2013-05-01 15:48 keltezéssel, Joe Lewis írta:
On 05/01/2013 06:21 AM, Somostetoi Kilato wrote:
Hallo,
I have a small web page generator library, written in C++ and I am
rewriting it to use APR. More, I would like to create an Apache2 module
which will use this generator. But I have no idea
On Thu, May 02, 2013 at 10:07:39AM +0200, Graf L?szl? wrote:
Hi Joe,
I appreciate your response. I did a search on the net and I found
this, two parts, How-To:
http://www.codeproject.com/Articles/491909/Apache-2-x-Modules-In-Cplusplus-Part-1
Christian Folini wrote:
André,
On Wed, May 01, 2013 at 02:47:55AM +0200, André Warnier wrote:
With respect, I think that you misunderstood the purpose of the proposal.
It is not a protection mechanism for any server in particular.
And installing the delay on one server is not going to achieve
Am 02.05.2013 10:22, schrieb André Warnier:
These tools must be downloaded separately, installed, configured and
maintained, all by
someone who knows what he's doing. And this means that, in the end (and as
the evidence
shows), only a tiny minority of webservers on the Internet will
Lately, I've been seeing httpd/mod_proxy seg faulting in reverse proxy
setups, frequency increasing.
#0 apr_palloc (pool=0x8b52518, in_size=16) at memory/unix/apr_pools.c:684
#1 0xf756fc10 in apr_pool_cleanup_register (p=0x8b52518, data=0x8b52528,
plain_cleanup_fn=0xf756edb0
On Wed, 2013-05-01 at 14:40 +0200, Graham Leggett wrote:
On 01 May 2013, at 1:51 PM, André Warnier a...@ice-sa.com wrote:
But *based on the actual data and patterns which I can observe on my
servers (not guesses), I think it might have an effect*.
Of course it might have an effect -
On Wed, 2013-05-01 at 21:15 +0200, Christian Folini wrote:
real-time blacklist lookup (- ModSecurity's @rbl operator).
Try using that on busy servers (webhosts/ISP's)... might be fine for a
SOHO, but in a larger commercial world, forget it, the impact is far
far worse than the other
André,
On 02.05.2013 10:22, André Warnier wrote:
I'd like to say that I do agree with you, in that there are already many
tools to help defend one's servers against such scans, and against more
targeted attacks.
I have absolutely nothing /against/ these tools, and indeed installing
and
On Fri, 03 May 2013 01:53:01 +0200
Guenter Knauf fua...@apache.org wrote:
On 02.05.2013 10:22, André Warnier wrote:
But I am a bit at a loss as to what to do next. I could easily
enough install such a change on my own servers (they are all
running mod_perl). But then, if it shows that
On Fri, May 03, 2013 at 09:39:44AM +1000, Noel Butler wrote:
real-time blacklist lookup (- ModSecurity's @rbl operator).
Try using that on busy servers (webhosts/ISP's)... might be fine for a
SOHO, but in a larger commercial world, forget it, the impact is far
far worse than the other
On Wed, May 1, 2013 at 7:16 AM, André Warnier a...@ice-sa.com wrote:
If it tries just one URL per server, and walks off if the response takes
longer than some pre-determined value, then it all depends on what this
value is.
If the value is very small, then it will miss a larger proportion of
On Tue, Apr 30, 2013 at 5:23 PM, André Warnier a...@ice-sa.com wrote:
Alternatives :
1) if you were running such a site (which I would still suppose is a
minority of the 600 Million websites which exist), you could easily disable
the feature.
2) you could instead return a redirect response,
On Thu, May 2, 2013 at 4:53 PM, Guenter Knauf fua...@apache.org wrote:
isnt that one of the core issues - that folks who dont know what they do run
a webserver? And then, shouldnt these get punished with being hacked so that
they try to learn and finally *know* what they do, and do it right
13 matches
Mail list logo
