As per the original article from Scott Helme that you intially referred to, you
will need to generate a random string yourself.
Something like this might help you in the right direction -
https://gist.github.com/earthgecko/3089509
From: Luis Speciale
Reply: users@httpd.apache.org , lspeci...@
pt-Encoding
Connection: close
Content-Type: text/html
On Sat, Jul 8, 2017 at 9:44 AM, Mitchell Krog Photography
wrote:
I agree use this tool - http://www.redirect-checker.org/index.php
It’s one of the best and doesn’t cache anything so any updates you make when
working with redirects are
I agree use this tool - http://www.redirect-checker.org/index.php
It’s one of the best and doesn’t cache anything so any updates you make when
working with redirects are picked up instantly.
Kind Regards
Mitchell
From: Nick Kew
Reply: users@httpd.apache.org
Date: 08 July 2017 at 4:43:01 PM
To
eRule (.*) https://def.com%{REQUEST_URI} [END,QSA,R=permanent]
Kind Regards
Mitchell Krog
**
Visit me at https://mitchellkrog.com
**
From: Blake McBride
Reply: users@httpd.apache.org
Date: 08 July 2017
Yes as it addresses a number of vulnerabilities discovered. Check mailing
list for CVE messages sent earlier today.
Kind Regards
Mitchell Krog
**
Visit me at https://mitchellkrog.com
**
License My
ing pragmatic and building my production server
with apache and php again to get back to 'real life'!! Ugh the things we
have to do to survive in this game!! LOL.
On 18/04/17 12:59, Mitchell Krog Photography wrote:
My experience with upgrading from 14.04 to 16.04 is apache does not upgr
My experience with upgrading from 14.04 to 16.04 is apache does not upgrade
well at all, had it happen on several servers already in the past.
I would suggest backup your entire etc/apache2 folder or rename it
/etc/apache_backup/
Then uninstall apache and purge it, uninstall PHP and purge it and
+1 php-fpm
From: Lester Caine
Reply: users@httpd.apache.org
Date: 30 March 2017 at 11:14:57 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] What is preferred PHP interface?
On 30/03/17 02:00, John Iliffe wrote:
> Surprised that the PHP docs don't seem to have anything equiva
Brilliant, so glad you got it sorted :)
Cheers
Mitch
From: John Iliffe
Reply: users@httpd.apache.org
Date: 28 March 2017 at 6:08:33 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Run Control for Apache in Fedora 25
First, my sincere thanks to all the folks who responded so fas
What does
sudo systemctl edit --full httpd
show you ???
From: John Iliffe
Reply: users@httpd.apache.org
Date: 28 March 2017 at 4:35:52 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Run Control for Apache in Fedora 25
Thank you Mickey.
That is exactly what the problem is; a
Actually to clarify point 3. That error I stated was due to something else.
However I tested the following config and the first virtualhost completely
over-rides the second one due to the wildcard.
ServerAdmin webmaster@centos.local
DocumentRoot /var/www/html/centos
ServerName centos
1. I have always stuck to one ServerAlias line but for fun I tested this
config this morning and it works just fine
ServerName centos.local
ServerAlias centos2.local centos3.local
ServerAlias centos4.local
ServerAlias centos5.local centos6.local centos7.local
2. Not that I am awa
I’ve tested on CentOS 6.8, Apache 2.2.15
Both
*ServerTokens PROD*
*ServerSignature Off*
Work perfectly and do not affect the starting of the server.
Secondly have you actually ever run a configtest?
*apachectl configtest*
If you copy and paste the the ServerTokens and ServerSignature lines ab
Sorry typo …. /etc/apache2/conf-available/security.conf
From: Chunduru, Krishnachaithanya
Reply: users@httpd.apache.org
Date: 14 March 2017 at 1:56:04 PM
To: users@httpd.apache.org
Subject: [users@httpd] Hiding Apache version info on the Aix server for
Apache.
Hi All,
Can anyone plea
Katz
Date: 14 March 2017 at 3:58:48 PM
To: users@httpd.apache.org
Cc: Mitchell Krog Photography
Subject: Re: [users@httpd] Hiding Apache version info on the Aix server
for Apache.
HTTPD should be logging somewhere, often /var/log/httpd or
/var/log/apache2. See if there is an error there
Not sure what version of apache you are using but in versions 2.4.x the
modification is done in /etc/conf-available/security.conf and not in the
http.conf or apache2.conf file.
From: Chunduru, Krishnachaithanya
Reply: users@httpd.apache.org
Date: 14 March 2017 at 1:56:04 PM
To: users@httpd.a
That’s because you have generated your own certificates, they are not
trusted by any browser.
Get yourself a fully trusted free SSL certificate using the Certbot client
from Let’s Encrypt.
https://letsencrypt.org / https://community.letsencrypt.org
From: Rodrigo Cunha
Reply: users@httpd.apach
Line 219 of your .conf file reads "IncludeOptional sites-enabled/*.conf”
that’s where it starts loading the sites you have configured and that’s
where it is failing. So start looking for errors on line 32 on one of your
enabled-sites conf files and not for an error in your apache2.conf which
looks
Your SSL config for Apache 2.4.10 should be as follows
...
SSLEngine on
SSLCertificateFile
/path/to/signed_certificate_followed_by_intermediate_certs
SSLCertificateKeyFile /path/to/private/key
# Uncomment the following directive when using client certificate
authentication
I see these type of attack strings all the time on Nginx except Nginx gives
a 403. Apache is notoriously bad with security and giving 200 ok responses
makes you yourself. A reason I and many other people have switched.
User support on this list was also non existent when I ran into serious SS
Thanks Spork for the detailed reply you got from Berkeley, I got a similar one,
though not quite as detailed. I think the problem with Apache is that it is
simply an index.html sending a 200 “OK” and not actually replying to say yes I
am infected with whatever it is they are looking for. At the
to my site
From the looks of it I would say it is targeting servers running SSL. Are you
serving up HTTP or HTTPS ?
From: Mitchell Krog Photography
Sent: Wednesday, October 05, 2016 8:18:38 AM
To: Tawasol Go; users@httpd.apache.org
Subject: Re: [users@httpd] Unknown accepted traffic to my
It’s some kind of buffer overflow attempt. I’ve been seeing this in logs for
months. It started a few months back with the Berkeley University Scanner who
are researching by sending out a string like that and then seeing what response
they get. It’s to check for some kind of exploit. Their IP fo
Hi all
I am hoping someone can please give me a more concise description of
what the socache_shmcb module is and what it actually does. The
documentation at
https://httpd.apache.org/docs/2.4/mod/mod_socache_shmcb.html is very
vague and in 2 years has not changed. Google searches do not reveal
24 matches
Mail list logo
