Marc wrote:
> I still need to get familiar with nft. Currently I am using ipset
NFT has an equivalent -- also called a set. Here are excerpts from my
configuration that show how addresses and ranges appear in a set and how a set
is blocked.
Defining the set of real-time intrusions:
set
metaed borked:
> using the NTP firewall
Sorry, using the NFT firewall.
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Marc wrote:
> Anyone having a suggestion on how to block cloud crawlers/bots? Obviously I
> would like search engine bots to have access, but all the other crap I want to
> lose. Only 'real users'.
I take a three-pronged approach, using the NTP firewall and some scripts.
1. db-ip.com keeps a
I wrote:
> I'll try to reproduce the problem without mod_php.
and:
> Using "dehydrated -c -x" to drive my testing, I've hit the 7-day rate limit at
> Let's Encrypt, so I'll have to come back to this.
I can reproduce the problem pretty easily with mod_php loaded. Unloaded, I have
been unable to
I wrote:
> I'll try to reproduce the problem without mod_php.
Using "dehydrated -c -x" to drive my testing, I've hit the 7-day rate limit at
Let's Encrypt, so I'll have to come back to this.
-
To unsubscribe, e-mail:
Tom Browder wrote:
> Anyone have a suggestion for a good restart frequency for managed certs?
> Also, should the cron job use "apachectl" or a systemd command?
My Slackware-64 15.0 system checks certs daily using the supplied "dehydrated"
Let's Encrypt client. It renew a cert when the system
Eric Covener wrote:
> - the old gen should not be able to accept new connections
> - generally if it's left running, I would want to look at what
> threads were left running (pstack or often better the few gdb commands
> here: https://httpd.apache.org/dev/debugging.html#backtrace
Here is the
Frank Gingras wrote:
> Why are you using the event mpm with mod_php? This isn't recommended.
I don't know enough to disagree, or say whether this is causing the problem. I
can tell you my weak reasons:
Out of the box, Slackware 15.0 httpd loads the event MPM, and its LAMP how-to
gives
An Apache/2.4.56 (Unix) server using "event" MPM sometimes does not clean up an
idle old gen worker after "apachectl graceful". The old gen worker continues to
take requests. The syslog contains AH00646 errors thrown when the old gen worker
handles a request and attempts to record the transfer on