I have need of a module that will redirect to https anytime
basic authentication is required.
I figure the best way to do this is to step in at the authentication
phase, and should authentication be required and the method be http,
redirect to https for any and all basic authentication traffic.
Please forgive the broadcast nature of this message, but I have a
suggestion.
Our nation is strong. Our economy is strong.
Both of these things were targeted by the attacks on the World Trade
Center one week ago.
Yesterday, Monday, Spetember 17th, 2001, as the stock market reopened,
trading was
-- Mat <[EMAIL PROTECTED]>
> Hi everyone,
>I'd like to know if there is a simple way to find if an apache server
> is compiled with mod_perl and with which version. My aim is to write a
> script which compile mod_perl if it is not installed.For the moment
> I've found only two ways, lau
Stas Bekman <[EMAIL PROTECTED]> wrote:
> Also check the archives for 'lingerd' keyword. Here is what I've but it
> didn't enter the guide yet, since it's waiting to be reviewed by Roger
> Espel Llima, the author of lingerd. ...and waiting, and waiting, and
> waiting :(
sorry, I've had a bunch of
Sorry for the off-topic post; there was a lot of discussion here of
CodeRed and Reuven's module to report attempted attacks.
Since this a.m. I have had hundreds of requests like:
/scripts/root.exe?/c+dir
/MSADC/root.exe?/c+dir
/c/winnt/system32/cmd.exe?/c+dir
/d/winnt/system32/cmd.exe?/c+dir
/s
Hello ,
I have a quistion abous $Session objects. Is it possible to us this objects
in a custom Authentication handler.
The idea is to use a ASP script to login the user and put some user info into
the session object if the user is valid. After that i redirect the user 1
level deepe
Putting it into the auth phase would be appropriate, but I have to wonder
why this module is needed other than to refrain from keeping your
configuration file clean. Your unsecure virtual host should have no auth
statements in it if you want all auth to be on your secure virtual host...
You'll ne
Or you could do:
perl -nle 'print "$_\n" if m/mod_perl/' /path/to/error_log
where /path/to/error_log is the file pointed at by the ErrorLog directive in
you httpd.conf file.
--Joe Breeden
--
Sent from my Outlook 2000 Wired Deskheld (www.microsoft.com)
> -Original
> -Original Message-
> From: Nick Tonkin [mailto:[EMAIL PROTECTED]]
>
> Sorry for the off-topic post; there was a lot of discussion here of
> CodeRed and Reuven's module to report attempted attacks.
>
> Since this a.m. I have had hundreds of requests like:
>
> /scripts/root.exe?/c+dir
>
Nick Tonkin wrote:
>
> Sorry for the off-topic post; there was a lot of discussion here of
> CodeRed and Reuven's module to report attempted attacks.
>
> Since this a.m. I have had hundreds of requests like:
>
> /scripts/root.exe?/c+dir
> /MSADC/root.exe?/c+dir
> /c/winnt/system32/cmd.exe?/c+di
Slashdot has a report on this now, looks like a similar worm to CodeRed,
but this one tries to hit "numerous" vulnerabilities, including backdoors
left open by CodeRed.
Brian Nilsen
[EMAIL PROTECTED]
On Tue, 18 Sep 2001, Nick Tonkin wrote:
>
> Sorry for the off-topic post; there w
Am I assuming correctly, that Perl could communicate with a MS Access
database file via ODBC, on a Windows box? If so, are there any
particular gotchas or limitations to this approach that I should be
aware of? I typically use MySQL or PostgreSQL on a Linux or FreeBSD
box, so this is sorta n
-- Brice D Ruth <[EMAIL PROTECTED]> on 09/18/01 10:57:26 -0500
> Am I assuming correctly, that Perl could communicate with a MS Access
> database file via ODBC, on a Windows box? If so, are there any
> particular gotchas or limitations to this approach that I should be aware
> of? I typically
The problem with that solution is that we have 2 virtual hosts, one http, one https,
on one
machine. https is the only available transport outside of our network, while the http
server is available internally.
This is a production webserver, with existing information, applications, etc. We don
Hi,
I apologize if I address my question to a wrong newsgroups. I was trying
to enable mod_perl Roaming user with Apache running on i386/RedHat7.x. I
followed all the steps in order to do so but when run Netscape-4.72 I
get the following in the Apache error log file:
/home/web/roaming/.htaccess:
Hi, I have been running an Access DB on a Win2K box, and using perl to
populate an LDAP server on a Solaris server. The standard perl/DBI
distribution on the Windows machine comes with something called
DBI::Proxy. You run it as a daemon on the Windows box and any Unix based
perl script using DBI c
I wish someone would just write a worm that would put these IIS machines out
of their misery and stop causing the rest of us such a headache.
Nick Tonkin wrote:
>
> Sorry for the off-topic post; there was a lot of discussion here of
> CodeRed and Reuven's module to report attempted attacks.
>
>
.htaccess is the default access file name. It is possible to change this
using the AccessFileName directive, but you'll very likely break something
as a result. The recommended solution is to use a different name for your
password file.
Thanks,
Tim Tompkins
--
A realm is defined by the following three things:
1) AuthName
2) ServerName (well, the server name in the URL actually)
3) Port (well, the port to which the browser is talking)
If these three things are not always the same, the browser will prompt the
user to re-authenticate. So, you cannot auth
You're tellin' me, I've now had word come down that we need to do a full
audit of our Apache and *nix installations to make sure that they're okay.
Nevermind the fact that the only problems we have so far is people opening
up files called "readme.exe" in their e-mail.
*slapsforeheadinfrustration*
http://www.torkington.com/vermicide.txt has a mod_perl handler to
catch the requests as soon as they arrive, and discard them with a
minimum of work to Apache. If your web server is struggling under the
load, this might help.
The heuristic it uses for "requests to ignore with prejudice" is the
p
Hi,
I have been following this thread with interest because I have been
struggling with the same problem. I define it this way.
* To achieve secure authentication which is widely supported, you need
to use Basic authentication over SSL
* All URLs which can be accessed with HTTPS can be acc
[Apologies if you get this twice--mailed it first from my oreilly.com
account, which may not be the address subscribed to this list]
http://www.torkington.com/vermicide.txt has a mod_perl handler to
catch the requests as soon as they arrive, and discard them with a
minimum of work to Apache. If
Adi Fairbank wrote:
> I wish someone would just write a worm that would put these
> IIS machines out of their misery and stop causing the rest
> of us such a headache.
I think that it would be a lot easier to write a worm that puts IIS admins
out of their misery--they're already busy applying
you know guys, seems to me micro$not users should be thinking of
product liability claim.. i mean, if you buy cigs and get cancer and
can
win a lawsuit or if you buy hot coffee and put it between your legs
and
can win, this should a real slam dunk.
At 12:09 PM 9/18/2001 -0700, Tom Servo wrote:
Yo
Matt Sergeant wrote:
> > -Original Message-
> > From: Nick Tonkin [mailto:[EMAIL PROTECTED]]
> >
> > Sorry for the off-topic post; there was a lot of discussion here of
> > CodeRed and Reuven's module to report attempted attacks.
> >
> > Since this a.m. I have had hundreds of requests like
Redirects in the non-secure virtual host to the secure virtual host would
certainly do the trick. The module does have value (better name would be
Apache::AuthRedirect, IMO), but it would be built for people to be lazy
about their configurations.
Regards,
Christian
--
Christi
On Mon, 17 Sep 2001, Ask Bjoern Hansen wrote:
[...]
> try,
>
> export LD_PRELOAD=/usr/local/lib/libdb3.so
>
> before you start apache.
It worked doing that. I first solved the problem by moving the db2 libs
and headers before I compiled, but you solution seams cleaner to me apart
from that I
On Tue, Sep 18, 2001 at 04:08:30PM -0400, Stephen Adkins wrote:
> Hi,
>
> I have been following this thread with interest because I have been
> struggling with the same problem. I define it this way.
>
> * To achieve secure authentication which is widely supported, you need
>to use Basic a
-- Jeremy Howard <[EMAIL PROTECTED]> on 09/19/01 06:37:15 +1000
>> This one's gonna grind the net to a halt pretty quick. I hate to think
> what
>> this will mean for people running web servers at home over DSL (including
> me
>> soon).
>>
> Any suggestions on how we should respond? Update Ap
Well, I had already hacked Reuven's CodeRed.pm because I disagreed that
one should only send mail to the bozos once a day.
So I hacked around some more and made a new module heavily based on
CodeRed.pm that recognizes CodeRed and this new worm (Nimda?) and can be
extended to carp about the new
Tim Peoples writes:
> This 'Apache::Vermicide' module, installed as a 'PerlPostReadRequestHandler',
> seems to be preventing any 'PerlSetEnv' directives from being parsed out
> of a '.htaccess' file (or equivalent). IOW, the ENV vars aren't getting
> set properly.
>
> I'm investigating how to re
On Tue, 18 Sep 2001, Emad Fanous wrote:
> any reason why the private address spaces between
> 172.16.0.0-172.31.255.255 wasn't in your list of ignored
> ips?
>
> Thanks
> Emad
That came from the original author's CodeRed.pm. But it's considered a
configurable variable.
~~~
Nick Tonk
On Tue, 18 Sep 2001, Nick Tonkin wrote:
> I used a real ugly mod_rewrite hack to grab the requests (I didn't want to
> lump all reqs for root.exe or cmd.exe into the same 'worm') ... I'm sure
> others can improve on that. (BTW am I right in thinking that RewriteEngine
> on needs to be specified f
Tim Peoples writes:
> I tried doing the s/OK/DECLINED/ thing and it didn't do the trick. :-(
You're right, it was the restart that did it. OK/DECLINED makes no
difference in that handler.
I'm seeing, with or without my handler, the PerlSetEnv stuff only
happening once per connection rather tha
On Tue, 18 Sep 2001, Ask Bjoern Hansen wrote:
> On Tue, 18 Sep 2001, Nick Tonkin wrote:
>
> > I used a real ugly mod_rewrite hack to grab the requests (I didn't want to
> > lump all reqs for root.exe or cmd.exe into the same 'worm') ... I'm sure
> > others can improve on that. (BTW am I right i
Heh, as Nat maybe saw the worm doesn't always request ?/c+dir, so until I
can figure out a better way to identify it we'll have to go with
cmd.exe|root.exe
so my httpd.conf is now:
SetHandler perl-script
PerlHandler Apache::MSIISProbes
PerlSetVar worm_name CodeRed
Hello, I have just installed mod_perl into my Apache 1.3.20 install :).. I
have apache+mod_ssl+mod_frontpage+php.
When ever I apachectl start it start up fine but when I try to load a
webpage, it says it cannot access the specified URL, here is a capture of
the error_log.
Any ideas are apprecia
On Tue, 18 Sep 2001, brooks roy wrote:
> Hello, I have just installed mod_perl into my Apache 1.3.20 install :).. I
> have apache+mod_ssl+mod_frontpage+php.
>
> When ever I apachectl start it start up fine but when I try to load a
> webpage, it says it cannot access the specified URL, here is a
willems Luc wrote:
>
> Hello ,
>
> I have a quistion abous $Session objects. Is it possible to us this objects
> in a custom Authentication handler.
>
> The idea is to use a ASP script to login the user and put some user info into
> the session object if the user is valid. After that i
> I'm seeing, with or without my handler, the PerlSetEnv stuff only
> happening once per connection rather than once per request.
I think this was addressed for 1.26
http://marc.theaimsgroup.com/?t=9946915503&w=2&r=1
however, as you can see at the end of the thread, I don't think the pro
On Tue, 18 Sep 2001, Roger Espel Llima wrote:
> Stas Bekman <[EMAIL PROTECTED]> wrote:
> > Also check the archives for 'lingerd' keyword. Here is what I've but it
> > didn't enter the guide yet, since it's waiting to be reviewed by Roger
> > Espel Llima, the author of lingerd. ...and waiting, and
42 matches
Mail list logo
