the following information for anyone who is interested in doing > what he did: > > http://nighthack.org/wiki/EeeBSD > > This includes tips on how to get the wireless working, and sound, > and some oddities with how X11 works. Thanks for that hint. I'm thinking in buying such a device to have it with me as a typewriter, mostly; normally I use FreeBSD 7.0-REL on my laptop with around 200 compiled ports: KDE, OpenOffice, Lyx, StarDict, ... the compilation normally takes 2-3 days to have it all ready; of course, on that limited device with 4 or 8 GByte SSD it is not an option to compile the stuff up from /usr/ports on the system itself, not only from the point of view of disk space, but also because of the limited lifetime write cycles of the SSD; in short: what would be the easiest way to move the installed ports from my laptop to such an Eee PC? can I make, for example, packages from my ports and install them? Thx matthias -- Matthias Apitz Manager Technical Support - OCLC GmbH Gruenwalder Weg 28g - 82041 Oberhaching - Germany t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211 e <[EMAIL PROTECTED]> - w http://www.oclc.org/ http://www.UnixArea.de/ b http://gurucubano.blogspot.com/ «...una sola vez, que es cuanto basta si se trata de verdades definitivas.» «...only once, which is enough if it has todo with definite truth.» José Saramago, Historia del Cerca de Lisboa ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Some questions about installing a web server.
Ivan Voras wrote: > Unless you need software that doesn't work on i386, you should install > amd64. Sorry, this should have been : "Unless you need software that ONLY works on i386, you should install amd64." signature.asc Description: OpenPGP digital signature
Re: Some questions about installing a web server.
Paul Schmehl wrote: --On Thursday, March 06, 2008 16:25:44 +0800 "??" <[EMAIL PROTECTED]> wrote: Hi guys, I'm a freshman man here. Please do not mind my silly questions. I am ready to install a web server, the main hardwares are as follows: CPU 4-core xeon 5410 * 2 MEM kingston 2G EEC FBD667 * 2 HD ST146G SAS 15K * 1 I have several questions. Which platform should I chooses? amd64 or i386? i386. Definitely not. Is 4G memory enough for 2000 people online? Depends on what you're doing. Should be for most cases. With 4G of memory i386 really isn't a choice. Unless you feel adventurous and want to try PAE. I'd stick with amd64. All the webserver stuff works fine there and it allows you to extend the memory later on if the need arises. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Some questions about installing a web server.
I have several questions. Which platform should I chooses? amd64 or i386? i386. why? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Some questions about installing a web server.
--On Thursday, March 06, 2008 16:25:44 +0800 "??" <[EMAIL PROTECTED]> wrote: Hi guys, I'm a freshman man here. Please do not mind my silly questions. I am ready to install a web server, the main hardwares are as follows: CPU 4-core xeon 5410 * 2 MEM kingston 2G EEC FBD667 * 2 HD ST146G SAS 15K * 1 I have several questions. Which platform should I chooses? amd64 or i386? i386. Is 4G memory enough for 2000 people online? Depends on what you're doing. Should be for most cases. If you have others suggestions please tell me. Install and use mod_security to protect your web server from attack. -- Paul Schmehl ([EMAIL PROTECTED]) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Some questions about installing a web server.
Wojciech Puchar wrote: > > what does 2000 people online mean. 2000 people fetching WWW page in the > same time? if so - pentium 200 with 64MB would suffice :) I think the time of static .html files has passed years ago :) signature.asc Description: OpenPGP digital signature
Re: Some questions about installing a web server.
I'm a freshman man here. Please do not mind my silly questions. I am ready to install a web server, the main hardwares are as follows: CPU 4-core xeon 5410 * 2 MEM kingston 2G EEC FBD667 * 2 HD ST146G SAS 15K * 1 I have several questions. Which platform should I chooses? amd64 or i386? amd64 Is 4G memory enough for 2000 people online? what does 2000 people online mean. 2000 people fetching WWW page in the same time? if so - pentium 200 with 64MB would suffice :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Some questions about installing a web server.
Thanks Robert, See http://processorfinder.intel.com/details.aspx?sSpec=SLANW It may be a 64-bit Intel microprocessor. Vivian On Thu, 06 Mar 2008 20:41:28 +0800, Robert Huff <[EMAIL PROTECTED]> wrote: Ivan Voras <[EMAIL PROTECTED]> writes: I am ready to install a web server, the main hardwares are as follows: CPU 4-core xeon 5410 * 2 MEM kingston 2G EEC FBD667 * 2 HD ST146G SAS 15K * 1 Unless you need software that doesn't work on i386, you should install amd64. Um ... they said "xeon". Doesn't that mean ia64? Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Some questions about installing a web server.
Vivian Liu wrote: > Thanks a lot again. > > There are running some application has been built using PHP in this web > box. > Also need a small mail system and mysql for a game server that running > on a win2003 machine. > Maybe I need to upgrade the memory to 8G. 8 GB should be ok for most purposes. But again, you need more disk drives, not for the space but for performance and resilience to drive problems (RAID). signature.asc Description: OpenPGP digital signature
Re: Some questions about installing a web server.
On Thu, Mar 06, 2008 at 07:41:28AM -0500, Robert Huff wrote: > > > Ivan Voras <[EMAIL PROTECTED]> writes: > > >> I am ready to install a web server, the main hardwares are as follows: > >> CPU 4-core xeon 5410 * 2 > >> MEM kingston 2G EEC FBD667 * 2 > >> HD ST146G SAS 15K * 1 > > > > Unless you need software that doesn't work on i386, you should > > install amd64. > > Um ... they said "xeon". Doesn't that mean ia64? No, it does not. ia64 is for Intel's Itanium series CPU's. Completely different architecture. amd64 is for those CPU's implementing the AMD64 architecture. This is also known as x86-64. Intel used to call their implementation EMT64, but I think they have changed that since. AFAIK all of Intel's recent x86 CPUs support amd64. (This includes all Core2Duo based CPUs as well as the Xeon versions thereof.) -- Erik Trulsson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Some questions about installing a web server.
Thanks a lot again. There are running some application has been built using PHP in this web box. Also need a small mail system and mysql for a game server that running on a win2003 machine. Maybe I need to upgrade the memory to 8G. Regards. Vivian On Thu, 06 Mar 2008 18:07:05 +0800, Ivan Voras <[EMAIL PROTECTED]> wrote: 刘伟南 wrote: Hi guys, I'm a freshman man here. Please do not mind my silly questions. I am ready to install a web server, the main hardwares are as follows: CPU 4-core xeon 5410 * 2 MEM kingston 2G EEC FBD667 * 2 HD ST146G SAS 15K * 1 I have several questions. Which platform should I chooses? amd64 or i386? Unless you need software that doesn't work on i386, you should install amd64. Is 4G memory enough for 2000 people online? This is very much dependent on what will the server actually do. For a simple web (PHP?) application, yes. For a very complex web application, no. You probably also need a database there, and that will complicate things. If you have others suggestions please tell me. Thanks in advance. I suppose the disk drive specification is a placeholder - you'll probably need many more drives in real deployment. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Some questions about installing a web server.
Ivan Voras <[EMAIL PROTECTED]> writes: >> I am ready to install a web server, the main hardwares are as follows: >> CPU 4-core xeon 5410 * 2 >> MEM kingston 2G EEC FBD667 * 2 >> HD ST146G SAS 15K * 1 > > Unless you need software that doesn't work on i386, you should > install amd64. Um ... they said "xeon". Doesn't that mean ia64? Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Some questions about installing a web server.
刘伟南 wrote: > Hi guys, > > I'm a freshman man here. Please do not mind my silly questions. > > I am ready to install a web server, the main hardwares are as follows: > CPU 4-core xeon 5410 * 2 > MEM kingston 2G EEC FBD667 * 2 > HD ST146G SAS 15K * 1 > > I have several questions. > Which platform should I chooses? amd64 or i386? Unless you need software that doesn't work on i386, you should install amd64. > Is 4G memory enough for 2000 people online? This is very much dependent on what will the server actually do. For a simple web (PHP?) application, yes. For a very complex web application, no. You probably also need a database there, and that will complicate things. > If you have others suggestions please tell me. > Thanks in advance. I suppose the disk drive specification is a placeholder - you'll probably need many more drives in real deployment. signature.asc Description: OpenPGP digital signature
Some questions about installing a web server.
Hi guys, I'm a freshman man here. Please do not mind my silly questions. I am ready to install a web server, the main hardwares are as follows: CPU 4-core xeon 5410 * 2 MEM kingston 2G EEC FBD667 * 2 HD ST146G SAS 15K * 1 I have several questions. Which platform should I chooses? amd64 or i386? Is 4G memory enough for 2000 people online? If you have others suggestions please tell me. Thanks in advance. Vivian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Some questions about installing a web server.
Hi guys, I'm a freshman man here. Please do not mind my silly questions. I am ready to install a web server, the main hardwares are as follows: CPU 4-core xeon 5410 * 2 MEM kingston 2G EEC FBD667 * 2 HD ST146G SAS 15K * 1 I have several questions. Which platform should I chooses? amd64 or i386? Is 4G memory enough for 2000 people online? If you have others suggestions please tell me. Thanks in advance. Vivian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Some questions about installing a web server.
Hi guys, I'm a freshman man here. Please do not mind my silly questions. I am ready to install a web server, the main hardwares are as follows: CPU 4-core xeon 5410 * 2 MEM kingston 2G EEC FBD667 * 2 HD ST146G SAS 15K * 1 I have several questions. Which platform should I chooses? amd64 or i386? Is 4G memory enough for 2000 people online? If you have others suggestions please tell me. Thanks in advance. Vivian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Asus eee (was Re: G4 Quicksilver as Web Server?)
At 9:14 AM -0500 1/2/08, Ed Maste wrote: On Tue, Jan 01, 2008 at 06:20:22PM +, James Jeffery wrote: Before i end the toipic, anyone got any feeback on the Asus Eee (mini laptops) with FreeBSD? It works, but no drivers exist for the wireless or wired Ethernet ports. The wireless is a newer Atheros part and ath(4) should gain support for it, but I have no idea what the timeline will be. The wired Ethernet is an Atheros (formerly Attansic) L2 10/100, and I'm not aware of any concrete plans for a driver for it. I've used a Linksys USB200M USB ethernet (axe(4) driver) with mine and that works well. One of the guys I know is running FreeBSD on the Eee, and has written up the following information for anyone who is interested in doing what he did: http://nighthack.org/wiki/EeeBSD This includes tips on how to get the wireless working, and sound, and some oddities with how X11 works. -- Garance Alistair Drosehn = [EMAIL PROTECTED] Senior Systems Programmer or [EMAIL PROTECTED] Rensselaer Polytechnic Institute; Troy, NY; USA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Asus eee (was Re: G4 Quicksilver as Web Server?)
On Wed, Jan 02, 2008 at 09:14:19AM -0500, Ed Maste wrote: > On Tue, Jan 01, 2008 at 06:20:22PM +, James Jeffery wrote: > > > Before i end the toipic, anyone got any feeback on the Asus Eee (mini > > laptops) with FreeBSD? > > It works, but no drivers exist for the wireless or wired Ethernet ports. > The wireless is a newer Atheros part and ath(4) should gain support for > it, but I have no idea what the timeline will be. The wired Ethernet > is an Atheros (formerly Attansic) L2 10/100, and I'm not aware of any > concrete plans for a driver for it. > > I've used a Linksys USB200M USB ethernet (axe(4) driver) with mine and > that works well. Do you happen to know how well it's supported with the other major BSD Unix systems (Open- and Net-)? -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] John W. Russell: "People point. Sometimes that's just easier. They also use words. Sometimes that's just easier. For the same reasons that pointing has not made words obsolete, there will always be command lines." ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Asus eee (was Re: G4 Quicksilver as Web Server?)
On Tue, Jan 01, 2008 at 06:20:22PM +, James Jeffery wrote: > Before i end the toipic, anyone got any feeback on the Asus Eee (mini > laptops) with FreeBSD? It works, but no drivers exist for the wireless or wired Ethernet ports. The wireless is a newer Atheros part and ath(4) should gain support for it, but I have no idea what the timeline will be. The wired Ethernet is an Atheros (formerly Attansic) L2 10/100, and I'm not aware of any concrete plans for a driver for it. I've used a Linksys USB200M USB ethernet (axe(4) driver) with mine and that works well. -Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
G4 Quicksilver as Web Server?
Sup guys. Hope you all had a new year. I have an old G4 lying about, its got 256mb ram, 733mhz processor. I was wondering, would it be worth setting up the PPC version of FreeBSD (or maybe even OpenBSD, although thats for their mailing list) on it to use as a web server or testing box. The most i'd do on it is probably use it as a testing box to create server applications using C++. Id like ot work within a BSD enviroment because thats what ive been using for a long time now, but i dont want all the extra windows crap you get with OSX, id much rather work with command line. I havn't got an old PC lying about, and because of university i need to keep my PC intact with XP (assignments, research ect.). Before i end the toipic, anyone got any feeback on the Asus Eee (mini laptops) with FreeBSD? Im open to any feedback. James ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Configuring mailman with web server different from mail server
On Aug 21, 2007, at 11:45 AMAug 21, 2007, Chuck Swiger wrote: On Aug 20, 2007, at 9:51 PM, Olivier Nicole wrote: I am trying to install mailman from the ports. I have different machine for the mail server and the web server and I am trying to figure if this configuration is workable. The MTA is sendmail, where could I find configure example? You can have Mailman use a non-local SMTP server by adjusting the Mailman/mm_cfg.py file (see Defaults.py), but it's somewhat annoying to do this as you will have to copy over the list aliases onto the mailserver, rather than having the newlist command do so automagically for you. I suppose you could do the same for a non-local webserver, but that would be even more difficult: you'd almost have to set up filesharing between the two machines so that the list archives and the various Mailman web resources are available on the webserver. If you've already got a webserver somewhere that you'd want to use, you'd be better off running Mailman on there Others will probably laugh me off the list, but my recommendation for such things is to use the Apache ProxyPass stuff. My mail server here contains all the web interface controls/etc on the mail server itself. My webserver has a simply ProxyPass and ProxyPassReverse statement to make it appear as though everything resides on the one web server, and thus, one domain. The advantage to this, as well, is there are no direct connections made to my mail server for the web interface through the firewall, since everything from outside is hitting my dedicated web server. HTH - Eric F Crist Secure Computing Networks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Configuring mailman with web server different from mail server
On Aug 20, 2007, at 9:51 PM, Olivier Nicole wrote: I am trying to install mailman from the ports. I have different machine for the mail server and the web server and I am trying to figure if this configuration is workable. The MTA is sendmail, where could I find configure example? You can have Mailman use a non-local SMTP server by adjusting the Mailman/mm_cfg.py file (see Defaults.py), but it's somewhat annoying to do this as you will have to copy over the list aliases onto the mailserver, rather than having the newlist command do so automagically for you. I suppose you could do the same for a non-local webserver, but that would be even more difficult: you'd almost have to set up filesharing between the two machines so that the list archives and the various Mailman web resources are available on the webserver. If you've already got a webserver somewhere that you'd want to use, you'd be better off running Mailman on there -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Configuring mailman with web server different from mail server
Olivier sure I do this - configure sendmail on the mailman machine as per instuctions for the list and 'smartrelay' the mail via mailserver on the web machine. On the mailserver also make sure all the aliases for the list point at the webserver. -- Martin On 8/21/07, Olivier Nicole <[EMAIL PROTECTED]> wrote: > > Hi, > > I am trying to install mailman from the ports. > > I have different machine for the mail server and the web server and I > am trying to figure if this configuration is workable. > > The MTA is sendmail, where could I find configure example? > > Best regards, > > Olivier > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > [EMAIL PROTECTED]" > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Configuring mailman with web server different from mail server
Hi, I am trying to install mailman from the ports. I have different machine for the mail server and the web server and I am trying to figure if this configuration is workable. The MTA is sendmail, where could I find configure example? Best regards, Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: using netcat (nc) to POST data to a web server ...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - --On Thursday, November 30, 2006 15:58:24 +0200 Nikos Vassiliadis <[EMAIL PROTECTED]> wrote: > On Thursday 30 November 2006 15:30, Marc G. Fournier wrote: >> >> Does anyone have an example of this? I've searched google, and am finding >> nothing other then that it can be done ... >> > > Interesting question Marc. > > Just found this > http://www.jmarshall.com/easy/http/#othermethods > > If you google for (telnet post http) you'll find many similar pages. Perfect, thank you ... didn't think to search for telnet :( - Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email . [EMAIL PROTECTED] MSN . [EMAIL PROTECTED] Yahoo . yscrappy Skype: hub.orgICQ . 7615664 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFFbz284QvfyHIvDvMRAmRZAKCsaFTEwaX37bRo4w7Ihx4YBjs/9gCdGmUt BqWxBznTsO3Q8RDS0/I6yCs= =nviy -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: using netcat (nc) to POST data to a web server ...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - --On Thursday, November 30, 2006 10:08:33 -0600 Dan Nelson <[EMAIL PROTECTED]> wrote: > In the last episode (Nov 30), Marc G. Fournier said: >> using netcat (nc) to POST data to a web server ... >> >> Does anyone have an example of this? I've searched google, and am >> finding nothing other then that it can be done ... > > I'd recommend using curl. It has options for sending HTTP POST data in > a couple of different formats. With nc, you'll have to fabricate the > entire request and pipe it in. Easy enough to determine the format by > tcpdumping a browser session, but curl has done the work and lets you > do error checking on the response. Availability, mostly :( nc seems to be part of the base OS, while curl is an a port ... I'm trying to find a way to use POST to send the bsdstats data out, insted of GET ... Thanks though ... - Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email . [EMAIL PROTECTED] MSN . [EMAIL PROTECTED] Yahoo . yscrappy Skype: hub.orgICQ . 7615664 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFFbzkI4QvfyHIvDvMRAiP4AKDLW9gP4gxQ4HwLoho0l2zEpo+AtgCdGtNP oYCDi83TRONyHfS8NmCT6mo= =StiC -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: using netcat (nc) to POST data to a web server ...
In the last episode (Nov 30), Marc G. Fournier said: > using netcat (nc) to POST data to a web server ... > > Does anyone have an example of this? I've searched google, and am > finding nothing other then that it can be done ... I'd recommend using curl. It has options for sending HTTP POST data in a couple of different formats. With nc, you'll have to fabricate the entire request and pipe it in. Easy enough to determine the format by tcpdumping a browser session, but curl has done the work and lets you do error checking on the response. -- Dan Nelson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: using netcat (nc) to POST data to a web server ...
On Thursday 30 November 2006 15:30, Marc G. Fournier wrote: > > Does anyone have an example of this? I've searched google, and am finding > nothing other then that it can be done ... > Interesting question Marc. Just found this http://www.jmarshall.com/easy/http/#othermethods If you google for (telnet post http) you'll find many similar pages. Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
using netcat (nc) to POST data to a web server ...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Does anyone have an example of this? I've searched google, and am finding nothing other then that it can be done ... Thx ... - Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email . [EMAIL PROTECTED] MSN . [EMAIL PROTECTED] Yahoo . yscrappy Skype: hub.orgICQ . 7615664 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFFbt0H4QvfyHIvDvMRAvbvAKDmsFSZUl7R03UX0KHzGvKQfTDXsACeIEZ0 e8A9L2ZpqL13dgTcCVMIsGg= =P1MV -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Help: Suitable Version for Web Server?
On Fri, Nov 17, 2006 at 11:22:50AM +0100, VeeJay wrote: > Apache ??? > MySQL ??? > PHP ??? > QMail postgres-7 exim-4 courier-imap-4 caudium-1.2 (HTTP) sqwebmail-5.1.3 pure-ftpd-1.0 are the right choice for my PUBBOX. the postgres knows all about every user and application he may use. It is absolutely reliable. Mysql can't do that. (no foreign keys, no transactions, slow for complex queries anyway...) Mysql is a good choice, if you don't need sanity checks, and retreive tons of bulk data with a straightforward select... ...there it is notably faster enjoy, Armin -- PUBBOX Postmaster + spam-killer. Free email addresses at http://pubbox.net/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Help: Suitable Version for Web Server?
В сообщении от Пятница 17 ноября 2006 16:22 VeeJay написал(a): > Can someone working in Web Hosting suggest that which versions of the > following software are more secure & relaiable for a Busy Web Server? > > OS: FreeBSD 6.1 > Apache ??? > MySQL ??? > PHP ??? > QMail > > Thanks a Lot It's already've been said here. Personally I use: Apache 1.2 MySQL 5.0 PHP 5 and cucipop+sendmail Looks stable yet. -- С уважением, Бачило Дмитрий Best Regards, Bachilo Dmitry ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Help: Suitable Version for Web Server?
Can someone working in Web Hosting suggest that which versions of the following software are more secure & relaiable for a Busy Web Server? OS: FreeBSD 6.1 Apache ??? MySQL ??? PHP ??? QMail Thanks a Lot -- Thanks! BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Web server requirements
I did not see the answer to the dynamic content question. I ran 400-500 web sites on a 300 MHz processor until it died. My problems were memory, disk space and bandwidth. If you are going to use perl or modperl for dynamic content, any processor you can buy today will probably be fast enough. If did not see RAID mentioned in the thread, but I would recommend that. If you have a budget, I would spend it on memory, 1GB (more?) and the rest on disks and an ata raid controller. On Sat, 19 Aug 2006, Derek Ragona wrote: It sounds like you have this older hardware to use, so you can try it and see. It will likely be a bit under powered for the streaming, and may chug under the maximum users. With hardware prices at an all time low, you might want to consider something faster with more capacity, but you can always move to that later. -Derek At 01:55 PM 8/19/2006, Dearment, Alaric J wrote: I'm the on-line editor of expo, Ball State University's student-run magazine. We're reviving our Web site, and I've been thinking seriously about running it off a FreeBSD-based server. However, I'm not sure what kinds of system requirements I'll have. The school has roughly 20,000 students and the magazine comes out once a semester. If I were to guess, I'd say we'll be having 100 people on the server at once on busy days, most of whom will be on campus. In addition to articles, the server will probably offer a 10- to 15-minute video and/or podcast to go with the cover story. Also, the server will also be used as a mail server and file server, though file services will likely only be needed for a couple of days each semester and E-mail accounts will only be for staff to do things such as receive feedback on articles and so forth. What sorts of requirements would such a server need as far as processor, RAM and HD are concerned, assuming it would be running on FreeBSD? Would a machine with 512M of RAM, a 140G HD and 1.2GHz processor work? Thank you, Alaric DeArment Ball State University ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Web server requirements
It sounds like you have this older hardware to use, so you can try it and see. It will likely be a bit under powered for the streaming, and may chug under the maximum users. With hardware prices at an all time low, you might want to consider something faster with more capacity, but you can always move to that later. -Derek At 01:55 PM 8/19/2006, Dearment, Alaric J wrote: I'm the on-line editor of expo, Ball State University's student-run magazine. We're reviving our Web site, and I've been thinking seriously about running it off a FreeBSD-based server. However, I'm not sure what kinds of system requirements I'll have. The school has roughly 20,000 students and the magazine comes out once a semester. If I were to guess, I'd say we'll be having 100 people on the server at once on busy days, most of whom will be on campus. In addition to articles, the server will probably offer a 10- to 15-minute video and/or podcast to go with the cover story. Also, the server will also be used as a mail server and file server, though file services will likely only be needed for a couple of days each semester and E-mail accounts will only be for staff to do things such as receive feedback on articles and so forth. What sorts of requirements would such a server need as far as processor, RAM and HD are concerned, assuming it would be running on FreeBSD? Would a machine with 512M of RAM, a 140G HD and 1.2GHz processor work? Thank you, Alaric DeArment Ball State University ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Web server requirements
On Sat, Aug 19, 2006 at 02:55:59PM -0400, Dearment, Alaric J wrote: > I'm the on-line editor of expo, Ball State University's student-run magazine. > We're reviving our Web site, and I've been thinking seriously about running > it off a FreeBSD-based server. However, I'm not sure what kinds of system > requirements I'll have. > > The school has roughly 20,000 students and the magazine comes out once a > semester. If I were to guess, I'd say we'll be having 100 people on the > server at once on busy days, most of whom will be on campus. In addition to > articles, the server will probably offer a 10- to 15-minute video and/or > podcast to go with the cover story. Also, the server will also be used as a > mail server and file server, though file services will likely only be needed > for a couple of days each semester and E-mail accounts will only be for staff > to do things such as receive feedback on articles and so forth. > > What sorts of requirements would such a server need as far as processor, RAM > and HD are concerned, assuming it would be running on FreeBSD? Would a > machine with 512M of RAM, a 140G HD and 1.2GHz processor work? A lot depends on how your web content will be served up. If you're going to run a very dynamic CMS w/ database then requirements will go up. If you're serving more or less static pages then the requirements won't be nearly as high. Spend money on RAM. Big payoff, and it's pretty cheap. Spend money on a good disk (SCSI, SAS, High-End SATA) with a good controller and you'll get your money in performance. Buy a decent network card! These things will pay off more than processor speed for a web server, usually. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Web server requirements
On Sat, 19 Aug 2006 20:55:59 +0200, Dearment, Alaric J <[EMAIL PROTECTED]> wrote: I'm the on-line editor of expo, Ball State University's student-run magazine. We're reviving our Web site, and I've been thinking seriously about running it off a FreeBSD-based server. However, I'm not sure what kinds of system requirements I'll have. The school has roughly 20,000 students and the magazine comes out once a semester. If I were to guess, I'd say we'll be having 100 people on the server at once on busy days, most of whom will be on campus. In addition to articles, the server will probably offer a 10- to 15-minute video and/or podcast to go with the cover story. Also, the server will also be used as a mail server and file server, though file services will likely only be needed for a couple of days each semester and E-mail accounts will only be for staff to do things such as receive feedback on articles and so forth. What sorts of requirements would such a server need as far as processor, RAM and HD are concerned, assuming it would be running on FreeBSD? Would a machine with 512M of RAM, a 140G HD and 1.2GHz processor work? That will probably be enough. The Slackware site runs on a PIII 600 with 512MB RAM, http://www.slackware.org/about/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Web server requirements
I'm the on-line editor of expo, Ball State University's student-run magazine. We're reviving our Web site, and I've been thinking seriously about running it off a FreeBSD-based server. However, I'm not sure what kinds of system requirements I'll have. The school has roughly 20,000 students and the magazine comes out once a semester. If I were to guess, I'd say we'll be having 100 people on the server at once on busy days, most of whom will be on campus. In addition to articles, the server will probably offer a 10- to 15-minute video and/or podcast to go with the cover story. Also, the server will also be used as a mail server and file server, though file services will likely only be needed for a couple of days each semester and E-mail accounts will only be for staff to do things such as receive feedback on articles and so forth. What sorts of requirements would such a server need as far as processor, RAM and HD are concerned, assuming it would be running on FreeBSD? Would a machine with 512M of RAM, a 140G HD and 1.2GHz processor work? Thank you, Alaric DeArment Ball State University ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Web server mailing list?
Kirk Strauser wrote: On Friday 18 August 2006 9:42 am, albi wrote: excuse me, imho this part of your question is a little unclear, i don't get the php/mysql idea He wants to subscribe to mailing lists for Apache, PHP, and MySQL that are as good as this list is for FreeBSD. Yes, sorry about that every. Didn't realize I was vague, I kind of typed off the question as I ran out the door this morning. I'm just wondering if there is a good list for apache, php, and mysql, i.e. that aren't too strict about posts being for just a single one of those topics and have the quality of this list for knowledgeable responses. Chris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Web server mailing list?
On Friday 18 August 2006 9:42 am, albi wrote: > excuse me, imho this part of your question is a little unclear, i don't > get the php/mysql idea He wants to subscribe to mailing lists for Apache, PHP, and MySQL that are as good as this list is for FreeBSD. -- Kirk Strauser pgpEYVofma2X4.pgp Description: PGP signature
Re: Web server mailing list?
Chris Telting wrote: > Any recomondations for a apache/php/mysql mailing list? excuse me, imho this part of your question is a little unclear, i don't get the php/mysql idea > Anything as awsome as this list? that's mailman : http://www.list.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Web server mailing list?
Any recomondations for a apache/php/mysql mailing list? Anything as awsome as this list? Chris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Web server mailing list?
Any recomondations for a apache/php/mysql mailing list? Anything as awsome as this list? Chris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: New Web Server
Philip, You are the man! Big Thank you. It is working now and I am on my way to working out my presentation for either tomorrow or early next week. Ron -Original Message- From: Philip Hallstrom [mailto:[EMAIL PROTECTED] Sent: Thursday, August 10, 2006 3:39 PM To: Clark, Ronald Cc: [EMAIL PROTECTED]; freebsd-questions@freebsd.org Subject: RE: New Web Server > I have started over. I am back to this level: > FreeBSD 5.5-STABLE FreeBSD 5.5-STABLE #0: Tue Aug 1 17:59:18 CDT 2006 > > With MySQL server 4.1 installed and working. Now to build > Apache13-modssl and hopefully add PHP to it. However, I cannot find > mod_php5 in ports. Is this port deprecated and is now gone? If this is > the case, how should I build this out? > > I have read all of your responses up to this point, and thank you all > for responding. The responses are for the most part what I remember > from building my last web server some months ago, but now it seems my > old methods may be obsolete or need refining. > > Please continue to help out, as it is really appreciated. Try /usr/ports/lang/php5 Then pick the apache module... that should pick up apache as well... -philip > RC > > > > > From: Ron Clark [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 10, 2006 11:21 AM > To: freebsd-questions@freebsd.org > Cc: Clark, Ronald > Subject: New Web Server > > > > > Hello all, > > > > I am building a new web server, and have gotten Mysql, Apache and PHP > (php5-extensions) loaded from the ports. However, Apache is not > picking up my index.php file. Is there a step somewhere that I have > missed? I have added > >AddType application/x-httpd-php .php .phtml >AddType application/x-httpd-php-source .phps > > > > to the httpd.conf file, still no luck. > > > > Thanks in advance. > > RC > > __ > __ > > This email is intended only for the use by the party to which it is > addressed and may contain information that is privileged, > confidential, or protected by law. If you are not the intended > recipient, you are hereby notified that any dissemination, copying or > distribution of this email or its contents is strictly prohibited. If > you have received this message in error, please notify the sender immediately by replying to the message and deleting it from your computer. > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > This email is intended only for the use by the party to which it is addressed and may contain information that is privileged, confidential, or protected by law. If you are not the intended recipient, you are hereby notified that any dissemination, copying or distribution of this email or its contents is strictly prohibited. If you have received this message in error, please notify the sender immediately by replying to the message and deleting it from your computer. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: New Web Server
I have started over. I am back to this level: FreeBSD 5.5-STABLE FreeBSD 5.5-STABLE #0: Tue Aug 1 17:59:18 CDT 2006 With MySQL server 4.1 installed and working. Now to build Apache13-modssl and hopefully add PHP to it. However, I cannot find mod_php5 in ports. Is this port deprecated and is now gone? If this is the case, how should I build this out? I have read all of your responses up to this point, and thank you all for responding. The responses are for the most part what I remember from building my last web server some months ago, but now it seems my old methods may be obsolete or need refining. Please continue to help out, as it is really appreciated. Try /usr/ports/lang/php5 Then pick the apache module... that should pick up apache as well... -philip RC From: Ron Clark [mailto:[EMAIL PROTECTED] Sent: Thursday, August 10, 2006 11:21 AM To: freebsd-questions@freebsd.org Cc: Clark, Ronald Subject: New Web Server Hello all, I am building a new web server, and have gotten Mysql, Apache and PHP (php5-extensions) loaded from the ports. However, Apache is not picking up my index.php file. Is there a step somewhere that I have missed? I have added AddType application/x-httpd-php .php .phtml AddType application/x-httpd-php-source .phps to the httpd.conf file, still no luck. Thanks in advance. RC This email is intended only for the use by the party to which it is addressed and may contain information that is privileged, confidential, or protected by law. If you are not the intended recipient, you are hereby notified that any dissemination, copying or distribution of this email or its contents is strictly prohibited. If you have received this message in error, please notify the sender immediately by replying to the message and deleting it from your computer. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: New Web Server
All, I have started over. I am back to this level: FreeBSD 5.5-STABLE FreeBSD 5.5-STABLE #0: Tue Aug 1 17:59:18 CDT 2006 With MySQL server 4.1 installed and working. Now to build Apache13-modssl and hopefully add PHP to it. However, I cannot find mod_php5 in ports. Is this port deprecated and is now gone? If this is the case, how should I build this out? I have read all of your responses up to this point, and thank you all for responding. The responses are for the most part what I remember from building my last web server some months ago, but now it seems my old methods may be obsolete or need refining. Please continue to help out, as it is really appreciated. RC From: Ron Clark [mailto:[EMAIL PROTECTED] Sent: Thursday, August 10, 2006 11:21 AM To: freebsd-questions@freebsd.org Cc: Clark, Ronald Subject: New Web Server Hello all, I am building a new web server, and have gotten Mysql, Apache and PHP (php5-extensions) loaded from the ports. However, Apache is not picking up my index.php file. Is there a step somewhere that I have missed? I have added AddType application/x-httpd-php .php .phtml AddType application/x-httpd-php-source .phps to the httpd.conf file, still no luck. Thanks in advance. RC This email is intended only for the use by the party to which it is addressed and may contain information that is privileged, confidential, or protected by law. If you are not the intended recipient, you are hereby notified that any dissemination, copying or distribution of this email or its contents is strictly prohibited. If you have received this message in error, please notify the sender immediately by replying to the message and deleting it from your computer. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: New Web Server
On 10 Aug 2006, at 18:33, Jeff Cross wrote: In your original post you say you installed PHP (php5-extensions). Did you actually install PHP5 or just the extensions? PHP5 is at /usr/ports/lang/php5 and the extensions are at /usr/ports/lang/php5-extensions. I'm not sure if compiling the later will install the actual PHP5 port or not... In my tutorial (http://www.averageadmins.com/2006/04/10/famp-freebsd-apache-mysql- and-php) I installed PHP5 then the extensions and it worked fine. Yes I found that I had to install /usr/ports/lang/php5 and then the php5-extensions port. Then it worked for me. Eoghan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: New Web Server
Clark, Ronald wrote: > AddType = typo on my part. Sorry. In the conf file it is > "AddModule mod_php5.c". I have added the LoadModule as well and get a > similar error message. So I try to look for the files themselves like > this: #find / -name mod_php5.c > > It finds nothing. Same results with looking for libphp5.so. Is there an > issue with the install or did I miss a step? Is there a recipe for > setting up a server, something like "FreeBSD-Apache-Mysql-PHP for > dummies"? > > RC > > > -Original Message- > From: Javier Henderson [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 10, 2006 11:38 AM > To: Clark, Ronald > Cc: [EMAIL PROTECTED]; freebsd-questions@freebsd.org > Subject: Re: New Web Server > > The text you cut-n-pasted has AddType, is that how it appears on > the httpd.conf file? > > Did you restart Apache after changing httpd.conf? (apparently you have, > since it picked up the index.php change). > > You may need to add a LoadModule as well. > > -jav > > On Aug 10, 2006, at 12:26 PM, Clark, Ronald wrote: > >> Ok, I just tried that, and it wants to open index.php with a text >> editor. It is acting like Apache does not know how to handle a *.php >> file. >> >> In my httpd conf, http://www.php.net says to add LoadMudule and >> AddMudule statements. Are those still needed? >> >> RC >> >> -Original Message- >> From: Javier Henderson [mailto:[EMAIL PROTECTED] >> Sent: Thursday, August 10, 2006 11:27 AM >> To: [EMAIL PROTECTED] >> Cc: freebsd-questions@freebsd.org; Clark, Ronald >> Subject: Re: New Web Server >> >> >> On Aug 10, 2006, at 12:20 PM, Ron Clark wrote: >> >>>Hello all, >>> >>> >>>I am building a new web server , and have gotten Mysql, Apache and >>>PHP (php5-extensions) loaded from the p orts. However, Apache is >>> not >>>picking up my index.php file. Is there a step somewhere that I >>> have >>>missed? I have added >>> >>>A ddType application/x-httpd-php .php .phtml >>>AddType application/x-httpd-php-source .phps >>> >>> >>>to the httpd.conf f ile, still no luck. >> Does it work if you append /index.php to the URL? >> >> If so, add index.php to your DirectoryIndex stanza. >> >> -jav >> >> __ >> __ >> >> This email is intended only for the use by the party to which it is >> addressed and may contain information that is privileged, >> confidential, or protected by law. If you are not the intended >> recipient, you are hereby notified that any dissemination, copying or >> distribution of this email or its contents is strictly prohibited. If >> you have received this message in error, please notify the sender >> immediately by replying to the message and deleting it from your >> computer. > > > This email is intended only for the use by the party to which it is addressed > and may contain information that is privileged, confidential, or protected by > law. If you are not the intended recipient, you are hereby notified that any > dissemination, copying or distribution of this email or its contents is > strictly > prohibited. If you have received this message in error, please notify the > sender > immediately by replying to the message and deleting it from your computer. > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > > > In your original post you say you installed PHP (php5-extensions). Did you actually install PHP5 or just the extensions? PHP5 is at /usr/ports/lang/php5 and the extensions are at /usr/ports/lang/php5-extensions. I'm not sure if compiling the later will install the actual PHP5 port or not... In my tutorial (http://www.averageadmins.com/2006/04/10/famp-freebsd-apache-mysql-and-php) I installed PHP5 then the extensions and it worked fine. Jeff Cross http://www.averageadmins.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: New Web Server
Ron Clark wrote: >Hello all, > > >I am building a new web server= and have gotten Mysql, Apache and >PHP (php5-extensions) loaded from the p=rts. However, Apache is not >picking up my index.php file. Is there a step =omewhere that I have >missed? I have added > >A=dType application/x-httpd-php .php .phtml >AddType =pplication/x-httpd-php-source .phps > > >to the httpd.conf f=le, still no luck. > > >Thanks in advance. > >RC =0D >___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > > > I wrote a tutorial for this a while back and looked through it again when I saw your post. It is located here: http://www.averageadmins.com/2006/04/10/famp-freebsd-apache-mysql-and-php The only other thing I saw in my tutorial that you didn't mention here is to add index.php to the DirectoryIndex directive within your httpd.conf file. Try that, if you haven't already, and let us know how it goes. Thanks, Jeff Cross http://www.averageadmins.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: New Web Server
RC, On Thu, Aug 10, 2006 at 11:40:52AM -0500, Clark, Ronald wrote: > It finds nothing. Same results with looking for libphp5.so. Is there an > issue with the install or did I miss a step? Is there a recipe for > setting up a server, something like "FreeBSD-Apache-Mysql-PHP for > dummies"? In your first e-mail you mentioned you installed the php5-extensions port. libphp5.so comes from the mod_php5 port. That's the port you need to install to use mod_php with Apache. You can find information on Apache and the various modules available for it in Chapter 25 of the FreeBSD Handbook: http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/network-apache.html Kevin http://www.RawFedDogs.net http://www.WacoAgilityGroup.org Bruceville, TX Si hoc legere scis nimium eruditionis habes. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: New Web Server
When I add them to the conf file and try to start the web server, it says: "Cannot add module via name 'mod_php5.c': not in list of loaded modules" Does this help out at all? I have this in my httpd.conf in this order... LoadModule php5_modulelibexec/apache/libphp5.so AddModule mod_php5.c AddType application/x-httpd-php .php .php3 .php4 AddType application/x-httpd-php-source .phps The php module went into /usr/local/libexec/apache/libphp5.so All from ports... apache+mod_ssl-1.3.34+2.8.25_3 The Apache 1.3 webserver with SSL/TLS functionality php5-5.1.4 PHP Scripting Language (Apache Module and CLI) RC -Original Message- From: Philip Hallstrom [mailto:[EMAIL PROTECTED] Sent: Thursday, August 10, 2006 11:37 AM To: Clark, Ronald Cc: Javier Henderson; [EMAIL PROTECTED]; freebsd-questions@freebsd.org Subject: RE: New Web Server Ok, I just tried that, and it wants to open index.php with a text editor. It is acting like Apache does not know how to handle a *.php file. In my httpd conf, http://www.php.net says to add LoadMudule and AddMudule statements. Are those still needed? I believe so... unless you've built it statically they are... RC -Original Message- From: Javier Henderson [mailto:[EMAIL PROTECTED] Sent: Thursday, August 10, 2006 11:27 AM To: [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org; Clark, Ronald Subject: Re: New Web Server On Aug 10, 2006, at 12:20 PM, Ron Clark wrote: Hello all, I am building a new web server , and have gotten Mysql, Apache and PHP (php5-extensions) loaded from the p orts. However, Apache is not picking up my index.php file. Is there a step somewhere that I have missed? I have added A ddType application/x-httpd-php .php .phtml AddType application/x-httpd-php-source .phps to the httpd.conf f ile, still no luck. Does it work if you append /index.php to the URL? If so, add index.php to your DirectoryIndex stanza. -jav __ __ This email is intended only for the use by the party to which it is addressed and may contain information that is privileged, confidential, or protected by law. If you are not the intended recipient, you are hereby notified that any dissemination, copying or distribution of this email or its contents is strictly prohibited. If you have received this message in error, please notify the sender immediately by replying to the message and deleting it from your computer. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" This email is intended only for the use by the party to which it is addressed and may contain information that is privileged, confidential, or protected by law. If you are not the intended recipient, you are hereby notified that any dissemination, copying or distribution of this email or its contents is strictly prohibited. If you have received this message in error, please notify the sender immediately by replying to the message and deleting it from your computer. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: New Web Server
AddType = typo on my part. Sorry. In the conf file it is "AddModule mod_php5.c". I have added the LoadModule as well and get a similar error message. So I try to look for the files themselves like this: #find / -name mod_php5.c It finds nothing. Same results with looking for libphp5.so. Is there an issue with the install or did I miss a step? Is there a recipe for setting up a server, something like "FreeBSD-Apache-Mysql-PHP for dummies"? RC -Original Message- From: Javier Henderson [mailto:[EMAIL PROTECTED] Sent: Thursday, August 10, 2006 11:38 AM To: Clark, Ronald Cc: [EMAIL PROTECTED]; freebsd-questions@freebsd.org Subject: Re: New Web Server The text you cut-n-pasted has AddType, is that how it appears on the httpd.conf file? Did you restart Apache after changing httpd.conf? (apparently you have, since it picked up the index.php change). You may need to add a LoadModule as well. -jav On Aug 10, 2006, at 12:26 PM, Clark, Ronald wrote: > Ok, I just tried that, and it wants to open index.php with a text > editor. It is acting like Apache does not know how to handle a *.php > file. > > In my httpd conf, http://www.php.net says to add LoadMudule and > AddMudule statements. Are those still needed? > > RC > > -Original Message- > From: Javier Henderson [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 10, 2006 11:27 AM > To: [EMAIL PROTECTED] > Cc: freebsd-questions@freebsd.org; Clark, Ronald > Subject: Re: New Web Server > > > On Aug 10, 2006, at 12:20 PM, Ron Clark wrote: > >> >>Hello all, >> >> >>I am building a new web server , and have gotten Mysql, Apache and >>PHP (php5-extensions) loaded from the p orts. However, Apache is >> not >>picking up my index.php file. Is there a step somewhere that I >> have >>missed? I have added >> >>A ddType application/x-httpd-php .php .phtml >>AddType application/x-httpd-php-source .phps >> >> >>to the httpd.conf f ile, still no luck. > > Does it work if you append /index.php to the URL? > > If so, add index.php to your DirectoryIndex stanza. > > -jav > > __ > __ > > This email is intended only for the use by the party to which it is > addressed and may contain information that is privileged, > confidential, or protected by law. If you are not the intended > recipient, you are hereby notified that any dissemination, copying or > distribution of this email or its contents is strictly prohibited. If > you have received this message in error, please notify the sender > immediately by replying to the message and deleting it from your > computer. This email is intended only for the use by the party to which it is addressed and may contain information that is privileged, confidential, or protected by law. If you are not the intended recipient, you are hereby notified that any dissemination, copying or distribution of this email or its contents is strictly prohibited. If you have received this message in error, please notify the sender immediately by replying to the message and deleting it from your computer. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: New Web Server
The text you cut-n-pasted has AddType, is that how it appears on the httpd.conf file? Did you restart Apache after changing httpd.conf? (apparently you have, since it picked up the index.php change). You may need to add a LoadModule as well. -jav On Aug 10, 2006, at 12:26 PM, Clark, Ronald wrote: Ok, I just tried that, and it wants to open index.php with a text editor. It is acting like Apache does not know how to handle a *.php file. In my httpd conf, http://www.php.net says to add LoadMudule and AddMudule statements. Are those still needed? RC -Original Message- From: Javier Henderson [mailto:[EMAIL PROTECTED] Sent: Thursday, August 10, 2006 11:27 AM To: [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org; Clark, Ronald Subject: Re: New Web Server On Aug 10, 2006, at 12:20 PM, Ron Clark wrote: Hello all, I am building a new web server , and have gotten Mysql, Apache and PHP (php5-extensions) loaded from the p orts. However, Apache is not picking up my index.php file. Is there a step somewhere that I have missed? I have added A ddType application/x-httpd-php .php .phtml AddType application/x-httpd-php-source .phps to the httpd.conf f ile, still no luck. Does it work if you append /index.php to the URL? If so, add index.php to your DirectoryIndex stanza. -jav __ __ This email is intended only for the use by the party to which it is addressed and may contain information that is privileged, confidential, or protected by law. If you are not the intended recipient, you are hereby notified that any dissemination, copying or distribution of this email or its contents is strictly prohibited. If you have received this message in error, please notify the sender immediately by replying to the message and deleting it from your computer. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: New Web Server
When I add them to the conf file and try to start the web server, it says: "Cannot add module via name 'mod_php5.c': not in list of loaded modules" Does this help out at all? RC -Original Message- From: Philip Hallstrom [mailto:[EMAIL PROTECTED] Sent: Thursday, August 10, 2006 11:37 AM To: Clark, Ronald Cc: Javier Henderson; [EMAIL PROTECTED]; freebsd-questions@freebsd.org Subject: RE: New Web Server > Ok, I just tried that, and it wants to open index.php with a text > editor. It is acting like Apache does not know how to handle a *.php > file. > > In my httpd conf, http://www.php.net says to add LoadMudule and > AddMudule statements. Are those still needed? I believe so... unless you've built it statically they are... > > RC > > -Original Message- > From: Javier Henderson [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 10, 2006 11:27 AM > To: [EMAIL PROTECTED] > Cc: freebsd-questions@freebsd.org; Clark, Ronald > Subject: Re: New Web Server > > > On Aug 10, 2006, at 12:20 PM, Ron Clark wrote: > >> >>Hello all, >> >> >>I am building a new web server , and have gotten Mysql, Apache and >>PHP (php5-extensions) loaded from the p orts. However, Apache is >> not >>picking up my index.php file. Is there a step somewhere that I >> have >>missed? I have added >> >>A ddType application/x-httpd-php .php .phtml >>AddType application/x-httpd-php-source .phps >> >> >>to the httpd.conf f ile, still no luck. > > Does it work if you append /index.php to the URL? > > If so, add index.php to your DirectoryIndex stanza. > > -jav > > __ > __ > > This email is intended only for the use by the party to which it is > addressed and may contain information that is privileged, > confidential, or protected by law. If you are not the intended > recipient, you are hereby notified that any dissemination, copying or > distribution of this email or its contents is strictly prohibited. If > you have received this message in error, please notify the sender immediately by replying to the message and deleting it from your computer. > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > This email is intended only for the use by the party to which it is addressed and may contain information that is privileged, confidential, or protected by law. If you are not the intended recipient, you are hereby notified that any dissemination, copying or distribution of this email or its contents is strictly prohibited. If you have received this message in error, please notify the sender immediately by replying to the message and deleting it from your computer. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: New Web Server
Ok, I just tried that, and it wants to open index.php with a text editor. It is acting like Apache does not know how to handle a *.php file. In my httpd conf, http://www.php.net says to add LoadMudule and AddMudule statements. Are those still needed? I believe so... unless you've built it statically they are... RC -Original Message- From: Javier Henderson [mailto:[EMAIL PROTECTED] Sent: Thursday, August 10, 2006 11:27 AM To: [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org; Clark, Ronald Subject: Re: New Web Server On Aug 10, 2006, at 12:20 PM, Ron Clark wrote: Hello all, I am building a new web server , and have gotten Mysql, Apache and PHP (php5-extensions) loaded from the p orts. However, Apache is not picking up my index.php file. Is there a step somewhere that I have missed? I have added A ddType application/x-httpd-php .php .phtml AddType application/x-httpd-php-source .phps to the httpd.conf f ile, still no luck. Does it work if you append /index.php to the URL? If so, add index.php to your DirectoryIndex stanza. -jav This email is intended only for the use by the party to which it is addressed and may contain information that is privileged, confidential, or protected by law. If you are not the intended recipient, you are hereby notified that any dissemination, copying or distribution of this email or its contents is strictly prohibited. If you have received this message in error, please notify the sender immediately by replying to the message and deleting it from your computer. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: New Web Server
Ok, I just tried that, and it wants to open index.php with a text editor. It is acting like Apache does not know how to handle a *.php file. In my httpd conf, http://www.php.net says to add LoadMudule and AddMudule statements. Are those still needed? RC -Original Message- From: Javier Henderson [mailto:[EMAIL PROTECTED] Sent: Thursday, August 10, 2006 11:27 AM To: [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org; Clark, Ronald Subject: Re: New Web Server On Aug 10, 2006, at 12:20 PM, Ron Clark wrote: > >Hello all, > > >I am building a new web server , and have gotten Mysql, Apache and >PHP (php5-extensions) loaded from the p orts. However, Apache is > not >picking up my index.php file. Is there a step somewhere that I > have >missed? I have added > >A ddType application/x-httpd-php .php .phtml >AddType application/x-httpd-php-source .phps > > >to the httpd.conf f ile, still no luck. Does it work if you append /index.php to the URL? If so, add index.php to your DirectoryIndex stanza. -jav This email is intended only for the use by the party to which it is addressed and may contain information that is privileged, confidential, or protected by law. If you are not the intended recipient, you are hereby notified that any dissemination, copying or distribution of this email or its contents is strictly prohibited. If you have received this message in error, please notify the sender immediately by replying to the message and deleting it from your computer. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: New Web Server
On Aug 10, 2006, at 12:20 PM, Ron Clark wrote: Hello all, I am building a new web server , and have gotten Mysql, Apache and PHP (php5-extensions) loaded from the p orts. However, Apache is not picking up my index.php file. Is there a step somewhere that I have missed? I have added A ddType application/x-httpd-php .php .phtml AddType application/x-httpd-php-source .phps to the httpd.conf f ile, still no luck. Does it work if you append /index.php to the URL? If so, add index.php to your DirectoryIndex stanza. -jav ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
New Web Server
Hello all, I am building a new web server= , and have gotten Mysql, Apache and PHP (php5-extensions) loaded from the p= orts. However, Apache is not picking up my index.php file. Is there a step = somewhere that I have missed? I have added A= ddType application/x-httpd-php .php .phtml AddType = application/x-httpd-php-source .phps to the httpd.conf f= ile, still no luck. Thanks in advance. RC = ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: web server attack (solution & warning)
I received this reply from another list. Going back to the very beginning of your first post - those web requests you listed as seeing are a bit troublesome. They all seem to be probes against your web server to verify if you can be used as an open proxy server. The first two requests are from SOCKS proxy checkers, the 3rd is an HTTP CONNECT check to see if your server will connect to an SMTP host (for use by SPAMMERS) and the last is a request to a normal website. The probes themselves are not what worries me, as these happen all the time. What worries me are the status codes returned by your web server - 200 OK. This normally means that your server processed these requests successfully. Are you using mod_security to return bogus HTTP Response Codes??? I sure hope so, otherwise you need to disable the mod_proxy module ASAP. I checked my Apache httpd.conf file. The FreeBSD port of the Apache13 activates a lot of standard dso modules and one of then is the proxy module. I had thought those dso modules had to have a directive coded for it before it became active. I see now that is not true. I commented out the load for the proxy module in my httpd.conf file. Since many people install the apache port for apache 13 and 2 all these people have servers that are open for abuse and do not know it. The proxy dso module should not be included in the apache port. Apache port user be ware. Make sure you don't have mod_proxy enabled in Apache ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: web server attack
mod_security is in the ports collection -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Robert Huff Sent: Friday, April 07, 2006 3:11 PM To: [EMAIL PROTECTED] ORG Subject: Re: web server attack Frank Laszlo writes: > >> Does anyone know what this is and what I can do to stop it > >> besides adding the ip address to my firewall block rules? > > > > I suppose that someone is trying to exploit mod_proxy to connect to an > > SMTP server (that's the "CONNECT 4.79.181.15:25" part), or at least > > get HTTP replies back. > > Setup mod_security to block that type of request. Any chance you > can capture some packets and send a link? I'd like to take a look > at it. Running apache-2.2, I don't seem to have _security among the modules. Do I need to change my config (and rebuild), or does it perhaps go by another name in this version? Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: web server attack
Frank Laszlo writes: > >> Does anyone know what this is and what I can do to stop it > >> besides adding the ip address to my firewall block rules? > > > > I suppose that someone is trying to exploit mod_proxy to connect to an > > SMTP server (that's the "CONNECT 4.79.181.15:25" part), or at least > > get HTTP replies back. > > Setup mod_security to block that type of request. Any chance you > can capture some packets and send a link? I'd like to take a look > at it. Running apache-2.2, I don't seem to have _security among the modules. Do I need to change my config (and rebuild), or does it perhaps go by another name in this version? Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: web server attack
Chuck Swiger wrote: fbsd_user wrote: [ ... ] Does anyone know what this is and what I can do to stop it besides adding the ip address to my firewall block rules? I suppose that someone is trying to exploit mod_proxy to connect to an SMTP server (that's the "CONNECT 4.79.181.15:25" part), or at least get HTTP replies back. Make sure you don't have mod_proxy enabled in Apache 218-166-163-180.dynamic.hinet.net - - [06/Apr/2006:10:11:25 -0400] "\x04\x01" 200 0 "-" "-" 218-166-163-180.dynamic.hinet.net - - [06/Apr/2006:10:11:45 -0400] "\x05\x01" 200 0 "-" "-" 218-166-163-180.dynamic.hinet.net - - [06/Apr/2006:10:11:45 -0400] "CONNECT 4.79.181.15:25 HTTP/1.1" 200 7014 "-" "-" 218-166-163-180.dynamic.hinet.net - - [06/Apr/2006:10:11:46 -0400] "GET http://www.ebay.com/ HTTP/1.1" 200 7014 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)" Setup mod_security to block that type of request. Any chance you can capture some packets and send a link? I'd like to take a look at it. -Frank ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: web server attack
fbsd_user wrote: [ ... ] Does anyone know what this is and what I can do to stop it besides adding the ip address to my firewall block rules? I suppose that someone is trying to exploit mod_proxy to connect to an SMTP server (that's the "CONNECT 4.79.181.15:25" part), or at least get HTTP replies back. Make sure you don't have mod_proxy enabled in Apache 218-166-163-180.dynamic.hinet.net - - [06/Apr/2006:10:11:25 -0400] "\x04\x01" 200 0 "-" "-" 218-166-163-180.dynamic.hinet.net - - [06/Apr/2006:10:11:45 -0400] "\x05\x01" 200 0 "-" "-" 218-166-163-180.dynamic.hinet.net - - [06/Apr/2006:10:11:45 -0400] "CONNECT 4.79.181.15:25 HTTP/1.1" 200 7014 "-" "-" 218-166-163-180.dynamic.hinet.net - - [06/Apr/2006:10:11:46 -0400] "GET http://www.ebay.com/ HTTP/1.1" 200 7014 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)" -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
web server attack
Posted this at 11am and now its 5:30pm and still have not seen this post return from the list mailer. So posting it again. In my httpd-access.log I have started receiving a lot of these. Looks like some kind of attack to me. This first showed up in my log on April fools day 4/1/06 and get 4 per hour since then. The IP address changes every time I add it to firewall rules to block. Does anyone know what this is and what I can do to stop it besides adding the ip address to my firewall block rules? 218-166-163-180.dynamic.hinet.net - - [06/Apr/2006:10:11:25 -0400] "\x04\x01" 200 0 "-" "-" 218-166-163-180.dynamic.hinet.net - - [06/Apr/2006:10:11:45 -0400] "\x05\x01" 200 0 "-" "-" 218-166-163-180.dynamic.hinet.net - - [06/Apr/2006:10:11:45 -0400] "CONNECT 4.79.181.15:25 HTTP/1.1" 200 7014 "-" "-" 218-166-163-180.dynamic.hinet.net - - [06/Apr/2006:10:11:46 -0400] "GET http://www.ebay.com/ HTTP/1.1" 200 7014 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Firewall/Web server difficulties
Brian Bobowski wrote: > Norberto Meijome wrote: > >> Brian Bobowski wrote: >> >> >>> I'm poking at that now, yes. I had difficulty getting it to work with >>> virtual hosts... but I can at least reference it by the private-side IP >>> address and get places. >>> >> >> assuming you are using Apache, you can use * for Ip address and let it >> be name-based virt host. >> >> > Already running thus. DNS seems to be the problem, then. (Which I'll > poke at later assuming hosting alternatives don't work out.) (sorry for the delay in replying) One thing you want to make sure you have off is the reverse dns lookup setting in your httpd.conf - it's rather useless and it will add a dependency on DNS to your web services. > >>> WAN. People have tried pinging and browsing, with no success. >>> >> >> then I would review the rules... >> >> > Relevant rules text(and based on both startup text and behaviour of > the firewall for other tasks, I know the rules file is being parsed) > excerpted below: > for proper diagnosing, it'd be better to have the whole thing :) hopefully it's already fixed... --- > cmd="ipfw -q add" > pif="rl0" #Interface which opens to the WAN; NAT interface Is your NAT properly configured? > prif="ed0" #LAN interface, private-side > ks="keep-state" > > # More stuff here... > > $cmd 400 allow udp from 24.226.1.121 to me 68 in via $pif # DHCP server > $cmd 401 allow tcp from any to me 80 in via $pif # Apache > $cmd 402 allow tcp from any to me 22 in via $pif # SSH > $cmd 403 allow icmp from any to me in via $pif # For testing; > low-traffic, not worried about ping floods at this time > --- > > The firewall's DHCP requests are working fine, so #400 is working > properly. ok > Other machines, however, cannot see it. what do you mean by this? the fact that #400 is working doesnt mean that #401 will :) (there's nothing particularly wrong with #401..just saying you are making the wrong assumption) > > > That's one problem. The other is DNS. I'm still looking through the > named.conf file and poking at the settings given for a secondary > server... all I really want is a caching server that will first look > at my own /etc/hosts file (where the domain names which refer to this > machine are specified by their private-facing address). hmm .. why would named.conf look into /etc/hosts ? If this is your main DNS server for your zone, then make sure that it's properly delegated, that all the relevant hosts are defined IN YOUR BIND config , (well, /etc/hosts can't hurt, but you are just adding extra variables that can muddle things up). There's lots of good docs on BIND out there. If you want a rather easy UI, why not install webmin from the ports? good luck, Beto ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Help with strange web server problem
Jerry Bell wrote:
[ ... ]
> I've done some more troubleshooting and some strange things have
> appeared. First, the colo says there is NO proxy, and NO firewall in
> front of this server.
That's believable too, perhaps you simply have a NIC which is failing or is
screwing up the packet checksums in some odd case. You would have to sniff the
traffic from another machine (perhaps a sysadmin's laptop?) and grab the full
packets ("-s 0" to tcpdump to be sure.
Have you tried swapping NICs or adding a PCI NIC card? BTW:
> 1671172334:1671172334(0) win 64512
This is not quite enough data to tell, but this looks like maybe you're seeing
the IPv6 MSS of 1260 rather than what I get by default (1460?) under FreeBSD?
Of course, it could just be a Windows client machine or something going through
something like a VPN/PPTP tunnel which reduces the MTU...?
What happens if you reduce your interface MTU to 1260?
You ought to be looking for all traffic between your server and a test host,
BTW, sometimes the ICMP traffic, if any, is important to understanding the
issue.
--
-Chuck
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Help with strange web server problem
Path MTU problem? That would be my vote also. Ted I've done some more troubleshooting and some strange things have appeared. First, the colo says there is NO proxy, and NO firewall in front of this server. I captured a misfire on both the server and on my freebsd gateway. The two traffic flows don't seem to quite line up. First, here is the view from the server: www# tcpdump - -vvv -A port 80 tcpdump: listening on em0, link-type EN10MB (Ethernet), capture size 96 bytes 2006-02-15 22:18:11.014600 IP (tos 0x0, ttl 110, id 10713, offset 0, flags [DF], length: 48) c-71-199-184-251.hsd1.ga.comcast.net.3945 > www.musiclodge.com.http: S [tcp sum ok] 1671172334:1671172334(0) win 64512 E..0)[EMAIL PROTECTED]>QG...?.d,.i.Pc...p..._... 2006-02-15 22:18:11.014650 IP (tos 0x0, ttl 64, id 34040, offset 0, flags [DF], length: 48) www.musiclodge.com.http > c-71-199-184-251.hsd1.ga.comcast.net.3945: S [bad tcp cksum a4c0 (->9a1f)!] 1547658190:1547658190(0) ack 1671172335 win 65535 1460,nop,nop,sackOK> [EMAIL PROTECTED]@..2?.d,GP.i\?c.c...p... 2006-02-15 22:18:11.060824 IP (tos 0x0, ttl 110, id 10715, offset 0, flags [DF], length: 40) c-71-199-184-251.hsd1.ga.comcast.net.3945 > www.musiclodge.com.http: . [tcp sum ok] 1:1(0) ack 1086692403 win 64856 E..()[EMAIL PROTECTED]>WG...?.d,.i.Pc...P..X.. 2006-02-15 22:18:11.060837 IP (tos 0x0, ttl 64, id 60576, offset 0, flags [DF], length: 40) www.musiclodge.com.http > c-71-199-184-251.hsd1.ga.comcast.net.3945: R [bad tcp cksum a4b8 (->5e83)!] 2634350593:2634350593(0) win 0 E..([EMAIL PROTECTED]@...?.d,GP.iP... 2006-02-15 22:18:11.065196 IP (tos 0x0, ttl 110, id 10716, offset 0, flags [DF], length: 40) c-71-199-184-251.hsd1.ga.comcast.net.3945 > www.musiclodge.com.http: . [tcp sum ok] 387:387(0) ack 1086692403 win 64856 E..()[EMAIL PROTECTED]>VG...?.d,.i.Pc..qP..X.. 2006-02-15 22:18:11.065208 IP (tos 0x0, ttl 64, id 4488, offset 0, flags [DF], length: 40) www.musiclodge.com.http > c-71-199-184-251.hsd1.ga.comcast.net.3945: R [bad tcp cksum a4b8 (->5e83)!] 2634350593:2634350593(0) win 0 E..([EMAIL PROTECTED]@...?.d,GP.iP... 2006-02-15 22:18:11.069569 IP (tos 0x0, ttl 110, id 10717, offset 0, flags [DF], length: 426) c-71-199-184-251.hsd1.ga.comcast.net.3945 > www.musiclodge.com.http: P 1:387(386) ack 1086692403 win 64856 E...)[EMAIL PROTECTED]<.G...?.d,.i.Pc...P..X'1..GET / HTTP/1.1 Accept: image/gif, image/x 2006-02-15 22:18:11.069579 IP (tos 0x0, ttl 64, id 40159, offset 0, flags [DF], length: 40) www.musiclodge.com.http > c-71-199-184-251.hsd1.ga.comcast.net.3945: R [bad tcp cksum a4b8 (->5e83)!] 2634350593:2634350593(0) win 0 E..([EMAIL PROTECTED]@..R?.d,GP.iP... 2006-02-15 22:18:14.014594 IP (tos 0x0, ttl 64, id 12734, offset 0, flags [DF], length: 48) www.musiclodge.com.http > c-71-199-184-251.hsd1.ga.comcast.net.3945: S [bad tcp cksum a4c0 (->9a1f)!] 1547658190:1547658190(0) ack 1671172335 win 65535 1460,nop,nop,sackOK> [EMAIL PROTECTED]@.dl?.d,GP.i\?c.c...p... 2006-02-15 22:18:14.073367 IP (tos 0x0, ttl 110, id 10734, offset 0, flags [none], length: 40) c-71-199-184-251.hsd1.ga.comcast.net.3945 > www.musiclodge.com.http: R [tcp sum ok] 1671172335:1671172335(0) win 0 Next, here is the view from the gateway (time is off on that one): beta# tcpdump - -vvv -A port 80 and host 63.175.100.44 tcpdump: listening on xl0, link-type EN10MB (Ethernet), capture size 96 bytes 2006-02-16 03:29:02.970756 IP (tos 0x0, ttl 128, id 10713, offset 0, flags [DF], length: 48) atllapjbell1.iss.local.3945 > www.musiclodge.com.http: S [tcp sum ok] 1671172334:1671172334(0) win 64512 E..0)[EMAIL PROTECTED],.i.Pc...p... 2006-02-16 03:29:03.016989 IP (tos 0x0, ttl 32, id 0, offset 0, flags [DF], length: 40) www.musiclodge.com.http > atllapjbell1.iss.local.3945: S [tcp sum ok] 2634350592:2634350592(0) ack 1671172335 win 64512 E..([EMAIL PROTECTED] ...?.d,.P.ic...P...-p.. 2006-02-16 03:29:03.017099 IP (tos 0x0, ttl 45, id 34040, offset 0, flags [DF], length: 48) www.musiclodge.com.http > atllapjbell1.iss.local.3945: S [tcp sum ok] 1547658190:1547658190(0) ack 1671172335 win 65535 [EMAIL PROTECTED],.P.i\?c.c...p... 2006-02-16 03:29:03.017963 IP (tos 0x0, ttl 128, id 10715, offset 0, flags [DF], length: 40) atllapjbell1.iss.local.3945 > www.musiclodge.com.http: . [tcp sum o k] 1:1(0) ack 1086692403 win 64856 E..()[EMAIL PROTECTED],.i.Pc...P..X,. 2006-02-16 03:29:03.018308 IP (tos 0x0, ttl 128, id 10716, offset 0, flags [DF], length: 40) atllapjbell1.iss.local.3945 > www.musiclodge.com.http: . [tcp sum o k] 387:387(0) ack 1086692403 win 64856 E..()[EMAIL PROTECTED],.i.Pc..qP..X*. 2006-02-16 03:29:03.018794 IP (tos 0x0, ttl 128, id 10717, offset 0, flags [DF], length: 426) atllapjbell1.iss.local.3945 > www.music
RE: Help with strange web server problem
The Path MTU problem was fixed 2 years ago. You are beating a dead horse going down that path. My money is on your firewall rules. Debugging problems like this is a process of elimination. First thing is to remove your ipfw firewall from the system. If you complied ipfw into your kernel then recompile to remove it totally. Then test to see if problem is still happening. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jerry Bell Sent: Tuesday, February 14, 2006 6:04 AM To: Ted Mittelstaedt Cc: freebsd-questions@freebsd.org Subject: Re: Help with strange web server problem What's the best way to go about verifying and fixing that? I have several other BSD servers on the same subnet in that colo that aren't having the problem. Many thanks for your help! Jerry Ted Mittelstaedt wrote: > >> -Original Message- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] Behalf Of Charles Swiger >> Sent: Monday, February 13, 2006 11:41 AM >> To: Jerry Bell >> Cc: freebsd-questions@freebsd.org >> Subject: Re: Help with strange web server problem >> >> >> On Feb 13, 2006, at 7:58 AM, Jerry Bell wrote: >> >>> It's hit or miss, but the first time someone visits the web site, >>> they get >>> a "server not found" page. On hitting refresh, they get the page - no >>> problems. If I wait a while and try again, I get the same problem. >>> >> Path MTU problem? >> >> > > That would be my vote also. > > Ted > > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Help with strange web server problem
What's the best way to go about verifying and fixing that? I have several other BSD servers on the same subnet in that colo that aren't having the problem. Many thanks for your help! Jerry Ted Mittelstaedt wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Charles Swiger Sent: Monday, February 13, 2006 11:41 AM To: Jerry Bell Cc: freebsd-questions@freebsd.org Subject: Re: Help with strange web server problem On Feb 13, 2006, at 7:58 AM, Jerry Bell wrote: It's hit or miss, but the first time someone visits the web site, they get a "server not found" page. On hitting refresh, they get the page - no problems. If I wait a while and try again, I get the same problem. Path MTU problem? That would be my vote also. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Help with strange web server problem
>-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] Behalf Of Charles Swiger >Sent: Monday, February 13, 2006 11:41 AM >To: Jerry Bell >Cc: freebsd-questions@freebsd.org >Subject: Re: Help with strange web server problem > > >On Feb 13, 2006, at 7:58 AM, Jerry Bell wrote: >> It's hit or miss, but the first time someone visits the web site, >> they get >> a "server not found" page. On hitting refresh, they get the page - no >> problems. If I wait a while and try again, I get the same problem. > >Path MTU problem? > That would be my vote also. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Help with strange web server problem
Jerry Bell wrote: > Looks like it's still an issue, so I'd say the firewall issue is still > in play. If there is not a firewall/proxy in place, are there any > known issues with IPFW (or anything else with FBSD) that could cause > this behavior? Hi Jerry - hard to tell without seeing your firewall rules in place... any errors in httpd-error.log ? Beto ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Help with strange web server problem
Looks like it's still an issue, so I'd say the firewall issue is still in play. If there is not a firewall/proxy in place, are there any known issues with IPFW (or anything else with FBSD) that could cause this behavior? Jerry Bell wrote: Charles - thank you for your excellent investigation! I'm pretty sure that my colo provider isn't running a firewall (I've asked them not to, anyhow). I am running IPFW on that box, with the standard "allow tcp from any to any established" followed by the "allow tcp any to my_ip 80 setup". I've done that on other servers without it being a problem like this. I'm going to have the colo double check for router acl's or something like that in the morning. Since this is such an intermittent problem, I can't yet say that it's fixed, but I ran with the "disks being idled" theory and wrote a small script that creates a file and deletes a file every minute, and since that's been running, I've not seeing the issue repeat - but then this is not a very repeatable problem. Thanks again for your great assistance. Jerry Charles Swiger wrote: On Feb 13, 2006, at 3:12 PM, Jerry Bell wrote: I didn't want to spam the link out, but it's www.musiclodge.com. I will gather the capture data from working and non working sessions and send it out. Well, I can confirm the behavior you've described. It looks somewhat like a stateful firewall or is in the way and is generating an RST, even while your webserver tries to generate a response. However, once the firewall sees the outbound traffic, it seems to create a dynamic rule which lets the traffic from subsequent connections through: 5-pan# tcpdump -tnXs 0 host www.musiclodge.com tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on en0, link-type EN10MB (Ethernet), capture size 65535 bytes IP 199.103.21.238.50740 > 63.175.100.44.80: S 2282569549:2282569549(0) win 65535 0,nop,nop,timestamp 1159441862 0> 0x: 4510 003c 4653 4000 4006 7328 c767 15ee E..<[EMAIL PROTECTED]@.s(.g.. 0x0010: 3faf 642c c634 0050 880d 3f4d ?.d,.4.P..?M 0x0020: a002 815f 0204 05b4 0103 0300 ._.. 0x0030: 0101 080a 451b adc6 E... IP 63.175.100.44.80 > 199.103.21.238.50740: S 2634350592:2634350592(0) ack 2282569550 win 65535 0x: 4500 0028 4000 2506 d49f 3faf 642c E..([EMAIL PROTECTED], 0x0010: c767 15ee 0050 c634 9d05 880d 3f4e .g...P.4..?N 0x0020: 5012 03bc 1b60 P..` 0x0030: 2678 &x IP 199.103.21.238.50740 > 63.175.100.44.80: . ack 1 win 65535 0x: 4510 0028 4655 4000 4006 733a c767 15ee E..([EMAIL PROTECTED]@.s:.g.. 0x0010: 3faf 642c c634 0050 880d 3f4e 9d05 0001 ?.d,.4.P..?N 0x0020: 5010 03bd P... 3-way handshake is completed here, next traffic should be from my machine making the "GET /", request, but instead your machine sends another ACK: IP 63.175.100.44.80 > 199.103.21.238.50740: S 2238145710:2238145710(0) ack 2282569550 win 65535 1460,nop,wscale 1,nop,nop,timestamp 1453026167 1159441862> 0x: 4500 003c 57fa 4000 3206 6f91 3faf 642c E..<[EMAIL PROTECTED], 0x0010: c767 15ee 0050 c634 8567 64ae 880d 3f4e .g...P.4.gd...?N 0x0020: a012 9cdb 0204 05b4 0103 0301 0x0030: 0101 080a 569b 6b77 451b adc6 9345 1153 V.kwEE.S Interesting that the previous ack had no TCP options set, whereas this one does include a timestamp in response. IP 199.103.21.238.50740 > 63.175.100.44.80: . ack 396204883 win 65535 0x: 4510 0034 4656 4000 4006 732d c767 15ee [EMAIL PROTECTED]@.s-.g.. 0x0010: 3faf 642c c634 0050 880d 3f4e 9d05 0001 ?.d,.4.P..?N 0x0020: 8010 8157 0101 080a 451b adc7 .W..E... 0x0030: 569b 6b77V.kw Where did sequence # 396204883 come from? And your side follows up with a pair of connection resets, and a normal ACK packet, too. IP 63.175.100.44.80 > 199.103.21.238.50740: R 2634350593:2634350593(0) win 0 0x: 4500 0028 b6f6 4000 3206 10a9 3faf 642c E..([EMAIL PROTECTED], 0x0010: c767 15ee 0050 c634 9d05 0001 .g...P.4 0x0020: 5004 cb24 f3fa P$.. 0x0030: 5489 T. IP 63.175.100.44.80 > 199.103.21.238.50740: R 2634350593:2634350593(0) win 0 0x: 4500 0028 4bfc 4000 3206 7ba3 3faf 642c E..([EMAIL PROTECTED], 0x0010: c767 15ee 0050 c634 9d05 0001 .g...P.4 0x0020: 5004 cb24 abb8 P$.. 0x0030: c9be .. IP 63.175.100.44.80 > 199.103.21
Re: Help with strange web server problem
Charles - thank you for your excellent investigation! I'm pretty sure that my colo provider isn't running a firewall (I've asked them not to, anyhow). I am running IPFW on that box, with the standard "allow tcp from any to any established" followed by the "allow tcp any to my_ip 80 setup". I've done that on other servers without it being a problem like this. I'm going to have the colo double check for router acl's or something like that in the morning. Since this is such an intermittent problem, I can't yet say that it's fixed, but I ran with the "disks being idled" theory and wrote a small script that creates a file and deletes a file every minute, and since that's been running, I've not seeing the issue repeat - but then this is not a very repeatable problem. Thanks again for your great assistance. Jerry Charles Swiger wrote: On Feb 13, 2006, at 3:12 PM, Jerry Bell wrote: I didn't want to spam the link out, but it's www.musiclodge.com. I will gather the capture data from working and non working sessions and send it out. Well, I can confirm the behavior you've described. It looks somewhat like a stateful firewall or is in the way and is generating an RST, even while your webserver tries to generate a response. However, once the firewall sees the outbound traffic, it seems to create a dynamic rule which lets the traffic from subsequent connections through: 5-pan# tcpdump -tnXs 0 host www.musiclodge.com tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on en0, link-type EN10MB (Ethernet), capture size 65535 bytes IP 199.103.21.238.50740 > 63.175.100.44.80: S 2282569549:2282569549(0) win 65535 0x: 4510 003c 4653 4000 4006 7328 c767 15ee E..<[EMAIL PROTECTED]@.s(.g.. 0x0010: 3faf 642c c634 0050 880d 3f4d ?.d,.4.P..?M 0x0020: a002 815f 0204 05b4 0103 0300 ._.. 0x0030: 0101 080a 451b adc6 E... IP 63.175.100.44.80 > 199.103.21.238.50740: S 2634350592:2634350592(0) ack 2282569550 win 65535 0x: 4500 0028 4000 2506 d49f 3faf 642c E..([EMAIL PROTECTED], 0x0010: c767 15ee 0050 c634 9d05 880d 3f4e .g...P.4..?N 0x0020: 5012 03bc 1b60 P..` 0x0030: 2678 &x IP 199.103.21.238.50740 > 63.175.100.44.80: . ack 1 win 65535 0x: 4510 0028 4655 4000 4006 733a c767 15ee E..([EMAIL PROTECTED]@.s:.g.. 0x0010: 3faf 642c c634 0050 880d 3f4e 9d05 0001 ?.d,.4.P..?N 0x0020: 5010 03bd P... 3-way handshake is completed here, next traffic should be from my machine making the "GET /", request, but instead your machine sends another ACK: IP 63.175.100.44.80 > 199.103.21.238.50740: S 2238145710:2238145710(0) ack 2282569550 win 65535 1453026167 1159441862> 0x: 4500 003c 57fa 4000 3206 6f91 3faf 642c E..<[EMAIL PROTECTED], 0x0010: c767 15ee 0050 c634 8567 64ae 880d 3f4e .g...P.4.gd...?N 0x0020: a012 9cdb 0204 05b4 0103 0301 0x0030: 0101 080a 569b 6b77 451b adc6 9345 1153 V.kwEE.S Interesting that the previous ack had no TCP options set, whereas this one does include a timestamp in response. IP 199.103.21.238.50740 > 63.175.100.44.80: . ack 396204883 win 65535 0x: 4510 0034 4656 4000 4006 732d c767 15ee [EMAIL PROTECTED]@.s-.g.. 0x0010: 3faf 642c c634 0050 880d 3f4e 9d05 0001 ?.d,.4.P..?N 0x0020: 8010 8157 0101 080a 451b adc7 .W..E... 0x0030: 569b 6b77V.kw Where did sequence # 396204883 come from? And your side follows up with a pair of connection resets, and a normal ACK packet, too. IP 63.175.100.44.80 > 199.103.21.238.50740: R 2634350593:2634350593(0) win 0 0x: 4500 0028 b6f6 4000 3206 10a9 3faf 642c E..([EMAIL PROTECTED], 0x0010: c767 15ee 0050 c634 9d05 0001 .g...P.4 0x0020: 5004 cb24 f3fa P$.. 0x0030: 5489 T. IP 63.175.100.44.80 > 199.103.21.238.50740: R 2634350593:2634350593(0) win 0 0x: 4500 0028 4bfc 4000 3206 7ba3 3faf 642c E..([EMAIL PROTECTED], 0x0010: c767 15ee 0050 c634 9d05 0001 .g...P.4 0x0020: 5004 cb24 abb8 P$.. 0x0030: c9be .. IP 63.175.100.44.80 > 199.103.21.238.50740: S 2238145710:2238145710(0) ack 2282569550 win 65535 1453026467 1159441862> 0x: 4500 003c 3a9d 4000 3206 8cee 3faf 642c E..<:[EMAIL PROTECTED], 0x0010: c767 15ee 0050 c634 8567 64ae 880d 3f4e .g...P.4.gd...?N 0x0020: a012 9baf 0204 05b4 0103 0301
Re: Help with strange web server problem
Jerry Bell wrote: > I didn't want to spam the link out, but it's www.musiclodge.com. I will > gather the capture data from working and non working sessions and send it > out. > > Thanks! > > > On Feb 13, 2006, at 7:58 AM, Jerry Bell wrote: > >> It's hit or miss, but the first time someone visits the web site, > >> they get > >> a "server not found" page. On hitting refresh, they get the page - no > >> problems. If I wait a while and try again, I get the same problem. > > > > Path MTU problem? > > > >> The problem appears to be something in the initial communication > >> with the > >> web server. Using tcpdump, I can see that the PC connects to the web > >> server and sends the GET request, but the server closes the connection > >> abruptly. Comparing that flow to a normal session, I see that > >> there are > >> some extra packets between the initial SYN and the sending of the GET > >> phrase that do not exist during a successful session. > > > > The details would help. :-) Or you could tell us what the server is > > so we could try hitting it ourselves... > > > > -- > > -Chuck I just tried visiting the site five times in the past few minutes without incident. That probably does not help you very much though. I am using FF, the latest version if that means anything. -- Gerard ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
