'd. And the existing issues list didn't become any shorter,
unfortunately.
Questions? Comments? Let me know. Thanks for your interest!
--Jacob Champion
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
n is end-to-end.
This is one of the reasons that the use of wss:// is encouraged over ws://.
--Jacob
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
On 07/11/2017 09:12 AM, Alexandru Duzsardi wrote:
how does the httpd process change the permissions of that file? does
that before droping root privileges? if not what would it stop it to
change any file permissions?
OP said htpasswd was touching the file, not httpd.
--Jacob
PR61240 [1], which should be fixed in the just-announced
2.4.27.
--Jacob
[1] https://bz.apache.org/bugzilla/show_bug.cgi?id=61240
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h
lease schedule, when it's
baked we publish a release.
But Jim and Jacob are furiously updating the test framework as you
were asking your question, so I'm guessing the group will be working
to release this fix just as soon as it is agreed upon, within a week
or few.
--Ja
reak you again.
I'm sorry for the inconvenience, and thanks for your patience.
--Jacob
[1] https://bz.apache.org/bugzilla/show_bug.cgi?id=61202
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
y long-term, I think it would be good for all EXEC_ON_READ directives
to be distinguished by the config syntax itself. Similar to #include and
#define in C. I've been tinkering around with that a little in my spare
cycles.
--Jacob
---
CVE-2017-3169: mod_ssl null pointer dereference
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
httpd 2.2.0 to 2.2.32
httpd 2.4.0 to 2.4.25
Description:
mod_ssl may dereference a NULL pointer when third-party modules call
ap_hook_process_connection() during an HTT
CVE-2017-7679: mod_mime buffer overread
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
httpd 2.2.0 to 2.2.32
httpd 2.4.0 to 2.4.25
Description:
mod_mime can read one byte past the end of a buffer when sending a
malicious Content-Type response header.
Mitigation:
CVE-2017-7668: ap_find_token buffer overread
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
httpd 2.2.32
httpd 2.4.24 (unreleased)
httpd 2.4.25
Description:
The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a
bug in token list parsing, which a
CVE-2017-3167: ap_get_basic_auth_pw authentication bypass
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
httpd 2.2.0 to 2.2.32
httpd 2.4.0 to 2.4.25
Description:
Use of the ap_get_basic_auth_pw() by third-party modules outside of the
authentication phase may lead
why a patch was released.)
--Jacob
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
tives, in
that they affect what the server sees in the configuration. is a
request-time conditional. They should really not look so similar.
--Jacob
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional comma
eld in the
AcceptFilter 'data' case -- which we're not supposed to be doing to
begin with [1]. We don't do that in the 'connect' filter.
This is all just theorycrafting, though. I'll try to reproduce on my end
too.
--Jacob
[1]
https://msdn.microsoft.com/e
termittent
problems with it for a while now. If you have a reproduction case, I'd
be happy to run with it.
--Jacob
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
other part of the
project), now is an excellent time to let me know. Follow or fork the
project on GitHub, file issues, open pull requests! And as always,
thanks for your interest.
--Jacob Champion
-
To unsubscribe, e-mail:
On Dec 18, 2015 6:23 AM, "Klaus Darilion"
wrote:
>
> For the records: Since we use Apache 2.4.17 we do not have that problem
> anymore.
Excellent! Glad that seems to have solved it. Thanks for reporting back.
--Jacob
[on mobile; sorry for any formatting annoyances]
an s_client conversation with dumpcap. Wireshark immediately
"decrypted" the plaintext data but showed that there was still a MAC
appended to each record. Modifying a single byte of that data caused
Wireshark to fail its "decryption" of that record.)
--Jacob
---
the use of NULL encryption have any effect on the
authenticity/integrity characteristics of the cipher? I asserted
otherwise on openssl-users and was not corrected...
--Jacob
[1] https://marc.info/?t=14490098273&r=1&w=2
--
authn failures that went away after we cherry-picked
several patches from the latest httpd version. If you have the means to
update versions easily (or if you just get desperate enough), you might
check to see if that fixes your problem.
Good luck,
--
On 11/12/2015 06:39 AM, Rich Bowen wrote:
On 11/10/2015 03:33 PM, Jacob Champion wrote:
I'm happy to announce version 0.1.0 of mod_websocket:
https://github.com/jchampio/apache-websocket/releases/tag/0.1.0
Jacob,
First, congratulations on your release.
Hi Rich, thanks very much!
eventually be an ABI bump (0.2.x) to fix some known issues with the
interfaces, but I'll do my best to consolidate those compatibility
breaks and drive towards a 1.0 as soon as possible.
Thanks for your interest!
--Jacob Champion
--
that
maintaining and shipping prebuilt binaries for Linux distributions is
typically unfeasible, for a huge number of reasons. He doesn't mean that
Linux systems don't use binaries, because they do.
--Jacob
-
To unsu
Will do as soon as I get home from work...
Thank you,
Jacob Tennant - K8JWT
On Wed, Aug 4, 2010 at 12:03 PM, Eric Covener wrote:
> On Wed, Aug 4, 2010 at 11:05 AM, Jacob Tennant
> wrote:
> > I have just switched from Apache on Windows7 to Ubuntu 10.04LTS and have
> a
>
I installed noip2 from apt-get before Apache. System responds that noip2 is
functioning and I have NAT turned on in noip2.
Jacob Tennant - K8JWT
On Wed, Aug 4, 2010 at 11:44 AM, John Doe wrote:
> From: Jacob Tennant
> >I have just switched from Apache on Windows7 to Ubuntu 10.04LTS a
I have just switched from Apache on Windows7 to Ubuntu 10.04LTS and have a
couple questions...
1. I am running my system thru a no-ip.org port 80 redirect. When I looked
at the error log this morning it stated that system ip could not be resolved
and was going to use 127.0.1.1 by default. So how c
ession
matching, which I am anxious about doing in a high visibility website.
I was looking to see if this was being done regularly and if I am
being overly paranoid, or if my concern is valid.
-Jacob
On Fri, May 30, 2008 at 12:02 PM, Nick Kew <[EMAIL PROTECTED]> wrote:
> On Fri, 30
Thanks, I'll look into that. Though it still seems like I will have to
do this regular expression search for URL's which is what my main
issue is.
-Jacob
On Fri, May 30, 2008 at 8:23 AM, Jim Jagielski <[EMAIL PROTECTED]> wrote:
> On Fri, May 30, 2008 at 08:17:22AM -0700,
.com/app1 --->www.app1.target.com/app1
www.proxy.com/app2 --->www.app2.target.com/app2
Then it almost eliminates the need to do any URL rewriting at all. I
would much rather not set things up like this, and would like to do
this only if URL rewriting using ProxyHTMLURLMap is n
ch looks correct.
Anyone know why this would happen? More details are below.
If I don't pass --enable-module=ssl --enable-rule=SHARED_CORE when
configuring Apache, I don't get this error, so I assume it's somewhat
related to mod_ssl.
Jacob
The end of the "make" outpu
with the following error:
"ld.so.1: /product/httpd-2.0.55/bin/rotatelogs: fatal: libgcc_s.so.1:
open failed: No such file or directory"
Please let me know where it is missing and how can I install/add it.
Jacob
This m
Hi, I'm using Apache HTTP Server (version 2.0.55) for my project. I'm having three SSL sites which I run on the same IPaddress, but with different port numbers. For example say for the ports 443, 444 & 445. The sites I have can be for example, 1) one.xyz.com 2) two.xyz.com 3) three.x
Comments inserted below.
Joshua Slive wrote:
And what happened?!?! What exactly was the result in the browser?
A blank page. Nothing whatsoever.
What exactly is in the error and access logs?
Nothing.
One source of problems that you should just get rid of is the
.htaccess file itself.
ww/ is the root directory of my website.
AllowOverride AuthConfig
Options None
2. Wrote this .htaccess file in /var/www/:
AuthType Digest
AuthName "Private"
AuthDigestFile /var/www/.htpasswd
Require valid-user
3. Ran the command sudo htdigest -c /var/www/.htpasswd jacob
N
Background=Currently, we have an web application running on an OS/390 mainframe under mainframe Unix Shared Services. The webserver is IBM HTTP Server, which is a rebranded version of Apache.
This application is being migrated to AIX.Currently in the mainframe, the password has
ompany.org
resolves to my ip.
If I use
Allow from [myip]
it works fine. And if I put my hostname and ip in /etc/hosts it also
works. But for some reason apache is resolving my name differently than
the host command from the server or anyone else's servers for that
matter. Any
Hello.
How can I make httpd output result=90 if an error occurs?
The error could be any error.
I.e. a 404 or a Php script error.
Thanks,
Jacob
-
The official User-To-User support forum of the Apache HTTP Server Project.
See
Title: RE: [EMAIL PROTECTED] + in URL
Hi Bill,
Thank you very much for your brief and helpful explanation.
Sincerely,
Jacob Eshed
-Original Message-
From: William A. Rowe, Jr. [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 21, 2005 6:35 AM
To: users@httpd.apache.org
Subject
ceives:
<http://server.name:port/V/?func=some_function&mode=category&category=Category%20Name&sub_cat=Art%20%20%20Design&restricted=all>
Thanks,
Sincerely,
Jacob Eshed
-Original Message-
From: William A. Rowe, Jr. [mailto:[EMAIL PROTECTED]]
Sent: Sunday, November 2
apache not to parse the '+' sign?
Thanks.
Sincerely,
Jacob Eshed
-
This message has been scanned for viruses and
dangerous content by
Ex Libris Ltd, and is
believed to be clean.
-
Hi.
How can I make httpd log to a remote log file?
Can I do it via syslog?
Thanks,
Jacob
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
irdness I have no
> probs with Foxserv.
> >
> > Regards,
> > Sean
> >
> > lists <[EMAIL PROTECTED]> wrote:
> > This may sound like a silly question, but is the
> administration pages
> > actually running on apache or are they served by
> the
Hi-- I have apache 2.0.48 running on windows server
2000-- coldfusion is also running on the server, MX
6.5. I am able to view .html pages but when I load
.cfm pages i get:
"Please try your request again in a few minutes."
No error code. Nothing in the logs, besides a normal
get request in the
wrong subject. sorry.
--- Jacob Drew <[EMAIL PROTECTED]> wrote:
> Hi-- I have apache 2.0.48 running on windows server
> 2000-- coldfusion is also running on the server, MX
> 6.5. I am able to view .html pages but when I load
> .cfm pages i get:
>
> "Please tr
Hi-- I have apache 2.0.48 running on windows server
2000-- coldfusion is also running on the server, MX
6.5. I am able to view .html pages but when I load
.cfm pages i get:
"Please try your request again in a few minutes."
No error code. Nothing in the logs, besides a normal
get request in the
I was trying to do the same thing. I settled on running one apache per
virtualhost, and proxy-ing them through the main virtualhost. This way each
apache only has permission to use it's own files, and only one server is
comprimised if someone writes a security hole into their php/perl scripts.
Yo
Is there a way to insert an HTTP HEADER when you ProxyPass and
ProxyPassReverse? For example, I'd like to pass the original client IP
address to the backend server so that I can insert that into the logs insead
of inserting my server IP. Can this be done? Or would the Proxy code need
to be alter
riginal Message-----
From: Jacob Miller [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 26, 2005 8:30 PM
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] Running apache on 127.0.0.x
I would like to run each apache as the user who owns the files of a
particular virtual host.
Ex. Denja
I would like to run each apache as the user who owns the files of a
particular virtual host.
Ex. Denjak would run the denjak.com apache.
To do this I've setup an apache running on 127.0.0.1:80 as the "test" user.
I've tested the localhost apache using wget 127.0.0.1 and I get my test
index.html
49 matches
Mail list logo
