Your question was answered 7 days ago. You then repost the same exact
question and its been answered 3 times since then.
Apache does not handle time period < . >
If you want to patch you will have to patch your OS (contact vendor)
and JVM (contact vendor again)
On 1/24/07, John Flores <[EMAIL
Maybe I'm going about this the wrong way but wouldn't any competent
systems administrator know about a known vulnerability and patch it
when it is discovered. Then again maybe I am thinking in too simple
terms.
-
The official Use
This is because without a CASLocalCacheFile parameter set inside your
Location directive every HTTP is redirected to your CAS
authentication.
Reference source: http://www.sfu.ca/acs/cas/Install_SFU_mod_cas.html
On 1/24/07, Tracy12 <[EMAIL PROTECTED]> wrote:
Hi,
I have a Apache Authentication
First of... what does the error log say.
Side note... I slso have had major issues running a compiled from
source apache on debian machines running 2.4 kernels (which I believe
3.0 runs as well). It configures and builds fine but when I start it
my childeren have seg faults. Debian fixed this in
Hi,
I have a Apache Authentication module defines as follows also I have
directoryIndex such that
if http://localhost/test will be redirected to
http://localhost/test/index.html as everyboy knows
also have the following block, but the problem is when I hit
http://localhost/test it hits the
The argument you are using is a general one, saying security doesn't
come from obscurity. While this is meaningful in a broad sense, in real
life scenarios obscurity often improves already existing security. The
problem is that all but a few mistake one for the other and that this
misunderstand
On 1/24/07, Lowe, Grant <[EMAIL PROTECTED]> wrote:
Hi All.
I'm getting a 404 error saying that the webpage cannot be found when I
try to login to my web server. I have searched through Google and
looked at various web pages and numerous USENET news groups. I have
checked the permissions on the
Nathan Kellogg wrote:
>
> We are trying to use the following config to allow a listing of files in
> the /htdocs/buslist/ directory but not in the /htdocs/ directory.
The config you cited was apropos of nothing.
Look into Options Indexes at
http://httpd.apache.org/docs/2.2/mod/core.html#options
On 1/24/07, Richard de Vries <[EMAIL PROTECTED]> wrote:
It may be a "tiny roadblock" as you put it, but it
doesn't cost anything, nor does it hurt anything.
Another error there. Ask yourself: why is this header suggested in
the HTTP spec anyway? It wasn't put there to give Netcraft something
We are trying to use the following config to allow a listing of files in
the /htdocs/buslist/ directory but not in the /htdocs/ directory.
In the absence of index.html in the /htodcs/buslist/ directory, Apache
responds with
"Forbidden
You don't have permission to access /buslist/ on this
OK, I now see this is an old discussion which I shouldn't have
re-visited.
My problem is: I have a security audit done by a reputable
organisation (National Computing Centre, UK) and I have
to deal with their findings. I'm well aware most serious
hackers won't bother with trivia like the "Server
It may be a "tiny roadblock" as you put it, but it
doesn't cost anything, nor does it hurt anything. So
why wouldn't you do it?
By its self it may not make a whole lot of difference,
but combine a lot of these "tiny roadblocks" together
and you'll have yourself a defense in depth strategy.
(http:
Thanks for the reply Joshua, I tried to run php as cgi but the php scripts are
not parsed. Maybe I'am stupid but I tried everything this is my config :
http://pastebin.com/866568
There are no "error" entrys in the log files ( disabled suexec and
mod_userdir ) I don't understand why php aren't p
Does apache have the ability to run servlets? If so, would an updated java
version be needed as in needed for Tomcat?
- Original Message -
From: "William A. Rowe, Jr." <[EMAIL PROTECTED]>
To:
Sent: Thursday, January 18, 2007 7:23 PM
Subject: Re: [EMAIL PROTECTED] Daylight Savings 20
On 1/24/07, Richard de Vries <[EMAIL PROTECTED]> wrote:
I have modsecurity running on my apache instances, and
I often see all kinds of IIS exploits hitting my box.
This then gives me time to look thru my various apache
and firewall logs, and take some corrective measures
like for instance slapp
Hi All.
I'm getting a 404 error saying that the webpage cannot be found when I
try to login to my web server. I have searched through Google and
looked at various web pages and numerous USENET news groups. I have
checked the permissions on the apache directories and files in question.
I have tri
Joshua, that is not entirely true.
By making believe you're running a different webserver
than you really are ... you can potentionally buy
yourself some valuable time.
If an attacker wants to attack/criple your site,
he/she will most likely first try all known
vulnerabilities for that webserver
On 1/24/07, Phill Edwards <[EMAIL PROTECTED]> wrote:
My company sends out web-based surveys to our customers. These surveys
are managed by a 3rd party so the domain name that the surveys are
served under is totally different to our domain name.
Would it be possible to use ProxyPass to make it lo
On 1/24/07, Puskás Zsolt (errotan) <[EMAIL PROTECTED]> wrote:
Hello All.
Is there anybody who can send a link how to make suexec work on Debian
4.0 'etch' I spend 2 days from morning to night and I give up.
Suexec does not work in any case neighter with userdirs or just in virtualhost
PHP script
On 1/24/07, Simon Ashford <[EMAIL PROTECTED]> wrote:
Hmmm...
Doesn't seem to work. Still get "Server: Apache" in the
HTTP headers regardless of SecServerSignature.
Get the impression from various reading that the Server
header is added by Apache pretty much at the very end of
processing, afte
On Jan 24, 2007, at 11:00 AM, Wm.A.Stafford wrote:
A bit more info has emerged, the admin believes the Apache
version is 1.3.20.
Running httpd -v will take away any shred of doubt.
I'll see if there is any interest in moving to the latest
Apache but at this point I think that is p
Sander,
A bit more info has emerged, the admin believes the Apache version
is 1.3.20.
-=bill
Wm.A.Stafford wrote:
Sander,
Good news and bad news. The admin confirmed that Apache is being
used as a proxy but she does not know what version of Apache is being
run but she thought
Remove all CustomLog/TransferLog from your httpd.conf as Sander already said.
On 1/24/07, Arthur Kreitman <[EMAIL PROTECTED]> wrote:
But its on windows!
> -Original Message-
> From: Serge Dubrouski [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, January 24, 2007 10:53 AM
> To: users@httpd.
But its on windows!
> -Original Message-
> From: Serge Dubrouski [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, January 24, 2007 10:53 AM
> To: users@httpd.apache.org
> Subject: Re: [EMAIL PROTECTED] Turning Off Access Log
>
> CustomLog /dev/null common
>
> if it's UNIX/Linux
>
> On 1/24/
CustomLog /dev/null common
if it's UNIX/Linux
On 1/24/07, Arthur Kreitman <[EMAIL PROTECTED]> wrote:
I don't see an option to stop logging http requests. Is there one?
-
The official User-To-User support forum of the Apa
On Jan 24, 2007, at 10:38 AM, Arthur Kreitman wrote:
I don’t see an option to stop logging http requests. Is there one?
Just omit, remove or comment out any TransferLog or CustomLog
directives from your Apache configuration file. If I recall
correctly, ErrorLog is required for the serve
I don't see an option to stop logging http requests. Is there one?
i built apache 2.2.4 from source on debian 3.0 using gcc
i am running on debian 3.0 which has libc 2.2
when i install it on the machine i build on, it works
however i need to install it on another debian 3.0 machine
on the alternate machine, httpd will only server files smaller than 256
bytes
files
Thanks Xavier and Serge. Wish I had seen that earlier in the FAQ :-(
I'll implement multiple IPs.
Bijan Vakili
Senior Software Developer
Cryptologic Inc.
55 St-Clair W, 3rd floor, Toronto, Ontario, M4V 2Y7
Phone 416.545-1455 Ext 5892
E-Mail: [EMAIL PROTECTED]
SKYPE: bijanvakili
This messa
Hmmm...
Doesn't seem to work. Still get "Server: Apache" in the
HTTP headers regardless of SecServerSignature.
Get the impression from various reading that the Server
header is added by Apache pretty much at the very end of
processing, after anything done by other modules.
Probably something t
On Jan 24, 2007, at 6:03 PM, Serge Dubrouski wrote:
The only way to make it work is by adding additional IP addresses and
setting VirtualHosts on those addresses, each with it's own
certificate. You can't have several certs on one IP address.
Or else have SSL in different ports, see the first
The only way to make it work is by adding additional IP addresses and
setting VirtualHosts on those addresses, each with it's own
certificate. You can't have several certs on one IP address.
On 1/24/07, Bijan Vakili <[EMAIL PROTECTED]> wrote:
Hi,
I have a Solaris 10 system running Apache
Hi,
I have a Solaris 10 system running Apache 2.0.52. I'd like to know how
to have multiple virtual host names map to the same name while each
supports its own SSL certificate and key file.
The current setup is as follows:
...
NameVirtualHost *:443
...
# Host #1
ServerNa
Nestor Burma wrote:
Hello,
I'm working on a web (and, obviously, Apache)-based
app that will manage tens of thousands of users. Each
user will have his own "private" URL space (which
content will be application-defined and
application-managed).
ldap and/or db_auth modules will do as a starting
On 1/24/07, Nestor Burma <[EMAIL PROTECTED]> wrote:
For small numbers of users, we could play with
.htaccess in the associated private directories, and
some DBM or database to store the users credentials.
But would this scale for tens of thousands of users ?
Is there some better solution than to
Hello,
Simon Ashford wrote:
We recently had a security audit done and one of the
points noted was that it was possible to identify the
web server software in use from the "Server" header.
So I would like to remove or completely overwrite
this header with something meaningless.
mod_security and
Hi,
I mounted a tomcat with mod_jk to /foo and I include a jsp in a static html page
like this:
Everything works quite fine, as long as the status code returned for
"/foo/bar.jsp" is 200. If it is something else like 404 or 503 I would expect
"[an error occured while pro]" or whatever
Sander,
Good news and bad news. The admin confirmed that Apache is being
used as a proxy but she does not know what version of Apache is being
run but she thought it was 1.2. I looked around on the server and the
date of Apache.exe is 6/23/2002. Is there a file that is delivered with
th
Anyone know if it is possible to remove or completely
overwrite the "Server" HTTP header from Apache?
"ServerTokens" only allows it to be reduced somewhat.
"mod_header" doesn't seem to affect it.
We recently had a security audit done and one of the
points noted was that it was possible to ident
Hello,
I'm working on a web (and, obviously, Apache)-based
app that will manage tens of thousands of users. Each
user will have his own "private" URL space (which
content will be application-defined and
application-managed).
We want to password-protect those URLs/directories so
that only the "own
I don't think that's a problem with session. Can you post
configuration part for www.xxx.eu VirtualHost? Also what is in the
Apache's error log and in the log file for mod_jk?
On 1/24/07, Alessandro Ilardo <[EMAIL PROTECTED]> wrote:
I'm still working on this issue, but this time I have with
Hello All.
Is there anybody who can send a link how to make suexec work on Debian
4.0 'etch' I spend 2 days from morning to night and I give up.
Suexec does not work in any case neighter with userdirs or just in virtualhost
PHP scripts keep running in www-data user & group.
I tried all possible
My company sends out web-based surveys to our customers. These surveys
are managed by a 3rd party so the domain name that the surveys are
served under is totally different to our domain name.
Would it be possible to use ProxyPass to make it look like the surveys
were being served under our own do
I'm still working on this issue, but this time I have with me the logs
file from Apache and Tomcat sample application. I hope that can help to
solve my poblem.
Access Log calling the sample application running on Tomcat from behind
the firewall and without passing from Apache / Connector
xx.xx
On 1/24/07, Boyle Owen <[EMAIL PROTECTED]> wrote:
You just put a WAP file (ie, page.wml) in the server (eg,
http://server/page.wml) then hit that URL from the phone.
I get the feeling you're not really sure about how WAP works... It's
really just the same as normal HTTP - the only difference is
I do apologize if I wrote a confused code, in the followings I changed
ONLY the domain name in order to protect it.
ServerName linux.domain.com
DocumentRoot "/var/www/html"
JkMount /idm/admin/* jboss322Pluto
worker.list=tomcat559Saturn,jboss322Pluto
worker.tomcat559Saturn.maintai
46 matches
Mail list logo
