[us...@httpd] mod_ssl and Transfer-Encoding: chunked wastes ~58 bytes per chunk.

2009-08-18 Thread Alex Stapleton
First some background. We use Apache HTTPD 2.0 over a high-latency, high packet loss GPRS WAN. The cost per byte is tangible. We use SSL. We also use Transfer-Encoding: chunked sometimes. This is a machine monitoring application. We are using iframe streaming to push real time data to operators bro

[us...@httpd] XSS vulnerability between Apache http server and Tomcat using mod_jk connector

2009-08-18 Thread Laura Randazzo
I have run into an XSS security problem between Apache http server and Tomcat using the mod_jk connector. I have my Tomcat version 6.0.16 server running behind an Apache http server 2.0.54 (I have also tested with version 2.2.13 with the same result) using mod_jk version 1.2.28. If I send the

Re: [us...@httpd] SSLProtocol vs SSLCipherSuite

2009-08-18 Thread Eric Covener
On Tue, Aug 18, 2009 at 10:36 AM, Capstone wrote: > I may not have been clear on my question so I am reposting, hopefully in a > more clear manner,... I apologize if this is bad practice. > > I would like clarification as to whether the SSLProtocol directive is > absolutely necessary when trying to

Re: [us...@httpd] SSLProtocol vs SSLCipherSuite

2009-08-18 Thread Capstone
I may not have been clear on my question so I am reposting, hopefully in a more clear manner,... I apologize if this is bad practice. I would like clarification as to whether the SSLProtocol directive is absolutely necessary when trying to achieve the highest level of security when configur

[us...@httpd] How to set prefer-language from a URL parameter without cookies?

2009-08-18 Thread Victor Engmark
Hi all, I'm trying to do language auto-negotiation in .htaccess on version 2.0.63, and it mostly works (see code below). The only thing that doesn't is the "env=prefer-language:%1" part, and I can't figure out why. I tried asking at Stack Overflow

Re: [us...@httpd] Need apache webserver infront if i hardware cluster 2 tomcats with SSL?

2009-08-18 Thread Krist van Besien
On Tue, Aug 18, 2009 at 9:08 AM, jimmy6 wrote: > > Need apache webserver infront if i hardware cluster 2 tomcats with SSL? See: http://catb.org/~esr/faqs/smart-questions.html -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of c

[us...@httpd] Need apache webserver infront if i hardware cluster 2 tomcats with SSL?

2009-08-18 Thread jimmy6
Need apache webserver infront if i hardware cluster 2 tomcats with SSL? -- View this message in context: http://www.nabble.com/Need-apache-webserver-infront-if-i-hardware-cluster-2-tomcats-with-SSL--tp25019573p25019573.html Sent from the Apache HTTP Server - Users mailing list archive at Nabble.