On 20/02/12 10:13 PM, Chris Arnold wrote:
On Feb 20, 2012, at 10:04 PM, Yehuda Katz mailto:yeh...@ymkatz.net>> wrote:
On Mon, Feb 20, 2012 at 9:49 PM, Chris Arnold
mailto:carn...@electrichendrix.com>> wrote:
I just want to revisit this on-list again. Yehuda has help
tremendously, tha
On Feb 20, 2012, at 10:04 PM, Yehuda Katz wrote:
> On Mon, Feb 20, 2012 at 9:49 PM, Chris Arnold
> wrote:
> I just want to revisit this on-list again. Yehuda has help tremendously,
> thank you Yehuda. I have the front end server set for proxy(reverse) in the
> httpd file:
>
> ServerName ifol
On Mon, Feb 20, 2012 at 9:49 PM, Chris Arnold
wrote:
> I just want to revisit this on-list again. Yehuda has help tremendously,
> thank you Yehuda. I have the front end server set for proxy(reverse) in the
> httpd file:
>
> ServerName ifolder.electrichendrix.com
> ProxyPass /ifolder https://192.1
I just want to revisit this on-list again. Yehuda has help tremendously, thank
you Yehuda. I have the front end server set for proxy(reverse) in the httpd
file:
ServerName ifolder.electrichendrix.com
ProxyPass /ifolder https://192.168.123.4/ifolder
ProxyPassReverse /ifolder https://192.168.123.4
Thanks for responding. After sleep and more debugging this turned out to
be a mod_python session problem and unrelated to Apache operation.
Apologies for wasting anyone's bandwidth.
On 19/02/12 21:20, Jeff Trawick wrote:
As a diagnostic step, set "KeepAlive Off" and see if the problem
reproduc
On Mon, Feb 20, 2012 at 11:25 AM, Eric Covener wrote:
> On Mon, Feb 20, 2012 at 11:22 AM, Mauricio Tavares
> wrote:
>> On Sun, Feb 19, 2012 at 9:41 PM, Igor Cicimov wrote:
>>> Thats what " Require valid-user " doing. Try with " Require any"
>>>
>> Tried it and it is still not letting me u
On Mon, Feb 20, 2012 at 4:16 PM, Phil Smith wrote:
> On Mon, Feb 20, 2012 at 8:54 AM, Tom Evans wrote:
>> On Mon, Feb 20, 2012 at 1:16 PM, Steve Swift wrote:
>>> Ah, but the "sh" error means that my code never starts executing. If the
>>> very first line of my code were to get executed, then the
Forgot to mention that they use Apache server in tandem with Windows IIS.
-Original Message-
From: Lou Vasilev [mailto:lvasi...@powercosts.com]
Sent: Monday, February 20, 2012 10:37 AM
To: users@httpd.apache.org
Subject: [users@httpd] Very slow Apache proxy server under IE
I have the fol
I have the following architecture: a JSP page with JavaScript client code, the
backend is a JAVA class that gets data from an Oracle database. The whole app
runs on a WebLogic 10 server. It works fine in my development environment and
also on the client's internal network. However, the client ha
Do any of the GET requests in your access log correspond with CGI scripts
which might run for a long time? I presume that the access log entry
corresponds to when the script starts, not when it ends. The "sh" error
messages may thus occur minutes after the corresponding GET entry in the
access log.
On Mon, Feb 20, 2012 at 11:22 AM, Mauricio Tavares wrote:
> On Sun, Feb 19, 2012 at 9:41 PM, Igor Cicimov wrote:
>> Thats what " Require valid-user " doing. Try with " Require any"
>>
> Tried it and it is still not letting me use the kerberos ticket,
> only username+passwd.
Sure your brows
On Sun, Feb 19, 2012 at 9:41 PM, Igor Cicimov wrote:
> Thats what " Require valid-user " doing. Try with " Require any"
>
Tried it and it is still not letting me use the kerberos ticket,
only username+passwd.
>
> On Sun, Feb 19, 2012 at 9:23 AM, Mauricio Tavares
> wrote:
>>
>> I ha
On Mon, Feb 20, 2012 at 8:54 AM, Tom Evans wrote:
> On Mon, Feb 20, 2012 at 1:16 PM, Steve Swift wrote:
>> Ah, but the "sh" error means that my code never starts executing. If the
>> very first line of my code were to get executed, then the error message
>> would come from the error handlers in m
> Does anyone know of ANY web server that
> provides
> > CSRF protection at the web server level? I'm curious.
> >
Take a look at mod_security that provides CSRF prevention mechanism by means of
JS injection.
smime.p7s
Description: S/MIME cryptographic signature
On Mon, Feb 20, 2012 at 2:26 PM, Mark Montague wrote:
> On the other hand, I could see providing CSRF protection at the web server
> level as being useful, since you then would not need to trust each web
> application author to both completely impelment CSRF protection and to
> implement it correc
Thank you for your persistence, which has paid off, and conquered my
obtuseness.
So, apache doesn't invoke "sh". Neither does my code, explicitly. But when
my script invokes a host command, the interpreter just hands the command to
the default execution environment, which in this case is "sh".
I
On February 20, 2012 5:50 , Henrik Strand wrote:
What are your best practices against Cross-Site Request Forgery?
Use of a CSRF token as described on the OWASP page you lined in your
original message.
Does Apache Httpd support this out-of-the-box (incl. validation of the
token for each su
Yes, into httpd-ssl.conf
# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
#
Listen 8443
2012/2/20 Igor Cicimov :
> Do you have
> Listen 8443
> at all in your config?
>
> On Feb 20, 2012 10:28 PM, "A
On Mon, Feb 20, 2012 at 1:16 PM, Steve Swift wrote:
> Ah, but the "sh" error means that my code never starts executing. If the
> very first line of my code were to get executed, then the error message
> would come from the error handlers in my code, but nothing in my code
> executes under these ci
Ah, but the "sh" error means that my code never starts executing. If the
very first line of my code were to get executed, then the error message
would come from the error handlers in my code, but nothing in my code
executes under these circumstances.
So, without a single byte of my code changing (
Do you have
Listen 8443
at all in your config?
On Feb 20, 2012 10:28 PM, "Andres Aguado" wrote:
> m, i've configured on other machine, other apache 2.2 as reverse
> proxy and i've forwarded request to https://www.ingdirect.es, and the
> error is the same
>
> This is a very strange cuestion b
m, i've configured on other machine, other apache 2.2 as reverse
proxy and i've forwarded request to https://www.ingdirect.es, and the
error is the same
This is a very strange cuestion but, do you know if these
configurations should work?, is it necessary to make any strange
configuration?
Re
Hi,
What are your best practices against Cross-Site Request Forgery?
According to owasp.org a CSRFToken should be generated and added as a
hidden form value.
Does Apache Httpd support this out-of-the-box (incl. validation of the
token for each subsequent request until the session expires)?
Be
Hi again. Here we are again
Sorry, but I don't understand that dns error, because i'm connecting
to ip interface. I'm not connecting to dns name to simplify the issue.
And i can connect from proxy to backend ok to https port. the problem
seems to be when virtual host "proxypass" the request, becau
On Sat, Feb 18, 2012 at 4:30 PM, Steve Swift wrote:
> I get entries like this in my error log. They are extremely sporadic, and
> because the access rate is low on our server, it is easy to find the CGI
> script that was being accessed. In all cases, it is one which hasn't changed
> in months, and
25 matches
Mail list logo
