You could potentially deny legitimate users access. I limit so many
connections per second per source IP. If I knew I were getting a ton of
traffic from a University I would have to adjust it accordingly.
The setting in pfsense is Maximum new connections / per second(s) -
that's per IP. My
> Truthfully, I've always limited connections from the source IP via a
> firewall before the traffic is even passed to apache.
Do you do this only when under DoS attack or all the time?
Won't you potentially prevent legitimate users from making a single
connection if they're connecting with a sha
On Thu, Aug 1, 2013 at 7:04 PM, Brennan, Edward C (HII-Ingalls)
wrote:
> Thanks, Ben. So based on your response, I still don't know what caused the
> error. I introduced apache 2.2.25 into my environment, and I get the error
> (which is why I posted to users@httpd, since I didn't introduce a n
Thanks, Ben. So based on your response, I still don't know what caused the
error. I introduced apache 2.2.25 into my environment, and I get the error
(which is why I posted to users@httpd, since I didn't introduce a new
subversion). But when I revert back to apache 2.2.22, I don't get the err
First of all this probably belongs on us...@subversion.apache.org...
On Wed, Jul 31, 2013 at 1:43 PM, Brennan, Edward C (HII-Ingalls)
wrote:
> Thank you.
> I am trying to understand what the recommendation is here. I am currently
> using SVN 1.6.6 and have apache 2.2.22 in production (reverte
Hopefully not too bad form to reply to my own thread, but I have more
information.
If I use normal file system based groups, it works as expected, and won't show
my directory 1.
So now it appears to be either an issue with mod_authz_ldap or it's apache
making a decision not to check a sub-dire
Hi,
Summary of my problem: mod_autoindex is showing directories that a logged in
user doesn't have access to when using Require group. When using Require user,
it's properly not shown. ShowForbidden is never turned on.
Details:
Oracle Linux 6u4 (RHEL6u4)
httpd-2.2.15-26.0.1.el6.x86_64
mod_au
Truthfully, I've always limited connections from the source IP via a
firewall before the traffic is even passed to apache.
On 08/01/2013 04:39 AM, Grant wrote:
Two different things come to mind. Kingcope found an Apache
byterange
vulnerability and the PoC code he wrote for it exhausts the
res
On Thu, Aug 1, 2013 at 2:32 AM, Jerry K wrote:
> looking at the home page of both products, the last Webalizer update was
> April 2011. The last Awffull update was in 2008.
>
So? The piped logger that I use to rotate my logs was last updated in
2004, it doesn't make it any way not the best damne
> Two different things come to mind. Kingcope found an Apache byterange
> vulnerability and the PoC code he wrote for it exhausts the resources on a
> server running Apache. Only 1 instance of his perl script had to be ran.
> LOIC is another that could possible DoS your server from one source. W
On 1 August 2013 03:13, C. Benson Manica wrote:
Apache creates the log file I specify, but logs nothing to it even when
> processing rewrite rules that I know work. What in the heck am I missing?
> Where do those config lines need to go?
>
Are the working rewrite rules definitely in the same Vi
>> ModSecurity looks good and I think it works with nginx as well as
>> apache. Is everyone who isn't running OSSEC HIDS or ModSecurity
>> vulnerable to a single client requesting too many pages and
>> interrupting the service?
>
> Not everyone, no. There are other alternatives such as mod_limitip
12 matches
Mail list logo
