We've setup a new Apache server on Centos 6.4, httpd 2.2.15.
The site is running SSL with a single Wordpress virtual host. We do use
mod_proxy to forward some requests to back-end systems our CAS
authentication system and a couple of other back-end systems we need a
limited amount of content from.
Hello
Does anybody know if Allowconnect statement would allow a client to connect
through the proxy server to a server on HTTPS? We have been trying to get this
to work but no progress so far so want to know if it should work or not.
Nagu Sittampalam | Security Team Leader , IT Solutions Divisi
We had this problem too and so stopped using mod_disk_cache for a few months.
I was under the impression it had been fixed and so
we've recently turned it back on. We're on Apache/2.2.26.
From: Mike Rumph [mailto:mike.ru...@oracle.com]
Sent: Wednesday, February 12, 2014 4:54 PM
To: users@ht
On 2/12/2014 13:11, rahul bhola wrote:
by sanitize i mean just check that u dont directly put the data coming
from cmd or command to exec() or functions that might compromise the
security of your system.
Are you talking about in CGI programs?
By url i mean example:
yoursite.com/sid=X
Hello Anthony,
The discussion on the caching of 503 errors in bug 55669 may apply to
this email thread as well.
- https://issues.apache.org/bugzilla/show_bug.cgi?id=55669
Thanks,
Mike Rumph
On 2/12/2014 2:35 PM, Anthony J. Biacco wrote:
I'm running compiled apache 2.2.24 on centos 6.4
I h
I'm running compiled apache 2.2.24 on centos 6.4
I have a URL which gets proxied to tomcat with mod_proxy_ajp.
The URL in a test scenario is producing a 400 status and content using tomcat
custom error pages.
Said URL space is cached in apache with mod_disk_cache.
Apache is caching said content an
by sanitize i mean just check that u dont directly put the data coming from
cmd or command to exec() or functions that might compromise the security of
your system. By url i mean example:
yoursite.com/sid=&shopid=
http://www.google.com/humans.txt?
would show you what he
On 2/12/2014 08:43, rahul bhola wrote:
because of HTTP Response 302 a safe bet would be to say he didnt get
anything still i would recommend you to sanitize the data u get from
parameter command and cmd.
Also simply go to the url to see what he saw
To what URL? What do you mean sanitize?
Than
My goodness, that worked! I am blown away! Thank you very much for
your help with this.
Jim
On 2/12/2014 2:58 AM, Tom Evans wrote:
On Mon, Feb 10, 2014 at 10:24 PM, Jim Borland wrote:
My server, which is located in the Amazon cloud, was just moved to a new
location with a new IP address.
Hi,
I've just noticed that mod_ratelimit does not work as expected with
mod_proxy_fcgi. I set a download limit to 500 KB/s for PHP (php-fpm) and
for some reason I'm still able to download at full speed.
If download limit is set to some low value e.g. 10 KB/s it pretty much
works (see results).
Co
because of HTTP Response 302 a safe bet would be to say he didnt get
anything still i would recommend you to sanitize the data u get from
parameter command and cmd.
Also simply go to the url to see what he saw
On Wed, Feb 12, 2014 at 9:58 PM, Knute Johnson wrote:
> On 2/12/2014 08:04, rahul bhol
On 2/12/2014 08:04, rahul bhola wrote:
in first and last casehe was checking if it is possible to pass shell
commands throught command or cmd parameter.not sure on second one but it
looks like he was testing for unsanitized url redirection vul.
On Wed, Feb 12, 2014 at 9:28 PM, Knute Johnson mai
in first and last casehe was checking if it is possible to pass shell
commands throught command or cmd parameter.not sure on second one but it
looks like he was testing for unsanitized url redirection vul.
On Wed, Feb 12, 2014 at 9:28 PM, Knute Johnson wrote:
> I found the following in my log th
When you go to those URLs on your website, what output do you get?
That will likely tell you what output the attacker got.
- Y
Sent from a gizmo with a very small keyboard and hyperactive autocorrect.
On Feb 12, 2014 10:58 AM, "Knute Johnson" wrote:
> I found the following in my log this mornin
I found the following in my log this morning. Does anybody know what it
really means? Thanks.
A total of 3 possible successful probes were detected (the following URLs
contain strings that match one or more of a listing of strings that
indicate a possible exploit):
/user.php?caselist[bad_
Thank you
Unfortunately not available for our architecture.
I will keep plugging.
eric
On 02/10/2014 09:13 PM, Michael Streeter wrote:
On 2/10/2014 8:04 AM, Eric K. Dickinson wrote:
Thank you very much.
I gave it a go... Still no Joy, the attempts at directory recursion
still end up in t
On Mon, Feb 10, 2014 at 10:24 PM, Jim Borland wrote:
> My server, which is located in the Amazon cloud, was just moved to a new
> location with a new IP address. Nothing else was changed. However, the
> Apache Virtual Host, which has worked flawlessly for several years, is
> broken. Apache serve
17 matches
Mail list logo
