[users@httpd]

2022-10-27 Thread Marius Hugel



RE: [users@httpd] Qualys scan reports B overall rating for a specific domain

2022-10-27 Thread Sierra Padilla
Hi,
Just checking, are you interested acquiring the list of attendees? Please 
respond my email. I'm waiting for your response.

We are discussing about Prices And, provide the discount cost.
Thank you,

Kind Regards.


From: Walter Hop 
Sent: 24 October 2022 17:20
To: users@httpd.apache.org
Subject: Re: [users@httpd] Qualys scan reports B overall rating for a specific 
domain

I will appreciate it if someone can pitch in for my earlier post to this 
mailing list and need guidance in this regard. I look forward to hearing from 
you. Thanks in advance.

I’m sorry if this has already been said earlier, cause I deleted a bunch of 
mails.

But this is a very good resource with configuration examples for getting an A+ 
on your Qualys SSL test: https://ssl-config.mozilla.org

Kind regards,
Walter Hop


Re: [users@httpd] Is Apache 2.4.7 newer than 2.4.54

2022-10-27 Thread Mike Dewhirst

On 27/10/2022 2:55 am, Frank Gingras wrote:
The defaults in the docs really cater to a low-traffic server; perhaps 
there should be a note to that effect.


On Wed, 26 Oct 2022 at 01:47, Mike Dewhirst  wrote:

On 26/10/2022 12:45 pm, Frank Gingras wrote:

You could temporarily increase your ThreadsPerChild, as 25 is
extremely low and increases the chances of that bug occurring.


Thanks Frank

These are the adjustments I made ...

    ThreadLimit 500 #64
    ThreadsPerChild 250 #25



This seems to have worked ...

Server uptime: 1 day 17 hours 23 minutes 47 seconds

Many thanks Frank

Mike



The server is not heavily used other than by script-kiddies
looking for php hacks. My next project is to find some way to
black-hole anything with php or wp in the request. Maybe a
redirect to google or something.



I'd have to find out what fix applies to this bug, and why your
installation is still vulnerable. Perhaps your distro used backports.


I can't answer such questions.

But the defaults were very restrictive originally - set by
DigitalOcean I suppose. I changed them to the defaults specified
in the Apache docs - per the comment lines in my original post.

Thanks for responding so quickly.

Cheers

mike



On Tue, 25 Oct 2022 at 20:02, Mike Dewhirst
 wrote:

My Apache 2.4.52 is crashing with a bug apparently eliminated
in 2.4.7.

Server Version: Apache/2.4.52 (Ubuntu 2022.04) OpenSSL/3.0.2
mod_wsgi/4.9.0 Python/3.10
Server MPM: event
Server Built: 2022-06-14T12:30:21

DigitalOcean droplet 8GB memory, dedicated CPU.

The log says ...
[Mon Oct 24 04:50:35.867241 2022] [mpm_event:error] [pid 904:tid
140622640994176] AH03490: scoreboard is full, not at
MaxRequestWorkers.Increase ServerLimit.

mpm-event.conf ...
# event MPM
# ServerLimit: Upper limit on configurable number of
processes (default 16)
# StartServers: initial number of server processes to start
(default 3)
# MinSpareThreads: minimum number of worker threads which are
kept spare
(default 75)
# MaxSpareThreads: maximum number of worker threads which are
kept spare
(default 250)
# ThreadLimit: upper limit on the configurable number of
threads per
child process (default 64)
# ThreadsPerChild: constant number of worker threads in each
server
process (default 25)
# MaxRequestWorkers: maximum number of worker threads
(ServerLimit*ThreadsPerChild)
# MaxConnectionsPerChild: maximum number of requests a server
process serves

     ServerLimit            16
     StartServers            3
     MinSpareThreads            75
     MaxSpareThreads            250
     ThreadLimit            64
     ThreadsPerChild            25
     AsyncRequestWorkerFactor    2
     MaxRequestWorkers        400
     MaxConnectionsPerChild        0






-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org




-- 
Signed email is an absolute defence against phishing. This email has

been signed with my private key. If you import my public key you can
automatically decrypt my signature and be sure it came from me. Just
ask and I'll send it to you. Your email software can handle signing.




--
Signed email is an absolute defence against phishing. This email has
been signed with my private key. If you import my public key you can
automatically decrypt my signature and be sure it came from me. Just
ask and I'll send it to you. Your email software can handle signing.



OpenPGP_signature
Description: OpenPGP digital signature