antoine wrote:
Thank you guys for your propositions but don't focus in the security model.
In general if i use an input filter can i modify the page's static html
code
before any dynamic code is inserted ??
If you run PHP as a filter, you could insert another filter in front
of it.
Otherwis
Nick Kew wrote:
Morten K. Poulsen wrote:
On Wed, 2009-10-28 at 19:06 +0200, antoine wrote:
Consider that we have an html form and a php script that handles the
posted data.
The scenario is that the bad guy writes in the form for example
" ... bad javascript code " and post this so when the
clie
Morten K. Poulsen wrote:
On Wed, 2009-10-28 at 19:06 +0200, antoine wrote:
Consider that we have an html form and a php script that handles the
posted data.
The scenario is that the bad guy writes in the form for example
" ... bad javascript code " and post this so when the
client get the page w
Hi André,
Thank you very much for your time and explanation. For what it's
worth, I have tried inserting a RewriteCond to make sure the proxy
only occurs when REMOTE_USER is set. This cleaned up the rewrite.log
file a bit, but the script is still not able to see REMOTE_USER. Here
is ou
On Wed, 2009-10-28 at 19:06 +0200, antoine wrote:
> Consider that we have an html form and a php script that handles the
> posted data.
> The scenario is that the bad guy writes in the form for example
> " ... bad javascript code " and post this so when the
> client get the page we have an attack.
I've got httpd 2.2.4 on Windows Server 2003, acting as a reverse proxy to a
couple other servers.
I'm getting a LOT of
"[error] proxy: HTTP: disabled connection for (x.x.x.x)"
and some
"[Wed Oct 28 12:55:33 2009] [error] (OS 10060)A connection attempt failed
because the connected party did
On Wed, Oct 28, 2009 at 12:50 PM, Marcos Mendez wrote:
> Anybody got any ideas how to fix this? The proxy is redirecting to a
> cgi. While this works fine with http, when using https, the request
> uri becomes http://domain name:443 instead of keeping https://domain
> name or converting it back to
Background:
I am running Apache as provided for Debian Lenny (2.2.9-10+lenny4) as
a reverse proxy. To that end, I installed libapache2-mod-proxy-html
(3.0.0-1) for URL rewriting.
As the original content is in charset ISO-8859-1, I set the option
"ProxyHTMLCharsetOut *" to get the webpage output as
> Interesting issue.
> Several things come to mind, roughly :
> 1) you may want to (also) post this question on the mod_perl list
> (modp...@perl.apache.org)
Thank you for your response. I will cross-post that right now.
> 2) what happens if you just remove the section
> >
> >
André Warnier wrote:
antoine wrote:
Hello ,
Consider that i have an html , javascript , php site.
My goal is to somehow modify the html , javascript code before php
module does its stuff.
It is part of a javascript injection defense system. So i want to
mark benign javascript before
php
Anybody got any ideas how to fix this? The proxy is redirecting to a
cgi. While this works fine with http, when using https, the request
uri becomes http://domain name:443 instead of keeping https://domain
name or converting it back to its original form?
SSLProxyEngine on
RewriteEngine on
Rew
antoine wrote:
Hello ,
Consider that i have an html , javascript , php site.
My goal is to somehow modify the html , javascript code before php
module does its stuff.
It is part of a javascript injection defense system. So i want to mark
benign javascript before
php module adds bad javas
Hello ,
Consider that i have an html , javascript , php site.
My goal is to somehow modify the html , javascript code before php
module does its stuff.
It is part of a javascript injection defense system. So i want to mark
benign javascript before
php module adds bad javascript code.
I f
Devin Bougie wrote:
...
Hi.
I'll give you my interpretation, after looking at the log, not really at
the configuration.
I think the confusion may be about when and where, things happen
exactly. And it is not really helped by your choice to proxy from your
server to itself..
If you examine
We proxy connections trough Apache to GlassFish Web Applications, and
would like to give those applications access to the http REMOTE_USER
variable. To make sure this is not related to GlassFish, I have
created a very basic test script. The kerberos authentication and
Apache proxy work pr
Hi Emmanuel,
I'm using Snort.
It dont (yet) permit use of "X-Forwarded-For" :(
Anyway since I cant block IP of SSL-out box, then this feature come
out I cant put a inline IDS with active response function on same box.
Maybe IDS sensor after SSL-out box, then, on a event... send a command
to SSL-ou
On Wed, Oct 28, 2009 at 8:43 AM, Krist van Besien
wrote:
> On Tue, Oct 27, 2009 at 10:55 PM, Marcos Mendez
> wrote:
>> I'm using mod_proxy/mod_rewrite to redirect requests to a specific
>> script which handles them. For example:
>>
>>
>> RewriteEngine on
>> RewriteCond %{HTTP_HOST} !^123.123.12
On Tue, Oct 27, 2009 at 10:55 PM, Marcos Mendez wrote:
> I'm using mod_proxy/mod_rewrite to redirect requests to a specific
> script which handles them. For example:
>
>
> RewriteEngine on
> RewriteCond %{HTTP_HOST} !^123.123.123.123 [NC]
> RewriteRule $(.+) http://123.123.123.123/myscript?url=%{
> -Message d'origine-
> De : Carlos André [mailto:candr...@gmail.com]
> Envoyé : mercredi 28 octobre 2009 13:06
> À : users@httpd.apache.org
> Objet : [us...@httpd] Reverse proxy like DNAT, any chance? :)
>
> Hi ppl,
>
> Maybe it's look like a stupid question, but, is there any way to mak
Hi ppl,
Maybe it's look like a stupid question, but, is there any way to make
apache acting as a "reverse proxy" send the original IP source to
destination? Like iptables DNAT ?
Coz I need protect users/server (HTTPS) and webserver (IDS), but my
SSL-out box (apache RP) send its own IP to apache w
Eric Covener writes:
> On Tue, Oct 27, 2009 at 7:17 PM, Ryan Watkins wrote:
>> Is there a way to download a single source file from the Apache-SVN without
>> getting the line numbers on the left?
>>
>
> I think you'll have to use an SVN client,
> http://httpd.apache.org/dev/devnotes.html
>
> It
On Wednesday 28 October 2009 00:31:44 Eric Covener wrote:
> On Tue, Oct 27, 2009 at 7:17 PM, Ryan Watkins wrote:
> > Is there a way to download a single source file from the Apache-SVN
> > without getting the line numbers on the left?
>
> I think you'll have to use an SVN client,
> http://httpd.ap
22 matches
Mail list logo
