RE: modperl growth
Many cobalt boxes come running mod_perl by default. perhaps if people have been deploying a lot of these things lately it could have made an impact. HEAD / HTTP/1.0 HTTP/1.1 302 Found Date: Mon, 04 Feb 2002 20:13:54 GMT Server: Apache/1.3.12 Cobalt (Unix) mod_jk mod_ssl/2.6.4 OpenSSL/0.9.5a PHP/4.0.3pl1 mod_auth_pam/1.0a FrontPage/4.0.4.3 mod_perl/1.24 Connection: close Content-Type: text/html; charset=iso-8859-1 adam
[OT] RE: formmail spammers
Last week there was a post to bugtraq about ways to exploit badly written scripts using cdonts.newmail, that exploited the fact that there was a SMTP conversation going on behind the scenes. This type of exploit can probably be used on a ton of other form mail type things, that use SMTP in the back end. http://www.nextgenss.com/papers/aspmail.pdf the quick summary is make sure you strip out \r's and \n's from fields that can't or shouldn't have them. The example uses a to address like this http://www.company.com/newsletter.asp?[EMAIL PROTECTED]%0D%0Adata%0D% 0ASubject:%20Spoofed!%0D%0A%0D%0AHi,%0D%0AThis%20is%20a%20spoofed%20email%0D %0A.%0D%0Aquit%0D%0A and just blindly set the to field in newmail. adam > -Original Message- > From: A.T.Z. [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 14, 2002 9:22 AM > To: [EMAIL PROTECTED] > Subject: Re: formmail spammers > > > > >so, we've been having a spam problem lately due to formmail.pl. this > >thread prompted me to scan all our user directories and note people > >who had formmail.pl sitting around. > > We hardcoded the TO address in FormMail.pl and tell all our > customers to do > the same. > > Spammers trying to use the script will fail. Only the address > in the TO > field gets one messages.. > > Perhaps not the best solution around, but it will do until we > fix something > else. They don't get their spam out to the world. And we send > their ISP a > nice notification about what that user was trying to do. > Complete with > logfiles.. > > Once you're a know target they will come back.. > > Bye, > > > > B. >
RE: file upload process
i may be wrong about this, but since the file is actually part of the POST, apache cannot start returning something for that request before the request has been finished. You can get around this, kind of, using a JS popup onsubmit, that opens a window that somehow lets you check the status of the post (maybe). I've seen little popups with animated "loading" gif's and the like, but that's about it. adam > > Another (most likely) trivial question for the experts. > When a large file is uploaded from an html form page, it > appears the file is > loaded BEFORE I can start some kind of "graphical metering" response: >
RE: Apache::Registry HEAD request also return document body
> > The perldoc Apache::Registry says > > "Apache::Registry - Run unaltered CGI scrips under mod_perl" > > Were your CGI scripts designed to handle HEAD requests? You > don't have > to alter them to run under mod_perl, do you? You didn't have to design them to because apache handles it for you. With mod_perl/apache/registry, that doesn't work anymore. If ::Registry et al are going to be touted as drop in solutions for your existing perl cgi stuff, then IMO they have to handle this by default, or they aren't doing what I, and probably a lot of other people, would expect them to. hopefully someone will care enough to patch it. adam
RE: IBM patents Template Systems?
huh? doesn't that mean that the person who is running the tool doesn't use HTML or other code, not the person that wrote the tool? I'd have to agree that it's not really applicable though since it talks about it running offline, and about selecting widgets for the site and stuff along those lines. my first glance thought it sounded a lot like TT's offline mode, but even that has markup in it. this seems more like it's designed for making brochure sites and stuff like that. nothing with any depth. adam > -Original Message- > From: Ged Haywood [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, October 17, 2001 4:03 PM > To: Nathan Torkington > Cc: Joe Schaefer; [EMAIL PROTECTED] > Subject: Re: IBM patents Template Systems? > > > Hi all, > > On Wed, 17 Oct 2001, Nathan Torkington wrote: > > > Joe Schaefer writes: > > > A causal reading seems to suggest that most mod_perl-based > > > templating systems do exactly what this patent will cover: > > > > "the tool generates the customized Web site without the web site > > creator writing any HTML or other programming code." > > An only slightly less casual reading indicates that anyone who writes > > use strict; > > or > > > > isn't at risk of violating this patent. > > 73, > Ged. > >
credit card processing
I was looking through the mod_perl archives and saw a post from doug about a credit card processing system called 'creditor' i looked on the covalent web site, but i couldn't find any info. Did this thing ever see the light of day? If not, what are some alternatives to it? i was forwarded this url (http://www.paygateway.com/tech/perl_plug/), but sites without index pages make me wonder. Any feedback would be appreciated. It would be especially great if we would be able to bill in both US and Canadian Dollar's using the same thing. TIA Adam
RE: Apache::Filter upgrade issues...
I've run into this before as well, and what i ended up doing to get around it was keeping the original $r around long enough to call filter_register. my $r = shift; my $req = Apache::Request->new($r); $r = $r->filter_register(); adam > -Original Message- > From: Trevor Phillips [mailto:[EMAIL PROTECTED]] > Sent: Saturday, May 05, 2001 2:21 AM > To: ModPerl Mail List > Subject: Apache::Filter upgrade issues... > > > Hi! I recently upgraded a test server to a recent > Apache::Filter, and hit > problems due to the new dependency on filter_register() being > called. I > don't mind upgrading my filters to call this, but I have one, > in which I > use Apache::Request (a sub-class of Apache), which I cannot > seem to work > around. > > The guts of the code goes something like this: > > sub handler > { >my $r = shift; >my $IsFilter = ($r->dir_config('Filter') =~ /^on/i?1:0); >$r = Apache::Request->new($r); >if ($IsFilter) >{ > $r = $r->filter_register(); > my ($fh, $status) = $r->filter_input(); > return $status unless $status == OK; # The Apache::Constants OK > my @file = <$fh>; >} > etc... > } > > The above code fails in that the extra methods provided by > Apache::Request > are > no longer there. > > The above code worked fine previously (prior to the requirement of > filter_register)... > > Any ideas? How can I use both Apache::Filter and > Apache::Request together? > > -- > . Trevor Phillips - http://jurai.murdoch.edu.au/ . : CWIS Systems Administrator - [EMAIL PROTECTED] : | IT Services - Murdoch University | >--- Member of the #SAS# & #CFC# < | On nights such as this, evil deeds are done. And good deeds, of / | course. But mostly evil, on the whole. / \ -- (Terry Pratchett, Wyrd Sisters) /
RE: security suggestion
Maybe it's just me, but it seems that the responses richard has gotten haven't really touched on the core of the problem. That mod_perl isn't exactly friendly to sysadmin's who want to run apache on a (i'm guessing), student accessed server, with user dir's and all that other stuff. I'm pretty sure (for no particular reason), that there aren't many people on this list that are doing that. If you have .htaccess stuff turned on right now, you can do all sorts of great things through apache that you wouldn't want untrusted accounts on the box being able to do. The servers that had apache on them for users when i was at school didn't even allow normal cgi, so i have no idea how one would approach doing something like this with mod_perl. If, on the other hand, i'm misinterpreting richards problems, feel free to ignore me. Adam
RE: Filter and directories
> why do you want to process a directory listing? you want to > process the files within the directory via SSI, right? I ran into this too, so i'll explain what i was trying to do. I have a handler that works like this SetHandler perl-script PerlHandler Site::Articles What the handler does is simulate a normal directory structure, but pulls articles out of a DB. It pulls arguments out of the URI, so /articles/20001101/bleh.html gets you the article with uid bleh from the issue from 20001101. I also have issue indexes at /articles/20001101/ and at some other similar locations, all generated on the fly. Apache::Filter didn't like this. I suppose you could do an internal redirect to index.html in the script when people ask for directories or something and that would probably fix it. But i just tried it with OutputChain, and it worked fine without modification, so i'm using OutputChain. adam
Apache::Filter Install Problem
I'm trying to install apache filter and i'm getting errors. anyhelp would be appreciated. i built mod_perl with this: perl Makefile.PL DO_HTTPD=1 USE_APACI=1 APACHE_PREFIX=/usr/local/apache PERL_STACKED_HANDLERS=1 when i get to make test i get this: Running make test PERL_DL_NONLAZY=1 /usr/bin/perl -Iblib/arch -Iblib/lib -I/usr/lib/perl5/5.00503/i386-linux -I/usr/lib/perl5/5.00503 -e 'use Test::Harness qw(&runtests $verbose); $verbose=0; runtests @ARGV;' t/*.t t/filehandleok t/real..Starting http server... ready. See t/error_log for failure details FAILED tests 3, 6, 9-12 Failed 6/12 tests, 50.00% okay Failed Test Status Wstat Total Fail Failed List of failed --- t/real.t 126 50.00% 3, 6, 9-12 Failed 1/2 test scripts, 50.00% okay. 6/20 subtests failed, 70.00% okay. make: *** [test_dynamic] Error 29 each time i run make test i get a different number of failed tests, varying from 6 to 8. and it t/error_log is this: [Thu Nov 2 15:09:29 2000] [notice] Apache/1.3.14 (Unix) mod_perl/1.24_01 configured -- resuming normal operations [Thu Nov 2 15:09:29 2000] [error] Undefined subroutine &Apache::RegistryFilter::handler called. [Thu Nov 2 15:09:29 2000] [error] Undefined subroutine &Apache::RegistryFilter::handler called. [Thu Nov 2 15:09:29 2000] [error] Undefined subroutine &Apache::RegistryFilter::handler called. [Thu Nov 2 15:09:29 2000] [error] Undefined subroutine &Apache::RegistryFilter::handler called. [Thu Nov 2 15:09:29 2000] [error] Undefined subroutine &Apache::RegistryFilter::handler called. [Thu Nov 2 15:09:29 2000] [notice] caught SIGTERM, shutting down Any insight would be appreciated. I'm installing it on a redhat 6.2 box with apache 1.3.14 and mod_perl 1.24_01 installed from source, and the perl 5.005 updated rpm from redhat.