ive just upgraded my apache through upgrading to debian etch and now mod_auth_mysql needs the line AuthBasicAuthoritative
November 7, 2007 at 8:29 pm
· Filed under Tomcat
Blog Web Hosting | Blog Hosting
php handler for all files with no extension
which is a bad idea, IMO
If I have a document called "http://foo.com/whatever.php" but the browser requests "http://foo.com/whatever", I'd like "whatever.php" to be accessed.
finally I restarted apache and attempted to access the directory.
pastebin the entries you added.
do you have access to the old server?
It prompted for credentials as expected but would not take the password. I tried the system password and, to my dismay, it worked.
Unfortunately, no.
Ah! They are called "Friendly URLs".
mod_rewrite
Ahh! Multiviews!
multiviews
multiviews is http://httpd.apache.org/docs/mod/core.html#options or http://httpd.apache.org/docs/mod/mod_negotiation.html or http://httpd.apache.org/docs-2.0/content-negotiation.html
I'd guess you want something similar to "SetHandler php-script" in your Directory
hi, is it possible to use back references in the pattern-part of a rewrite rule (mod rewrite) ?
or "SetHandler application/x-httpd-php"
no
jajmon, yes, if memory serves.
9 2007] [error] VirtualHost *:80 — mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined
any ideas?
thinking is *hard*!
but don't take my word for it. smarter people than myself have written documentation
tias
tias is Try it and See - if you want to know if something will work, give it a go. If not, then you can ask why it didn't work as expected
to be honest, I've never tried
ok… so I updated my httpd file with http://apache.pastebin.ca/644855 and now the server won't come up
pastebin the output of httpd -S, please
nm
ignore that
the NameVirtualHost directive should be in apache2.conf, not in your virtual hosts
but I'm not sure what you'd be backreferenceing to
i've tried with both \1 and \$1
eth01, you only need one NameVirtualHost directive
http://rafb.net/p/PO4uSC29.html
what rule are you trying to use, and to what aim?
id like to match /foo/foo with something like ([a-z]+)/\1
do NOT use *:* as a NameVirtualHost
faq1
exactly. For example, NameVirtualHost *:80 must be used with VirtualHost *:80
^^
hm, ive done that lol
*:* is a NameVirtualHost
do NOT use *:* as a NameVirtualHost
hm fair enough
so virtualhost *
no
NameVirtualHost *:80
NameVirtualHost *:80 is not the same as NameVirtualHost *
and VirtualHost *:80
VirtualHost *:80 is /usually what you want in virtualhost directivesthat way, when you add SSL, your existing vhosts won't break
://
oh.
?
no
NameVirtualHost *
Consider using NameVirtualHost *:80 instead, to avoid port overlap.
that's what my current NVH is.
checking the docs, %N and $N are only used in the RHS of a Rule/Cond
NO, DO NOT USE NameVirtualHost *
okay, change it?
roobarb, my problem is that i want to use relative links, but that will make my urls incorrect.. eg if i have a link to foo/ and you press the link twice you get foo/foo/ i want to rewrite it to just foo/
USE nameVirtualHost *:80 and *443
erm, *:433, rather
space?
thumbs, maybe he has fajita on ignore :p
space is :the gap between the first argument and the second argument
kk
makes sense?
443
443 is default port for ssl
not on the same line, obviously
heh
what if i dont want to use SSL
my bad. I had entries in the httpd.conf that conflicted with .htaccess. It's working now.
then don't use NameVirtualHost *:443
great.
yah, i have checked the docs :/
can i use both?
use both what?
eth01, configure it as if you might change your mind that way
80 and 443
how do you "press a link twice" ?
okay, cyth answered my question.
are you wanting to serve mutliple domains from a single IP?
doesn't hurt. However, you will need a VirtualHost on *:443 for apache nto to complain.
you'd have to be specifically coding your html badly to get that effect
Ok, how do I enable MultiView support on a virtual host?
Options +MultiViews
it's easy if its in the header or footer
for instance
so um.. yeah - I fixed my vhost and apache booted - yay! now I just got a 500 Internal Server error…
use links starting with a /
step 1?
Whatever the problem, step 1 is always to look in the error log.
that will make em absolute
and thats how i have it now
and…?
and like i said, i want relative links
falieson, check the error log
you can't have it both ways
what do you mean both ways?
if you're trying to have a static navigation frame, use absolute links, then use relative links for other stuff
but relative would make the site easier to move..
it would be nice
I'm not a web-developer, but trying to bodge this with apache seems crude
you should links relative to the docroot.
s/should/should use/
I'm guessing the root of your problem is hor navigation pages aren't context-censitive
s/hor/your
im not sure im following
if you've clicked on jobs/jobs.html, you shouldn't include a link tro yourself on that page
thats how you get into this kind of mess
i guess
I don't understand what you're trying to fix
you can add rewrite conditions based on the request
he's got a navigation header with relatibe links
if it already matches the current rule then it can be skipped
instead of causing circular rewrites
you'd have to do that for every directory he has
yes
which is messy
which is a layout flaw on part of the page designer
relative links are fine, as long as they aren't duplicated
if I had a concrete example, I'd probably have a better grasp of the real problem
er.. let me rephrase a line back. relatives are fine as long as they aren't duplicated for multiple different root paths
page jobs/jobs.html which includes a link to jobs/jobs.html, so if you click the link while you're already on jobs/jobs.html, you end up at jobs/jobs/jobs.html
I don't understand where/why jobs is being rewritten
nothign to do with rewriting
oh
gotcha
Virtual Directory Support — should that be enabled or disable for virtualhosts to work?
it's in a phptest page, i don't understand.
using mod_rewrite isn't the right way of fixing this; sorry
if there is no other jobs.html then there's no problem with ./jobs.html as long as it's on pages under /jobs/
hey guys, I'm trying to setup phpMyAdmin on a freebsd 6.2 machine with ssl working.. when I click the link (takes me from http://xxxxx to https://xxxxx) I get "The requested URL /phpMyAdmin/scripts/setup.php was not found on this server."
hey guys, I'm trying to setup phpMyAdmin on a freebsd 6.2 machine with ssl working.. when I click the link (takes me from a href="http://xxxxx"http://xxxxx/a to a href="https://xxxxx"https://xxxxx/a) I get "The requested URL /phpMyAdmin/scripts/setup.php was not found on this server."
any ideas what is messed in my config?
yah, im fixing my anchors
nvm..
thx
unspecific.net virtual directory support
I'd guess your :443 VHost DocumentRoot isn't set the same as the :80 one
thanks
weird, had to link from /usr/local/www/phpMyAdmin to /usr/local/www/data/phpMyAdmin
I have one cgi script I have copied that to cgi-bin directory but how can I run that ans see that page
http://localhost/cgi-bin/script.cgi
make sure the script has read/exec privs
cat http://localhost/cgi-bin/script.cgi
a blanket chmod 755 script.cgi will suffice
chmod +x file
scripts need read privs as well
what's with the cat?
lol
run it in your browser
just wanted to know what was in the script.cgi file
oh
i don't have apache running on localhost
i thought you wanted to run it
lol
you could see if it works by running it…
do you know if apache 2 can host irc?
../script.cgi
i have a question about AuthType
authtype
authtype is http://httpd.apache.org/docs/2.2/mod/core.html#authtype
answers ^^
yeah
tnx
but
guys, has anyone successfully hosted an irc channel on Apache 2.2?
i want know what's different between BASIC & DIGEST
digest
digest is alternative password exchange method that uses 'secure' hashes to prevent sending a password in clear text or available in apache from mod_auth_digest
basic
basic is BNOT more secure than putting a username/password in an html host form
basic does everything in the clear
that's the difference
tnx
digest uses md5 of sha1 then does it?
so digest is secure
or is it rsa?
hey, i'd be impressed if they used electron scattering!
?
more secure
in and of itself, yeah
ok
but i have a problem
but you can still use basic if you set up ssl and make sure any auth is done over ssl
why not write your own encryption algorithm? that would be much more fun!
compiled apache 2.2.4 ./configure –enable-digest
but in restart apache i give a problem for digest
but in restart apache i get a problem for digest
and?
what's the problem?
the problem is that the environment apache is running in doesn't have the krb config
what's your error log say?
elaborate
You make no sense, try to rephrase your question and elaborate on what you want, what you tried, and what didn't work (paste the error message you see in the error log, usually named error_log or error.log). Also tell us what platform you are on and what version of apache you are using.
plz wait for copy this log
mod_yoda
power of the force uses this module does
when (AuthType Digest)
i must set AuthDigestFile?
mmhmm
or AuthUserFile?
AuthUserFile is http://httpd.apache.org/docs-2.0/mod/mod_auth.html#authuserfile or http://httpd.apache.org/docs/2.2/mod/mod_authn_file.html#authuserfile
AuthUserFile is a href="http://httpd.apache.org/docs-2.0/mod/mod_auth.html#authuserfile"http://httpd.apache.org/docs-2.0/mod/mod_auth.html#authuserfile/a or a href="http://httpd.apache.org/docs/2.2/mod/mod_authn_file.html#authuserfile"http://httpd.apache.org/docs/2.2/mod/mod_authn_file.html#authuserfile/a
tnx for everything
wtf is this ggkthx bullshit I'm looking at
wrong channel
You've asked something which isn't Apache-related. Perhaps another channel would be better-suited? You need to go thataway. (*pointing in two opposite directions*)
http://apache.pastebin.ca/644916
what's the error when you try to start apache
way more useful than that pastebin
there is no addition to the log file when I try starting it (using wamp)
this on windows?
start it in cmd
I'm in cmd - how?
cmd
I mean apache
from cmd
then cd to your apache install dir
then httpd -k start
:-/ its wamp not apache2
well then go to whereever 'wamp' package installed apache
httpd is in bin
apache2/bin/httpd
but runnign httpd - k start
wamp == windows
that's the w
returns an error about the service not being installed
so is this windows or not?
yes
no space between - and k
httpd -k start
btw, no one here really uses windows, so your help will probably be very limited
The system cannot find the file specified. : No installed service named "Apache2.2"
bleh
install service on windows
try httpd start
bah. What was it again?
f' if i know
that error I think is because wamp slaughters the install rather than hacking the program up wel enough
wamp registers its apache service as wampapache
well, you can get that on a regular install from apache.org
if you install local instead of as a service
apache windows's still something of a mystery around here
!lastlog service
lastlog service
install apache as a service
http://httpd.apache.org/docs/2.0/platform/windows.html
read that factoid, please.
Is the any thinf that would keep running apache
wha?
parse error
Your question doesn't make sense, and implies misunderstanding at a more basic level. Please review the docs..
I actually uninstalled apache2 from my system when I installed wamp because I was afraid of having conflicting services - by installign apache2 I do not think it will fix my problem - it will only circumvent my current error
if apache dies than it restart apache
i think the concept is the same thing
read the factoid. NOW.
you'd have to run some kind of scheduled job that checks if apache is running
like a cronjob
ok but is there nothing any another option?
i am already aware of the information contained in this factoid
nope
so install the service, as the error suggest.
ok thanx
the error suggests that apache2 service does not currently exist on the system, infact it does already exist except under a different name of wampapache rather than "apache2.2"
so you need to fix the current service.
removing it, then reinstalling it would be recommended.
that is the usual windows way
no, I was referrign to the service itself.
remove the current service, and reinstall it, using the factoid's information.
if you need more information, read the factoid again.
wamp is bad in the way that - when you try loading the apache server hosting - if it doesn't work it doesn't seem to append any info the apache error log
this is why you need to start it on the command line
also, running apache on windows is not recommended. A linux or BSD machine works much better.
Would any one in here be able to help me defend my server against an apache based DoS attack?
yes, and I have installed these services with no trouble on other machines - my laptop is windows and I desire an environment I can code in when I will be doing a great deal of traveling next week
bandwidth
bandwidth is see netnice mod_bandwidth mod_throttle mod_bwshare mod_cband mod_bw mod_tsunami mod_evasive mod_limitipconn/please share your experiences with any of these
those might help ^^^^
also see mod_security
mod_security
mod_security is http://www.modsecurity.org/documentation/index.html
It's an memory leak bassed DoS
what's the leak in?
I'm sure of it on account of there are about 2000+ instances of it started.
ummm, 2000+ of what?
Apache
2000 child processes?
At the point it does this the server runs out of ram and then goes to swap then the swap runs out and the server goes offline
and your box is still responsive?
Yes
so set your mpm parms appropriately
no
is this a cgi, php?
I've set them over and over.
yes it has php installed.
well set them once, correctly
what page is being called?
how many concurrent connections are you seeing via netstat?
Unsure yet.
about 247
all on port 80
figure out the page, look at your server logs
247 isnt much.
Well I'm sure it's a vuln in a apache like the pervious memory leaks released for older versions
doubtful
more likely php
but also not likely a memory leak.
just poor application
I doubt it as well.
a poorly written script can easily consume all the system memory.
yup
one that never resturns, or returns a looong time from now
takes too long to do its job
and more often than not, php host is to blame.
or cgi host near as often
anyway, look at your logs and see if you can find the offending page
first step.
mmk
0 -0700] "GET
this has been accessed at least 500+ times in the past two days
think that would be it?
i have a dsl modem
i want implement apache behind dsl modem
my dsl config is NAT
how to set NAT for Apache?
that's not really many hits, but the test would be to hit it yourself and see how quickly it responds
router
In order to access your web server behind a NAT router, you must forward the port apache is listening on to your internal IP. Then you can access your site by pointing your browser to http://your external IP here:port. If your ISP blocks port 80, see 'port 80 redirection'. Instructions on how to forward a port using most common routers can be found at http://portforward.com.
^^
if it takes a lot of time to handle that request then maybe it's the problem
fajita i know it
what?
if I make an attempt to start apache my apache geronimo server hosting will automaticly start to get overflowed.
but dsl modem use port 80 for modem management page
at that point I would also loose connection via ssh.
so tell your modem not to.
also look at your error_log to see if anything odd is turning up in there, the requests that are killing you may nit be completing and there fore may not be logged in the access_log
becuse this modem confiure in webbase
I just got this from a few mins ago when I attempted to start apache
change your listen statement to 127.0.0.1 and just bring it up locally
3 2007] [error] could not make child process 7768 exit, attempting to continue
many of those exsist in side the error_lo
*error_log
that's not too terrible of an error, somewhat normal but could be realted to a php/cgi app not returning in a reasonable amount of time
ok, we are onto to something then
folks — how to it?
If I dont find the exact script thats getting attacked is there any thing else that may be able to be done to prevent or maybe even stop this?
how are you with tcpdump? we could turn the server on and capture the requests on the wire, see what and who is crashing you
never used tcpdump before.
is this port 80 or 443?
server only supports 80 currently and the only thing that accepts 443 is webmin which is firewalled off to users using APF.
ok, tcpdump -s0 -n port 80 -w cap1.pacap
then start up apache and wait for the badness to begin.
tell your router not to listen on port 80.
that will write all the traffic to your server to that capture file, and we can take a look to see what is being requested and from whom, even if it results in a error and is not logged to the access_logs
if unsure how, consult the documentation that came with your router
all traffic on port 8- that is
80
Tcpdump showed nothing… and my server began to freeze so I attempted to stop httpd as fast as I could before I lost connection
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 byte
as I said, tcpdump writes to a file. We'll look at it now.
ahh ok
can you post that file somewhere I can download it?
or you can email it if you like
Ok Tnx
I can put it on yousendit would that be ok?
sure, but ive no idea what that is
you may have to coach me, you should grab wireshark and look at it yourself as well
will do
very useful tool
was looking at it currently using nano bit sccattered though.
in fact you prolly dont need me to look at the capture, but im happy to. It will probably be obvious to you
yeah nano is not the right choice, you could use tcpdump -r filename -X though
lol
| less if long
is pretty obvious just using nano
I can tell their probly luanching an attack on my vbulletin forums.
ok, nano has some bin to ascii ?
try the tcpdump -X or better yet wireshark You really should get to see the capture in all its glory
Unsure don't really know much about nano except that it's a text editor
good thing to get familiar with
Just finished downloading wireshark… and installing.
that capture is binary in nature
what forum system are you using?
The newest version of vbulletin
It apears as if they are hiting the registration on it.
what's the POST data look like?
Cannot 100% verfiy that yet though beacuse I haven't looked into the tcpdump log.
well look
all answers are there
I am but just now connecting via ftp to download the log and open it in wireshark
lemmie know if you see a lot of checksum errors, might have to adjust the settings a bit if you NIC does chksum offloading
No checksum errors but what are the color keys? theres some green some red.
No idea, I'm color blind. :/
you should clearly see the GET's POSTS, etc…
ahh…, well I'm seeing multiple POST's a lil bit to many to coutn.
and the responses or lack thereof
*count.
have a look at the POST payload, I am concerned they may be doing more that what you entend
they're still attacking it?
yes but I've shut apache off
ah.
might be spammer exploiting you for his benefit
are they all attacking from one IP?
the server has been under attack for the past 3 days.
it's actually an DDoS thumbs apears to be many many IP's
you could, of course, firewall off the offending IPs for now.
you could take that page out of commission and come bacl up
theres to many to.
yes true but the page is required for my community to function correctly.
well, look at the POST data please. see what is being pushed up
lets try and understand if this is a DOS or you are being exploted for other nefarious purposes
random stuff
\r\n
== _Chris_ ?
I was recently looking at a memory leak in apache that does this same type of execution
No I'm a friend of his.
gotcha
they're posting with with non-hexidecimal strings when sending the server host md5s for registration.
interesting
interesting is not always good
is the request successful? is there a response code?
the content posted is \r\n
http://milw0rm.com/exploits/9
where exactly would I see if there is a response code?
I wonder if it would be any better me trying to run a virtual linux environment and then installing lamp+ror
server will respond after the POST from the client, probably the very next packet in the same sequence if it tryly was juts a few bytes of data
you can highlight a POST and find Follow TCP Stream in the menu in wireshark somwehere
easiest way to track it if capture is hard to follow
interesting exploit, I was not familiar with it. What version of apache are you using?
rici you around? or chipig?
There seems to be multiple responses to it
2.2.4 I think.
good on the version. I'll go bug hunting on it. Should be one response but it could span multiple packets. If there was a response thought then the request should be logged in the access log.
I'll be right back… so If I dont' respond I'll catch up with you when I'm back, thank you very much for your help.
it does look like this code may be what is hitting you given the POST payload you described. looking at it now
ok, good luck bud, come back if you need a hand
the bug that that DOS is associated with was fixed long ago
I'm back for the time being any othre suggestions of things I should look at and or try to prevent this attack?
+
if you cannot block the source address and you cannot block the page, the two options are a snort rule that triggers on the payload of the post and page and has an action of null routing or firewall blocking the source or use mod_security to create a filter on the POST payload etc… and block the request with it
arreyder:I'm aslo noticing alot of [SYN], ACK,[SYN] packets in here. is that normal to have out of 5680 20% of them as that and another 80% as POST
yep, those are critical in the build up/tear down of each connectins
called a three way hand shake
it is coming from many different client/source addresses correct?
the bad stuff
Can anyone help me with my Apache server and .htaccess? I'm having issues pw protecting a page
Yes it is comming from many diffrent client/source adresses, meaning it is infact a type of DDoS.
htaccess
htaccess files apply to the directory in which they are placed, and to all subdirectories thereof. or Only needed if you don't have access to the main server config. or http://httpd.apache.org/docs/howto/htaccess.html or http://httpd.apache.org/docs/configuring.html#htaccess or http://httpd.apache.org/docs-2.0/howto/htaccess.html or if it doesn't work, checkyour AllowOverride directives in http. Ask me about AllowOv
htaccess purpose
Don't confuse htaccess with password-protection. The purpose of htaccess is to enable users to configure apache locally for their own directories, when they have no privilege to do so in httpd.conf. Using htaccess slows the server. Also rewriterules and redirects are more complex in htaccess
auth
Take a look at http://httpd.apache.org/docs/2.2/howto/auth.html or http://wiki.apache.org/httpd/PasswordBasicAuth for some basic examples!
ok realtime filtering is you best bet then, options are snort with an action rule, iptables patched for string matching, or mod_security
Which would you suggest/prefer/or think would be more effective?
I like snort, least work
Snorty snorty snort snort
snort.org correct?
we have to establish a rule that matche a signature of the bad POST
correct, should be a package for your distro
any idea if I would be able to yum it?
Nvm my last question I answered it myself.
the idea will to be either null route on a match the source, route add badguyip gw 127.0.0.1 or block with iptables rule. you have to be coreful with both because you only want to block on established connection else you could get DOS'd even worse if attacker is smart.
should be able to
last i remember red hat had packages for snort
and this is my mem from rh 7.3
you might already have it installed
snort can be told to look for a connection before matching
MorbusIff!
morbusiff is 5FULL OF WHISLEY AND MorbusIff's KEYBOAR D IS BREOKED
hehe
warning though, when wife comes home I may have to leave you to your own devices, or megaspaz's
Any refferences as to how I add these rules?
it's not real hard to pull this off though
i need you to digg something for mee.
kk
gimme the url
Where is httpd.conf typically located on a LAMP server?
http://digg.com/playable_web_games/60BWC_Teaser_Site_Launches
the packet capture of the POST will have the data we need for the rule, the idea is to regex on it with a snort rule
and anyone else should digg it too!
YOU MUST DIGG IT
sure.
Answer my question and I'll digg it to the high heavens
dugg
thanks
httpd.conf?
httpd.conf is the main apache configuration file.
distro layout
See http://wiki.apache.org/httpd/DistrosDefaultLayout for clues on how your distro mangles or organises its Apache package(s)
arreyder would we be able to talk via PM?
Thank you and dugg
only if it is something confidential, else best to keep it here for input from all and education for all
ok,I'm looking into adding these rules atm.
arreyder one thing I've noticed is the reffer is ?do=register\r\n
on all of the POST requests.
What's a normal POST to that look like?
we dont want to block all by accident, we'll log first with no action though to make certain we do no damage.
I'm not sure now thinking/looking at it including somthing sean just pointed out it seems these are normal POST requests…
But at a massive request rate.
ok thats more easily handled then
bandwidth
bandwidth is see netnice mod_bandwidth mod_throttle mod_bwshare mod_cband mod_bw mod_tsunami mod_evasive mod_limitipconn/please share your experiences with any of these
these tools can let you rate limit requests
by page, by source etc…
by rps, or bandwidth
thankyou, I'll look into those then
i'm not following you…
good bot
thanks arreyder
one more thing would you be able to tell me what a normal/sugessted prefork config would be?
depends on your servers capabilities and resourcefulness with regard to running your applications
My Current Seems a bit over kill (I.E. MaxClients 256 MaxRequestsPerChild 4000)
a rule of thumb is to observe you average httpd process size and see how many times that fits into availabe free memory when apache is not running
setting requestsperchild lower can help with memory leaks, but respawning new children adds a bit of overhead
use the memory rule I mentioned to determine a good maxclients setting
benchmark
siege, apachebench, jmeter, flood, grinder, httperf
Ok thankyou once again arreyder.
those tools can help you evalute your choices
http://salgat.homelinux.net/music/ can someone check if its working for them(should have a pw protection popup)
rici suggested once incrementing max clients until benchmarking with ab caused swapping. then backing off to the preswapping state
I like that approach
not perfect, but a great simple starting point
keeping keepalivetimeout to around 3-4 seconds is also a great defacto standard
and keeps processes free to handle requests and not sitting idle waiting on clients that may never come back
eating up ram and such.
lets you do more with less.
would you mind taking a look at that tcpdump log?… kinda feel unconfterable cuse there is infact alot more repeating stuff in this log.
*comfterable
glad to
can I get your email so I can send it to you?
yeah pm coming
Alright email sent.
got it, looking
wife is home, gotta break for a minute, back asap.
Alright, I'll just wait here until your back then.
sorry about that, back now
and looking at the capture
No problem got lots of time been waiting for the past like 12 hours for the datacenter to restart our server any way.
these SYN + RST ACK pairs are interesting. You server is blocking some connection attepmpts. Firewall of some sort?
yes infact were using APF + DDoS Deflate at the same time and DDoS deflate is set on a cron log.
cool that explains it
while under attack we had it checking for 10 connections or more and if there was more made then 10 it would auto ban the IP.
nice.
you can do that natively in iptables btw
rate limit
comeon fajita!
ratelimit
dang it I know I put in a factoid on this
connection limit
For Linux, look here http://www.debian-administration.org/articles/187 It shows how to do it for SSH, but it's just a matter of changing port 22 for port 80 or 443 or …
there we go
:d
anyway, back to capture
this is tough, it looks completely random for the content.
the post content that is correct?
the sources are not random though it seems to be a fixed set at least in this sample, let me run some stats on it and get a list of uniq sources and number of hits from each
if so that would make sense it looks like at the same time they were trying to register multiple users on our board(forums).
yeah the POST, would be hard to write a filter to block it. Unless we could do some validation on the md5 sum field
lemmie run some stats, one minute
arreyder:One thing me and my other admin came up with was to go in the PHP script and change the reciving variables and setup a filter to firewall ban any one requesting the old ones.
decent stop gap measure for sure
The only problem with that would be the fact literally almost 1.0 seconds after apache has been started my SSH connection to the server slows down 90% to the point it's hard to type.
is there anyway i can have http://blogularobject.com and ryannisly.com/blog both point to the same location on the server
so basicly at 2 seconds the server is completly offline and no longer able to be accessed… until rebooted by my datacenter staff manualy.
look at doing so prioritization on the port 22 traffic with iptables qos tagging, might help
also you could cron a apache stop every hour, to give you a chance to come back.
in the event whatver you trie does not work
sure, redirect all requests from ryannisly.com/blog to http://blogularobject.com using redirectmatch
will peoples current rss feeds work?
Hmm the cron sounds intresting, didn't think about that before.
that depends.
most likely they will. Without more information on your setup, I can't say.
if cron can even run at that point.
it's wordpress… would u use .htaccess
I would never use htacess if I had the choice
htaccess purpose
Don't confuse htaccess with password-protection. The purpose of htaccess is to enable users to configure apache locally for their own directories, when they have no privilege to do so in httpd.conf. Using htaccess slows the server. Also rewriterules and redirects are more complex in htaccess
so what do you suggest? (i'm using hostgator and have access to apache handlers
true but thats why I would set it lower then 1 hour.
Gah
if you have access to the apache config, edit it directly.
okie
I would only need apache online as long as I was testing.
sure.
there's only 8 address in that capture
That capture was literly under 2-4 seconds
If even that.
http://pastebin.com/mb997250
still, how sure are you it's a larger set?
block the entire class C for each to be safe for now
HitCount Address for the sample capture
afk a sec
Wow, arreyder just firewalled those IP's and started apache to see if there were any more that were connecting and no IP's were showing connected to port 80.
Meaning it was on a smaller scale then I thought it just looked big beacuse of how many times those were establishing connections.
cool
i'm trying to find a segfault on solaris.. but i'm not doing well with gdb
segfault
segfault happens when you run a program that is seriously buggy OR not binary-compatible with your system. If apache segfaults, build it from clean source. or get a coredump/traceback to find where it 's coming from or likely to come from third-party modules such as PHP
doesn't solaris have dtrace?
i'm pretty sure it's from php.. yes it has dtrace.. i only ran truss, which gave me a point that looked like a floating point error between postgres and php.. but it was sort of incomplete
huh?
so don't waste time on php
i have a core dump, but i haven't figured out how to analyze it.. gdb httpd -c coredump
hasn't worked
reinstall/upgrade the php module
latest version.. have thought of downgrading to 5.2.1
was just, hoping i could find the trigger instead, and just work around it.. if it's floating point code
you can try
IMO, it's a waste of time.
well i've recompiled.. i could try again.. you think recompile or downgrade?
how did you install apache, orginally?
originally i compiled it with mod_ssl.. i've since run my compiled version and a packaged version
do NOT mix packages an self-compiled versions.
same error
it's a recipe for segfaults.
i know it
i prefer self-compiled, but i just haven't been able to get around.. i'll keep trying
apxs is at least, with php, supposed to allow a lil space
looking at this some more, you could do some easy field validation on the md5sum value and toss these away
either with php itself, snort, or mod_security.
just making sure it's a-f|0-9 would be sufficient to weed these out.
would you happen to know if theres a way to add ip exceptions into iptables?
what were you going to try and do? there's always a way
hello
i want to limit access to a directory, how i do that with the .htaccess file?
htaccess
htaccess files apply to the directory in which they are placed, and to all subdirectories thereof. or Only needed if you don't have access to the main server config. or http://httpd.apache.org/docs/howto/htaccess.html or http://httpd.apache.org/docs/configuring.html#htaccess or http://httpd.apache.org/docs-2.0/howto/htaccess.html or if it doesn't work, checkyour AllowOverride directives in http. Ask me about AllowOv
thanks
apache
htaccess
htaccess files apply to the directory in which they are placed, and to all subdirectories thereof. or Only needed if you don't have access to the main server config. or http://httpd.apache.org/docs/howto/htaccess.html or http://httpd.apache.org/docs/configuring.html#htaccess or http://httpd.apache.org/docs-2.0/howto/htaccess.html or if it doesn't work, checkyour AllowOverride directives in http. Ask me about AllowOv
Hello, I'm trying to compile openvps. I have apache2 installed. I get this far in compilation: checking for Apache libexec directory… /usr/lib/apache/1.3, and then I get an error about mod_python.so not being installed in that dir. Which it is, it's there.
is apache still good to use ?
i havent needed a web server in a while but it seems alot of people are in that lighttpd craze
is apache still imrpoving making it better and faster / lighter ?
Here is my mod_rewrite line how do I make it accept "-"? RewriteRule video-([0-9-]+)\.html videos.php?action=view&id=$1
never mind i got it
hello
hi, xterm.
Im having some troubles with apache
Im trying to configure a virtual server
but when I see the page I see a forbidden message
I'd make a chmod -R 777 to the document root directory of the virtual server
but I still get the same message
hi ppl
I'm trying to rewrite my main domain to be served from a subfolder
but can't hit the sweet spot
RewriteCond %{HTTP_HOST} =www.chinechine.biz
RewriteRule ^/(.*)$ /chinechine.biz/$1 [R=301,L]
anyone knows what I am doing wrong?
all seems perfectly fine to me
how do u redirect a host in apache, ie. blablabla.net redirects to www.blablabla.net
Hey
I've got an SVN repository, however at the moment all .php files are shown as plain-text, is it possible to have them parsed by php source so they are shown highlighted?
I am making a freebsdAMP server and I am not sure which port to install, any ideas? should i do lang/php5 or lang/php5-extension?
phps
phps is /AddHandler application/x-httpd-php-source .phps
hello
niihau, _kostja.
possibly change the handler
can anybody help me to configure my mod_perl?
?
look at the description
addhandler
addhandler is http://httpd.apache.org/docs-2.0/mod/mod_mime.html#addhandler or http://httpd.apache.org/docs/mod/mod_mime.html#addhandler or part of mod_mime
I'm using apache 2.0.58 and mod_perl 2.0.3
most likely, but read the docs to
ok, doing now - thanks
I don't realy understand the difference
aww you can't put it in VirtualHost =(
is there another way to get it for just svn.mydomain.com?
I think it belongs in a directory container
ahh ok, let me check that out
addhandler context
server config, virtual host, directory, .htaccess
huh, it said on the docs it couldn't be put int virtual host
it seems that if you make config lang/php5
you will get the option to compile it as a apache_mod
do you want a cgi, or an apache mod? cgi allows use of suexec to let users have their own cgi, otherwise it runs as the user apache runs as
I'd like, that my apache server parses .pl files automatically with perl and not sending them plaintext to the user. How do I have to edit mod_per.conf?
'runs as the user apache runs as' ? anyways - I am just creating this to have a local famp+ror server to do some web development… I haven't done anything in awhile - does ajax or ror need suexec?
it's all indifferent
cgi takes just a little more time to process the entire cycle (a few forks(), security checks, etc)
suexec
suexec is http://httpd.apache.org/docs/2.0/suexec.html Enables you to run scripts under different user IDs. In case of Internal Server Error, check both Error Log and Suexec Log or It can't run CGI scripts through links, check http://archive.apache.org/gnats/9153
oh - thats why I compiled fastcgi then
fastcgi is moderately different afair
fastcgi
fastcgi is http://www.fastcgi.com/ or see mod_fcgid, which is more up-to-date
heh - fajita wasn't that helpful this time
Heh. That's hurtful.
sorry
You will be!!
haha
on fastcgi? or something else?
on fastcgi
yea, there's a lot to keep track of. updates welcome.
I understand - how can one suggest updates?
who owns you?
bah
humbug
generally apache can run asp \asp.net ?
who owns you?
no idea
owner
sorry…
I forget
?
and I don't spot it in my backlog
ok
I understand - how can one suggest updates?
alright, oh well
anyone knows why this redirect does not work for a main domain:
RewriteCond %{HTTP_HOST} =www.chinechine.biz
RewriteRule ^/(.*)$ /chinechine.biz/$1 [R=301,L]
is that rule in a .htaccess?
yes
per-directory URIs have their path stripped, so you can't match on ^/
how do I match?
or even better where is the documentation for this?
or examples
examples is (only good as long as things don't change
RewriteRule (.*) …
ahhh cool
that's even more simple
let me give it a shot
Roobarb do I rewrite it to /blah or just blah?
blah, I think
it's entering a recursive rewrite
how do I make it not recurse
I usually put my rewrites in my main config, thus sidestepping these issues
what is the main config
the main config is for apache-wide setup _only_
hello
httpd.conf
httpd.conf is the main apache configuration file.
I do not have access to that
this is a shared host
the recursive issue is the prob now
dokma then use [L], for Last
ahhh
The dawn of understanding has arrived!
or whatever that option is
cool
[L]
[L] is for last
yes, girl, I know that…
[PT]
[PT] is pass through to next handler
you need a rewritecond to match on chinechine.biz, and ignore it
it's probably L, but read the manual
hes already using L
om back []
oh, in a htaccess then
[L] gives me 500
let me check the log
you do that
hmmm can't find anything useful in the log
this is the current state of the rewrite
RewriteCond %{HTTP_HOST} =www.chinechine.biz
RewriteRule (.*) chinechine.biz/$1 [L]
you need a rewritecond to match on chinechine.biz, and ignore it
Roobarb that does not sound very logical to me
what would ignore achieve?
RewriteCond %{REQUEST_URI} !^chinechine.biz
stops you looping
the looping seems to be removed by the [L] param
(.*) is "match everything"
well yes
well, you've stopped the looping by removing the redirect
http://www.chinechine.biz/chinechine.biz/blah.html
removing?
hmmm
ok let me try it your way
can you write the entire rewrite?
your cond, my cond, your rule
ahhh
The dawn of understanding has arrived!
I see
[L,R=301] though
RewriteCond %{HTTP_HOST} =www.chinechine.biz
RewriteCond %{REQUEST_URI} !^chinechine.biz
RewriteRule (.*) chinechine.biz/$1 [L,R=301]
this gets it to a loop again
RewriteCond %{REQUEST_URI} !^/chinechine.biz
but now I do get what you meant
maybe
ahhh
The dawn of understanding has arrived!
RewriteLog
RewriteLog is http://httpd.apache.org/docs-2.0/mod/mod_rewrite.html#rewritelog http://httpd.apache.org/docs/mod/mod_rewrite.html#rewritelog. Use this logging to help design and track rewrite; see also rewriteloglevel; and cannot be used from .htaccess
let me try
I dunno - my brain isn't working properly this morning
could someone take a look at this and point me in the right direction please http://ryanpartington.com/images/helpme.jpg
I'm having problems with clean URLS but have screenshot the issues
this one works
but the prob is that the URL now is http://www.chinechine.biz/chinechine.biz/
can't the url be without the last part?
I was told that if I put rewriteengine on, and the pages never came back with an error, then I had access to use it
but as you can see from the screen shot, ive tried using the rewrite rule as per the guide, but it's not working
remove the [R
garbage
try putting junk in your htaccess file. If it's being read, you will get an Internal Server Error when accessing that resource.
so now I dont know if the guide is wrong, or if I dont have access to the rewrite engine, anyone helpo me with that?
i know htaccess is being read at the 404 error page I use works
hi
hey, kaushal.
or could someone confirm, everything LOOKS right?
whats the version of NTLM used in Microsoft-IIS/6.0
how should we know?
Roobarb fancy taking a look at helpme.jpg?
your rules are fine, but they'll never match something with numbers in it
ok, I uploaded help.php to /images to test that
http://ryanpartington.com/images/helpme.php
but this does not resolve it http://ryanpartington.com/images/helpme
your rule will turn /foo/bar into /foo/bar.php
it won't affect anything with a number in it
there is no number in the line I typed before this one
there are even 400 points up for grabs now http://www.experts-exchange.com/Developer/Web_Servers/Apache/Q_22741760.html
http://apache.pastebin.ca/645271
tx mate!
http://ryanpartington.com/images/helpme.jpg is suggesting you tried to test your rules with a URL which will never match your RewriteRule.
if you add [R=301,L] instead of just [L], you'll get it to redirect
Roobarb
Stew it, make a crumble, and serve with custard.
it does redirect
but check the url
http://www.chinechine.biz/
try it in a browser
goes to http://www.chinechine.biz/maindomain/
yes
Roobarb but then, after your comment, I uploaded http://ryanpartington.com/images/helpme.php - notice the PHP extention on helpme. and tried to load the page http://ryanpartington.com/images/helpme - which contains no numbers
is there a way to make it serve from http://www.chinechine.biz/maindomain/
but that the url in the browser remains http://www.chinechine.biz/
I don't want the url to change
yes, don't use [R=301]
I just need it to behave like an addon domain
so just the [L] ?
yes
that's it
just to set the TYPO# baseurl
and I'm all set
read my post a bit closer - notice the URL requested is /index.html, but its an internal redirect to /foo/index.html
Roobarb so should the rule match the url is no numbers are used, and if so any ideas when /images/helpme wont resolve to /image/helpme.php
what are you trying to achieve? automatically adding a .php extension to all files or making the php handler handler all files, regardless of extension?
yes
I understood it
that was exactly what I wanted
dokma:
I just don't understand the nature of the R=301 flag
I'm a total newbie in the rewrite business
I was reading the mod_rewrite cookbook
it forces an _external_ redirect, using the 301 status code.
301
301 is Moved Permanently
but couldn't figure it out on my own
bottom line is, I want /article/234 to load /article.php/234 passing 234 as a string I can use in a query. I can get article.php/234 to work, but I want to remove the .php extention
what does external mean here?
visible in browser?
means the browser makes a second request
ahh
let me get it straight~
browser sends the first req
then apache rewrites the url
and tells the browser to send another request
with a new url?
thats why the address changed in the ff?
RewritRule ([^/].*)/(.*) $1.php/$2
exactly
now thats what I like! understanding
that's better than just a copy paste
your browser says "I want this page", apache says "its moved to here, ask me for the new page"
very good
that's exactly the understanding I needed
so the other way is
its easier to understand if you tail -f your access log and rewite log at the same time, while using lynx to make the request
browser say 'give me this' apache say 'cool I'm just gonna slip this other stuff under that url'
you got it
but I don't have a rewrite log
RewriteLog
I'm on a shared host
RewriteLog is http://httpd.apache.org/docs-2.0/mod/mod_rewrite.html#rewritelog http://httpd.apache.org/docs/mod/mod_rewrite.html#rewritelog. Use this logging to help design and track rewrite; see also rewriteloglevel; and cannot be used from .htaccess
RewriteLog context
server config, virtual host
bleh
perhaps I should learn rewrites on my own home Debian box
always worth testing them before you put them live
cool
Roobarb that does not appeared to have worked http://ryanpartington.com/article111.php/186 - WORKS | http://ryanpartington.com/article111/186 DOES NOT
..htaccess in web root
you helped alot!
I appreciate understanding the most
what does a RewriteBase / means if you can describe like you described for R=301 ???
RewriteBase
RewriteBase is http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#rewritebase
you need to use it sometimes in .htaccess files
I read the docs
but still don't quite understand it on the AHA! level
is it something like chroot /folder
and then all that happens is like you only have what is under the /folder
rick111:
RewriteEngine on
RewriteBase /
Rewritecond %{REQUEST_URI} !\.php
RewriteRule ([^/].*)/(.*) $1.php/$2 [L]
if you have RewriteEngine On in main config and want the general rules applied in a vhost, it's not enough to just put RewriteOptions inherit in the vhost, RewriteEngine On is needed as well!
i do believe i've timed out
prety much. if you remove it, you start getting paths added that you don't want
oh hello
ahh I see
It's something like saying limit all my activity to this folder
I don't know enough as to _why_ you need it, just that you do
all the rewrites and matches and everything
yer
but it confuses me why its RewriteBase / and not RewriteBase /home/user/public_html/folder or something like that
does the slash means the folder where .htaccess is?
because its a URI thing, not a filesystem path thing
ahhh
The dawn of understanding has arrived!
yes that gets some fog going away
Roobarb I've added those 4 lines, but still 404s http://ryanpartington.com/article111/186
hi
Hi CAiRO_
http://apache.pastebin.ca/645277
i've just upgraded my apache (through upgrading to debian etch) and now mod_auth_mysql needs the line "AuthBasicAuthoritative Off", how can i work around the problem having to add that to all of .htaccess files?
I have exactly what I posted in my .htaccess
script it
Roobarb++ # (:
isn't there a different way getting back the old behaviour?
downgrade?
what did you upgrade from and to?
*versions
from sarge to etch.. i think sarge had apache2.0 and etch has 2.2
what do you use to get those logs ?
RewriteLog (and RewriteLogLevel 9), and tail -f access.log error.log rewrite.log
isn't there a general switch to make auth basic not authoritative anymore?
Roobarb thank you very much
you've been very helpful
you're welcome
and most of all you gave understanding
I appreciate it
glad to help
God bless you
AuthBasicAuthoritative
I am leaving now
AuthBasicAuthoritative is http://httpd.apache.org/docs/2.2/mod/mod_auth_basic.html#authbasicauthoritative
everyone have a good time
bye
take care, hon
auth stuff had a rework for 2.2 - you may be out of luck
– shower
I timed out :/
last I saw was - rick111: what do you use to get those logs?
Hi guys, I wonder if someone could help me please?
I run apachectl -k start and the process ends, I run apachectl -E errors.txt -e debug -k start
and it does not create an errors.txt file
"mv apachectl apachectl-1.3;" to link up the apachectl for apache2 to replace the one that is installed by default by Apple, though I'm getting "Permission Denied" any ideas?
its too late at night nick - I think we're sol
Roobarb had a log which was the communication between the browser and the server, what tool can I use for that?
4pm over here in the UK…
anyone?
echo
co, co, co …
0am here in
trying to get a working amp+ror server for two days straight now
lol
darn, there must be some way to get basic and mysql auth back at the same time
ah, not sure I'd be able to help you with that.. ha ha - good luck though!
bah, not sure I'd be able to help you with that.. ha ha - good luck though!/b
RewriteLog
that what I used to find out what mo_rewrite was doing
what do you use to get those logs ?
RewriteLog (and RewriteLogLevel 9), and tail -f access.log error.log rewrite.log
I run apachectl -k start and the process ends, I run apachectl -E errors.txt -e debug -k start
and it does not create an errors.txt file
how do you use rewrite log, i thought it would be an online tool?
it generates a log of what mod_Rewrite does when you request a resource
I pasted its output to that pastebin site
