-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Jaaz,
On 11/28/16 2:24 PM, Jaaz Portal wrote: > hi, i written "exploited some well know vulnerability in mod_proxy" > not mod_jk. Yes but then you implied that mod_jk had the same problem: On 11/27/16 1:03 PM, Jaaz Portal wrote: > Then they exploited some well know vulnerability in mod_proxy. We > have updated apache to the latest but again they has exploited it, > so we have switched to mod_jk. *And then guess what. They exploited > it too* so i decided to write to this list looking for help before > trying jetty. (emphasis mine). > we switched to mod_jk but they exploited it too, rest you can read > on list I have read all your posts, and I see no evidence of an exploit. You have posted a single line from your log file which tells us next to nothing: > [Fri Nov 25 13:08:00.647835 2016] [mpm_event:error] [pid 13385:tid > 139793489638592] AH00484: server reached MaxRequestWorkers > setting, consider raising the MaxRequestWorkers setting Okay, you ran out of workers, meaning that you have a large number of incoming requests. This indicates neither a vulnerability nor an exploit . > anyway we have configured apache to mitigate such kind of attack > (whatever flavor it is) Great. How did you do that? This is a community of users who support each other, not a Help Desk. So please help the community by explaining what the problem was and what the solution was as well. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYPLZoAAoJEBzwKT+lPKRYSdkP/2wqolHXAjHGdYiY3qlQVwt5 0ND8fSnZQmSJROFwd1foGAiiAlSHsQV30QML6AgLzlhpTnyb7rOEE1VohZl5QMKv Z3No4N3LXH/c9OtoYsf3A18h5GyvXzG0abRaI9dbIYLjqrv1XAR0J3cDrvmmirqW Nh22fC0aYNJk68MbREgO8t6D2TIWEPqLyXAJAxc6nRtCaWaMJ22BnGH4rPmPcV8h KzuJ6oxjSzSzewJGRDuZsdpLqJl+TvOGRzuv4PTKWnXmUXs1DeBLaUJHOmNeuGKB WW18GlIwOOhVxdPY8qatiIuInotO6w0v1nL1r9nqV+d/3gA9Rl/myH/Vi5tWa6Io Ca30NBKEk4A3xXmuJyTwryqJlK4QHP2JjjLCGQvYu8/fsNLzJPBViHRKQvgM+Yjt YT46Kels0mXGtgLE8D4rhgA+Zu7wrIAtHKWh7pXZ7lBm3RQB31e6elkwfGDaSk2v yEbXKWDWkfxPbIG9e/fxbZT/pgfE6hOMCL94l7oUGvxLxjEzVBzkuTjHBYV7zGpA klxWOHrOJWtWn0KDmaU21jeuVzWZjKr/HVDnMGyAo2p9svNTuB/yLx+aToXFe2Sq hrpZZoa61Jcdq+tU0maDq01PvUfeLW/fxcSjTXChZpuEFv5IUo6NKP5GoxqC3wrv wDNqKX5IyyKJXVupnsB4 =q1fb -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
