On Tue, Dec 8, 2015 at 8:51 PM, Ron Croonenberg wrote:
>
> This is just a bunch of hardware, with connections between it's nodes.
> The whole thing/cluster is not connected to anything 'internet', not even
> LAN. I worry about those connections being secure as much as I worry about
> security be
We are attempting to do two functions with our HTTP Server (Version 2.4):
1. Load Balance (mod_proxy balancer) workload to two Tomcat servers
(version 8)
2. Be able to route a request to Tomcat to serve up a web page.
The two URLS are configured in Tomcat to execute the functions are
Trying to set up a local environment for web application that we support.
windows 10 OS
Apache 2.2 installed. (win32)
Mod_perl 5.12 installed. (win32)
Strawberry perl 5.12 installed. (win32)
Can successfully run a simple Hello.pm from localhost/hello with these
configurations in http.conf, indica
On Tue, Dec 8, 2015 at 3:25 PM, Eric Covener wrote:
> On Tue, Dec 8, 2015 at 3:05 PM, Ron Croonenberg wrote:
>> also, " ... cipher strings are complex and we're protecting people from
>> inadvertently .. " .. that is why we have MS-windows and Mac-OS out
>> there. Most Linux installations are
On Tue, Dec 8, 2015 at 3:05 PM, Ron Croonenberg wrote:
> also, " ... cipher strings are complex and we're protecting people from
> inadvertently .. " .. that is why we have MS-windows and Mac-OS out
> there. Most Linux installations are work horses, mostly run by people that
> know what they ar
There are a bunch of applications for using http with encrypted
authentication without encrypted data.
For example, in 'cloud computing application' (which what I am build
somewhat is), you want password protection/checking for checking at a
different stage. However if you have to move TBs
I think a bunch of people confuse "network" with "world wide web"
The thing I am building is an appliance, it uses an internal network and
it is not connected to anything 'internet', WAN or 'LAN'
It is storage, sort of a file system, I worry about security of that
internal network as much as
what if one simply doesn't care if the data is encrypted during
transmission?. The data I move to an object store, basically files,
could already be stored encrypted. Also, hardware encrypters don't have
a need for encrypting data again. Encrypting it again is just a waste of
A LOT of bandwith
On Tue, Dec 8, 2015 at 2:19 PM, Eric Covener wrote:
> On Tue, Dec 8, 2015 at 11:41 AM, Ron Croonenberg wrote:
>> P.S: why not make it an option that can be configured and where the default
>> 'setting' is "no NULL ciphers" ?
>
> I think the rational ie that the cipher strings are complex and we'
On Tue, Dec 8, 2015 at 11:41 AM, Ron Croonenberg wrote:
> P.S: why not make it an option that can be configured and where the default
> 'setting' is "no NULL ciphers" ?
I think the rational ie that the cipher strings are complex and we're
protecting people from inadvertently enabling null and ex
On 12/07/2015 09:54 PM, William A Rowe Jr wrote:
On Dec 7, 2015 11:36 PM, "Marat Khalili" mailto:m...@rqc.ru>> wrote:
>>
>> Everything *after* that handshake, in cleartext, is open for
inspection or for manipulation
>
> Are you sure about the manipulation part? Why do you think encryption
hel
Can't you just use stunnel for the TLS part? According to some information on
the net it can be configured to use null cipher without recompilation. IMO it
should be compatible with 'normal' HTTPS, save for things like virtualhost name
extension. If HTTPS compatibility matters to you at all, bec
This is an error email !! don’t send more email here !!
De: William A Rowe Jr [mailto:wr...@rowe-clan.net]
Enviado el: mardi 8 décembre 2015 18:36
Para: users@httpd.apache.org
Asunto: Re: [users@httpd] explicitly including other ciphers for use with https
On Tue, Dec 8, 2015 at 10:
On Tue, Dec 8, 2015 at 10:45 AM, Ron Croonenberg wrote:
> I forgot, is there a "standard way" to create an rpm so I can install the
> binaries somewhere?
>
Well, all the major linux distributions have their own forks, their own
'one right
way' to package rpm/deb/etc, but have a look in the buil
You make an error, don't send more email here please
-Mensaje original-
De: Ron Croonenberg [mailto:r...@lanl.gov]
Enviado el: mardi 8 décembre 2015 17:46
Para: users@httpd.apache.org
Asunto: Re: [users@httpd] explicitly including other ciphers for use with https
I forgot, is there
I forgot, is there a "standard way" to create an rpm so I can install
the binaries somewhere?
thanks,
Ron
On 12/08/2015 09:41 AM, Ron Croonenberg wrote:
so in the source tree:
modules/ssl
in: ssl_engine_config.c
I see two lines:
arg = apr_pstrcat(cmd->pool, "!aNULL:!eNULL:!EXP:", arg, NU
so in the source tree:
modules/ssl
in: ssl_engine_config.c
I see two lines:
arg = apr_pstrcat(cmd->pool, "!aNULL:!eNULL:!EXP:", arg, NULL);
and tossed eNULL out
in: ssl_engine_init.c
I see a line:
apr_pstrcat(ptemp, "!aNULL:!eNULL:!EXP:", SSL_DEFAULT_CIPHER_LIST,
these 3 locations are the on
Hi all,
I’m trying to redirect block and redirect traffic with Mod_evasive and
mod_proxy.
I can get either one of those components working individuals, but when both are
combined only mod_proxy appears to be working with this config.
proxy.conf
ProxyPreserveHost On
ProxyRequests On
It should be straightforward to patch mod_ssl to accept null ciphers,
for such an unusual use case, but it isn't something we would likely
accept in the ASF distribution for the reasons I outlined.
that would be fine, this is cluster that needs to move a lot data
internally in a very short am
consider it an appliance, there are no user on this IB-fabric/network
just machines with no users/logins that communicate with each other.
I am looking for speed at this point, safety is not a concern, I can
solve that otherwise later.
Besides, I am trying to have a discussion about if some
Ok, I want to use encrypted authentication BUT do not want to use any
encryption of the data at all.
I do have 100% control over all off the IB fabric (and it is not in
'user space', consider it an appliance' this will be running on. I am
not interested in something secure at this point, I a
Also I would like to ask you if by this way I just lie only the logs, or
everything will works and with the other services like awstatus,
server-status etc.
On 12/08/2015 12:42 PM, georgi@gmail.com wrote:
Hello,
I am using varnish which send x-forwarded-for to apache 2.4 and on the
apache
Hello,
I am using varnish which send x-forwarded-for to apache 2.4 and on the apache
site i have mod_remoteip with the following configuration:
RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 77.77.77.77
RemoteIPInternalProxy 127.0.0.1
On 2.2 with rpaf module eveything is ok without chang
23 matches
Mail list logo
