In the prefork module, the MaxRequestsPerChild defaults to 0. I wonder
why such thing is done. The only reason to do so is to increase
performance with heavy loads but it carries a problem with it. If the
process start leaking for whatever reason, it will drag the server until
it runs out of
Package: apache2
Version: 2.2.16-6+squeeze6
Severity: serious
Tags: security
Hello,
I noticed on a customers server, that apache periodical crashes the
whole system by using the whole available memory until it swaps away.
I have found out that this is caused by a crafted .htaccess where
Am 13.03.2012 16:24, schrieb Debian Bug Tracking System:
Thank you for filing a new Bug report with Debian.
This is an automatically generated reply to let you know your message
has been received.
Your message is being forwarded to the package maintainers and other
interested parties for their
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
On 13.03.2012 11:51, Alberto Fuentes wrote:
It does not look like a sane default from my point of view...
The actual problem is not this setting, but the leaking process, then.
That's always a bug which needs to be fixed. MaxRequestsPerChild
On 13/03/12 18:02, Arno Töll wrote:
Pretending we trust third party modules to do proper housekeeping
MaxRequestsPerChild 0 is feasible. If it is not for you, you can
always change it - that's what configuration files are for.
Yup, i sure can change it. Its and editable conf file! :)
My
found #663723 2.2.9-10+lenny12
found #663723 2.2.22-1
thanks
Am 13.03.2012 16:26, schrieb Patrick Matthäi:
I have attached the htaccess for the case that it isn't displayed
correctly in my previous mail
Cheers
I have also tested it on an up to date unstable. Steps to reproduce:
# apt-get
Processing commands for cont...@bugs.debian.org:
found #663723 2.2.9-10+lenny12
Bug #663723 [apache2] Critical memory leak with mod_rewrite in apache2 using
german umlauts
Bug Marked as found in versions apache2/2.2.9-10+lenny12.
found #663723 2.2.22-1
Bug #663723 [apache2] Critical memory
Hi there,
I'm running Squeeze 6.0.4 up-to-date with apache. My problem is that
when using more than one SSL host, only first one is recognized i.e.
when connecting to second url, content of first one is shown. Here's my
config -
NameVirtualHost *:80
Listen 80
IfModule mod_ssl.c
Hi there,
I'm running Squeeze 6.0.4 up-to-date with apache. My problem is that
when using more than one SSL host, only first one is recognized i.e.
when connecting to second url, content of first one is shown. Here's my
config -
NameVirtualHost *:80
Listen 80
IfModule mod_ssl.c
Hi there,
I'm running Squeeze 6.0.4 up-to-date with apache. My problem is that
when using more than one SSL host, only first one is recognized i.e.
when connecting to second url, content of first one is shown. Here's my
config -
NameVirtualHost *:80
Listen 80
IfModule mod_ssl.c
severity 663723 wishlist
tags 663723 -security
retitle 663723 apache2 does not prevent DoS through .htaccess files
thanks
On Tuesday 13 March 2012, Patrick Matthäi wrote:
I noticed on a customers server, that apache periodical crashes the
whole system by using the whole available memory until
Processing commands for cont...@bugs.debian.org:
severity 663723 wishlist
Bug #663723 [apache2] Critical memory leak with mod_rewrite in apache2 using
german umlauts
Severity set to 'wishlist' from 'serious'
tags 663723 -security
Bug #663723 [apache2] Critical memory leak with mod_rewrite in
Am 13.03.2012 20:15, schrieb Stefan Fritsch:
RewriteEngine on
RewriteBase /
RewriteRule ^(.*)\xC3\x84(.*)$ $1Ä$2 [N,E=utf8_fixed:1]
The problem is not the special character but that this regular
expression has quadratic complexity in the string length. Using (.*?)
instead of (.*)
Thanks for reply Sandor.
Yes, I'm able to workaround this by using different ports (I have only
one public IP unfortunately), but there should be way around this with
SNI, which I beleive is fully compatible with apache/openssl in Squeeze.
Just not sure what am I exactly missing in my configs :/
On Tuesday 13 March 2012, Patrick Matthäi wrote:
If the regular expression is wrong, okay, but what is about e.g.
the RedirectLimit? This also could cause server problems with
crafted configurations, but there is internal apache limit
available.
You mean LimitInternalRecursion? That is to
On Wed, Feb 29, 2012 at 06:43:55PM +0100, Steinar H. Gunderson wrote:
I'm planning to support 2.4, but I won't be able to look at it before next
week. Somebody made a forward-port already, but I haven't been able to look
at it in detail:
16 matches
Mail list logo
