| WIKI | FAQ | Tech FAQ | |
 http://csua.com/feed/ | |
| ||||||
| 11/23 |
| 2011/7/7-21 [Recreation/Dating, Computer/SW/WWW/Server] UID:54140 Activity:nil |
7/7 I haven't been to Berkeley lately. Has it been foggy at night? Wanna
take my girlfriend up to see the view from somewhere near SSL. Also, is
there a particularly good lookout point?
\_ No not foggy, but that looks to be changing. Lawrence Hall of
Science is always good.
Science is always good. -ausman
\_ There's a motel by almost oakland on telegraph, you can take your
"girlfriend" there, they have hourly rates.
\_ did cmlee get his soda account back? |
| 2010/4/28-5/10 [Computer/SW/WWW/Browsers, Computer/SW/WWW/Server] UID:53806 Activity:nil |
4/28 I just discovered http://en.wikipedia.org/wiki/Gene_Kan and the account ~genehkan. How depressing. Did anyone here know him? What was he like? \_ motd has link to more info than wiki: http://csua.com/?entry=25306 \_ guess what. he was depressed. \_ I didn't know him but he seemed pretty nice and geeky. He was active in the XCF, but I don't think that exists anymore. \_ He told me he got to meet Lars and he had come up with a good way to move forward with internet music. Then he "suicided". \_ No, but I was friends with the Naked Guy when he was at Cal. \_ The Naked Girl lived at my coop. \_ It was really funny how fast after he died that the sysadmins of csua and xcf purged all his mail/accounts/homedirs. |
| 2010/4/19-5/10 [Computer/SW/Security, Computer/SW/WWW/Server] UID:53791 Activity:nil |
4/18 http://Apache.org hacked: http://www.theinquirer.net/inquirer/news/1601103/apache-hacked |
| 2009/7/2-16 [Computer/SW/Mail, Computer/SW/Security, Computer/SW/WWW/Server] UID:53106 Activity:nil |
7/2 Is imaps working? What are the hostnames of the "incoming and
outgoing mail servers" for CSUA email, and what kind of options
should one set?
I also noticed that we seem
\_ Setup yer .forward or .procmailrc for now. I'm at a loss, too.
\_ <DEAD>mail.csua.berkeley.edu<DEAD>. Using SSH (on default port 993) like before.
\_ <DEAD>mail.csua.berkeley.edu<DEAD>. Over SSL (on default port 993) like before.
\_ alpine doesnt seem to work. i try
Folders on <DEAD>mail.csua.berkeley.edu<DEAD>:993 in cur
but get timeouts .. using cur for "inbox" folder |
| 2009/5/12-20 [Computer/SW/Languages/Java, Computer/SW/WWW/Server] UID:52990 Activity:nil |
5/12 Anyone here use THE JIRA for issue tracking? How much does it suck?
\_ Don't really use it. Our team evaluated it and decided in
favor of Bugzilla. Bugzilla doesn't cost $2k--though cost
is negligible. The real deciding factor was that in my
environment it can take 6 months to deply software not
already on an 'approved' list, and Bugzilla was already
on that list and JIRA was not. At the time of evaluation,
JIRA had no support for SVN interoperation, but that
has since changed. I realize this answer is mostly useless,
but hey, at least someone cared.
\_ I'm spearheading an effort to install it into our process.
It has a lot more features than Bugzilla. The SVN integration
you buy with a different product, Fisheye. The downside:
JIRA is written in Java, and sometimes throws stack traces.
We have yet to lose any data though.
\_ I worked at a place that went from Bugzilla and wiki to JIRA
and Confluence and while the transition was quite a bit of work,
the end result justified it. Out of the box, it is as good and
has a bunch of cool work flow stuff you can put in there to make
you and your managers life a lot easier. Setting up the work flow
is a big job though, so if you just want a ticket tracking system,
I don't know why you would switch.
\_ whats wrong w/ trac? ... esp if you want great svn integration. |
| 2009/5/7-14 [Computer/SW/Database, Computer/SW/WWW/Server] UID:52965 Activity:nil |
5/7 is there a wiki who's backend is stored COMPLETELY in mysql?
data, pages, images, all that stuff? thanks |
| 2009/5/7-14 [Computer/SW/WWW/Server] UID:52963 Activity:nil |
5/7 I am trying to reproduce a customer bug where their apache header
has the content-encoding as the last line in the header.
My test platform is running apache2.2 on ubuntu. Is there a way
to do this ?i I have already read the apache 2.0 docs and
I dont see anything obvious ? page is txt/html |
| 2007/12/11-14 [Computer/SW/OS/Linux, Computer/SW/WWW/Server] UID:48785 Activity:nil |
12/11 Apache/Linux question: I've got apache 2.0.52 on an idle redhat
box (2.6.9-55 kernel). Every so often one to four apache procs
will run the cpu at 100% for any where from 15 to 90 mins, then
drop back to normal. USR and SYS time both increase to levels
that the production boxes don't reach when serving traffic at
noon. I've checked apache and linux kernel versions, several
/etc files, httpd.conf vs. boxes that don't do this. Nothing
interesting shows in the logs. This is supposed to be a clone
of other boxes that don't do this. Reinstalling from scratch
is not an option for various reasons. Any ideas? thanks.
\_ strace them to see what the hell they are doing.
\_ Perhaps you have been hacked? |
| 2007/9/23-24 [Computer/SW/Languages/Perl, Computer/SW/WWW/Server, Computer/SW/Languages/Web] UID:48152 Activity:kinda low |
9/23 I have an Apache question:
If I have a directory which allows both CGI handler and Perl
handler (mod_perl) how can I tell which is being invoked by the
web server? The scripts are being executed, but I have no idea if
mod_perl is running correctly or if the CGI Handler is just
picking them up and running them. How can I tell?
\_ If you like wasteful suburban living, chances are you don't
need to know if they're running. They're all magically taken
care of by other tax payers, like freeways and support systems
for your big suburban mansion.
\_ http://modperlbook.org/html/3-10-How-Can-I-Tell-if-mod_perl-Is-Running.html
\_ http://urltea.com/1khw (modperlbook.org)
Also you're supposed to get a 50X performance difference so try out
a bunch of your own DoS clients and see the latency or something.
\_ http://www.perlmonks.org/?node_id=377648
Check the http header! Look for:
HTTP/1.1 200 OK
Date: Tue, 27 Jul 2004 07:10:54 GMT
Server: Apache/2.0.48 (Unix) mod_perl/1.99_13 Perl/v5.8.0 PHP/4.3.5 <=== !!!
...
\_ I do not think this is valid for RHEL, which loads mod_perl
as a .so. Certainly my server does not say this and yet it
certainly does not complain when it loads the module. RHEL
installs apache as an RPM and mod_perl as another RPM, so I
don't think the apache ID string reflects reality. My
question is not really "Is mod_perl installed?". I am sure
it is. The question is "How do I know that my configuration
is working the way I want it to, with mod_perl handling the
.pl scripts instead of .cgi?" |
| 2007/4/30-5/4 [Computer/SW/Languages/C_Cplusplus, Computer/SW/WWW/Server] UID:46485 Activity:nil |
4/30 Technical question:
I have a threaded webserver, one thread waits around and calls
accept, then pulls threads out of a thread pool to handle the
requests. I want to be able to shut down the webserver cleanly, so
I have the main thread wait for a signal to shutdown. It then
joins on the accept thread while the accept thread cleans up the
threadpool. The only problem is, how do I get the accept thread
to exit? I can't get it to stop waiting on accept. Even closing
the socket out from under it doesn't always get it to wake up from
the accept call. Is there a standard way to handle this?
Addendum: Oops, Using C on *nix.
\_ Umm, what language are you using?
\_ obviously english. :D
\_ Use select to see if there is something available on the socket
before you accept. Create the accept socket with O_NONBLOCK.
It's all in the man page for accept.
\_ You generally need to use select(2)/poll(2) on the fd to make
sure there is something to read before calling accept(2), or
you will run into this problem. Take a look at Stevens, Unix
Network Programming Vol. 1 2d Ed., Ch 6 and Ch 27 for fairly
detailed examples of how to do this.
\_ Use shutdown(fd, SHUT_RDWR) instead of close. It will wake up
the accept. |
| 2007/4/20-24 [Science/GlobalWarming, Computer/SW/WWW/Server] UID:46387 Activity:nil |
4/20 Is there some reason why the apache logs are not world readable?
\_ Because what other people are surfing is no one's business?
\_ They used to be world readable. Among other things, this was
useful because it allowed users to view the error log so they
could debug cgi scripts. -dans
\_ The undergrads surely made a conscious and well thought out
decision to do things this way. Why don't you make a
constructive suggestion instead of whining that things are
done differently than they were in your day. |
| 2007/2/20-22 [Computer/SW/WWW/Server, Computer/SW/Security] UID:45782 Activity:high |
2/20 Any recommendations on a cheap/easy-to-use digital signature system?
\- i dunno exactly wat you are looking for or what the status of this
project is, but if the obvious [gnupg] wont do, you can google
for AKENTI. --psb
\_ What do you want exactly? A toolkit for digitally signing various
files? OpenSSL is free. It is, however, a pain in the ass to use,
but, once you know what you want to do with it, you probably won't
ever have to figure it out again. -dans
\_ Mostly documents that are federally mandated in the development
process of medical software. The team is somewhat distributed, so
I was hoping for something fairly easy to use. Years ago I'd
have used PGP, but I don't know how things have progressed and
what a good (preferably open) system is.
\_ GnuPG is fairly easy to use and its free. Many commercial apps use
it for digital signatures: http://gnupg.org
\_ Yeah, I pretty much agree. If price is the key, find a decent
frontend to gnupg and tweak it to fit your needs. If usability
is key, it's worth buying a copy of PGP. Both support the
OpenPGP standard. OpenSSL is too low level for what you want.
-dans
\_ GnuPG seems to be the way to go. I've got everything figured
out except verifying signatures. Thanks for the advice. -op
\_ This is from memory, not the man page, but I think it was
something like gpg --verify. Or are you trying to do
something more complicated? -dans
\_ You're right that --verify is the command line
solution, but I was going for something in a GUI. It
turns out that GPGee (Win Explorer extension) has that
ability, and works great. Thanks again. -op |
| 2007/2/13-17 [Computer/SW/Security, Computer/SW/WWW/Server] UID:45734 Activity:nil |
2/13 The personal webpages are now up
\_ Ming-Hay
\_ Thanks. Something seems a little messed up w/ the server config.
The front page produces a server error for me, and the server
is returning lists of files rather index.html for directories.
\_ Agreed, things are fubar. I've written/tweaked/debugged an
Apache config or twenty in my day so I'd be happy to look things
over and help out, just ask. That said, I'm shockingly busy at
the moment, so I may not be the quickest source of help. You
may want to turn personal public_html directories off until you
fix this as the current config does leak information, which has
(IMO, minor) security implications. If you're a soda user, you
can prevent people from browsing your public_html directories
over the web until this is fixed with the following:
chmod og-r ~/public_html
-dans |
| 2007/2/11-13 [Computer/SW/Mail, Academia/Berkeley/CSUA, Computer/SW/WWW/Server] UID:45709 Activity:nil |
2/11 \_ Is POP back up? Haven't got it to work since Soda got back
up. (SSL http://soda.csua.berkeley.edu port 995)
\_ Legitimately curious, why use POP when you IMAP is available to you?
-dans
\_ Uh, isn't IMAP still down? I still can't access it
-pmw
\_ I neither know nor care. I forward mail off soda to a box
where I run IMAP. :) -dans
\_ In the past (1997) when I used IMAP, it would mark my messages
as "read" when I read them on my client machine. I don't like
this, I like to have the messages as two distinct instances, one
on Soda and one on my home machine. If I read it on my client I
want it to still show and unread on Soda. Also, IMAP is more for
people with always on connections, which I don't have. That's
why I prefer offline processing (Pop) vs interactive processing
(IMAP).
\_ Hmm, I don't understand why you'd want things you've read not
to be marked as read, but if that's how you work, more power
to you. It's worth noting that many modern IMAP clients, eg
OS X's Mail.app, have excellent offline modes, which serves
the same purposes as POP, but with IMAP's richer semantics.
-dans
\_ Thanks, maybe I'll check it out again. 10 yrs of software
development may have fixed my intial hang-ups. |
| 11/23 |
| 2007/2/1-6 [Computer/SW/WWW/Server] UID:45637 Activity:nil |
2/1 Any recommendations for a real SSL cert provider? Is GoDaddy any good?
\_ I used Verisign in 2000. Expensive but decent. Haven't tried
anything else but I'm guessing they're pretty much similar
these days. I like GoDaddy's fast web interface for domain
name registration. |
| 2007/1/26-2/1 [Computer/SW/WWW/Server] UID:45600 Activity:nil |
1/26 Trying to connect to port 993 using SSL, in Thunderbird with no luck.
\_ I can replicate this, but will have to tcpdump to figure out what
the actual problem is. Try <DEAD>mail.csua.berkeley.edu<DEAD> (which hostname
I'll have to gen a cert for at some point). -- darch
\_ other than the cert not being in my CA list, SSL IMAP
on mail.csua seems to work. Yay! Good job, darch!
\_ what do you use for your imap path? I haven't been able
to get file in my /var/spool/mail/{user} directory show up? |
| 2006/9/8-12 [Computer/SW/Unix, Computer/SW/Security, Computer/SW/WWW/Server] UID:44325 Activity:nil |
9/9 Is there a gzip-like unix command that will encrypt a file?
I'm looking for something that's widely available. Thanks
crypt (not very secure - DES). Or failing that, openssl or gnupg
\_ openssl or gnupg... what are you looking for? Those will work fine..
\_ Thanks for the recommendations. I'm basically experimenting
with a way of using my friend's computer to backup my
personal files and using my computer to backup theirs.
Of course, this means storing files in a way where we can't
see each other's personal files.
\_ I'd recommend checking out http://dar.linux.free.fr
It makes the whole "backing up a bunch of files, encrypting
it, and chunking it into bite-sized pieces" thing much easier
than dump/tar + gzip + openssl. --dbushong
\_ Oh, that is so cool. Thanks. My way was going to
be much more convoluted involving ssh and a bunch
of script writing. This should save some time.
\_ One nice thing about using gpg (dump/tar | gpg) is you
can do public key crypto and not ever have passwords stored
in the script. I believe gpg also can chunk it into X
byte chunks, optionally ascii armored, for emailing as
well. (well, I suppose you could mime-attach it)
\_ openssl bf-cbc -in file.txt -out file.txt.bfcbc # encrypt
openssl bf-cbc -d -in file.txt.bfcbc -out file.txt # decrypt
--dbushong
\_ /usr/bin/{zip,unzip} on soda can take passwords. Don't know if
they're widely available on other *nix's. |
| 2006/5/9 [Computer/SW/WWW/Server, Computer/SW/Unix, Computer/SW/Languages/Misc] UID:42993 Activity:nil |
5/9 Running httpd as nobody isn't that secure. If one asshole decides to
do a DoS (fork script) as nobody, there's no way to track down the
perpetrator. This is why "suexec" is highly recommended, plus
users don't need to chmod a+rx script.cgi.
\_ Uh, it's totally trivial to track down the perpetrator with or
without suexec. httpd should run as something other than nobody,
but that's only because nobody is over-used, and whether httpd
runs as nobody is orthogonal to the question of whether suexec
should be on. -tom
\_ Ok fine. I gave a bad example, but we both agree that nobody
is good. |
| 2006/4/24-25 [Computer/SW/WWW/Server] UID:42816 Activity:nil |
4/23 Is it possible to see the logs of the hits to my csua
webpage?
\_ /var/log/apache
BTW, root types: it looks like whatever you have doing the rotation
isn't HUP'ing apache after rotation: the server's currently
(2006-04-24 16:41:52) ignoring "access.log" and is still writing to
"access.log.1" --dbushong
\_ I cannot read them, as I am not a root type.
\_ Oh hey, sorry, whoops; didn't check the perms. There used to
be some system wherein you touched a file in your homedir
and logs to your /~username/* stuff got thrown there at
rotation time... though I could be thinking of something
else. --dbushong
\_ I believe apache logs on old soda were wolrd readable. -dans |
| 2006/4/18-23 [Computer/SW/Security, Computer/SW/WWW/Server] UID:42779 Activity:nil |
4/18 Thanks mrauser for the call just now.
root: I think one of the next priorities can be enabling POP3/SSL
and IMAP/SSL. I'm going to download e-mail with the unencrypted
connection, but I'll probably change my password once every couple
weeks until the above gets online.
Most if not all of the official UC e-mail systems now require SSL
for downloading and sending e-mail, right?
\_ Actually, all password transactions must be encrypted according
to the Minimum Standards for Networked Devices policy. -tom
\_ IMAP/SSL is now up, POP3 is down entirely. That should suffice
for the moment. -michener |
| 2006/4/11-15 [Computer/SW/WWW/Server] UID:42731 Activity:nil |
4/11 Apache down also?
\_ AFAIK, yes
\_ it was up for a while? seems to be down now |
| 2006/2/28-3/1 [Computer/SW/WWW/Server] UID:42026 Activity:nil |
2/27 What apache2 directive should I use if I want apache to
execute .cgi files that are symbolic links? Thanks.
\_ http://httpd.apache.org/docs/2.2
Look at the Options directive. -dans |
| 2006/2/1-3 [Computer/SW/WWW/Server] UID:41660 Activity:nil |
2/1 In apache2 how do I make certain directories execute as certain
user? Say I have the following and I want
http://mydomain.com/bobby to execute as user 'bob':
UserDir public_html
<Directory /home/*/public_html>
AllowOverride FileInfo AuthConfig Limit
Options Indexes SymLinksIfOwnerMatch IncludesNoExec ExecCGI
</Directory>
Alias /bobby/ "/home/bob/public_html/"
Alias /bobby "/home/bob/public_html/"
\_ Not in currently released code from apache. they used to
have an MPM that did something similar that never got enough
work. But, you may want to lookup the "metux" MPM works
along the same lines but is not "official" apache --Jon |
| 2006/1/3 [Computer/SW/WWW/Server] UID:41208 Activity:nil |
12/3 anyone know what the command is to see what modules my apache
installation has installed? I know I've done this before but
can never remember. tried googling. thanks. - rory
\_ httpd -l will list the statically-compiled modules. For dynamic
modules, I think you need to look for LoadModule lines in
httpd.conf. -gm
\_ perfect. thanks |
| 2006/1/2-4 [Computer/SW/WWW/Server, Computer/SW/OS/Solaris] UID:41196 Activity:nil |
12/3 Hello, I'd like to setup a wiki and a discussion board for
people interested in a particular niche market I'm looking at
(I can't give out details because someone may steal it). I
already colo my family web site (<lastname>family.com) with a
friend of mine on Solaris at InReach, Oakland. What's the best
software to get to host a wiki and a discussion board, and do
I have to setup suexec and mysql? |
| 2005/12/28-2006/1/4 [Computer/SW/WWW/Server, Computer/SW/OS/Linux] UID:41156 Activity:nil |
12/28 a little bit of history for csua folk:
Stronghold sales ended some years ago and the product's last
support date is December 31, 2005.
\_ more info:
http://www.redhat.com/en_us/USA/home/solutions/stronghold
\_ So what ever happened to sameer?
\_ sameer retired to the world of gang bang and hot chicks.
I kid you not. -someone who knew him
\_ "...band and..."? You don't mean "...banging..."? |
| 2005/10/22-24 [Computer/SW/Security, Computer/SW/WWW/Server] UID:40230 Activity:nil |
10/22 I want to set up a Wiki site for users of a software framework, but
I'm concerned about security. Are there any Wiki engines that are
particularly good about security? Any good sites discussing this?
Thanks. - ciyer
\_ Not twiki.
\_ google for natswiki. It's a mod of twiki. |
| 2005/9/15-17 [Computer/SW/WWW/Server] UID:39699 Activity:nil |
9/15 What's the best method for limiting the amount of bandwidth
used by a particular directory (podcast mp3s) on a vhost
with Apache2 on Linux?
\_ http://www.ivn.cl/apache |
| 2005/7/27-29 [Computer/SW/WWW/Server] UID:38845 Activity:nil |
7/27 Sorry, I broke my webserver (mod_perl fall down and go boom).
http://csua.org/u stuff will hopefully be back up by tonight. --dbushong
\_ Or...tomorrow. mod_perl is not happy. Sigh.
\_ Does anyone actually USE http://csua.org? I don't and haven't even since
http://tinyurl.com proved to be much better
\_ Holy mythical creatures, batman! His wounds are closing!
\_ OK, fixed. All it took was a buildworld, perl rebuild, apache
rebuild, mod_perl rebuild, and a chicken. |
| 2005/7/5-7 [Computer/SW/Languages/C_Cplusplus, Computer/SW/WWW/Server] UID:38414 Activity:low |
7/5 You know what would be cool? Google maps + fast updating
traffic condition data in the bay area + xplanet =
neat background for my monitor.
\_ Yahoo! maps has traffic conditions overlay.
\_ Google earth should have licensed firework displays marked. -- ilyas
\_ How about an overlay of parking rules and street-sweeping schedules?
\_ How about an overlay of where dem hos at?
\_ Plus meter-maid schedules.
\_ And known speed traps! -John
\_ So how hard would it be for you pros who can really do this
stuff to jerryrig a Wiki version of Earth or Maps?
-- ulysses (I do storm drains, not C)
\_ You write software that manages storm drain projects?
\_ I haven't written a significant amount of new code of
any kind since finishing my master's program. It's an
interesting idea, though. The available storm drain
software kind of sucks. -- ulysses |
| 2005/4/15 [Computer/SW/WWW/Server, Computer/SW/Mail] UID:37204 Activity:high |
4/15 My company specifically blocks out port 995, which is pop3 over
SSL. This makes me wonder, are they archiving all emails
received through regular pop3 port? I don't see any other
reason for blocking the port. Sending smtp via ssl is ok
though...
\_ Chances are they don't know about POP3/SSL.
Send them a polite request to open the port.
\_ What does your company do?
\_ I can't retrieve gmails through pop. at home it works fine. |
| 2005/2/23-24 [Computer/SW/WWW/Server] UID:36378 Activity:nil |
2/23 What's the server/port for CSUA's imap server?
\_ It's soda, port 993 (the default for SSL-secured IMAP). We don't
support non-SSL IMAP anymore. --mconst
\_ Thanks, that was exactly my problem.
\_ fyi, I've been using SSL IMAP for a year or so on soda.
Thanks to whoever got it working.
For some reason spam has been much reduced recently, so thanks
to whoever is fixing that. |
| 2005/2/21-22 [Computer/SW/WWW/Server] UID:36357 Activity:nil |
2/21 I'd like to post some MP3's on my soda web page. Is there an apache
restriction against doing this? |
| 2004/12/17 [Computer/SW/WWW/Server, Computer/SW/Languages/Web] UID:35336 Activity:nil |
12/16 I've had Apache 1.3.27 installed for several months now. All of a
sudden, as of two days ago, we're getting random "forbidden" pages
throughout our site, including our webmail program and front page.
httpd.conf hasn't been touched in over a month. Any ideas?
\_ p0wn3d!
\_ It is fairly likely that your installation has been broken into.
Why did you install 1.3.27 several months ago? Current release
is 1.3.33. But the most likely problem is with something like
PHPBB or PHPwebsite; we're seeing many exploits in PHP systems
on campus right now. -tom |
| 2004/11/23 [Computer/SW/WWW/Server, Academia/Berkeley/CSUA] UID:35032 Activity:nil |
11/23 The CSUA webserver is down
\_ works for me as of 8:56am. --twohey
\_ I just restarted it. To the original poster, could you
please mail root when you notice things are broken? --mconst
\_ Now works for me as well. (It didn't about 10 minutes ago.) |
| 2004/9/22-23 [Computer/SW/WWW/Server, Computer/SW/Unix] UID:33708 Activity:kinda low |
9/22 The DNS/web hosters for <DEAD>a.b.com<DEAD> are doing a HTTP 301 redirect to my site <DEAD>c.d.com<DEAD> How do I change the Apache httpd.conf on <DEAD>c.d.com<DEAD> so that it appears to the web browser that it is browsing <DEAD>a.b.com<DEAD> ? \_ You don't. \_ Do you own <DEAD>a.b.com<DEAD>? \_ you would have to redirect just a frame or something similar to that. the url at the top of the browser will still reflect the primary frame or div \_ JavaScript can rewrite the URL line. |
| 2004/9/14 [Computer/SW/WWW/Server, Computer/HW] UID:33513 Activity:kinda low |
9/13 My apache server doesn't understand a url if it doesn't have a
trailing slash. in other words it knows what to do with
http://myhost.com/dir but not with http://myhost.com/dir
how do I get it to understand url's of the second format too?
thanks.
\_ That functionality is implemented by the mod_dir module; if for
some reason you don't have that loaded, Apache won't do the redirect
it's supposed to do:
http://httpd.apache.org/docs/mod/mod_dir.html --dbushong |
| 2004/6/26-27 [Academia/Berkeley/CSUA, Computer/SW/WWW/Server] UID:31023 Activity:nil |
6/26 Is there something wrong with Soda's webserver? I can't reach
http://www.csua.berkeley.edu
\_ its borken for the same reason df is borken. i'm trying to
find someone geographically closer then i to the csua
fixed. - erikk |
| 2004/6/18-19 [Computer/SW/WWW/Server, Computer/SW/OS/Windows] UID:30912 Activity:kinda low |
6/18 Does anybody have experience with setting up a small wiki server on
a win2k machine (possibly using Cygwin)? |
| 2004/6/9 [Computer/SW/WWW/Server] UID:30704 Activity:high |
6/9 Apache (2) question: I assume there is a quick easy way for me to put
something in httpd.conf that will take all requests to
http://www.mydomain.com and redirect them to
http://www.mydomain.com/dir what is the best way to do this? tnx.
\_ Look up redirect rules or just make /dir the document root.
\_ so mod_rewrite, hun? |
| 2004/6/8 [Computer/SW/WWW/Server] UID:30676 Activity:moderate |
6/08 Does this look familiar to anyone? From apache2 error_log:
File does not exist: srv/www/tomcat/base/webapps/MYDIRindex.jsp
no matter how many "/"s i put on <DEAD>www.myserver.com/////index.jsp<DEAD>
it still gives me this. What am i doing wrong?
\_ isn't tomcat a stand-alone java application? Why would it be in
the apache2 error_log. As for the ////////, do you really think a
good webserver would let you go UP from the webroot, whether with
/ or .. (or encodings of both)
\_ i'm using a connector (jk). As for the other, i'm not trying
to transverse a directory. /// is treated just like "/" i'm
just trying to make sure i get one in there.
\_ Tomcat refusing to acknowledge the existence of a jsp or servlet
is a very common problem and happens if any one of the 8 billion
possible settings aren't exactly perfect. This is covered
extensively in numerous FAQs (listing all of the possible causes
is not in the purview of the motd) |
| 2004/5/27 [Computer/SW/WWW/Server] UID:30458 Activity:high |
5/27 MacOS X Mail complains about soda's certificate when connecting over
SSL. Is there a way to silence it? Is there a public x509 certificate
around here? The stuff in /etc/ssl/certs isn't readable by anyone but
root. -jeffwong
\_ There's a way to get Mail to suppress the warning... sorry, but I
don't remember what it is off the top of my head.
\_ public part of the cert is always obtainable. -dwc
use openssl s_client -connect hostname:port
\_ What is the complaint it gives?
\_ when Mail.app complains , go to the "option" button. You will
see a little icon looking like a certificate. Control-drag
the certificate icon out to the Deskto(or other file location).
Install the certificate in KeyChain.app (I suppose OS X looks
through the KeyChain if the CA can't be found). It is all
in Help.app -tyf |
| 2004/4/9 [Computer/SW/WWW/Server] UID:13108 Activity:moderate |
4/8 So I'm using Subversion for personal work. I set up a debian server
and got apache2 running and svn-dav working so I can use http URL's for
the repository. I've got basic authentication working, but I'd like to
try https authentication. But I'm an apache newbie. Anyone have
pointers to either doing this specific task or a tutorial on apache2
SSL configuration (including certificates, etc.)?
\_ and it all went quiet in the city
and the wind blew down the road
someone cried out SUBVERT!
and the people all went cold
meanwhile back in subvert city
someone's writing on the wall
fuck the government spraypaint hero
it's subvert city...it's subvert rule!!
\_ google is your friend. But you can check out
http://www.geotrust.com/quickssl/csr/index.htm and
http://www.geotrust.com/quickssl/install/index.htm for more info |
| 2004/2/19 [Computer/SW/WWW/Server] UID:29824 Activity:high |
2/19 I have two CGI scripts on my Apache-hosted site which I want
to be accessed only through https. I also use relative url's
throughout all my pages and would like to keep it this way. As
far as I can tell, the only way to link to a page over https
is with a fully-qualified URL. My scheme: create some Rewrite
Rules so that if any url ends with, for ex, "-secure", rewrite
that to https, and then add a SSLRequireSSL directive so a
clever user will be thwarted if they try to access the page w/out
the "-secure". Does anyone see anything wrong with this solution?
Is there a better way?
\_Not really. Not quite sure what the problem is with people
directly accessing your https server vs. being linked over.
Since http is stateless, it could create potential problems
when users use the back/forward buttons on their browsers
I guess...
\_ it's not the statelessness, it's the not-wanting to write
absolute URLs, I think
\_ exactly, I'd rather not start sprinkling absolute URLs
throughout the site. -op
\_ I think the mod_rewrite cookbook page even has examples of doing
this with a suffix like :ssl --dbushong |
| 2004/2/5 [Computer/SW/WWW/Server] UID:12106 Activity:nil |
2/4 Apache_SSL vs. mod_ssl ... discuss
\_ In Apache 2, ssl is built-in. It seems to work well.
\_ Apache_SSL has not benn maintained in literally years. Use
mod_ssl.
\_ cool, thanks |
| 2004/2/3-4 [Computer/SW/WWW/Server] UID:12087 Activity:low |
2/3 Do I have to purchase an SSL cert from Verisign or one of those
places inorder to allow my webserver to accept https requests?
\_ yes.
\_ You can set this up nicely with OpenSSL. Make sure that the
server's DN in the cert matches your hostname so that the only
message the browser pops up is something along the lines of
"untrusted root certificate". Trusting an unmanaged certificate
used only for SSL isn't a big deal. If it's only used by people
you know, you can make a root cert available for them to import
into their browser. Use google to find one of any number of
howtos. -John
\_ No. you can set up a dummy certificate if you don't mind getting
a popup from your browser. if this is for end users, though, you'll
want to buy one.
\_ alright, so someone posed this question back on 1/9, but never
quite got a full answer... in terms of cheap, reliable ssl
sellers... anyone have any good/bad stories to tell about
http://freessl.com ? Any other recommended cheap ssl cert vendors?
thanks. - rory
\_ I posted in january. I think http://freessl.com doesn't
\_ I posted the question in january. http://freessl.com doesn't
do wildcard certs, so you're limited to one FQDN.
do wildcard certs, so you're limited to one FQDN.
I want to use if for like <DEAD>mail.example.com<DEAD> and
I need to use the cert for like <DEAD>mail.example.com<DEAD> and
http://www.example.com and <DEAD>vhost.example.com<DEAD>.
For now I'm using a self-signed cert (not "dummy")
For clients using it for email, they can "install" or
http://www.example.com and <DEAD>vhost.example.com<DEAD>.
For now I'm using a self-signed cert (not "dummy")
For folks using it for email, they just install the cert.
If you're not doing ecommerce a self-signed cert may
be all that you need. It does SSL _security_ fine
but not without the _autentication_ (trust). -brett
accept the cert the first time. If you're not doing
ecommerce a self-signed cert may be all that you need. It
does SSL security fine but not autentication (trust). -brett |
| 2003/11/12-13 [Computer/SW/WWW/Server] UID:11041 Activity:nil |
11/12 Anyone ever successfully used the mod-ssl directive SSLRequire
(not to be confused with SSLRequireSSL)? I'd like to use it to
require ssl to access resources that use Basic or Digest
authentication. Something along the lines of:
SSLRequire %{AUTH_TYPE} eq "Basic" or %{AUTH_TYPE} eq "Digest"
Alternatively:
SSLRequire %{AUTH_TYPE} ne ""
Unfortunately the SSLRequire doesn't appear to work *at all*,
even for simple cases like:
SSLRequire 2 < 1
Suggestions? Is there a simpler way to accomplish the above?
The alternative of requiring that SSLRequireSSL directives be
sprinkled into every .htaccess file that specifies AuthType is lame
and unmaintainable. -dans
\_ A more useful answer than doing SSLRequire is to do a Redirect
to the same URL but https:// in each situation. Two caveats:
1) this still doesn't solve the logic problem (if AUTH_TYPE ...)
2) you _can't_ do this in .htaccess, it has to be in the httpd.conf
in a <Directory> or <Location> tag. If you put it in the
.htaccess, it will try to do the redirect _after_ the basic auth
<DEAD>..com<DEAD>e to think of it, you may be having the same problem w/
your SSLRequire; try putting it in the httpd.conf --dbushong
\_ I've actually done this in the past, and it is a nice way
to smooth over a user-unfriendly Forbidden message.
Unfortunately it suffers from the same maintainability
problems as teh sprinkling SSLRequireSSL statements
everywhere :(. As for SSLRequire, I haven't been able to
get it to work properly anywhere, either httpd.conf or
.htaccess. Thanks for the response. -dans |
| 2003/10/1-3 [Computer/SW/Security, Computer/SW/WWW/Server] UID:10390 Activity:nil |
10/1 OpenSSL vulnerabilities. Patchpatchpatch...
http://www.openssl.org/news/secadv_20030930.txt -John
\_ is it enough to get install the new ssl rpm or does my mod_ssl
need to be recompiled?
\_ depends on whether mod_ssl is linked statically or not. I believe
it's not since the only new RedHat updates that showed up today
are openssl ones. In general, they a rarely use static linking,
so to update a library, you just need to install the new library
rpm and not worry about the applications that use it.
\_ My new plan. Fuck ssh/ssl. I'm changing all external connections
to vpn-only and then filtering the shit out of who is allowed to
even try to connect to that.
\_ Oh *that* will work. Because we all know that every VPN
solution out there is utterly foolproof and secure. Nobody
ever cracked DES or IOS. Blanket statements like that are
incredibly ignorant and dangerous (although if it makes you
feel safer, go ahead.) There is nothing fundamentally
wrong with OpenSSH/SSL--no computer or software is or
will ever be 100% secure. Just patch the fucking thing
and get on with your life. There'll be others. -John
\_ You're so ... manly! when you talk about security, John.
It makes my heart go "thump! thump! thump!" Can I have
your love child? Your IPSEC key?
\_ DOS vulnerability. Not remote exploit. |
| 2003/7/22-23 [Computer/SW/WWW/Server, Computer/SW/Languages/Python] UID:29101 Activity:nil |
7/21 http://twistedmatrix.com/users/jh.twistd/python/moin.cgi/LiquidDemocracy Where Python, Democracy and the Tragedy Of The Commons all come together on the same page! I love this interweb thing! |
| 2003/7/10-11 [Computer/SW/Security, Computer/SW/WWW/Server] UID:28992 Activity:nil |
7/9 So, what are the cheapest "trusted" SSL certs out there?
\_ Get a standard Windows install, open MMC, look in the certificates
snap-in for trusted root certificates, go through those. Or failing
that, in the 'security' settings of any browser under whatever
incarnation of a 'certificate authorities' listing you have.
(Thawte no longer exists.) What do you need a trusted root CA
chain for? You can very often get away with issuing your own.
-John
\_ http://instantssl.com, price starting at $50
http://geotrust.com, price starting at $150
Never used either of them, so YMMV. |
| 2003/5/10-11 [Computer/SW/WWW/Server] UID:28395 Activity:nil |
5/9 SSL Common name verification bug in Safari (don't use it with SSL
sites): http://www.secunia.com/advisories/8756 |
| 2003/4/10-6/15 [Computer/SW/OS/Linux, Computer/SW/WWW/Server] UID:28056 Activity:moderate |
4/9 Anybody knows what's up with alumni.eecs?
\_ prob upgrading h/w and/or s/w again. http://alumni.eecs.berkeley.edu
points to a fresh install of apache.
\_ apparently it got rooted.
\_ again? what's up, used to be alumni and ucsee were reliable.
\_ I thought ucsee and alumni.eecs had a power outage for
several days?
\_ Why do people ask this shit here? Go find the alumni.eecs admins
and email them. No one here knows anything about non-csua systems
and almost as little about csua systems.
\_ because some ppl are members of both groups.
\_ so what? There are other csuaers that are members of my bird
watching society. I don't ask them bird questions on the
motd.
\_ take a look at the array of questions that get asked on
the motd, and the array of responses. I don't remember
one in particular, but i'll bet bird questions have been
answered here before. |
| 2003/3/20 [Computer/SW/WWW/Server] UID:27761 Activity:nil |
3/19 Just in case some of you haven't seen this yet, there is
a new timing attack on RSA keys:
http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf
OpenSSL advisory is here:
http://www.openssl.org/news/secadv_20030317.txt |
| 2003/2/21 [Computer/Domains, Computer/SW/WWW/Server, Computer/SW/Unix] UID:27473 Activity:nil |
2/20 Any suggestions for premium dedicated web server hosting? Our
current setup is with a small hosting company, but we're not
satisfied with uptime, and they don't allocate us guaranteed
bandwidth. Thanks.
\_ earthlink! |
| 2003/2/18-19 [Computer/SW/OS/FreeBSD, Computer/SW/WWW/Server] UID:27447 Activity:low |
2/18 My apache server (on my FreeBSD box) doesn't load up the page
in a subdirectory if the final slash isn't present. In other words
<DEAD>www.mydomain.org/test<DEAD> loads up wherease <DEAD>www.mydomain.org/test<DEAD>
does not. How can I fix this? Thanks.
\_ Probably your ServerName isn't set properly. If you request a
directory without the trailing slash, you get sent a redirect
to a URL based on your ServerName, including the slash. -tom
\_ Are you using mod_rewrite? mod_perl? There are a number of things
that could affect behavior on trailing slash. --scotsman
\_ try replacing your apache config with the httpd.conf-dist
file in the same directory. Then diff the 2 and see what's
wrong. Caveat: won't work with cable modem. |
| 2003/2/16 [Computer/SW/WWW/Server] UID:27432 Activity:high |
2/15 Is there a way to record who, or at least which machine, have visited
my web pages on soda, other than relying on them signing a guest book?
Thanks.
\_ er... the web logs? /var/log/httpd/access.log*
\_ Thanks! What's the exact format of the lines? What man page
should I read? There's none for apache.
\_ 1). Read through /usr/local/apache/conf/httpd.conf , at least
the parts about LogFormat and CustomLog directives, and the
comments around there.
2). For further explanation, look up the particular directives
in Apache docs (at http://apache.org)
\_ We've switched to apache 2. the config file is now:
/usr/local/etc/apache/httpd.conf
/usr/local/etc/apache2/httpd.conf
and the access log is here:
/var/log/apache/access.log
\_ man www. we've switched to apache2, these files
are all old. The correct paths are in "man www" -www
\_ erm. /var/log/httpd is a symlink to /var/log/apache.
\_ Or, if you just want the answer:
http://httpd.apache.org/docs/logs.html#combined
\_ as an alternative, write a cgi script that's called using
server-side includes from from the web page, that records
REMOTE_ADDR, and other interesting environment variables in
a separate data file.
\_ at one point there was something that correlated the IP
address of the people visiting your page with a csua
username (based on lastlogin info). |
| 2003/1/31 [Computer/SW/WWW/Server] UID:27253 Activity:nil |
1/30 How do I configure apache to collect the referrer information
in the access logs?
\_ STFW. http://httpd.apache.org/docs-project
\_ RTFCF. /usr/local/apache/conf/httpd.conf-dist
\_ STFU
\_ um, did you try it? it's all right there. |
| 2002/7/31-8/1 [Computer/SW/Mail, Computer/SW/WWW/Server] UID:25456 Activity:moderate |
7/30 Whoever got SSL IMAP working, I love you and want to have your
children.
\_ I'm sending money to the CSUA. They've provided me with so much
over the years.
\_ No thanks. -mgoodman
\_ Er, SSL IMAP still doesn't work. It logs in but no folders show up.
\_ varies from client to client. Try Pine or netscape.
\_ I hope they like mailboxes getting stuffed now. |
| 2002/7/30-8/1 [Computer/SW/WWW/Server] UID:25452 Activity:nil |
7/30 SSL security announcement. Maybe this is you, maybe it's not, but
if you've got SSL based services, read it. No public exploits known
yet but it's only a matter of time of course.
http://www.openssl.org/news/secadv_20020730.txt
\_ "0.9.6d servers on 32-bit systems with SSL 2.0 disabled are not
vulnerable." How do I disable SSL 2.0. Is it possible to disable
it in an already running Apache-SSLeay setup?
(P.S. thanks for the heads-up!) |
| 2002/7/30 [Academia/Berkeley/Ocf, Computer/SW/WWW/Server] UID:25446 Activity:high |
7/29 yay, POP3 over ssh works again! despite what motd.official says,
though, I still can't get SSL POP3 working.
\_ I'm using Eudora and it supports SSL. Still no POP3 or IMAP.
\_ SSL with what? with POP3? with IMAP?
\_ Both. IMAP connection goes through but no folders show up.
POP3 has CSUA refusing connection. I know it's not me b/c
OCF IMAP/POP works fine.
\_ SSL POP3 is not working for me either. what gives?
\_ Me neither, hope it works soon. (using Outlook Express)
\_ Has anyone been able to get POP/IMAP to work? |
| 2002/7/6 [Computer/SW/WWW/Server] UID:25294 Activity:nil |
7/5 I have valid XHTML 1.1 web pages on soda that were working fine
with the previous web-server, but since yesterday (upgrade),
I get a error in opera 6.03:
"XML parsing failed: not well-formed (256:16)". What should I do?
\_ I should Read the motd.official. Sorry. |
| 2002/7/1-2 [Computer/SW/OS/FreeBSD, Computer/SW/WWW/Server] UID:25251 Activity:very high |
7/1 Silly observation: An internet worm that runs on Apache servers on
FreeBSD is running amuck. We run apache (older version) on FreeBSD
on soda. Shouldn't this be fixed ASAP?
11:54am eric@soda ~ > /usr/local/apache/bin/httpd -v
Server version: Apache/1.3.12 (Unix)
Server built: Sep 15 2000 17:35:27
-eric
\_ Indeed. Mail root.
\_ This is a 2 week old issue. That's why it's in the motd.
\_ And yet still no one has mailed root.
\_ so let's see: either no one on root reads the motd, or
slashdot, or bugtraq, or comp.security.unix, or any of
the dozens of other places they might have heard about this
hole, or...they don't give a shit. Do you really think
mail to root will make a difference? Occam's Razor. -tom
\_ They upgraded OpenSSH to version 3.4 recently, so they
must have been reading something to find out that
there is a problem with openssh. It is surprising that
apache went without being upgraded for so long..
\_ *Someone* on the motd said a day or two ago that this
was only a DoS attack and we should not worry our
pretty little heads about it. *cough* *ahem*
\_ What DoS attack? Real remote exploits for apache
on *BSD have already been posted and there are
apache worms speading on the net. Would you feel
good if script kiddiez got a shell on soda, even
if it is running as "nobody"?
\_ No I would not, but *other people* around here
who think they're a lot smarter and a lot more
talented than they are (they're certainly loud)
were claiming a day or two ago that this is just
a DoS and not a real exploit and we should all
just relax. Fortunately these really smart and
talented people usually sign their posts so we
will all eventually learn to ignore their tech
info and advice.
\_ csua have been rooted already.
\_ all your httpd are belong to us. |
| 2002/6/25-26 [Computer/SW/WWW/Server] UID:25191 Activity:very high |
6/24 Got that apache bug. Our e-commerce based site with a few million
users is vulnerable. We're using some proprietary extension to apache
so upgrading has become a "business decision". Fucking nuts. At least
I'm on record as saying "patch it now! super serious! someone could
hack in and wipe us out!" (paraphrasing my self of course). Sigh.
When will they ever learn? And no, there's no fucking way I'm going
to replace their proprietary apache with a totally open sourced one.
\_ Lemme guess... websphere. Move to a different fucking platform.
\_ Not websphere. I can't implement any changes or convince any
one to do it or go along with it. Just crossing fingers.
\_ got backups?
\_ Lots of it but not all. It's many many terabytes worth anyway
so even if we had perfect backups it would take uhm a long time
to restore everything.
\_ Get the vendor to release a fixed version.
\_ I'm still guessing it's IBM's IHS, and GOOD FUCKING LUCK! |
| 2002/6/21-23 [Computer/SW/Security, Computer/SW/WWW/Server] UID:25167 Activity:very high |
6/21 Big bad apache hole in the wild. Patch/upgrade now. See http://apache.org or your favorite security site for details. \_ So they finally learned from Microshit? "In order to gain free press we need to introduce security holes." \_ Does anyone think this vulnerability could lead to a fast spreading worm like Code Red, for example? \_ What's the point? Apache + modules (esp. php) are full of holes. \_ So, don't use the modules you don't trust. Patch one, and there are still a hundred others that the '1337 H4X0R5 will use to break in. Even if you patch all the modules, you still have all your executable content (perl cgi, ssi, php, servlet, jsp, etc) which is undoubtedly riddled with holes. \_ 1) try formatting. 2) just because there are other holes is no reason not to patch this one. 3) glad you're not the admin at my company. \_ It is possible but cracking a site by exploiting the holes in locally written code is much harder than exploiting a widely publicized and well understood vulnerability that possibly affects nearly every apache site out there. If you care about security, run publicfile. \_ publicfile does not support CGI scripts or any kind of server side programming which makes it fairly useless for lots of users. \_ Um, it's not actually that bad. It's a DoS exploit at worst on many architectures. \_ nnnn! go read the security alert, not msnbc. \_ Actually I read all three. Plus the apache one. Plus the debian security-announce summary. It's a DoS explot. \_ Well you didn't read the one that said it's a full root exploit. Whatever, go use telnet. Not my problem. \_ At least one exploit (for openbsd) has already been posted on bugtraq with intent to prove people like you wrong. \_ If your OS doesn't execute data off the stack, it's not exploitable (but it's still DOS). And it's not a root hole, just the user Apache runs as. Still, it's potentially bad. -tom \_ Lots of people run apache as root. Lots of sites that run apache as 'www' or whatever will also have local holes if they haven't fixed this one. Thus it is highly likely that getting in through apache is just one step from root. Layers.... \_ I challenge you to find one person running Apache as root. -tom \- the csua used to run a WEEB server on it's name server. there was a bug that let you get a shell running as the WEEB server uid. now it turned out the WEEB server uid owned the WEEB config file, so you could just changed the run-as user to root and repeat the process and you would have a root shell on the name server. this is detailed in some comment by myself and P. Norby some time ago. I dont think this is that big a deal and right now the "real" denial of service is all the people running around recommend things like vulnerabilty people immidiately delete their defaultroutes and such. --psb |
| 2002/4/18-19 [Computer/SW/WWW/Server] UID:24488 Activity:very high |
4/18 Is anybody else getting spammed from http://jennyslist.com? Why isn't spamassassin blocking it? \_ Cuz spamassassin is dumb. use ifile. \_ grow up. --aaron \_ What? By "dumb" I meant "doesn't learn." ifile does. \_ Someone subscribed you. Unsub, or add to your own user_prefs file. |
| 2002/4/4-5 [Computer/SW/WWW/Server, Computer/SW/OS/Solaris] UID:24323 Activity:very high |
4/4 Is there a way to make Apache case-insenstive (on Solaris)?
(i.e., http://foo.com/cgi-bin/bar?param1=foobar should be
the same as http://foo.com/Cgi-bIn/BaR?param1=foobar; obvisouly,
I can write my cgi-bin's so that all the params are
case-insenstive, but the leading URIs?)
I have used google and have been on Apache's web site. Thx.
[...]
\_ Look, dummy, the answer is you can't do it. Your only
other choice is hacking the url parse code in apache
to lower case the entire URL. Good luck with your
coding project.
\_ Ok, thx. That's what I thought and I just
needed someone to confirm it.
\_ it's wrong. mod_speling does exactly what
you want. Try it, nimrod.
\_ why is "mod_speling" spelled with only one
L? Is it supposed to be some dumb attempt at
being humorous?
\_ yes. laugh a little!
\_ Wow this was tough to find. Took me about 15 seconds.
http://httpd.apache.org/docs/misc/FAQ-H.html#rewrite-nocase
You're welcome.
\_ errr...I have read that and the speling module. mod_speling
only makes the document name referenced case-insenstive, not
all the elements that construct the URI.
all the elements that construct the URI. From Apache:
"the module is unable to correct misspelled user names (as
in <DEAD>my.host/~apahce<DEAD> just file names or directory
names."
\_ Grasshopper, the wind blows through the trees yet disturbs
not the trunk, only the leaves....
\_ huh?
\_ Grasshopper, the answer lies before your eyes are
darkened by your own thoughts.
\_ it corrects directory names, can't you read?
\_ Run apache on windows.
\_ Ew. |
| 2001/12/27-28 [Computer/SW/WWW/Server, Computer/SW/Unix] UID:23384 Activity:kinda low |
12/27 Is SSI Exec turned off? Is that why <!--#exec cmd="ls" -->
won't work in a .shtml file? Yes I did "man www" It doesn't say.
Why Is there no manual entry for "httpd"?
\_ http://httpd.apache.org/docs
Where is CSUA's SSI policy documented?
\_ Apparently in /usr/local/apache/conf/httpd.conf. See part that
starts with..
<Directory /home/*/*/public_html>
AllowOverride FileInfo AuthConfig Limit
Options MultiViews Indexes SymLinksIfOwnerMatch Includes ExecCGI
that means that you can use SSI, including for executing programs.
Look for the source of your problem somewhere else. Apache's
error.log file is a good start. |
| 2001/11/21 [Computer/SW/WWW/Server] UID:23067 Activity:nil |
11/19 basice apache/PHP question. My apache doesn't not recognize php
scripts embbed in HTML on my Redhat 7.1 When I start apache
using: httpd start -DHAVE_PHP
I got the following error:
> httpd start -DHAVE_PHP
Syntax error on line 254 of /etc/httpd/conf/httpd.conf:
Cannot load /etc/httpd/modules/mod_php.so into server:
/etc/httpd/modules/mod_php.so: cannot open shared object
file: No such file or directory
Where to find this mod_php.so? or is it the problem? Thanks
-kngharv
\_ The error message says that mod_php.so does not exist on your
machine in /etc/httpd/modules/. If you do a search for mod_php
on http://google.com, you can find out how to add PHP to apache on Linux
(it's the 2nd hit that comes back). -sony
\_ SEARCH THE FUCKING WEB. -phillip
\_ What's so wrong about asking on the motd? Yes, he could find
the answers out there, but he can find the answers here too.
\_ It's called taking personal responsibility and not being a
lazy slacker. At least give google 30 seconds worth of
effort before asking here. Give a man a fish.... |
| 2001/10/9-10 [Computer/SW/Languages, Computer/SW/Security, Computer/SW/WWW/Server] UID:22674 Activity:very high |
10/9 so when is Berkeley's DNS supposed to be updated with soda's new
address?
\_ when i get done working taking over the world. --phillip
\_ that's my line - the brain
\_ HAHAHAHAHAHA!
\_ At 3am every day
\_ also, when is the web server going to be running again?
\_ the joyride is over! call verio!
\_ Apache doesn't like it when you don't have a valid name.
Probably tomorrow. -tom
\_ will emails received during the downtime be cached, rejected,
or sent to /dev/null?
\_ /dev/yermomisabigfatbitchbiggestbitchinthewholewideworld -root
\_ they should be delivered once the name gets updated tonight. -tom
\_ root is just so ... rude!!11!
\_ you get what you pay for. if you want quality service
try a professional colo
\_ they'll all be forwarded to the FBI.
\_ ln -s /dev/null /dev/fbi |
| 2001/10/5 [Computer/SW/WWW/Server] UID:22633 Activity:moderate |
10/4 Apache/network experts: I have an application that reads from an
a few different servers. When i attach to an apache server
i get all my data in one read UNLESS it is going through a proxy,
in which case it gets broken up into multiple socket reads. However
if i attach to another web server, (i.e. Oracle Web Server), even
through a proxy, i still get all my data in ONE socket read. Any
ideas why the difference? Any idea how i could make apache behave
like the OWS box?
\_ Sounds like it is the fault of the proxy, not the Apache.
Post all the headers that both Apache and OWS send -- may be some
of the headers make the proxy behave differently. |
| 2001/9/18-19 [Computer/SW/WWW/Server] UID:22510 Activity:kinda low |
9/18 I have an existig apache install with mod-so.
I have the .c file of a module i want to add.
How do i get the .so file? url would be great.
\_ /path/to/apxs -i -a -c module.c
-i: installs the .so in your apache dir
-a: adds the AddModule and LoadModule lines to your conf
-c: compiles the .c to a .so
--dbushong |
| 2001/9/10 [Computer/SW/WWW/Server] UID:22369 Activity:high |
9/10 I've decided to be lazy and helpless and come
crawling to the motd for help. RTFM is SO HARD!
So, i installed a custom cert about a year ago.
(apache-ssl) now it's expired. How do i update?
\_ remake the cert. |
| 2001/8/18 [Computer/SW/Security, Computer/SW/WWW/Server] UID:22162 Activity:kinda low |
8/17 On 18 July, just as Code Red was starting to scan for vulnerable
web servers, a CSX train carrying hazardous materials was
derailed in the Howard Street tunnel in Baltimore, US.
The derailment and subsequent fire severed cables running through
the tunnel used by seven of the biggest net service providers to
swap data.
These companies started reporting disruption to the usual running
of the net just as Code Red was hitting its stride, leading many
people to assume that the worm was doing the damage.
Analysis by Keynote has shown that even at its height, Code Red
posed no threat to the running of the net.
(http://news.bbc.co.uk/hi/english/sci/tech/newsid_1470000/1470246.stm
- anyone else hear about the fire?
\_ yes
\_ It was in the news on TV. But I thought Code Red was later than the
train accident.
\_ What they DIDNT SAY, was that the train had a WBEM system,
hosted under IIS, which caused the derailment once the
web control interface crashed.
\_ you gotta be kidding.
\_ muah-hahahahahaha.... the sad thing is, it's plausible, eh?
\_ It was noted right away in the RISKS digest (aka comp.risks) |
| 2001/7/26 [Politics/Foreign/MiddleEast/Iraq, Politics/Domestic, Computer/SW/WWW/Server] UID:21955 Activity:nil |
7/25 http://www.wikipedia.com Contribute your E190 research paper to posterity |
| 2001/7/18 [Computer/SW/WWW/Server, Computer/SW/Languages/Web] UID:21845 Activity:high |
7/19 I have a mysterious problem with a cgi program. It was working
well. Then, I moved it to a different computer. Now, some of the
screens will give 500: Internal... errors, but will work after
hitting reload several times. What kind of server (apache)
misconfiguration could cause a program to work only part of the
time, given the same input/state? I'm mystified.
\_ Possibly you moved it to a machine that's behind a load balancer,
and you're only getting your machine 1 out of N trials?
\_ There is only one machine, but I have been wondering if
it is making a difference which of the apache child
processes handles the request.
\_ there are a million things that could be wrong. Check
the apache error logs. -tom
\_ Tried to do that, but logs have been intermittent.
We have mod_cgi, and a ScriptLog directive. Many
errors don't produce anything for the %response
or the %stderr sections. So, all I get is the
request, and an entry in error_log that says
"Premature end of script headers."
\_perhaps set up an http proxy to view what's
happening, or send the GET request yourself via
telnet...
\_ Do you have mod_perl enabled? You may be stepping
on variables. I'd disable ScriptLog, it's really
not intended for production environments. Check
your suexec log if you have suexec enabled (and you
should). -tom
\_ race condition |
| 2001/7/12-13 [Computer/SW/WWW/Server] UID:21788 Activity:moderate |
7/12 Hello MOTD, sorry to bother you (again) but you always know
all the good (and bad) apps. I am looking for log utilities
to manage my apache logs. I need something to rotate/gzip/etc.
the logs and something to do simple analysis (and some historical)
I'd prefer a script where i can see what is going on over a binary
like webalizer, but whatever. As for the rotatelog utility that
comes with apache, it is broke in the version i am running and i
don't want to upgrade.
\_ If you want to do this correctly, you need Apache's rotatelogs
utility, which almost certainly works in the version you have, but
not in the way you want it to. What rotatelogs does is accept web
logs on stdin and write them to files with seconds-since-the-epoch
filenames, starting a new file once a week. You need that, because
you can't move the logs out from under Apache safely (and if
you do, you need to restart the server, which would cause
disruption of service). So then you just write a cron job to
gzip the logs, and use analog to analyze them (analog will also
analyze gzip'ped logs). -tom
\_ I have an error_log.0994896000 that goes back to yesterday
AND i have an error_log that goes back a long long time.
This is broke or (perhaps more likely) i am doing something
wrong. What would you suggest i am doing wrong?
\_ you have to set up rotatelogs on your ErrorLog
line as well as your TransferLog or CustomLog
line in httpd.conf. -tom
\_ Or cronolog, which lets you specify the naming scheme --dbushong
\_ rotatelogs blows. cronolog is much better. -ERic
\_ Hey tom, why is it unsafe to move logs out from under Apache
if you restart it? Also, restarting Apache takes something
on the order of seconds, so the disruption of service is
nigh-invisble, is it not?
- Rotates logs manually and restarts Apache
\_ It depends what you're serving. If someone is downloading
a big file, for example, either their download will hold up
the server respawning, or the download will be killed when
you restart. If you have only small content and don't
care if you occasionally serve broken images or pages,
it's not so bad. Still, it doesn't cost much to do it
right. -tom
\_ I ran an app that was using jserv, and stopping and
restarting apache was a major pain. rotatelogs was
the best solution. -ERic |
| 2001/6/12-13 [Computer/SW/WWW/Server] UID:21492 Activity:high |
6/12 Accourding to the Apache docs the "warn" loglevel gives you good
stuff like:
"child process 1234 did not exit, sending another SIGHUP"
From experience, it also gives you lame ass stuff like every time
some one hits a graphic. There must be a way to keep the former
and loose the latter. Isn't there? If there isn't this will be
the first time i have been disappointed with apache. If there is
What is it? -tnx.
\_ lose. Learn to spell, loser.
\_ Ass. fuck off, you half-witted, anal-retentive ass-hole.
\_ Moron. You can't even spell asshole properly.
\_ Don't you mean "Learn to spell, looser" ?
\_ Don't you mean "Learn to spell looser"? |
| 2001/4/14-15 [Computer/SW/WWW/Server, Computer/HW/Drives] UID:20977 Activity:low |
4/13 Marketing wants to keep all the apache logs FOREVER. I just can't
see holding onto 50 lines of "GET /some/dumb/graphic.jpg" per page
view per person. Anyone have any script(s) which will eliminate
all that excess info and leave me with less log to archive?
\_ grep
\_ why do you care? let them do their stupid shit.
\_ Yeah like this is so much work for you. gzip *.log and tar it to
tape. Who cares how much is in the logs or that everything is
crap or that no one will ever look at it again? Who is to say that
those 50 lines of GETs have no value to someone else? Maybe someone
will analyse the logs and determine they should be caching some
stuff or build out a separate images server or use akamai or who
knows? You don't. Just do your job and stfu.
\_ Run samba on the webserver. Mount their personal Vindoez shares
on the webserver. Give them the info. -John
\_ I think they want it "archived permanently". The logs of any
reasonably active site will outgrow disk space very quickly.
\_ No they wont: do the math. 1M hits/day * 1k log/hit = 1GB.
1GB * .1 (compresses well) * 365 days/yr = 36GB/yr.
Just buy the disk. -ausman
\_ I did the math when I was in this position. I used /bin/du
on my *.log.gz files and it was over 500m a day compressed
and growing (as traffic increased). /bin/du on a real site
gave better numbers than your guesstimates. Also, dumping
to tape means the low end tape monkey just swaps tapes as
usual when his email tells him to, as opposed to someone
having to bother buying a new disk every X many months
because someone decided "gzip *.log" was too hard to cron.
Oh yeah, the cron would actually have to remove the logs
after they hit the tape. Yeah, it's a toughy. Might take
almost as long to write that script as we've spent talking
about it. -hates "sloppy-sysadmining-for-no-reason"
\_ toughy? doesnt it go away by itself? newsyslog, gzip
compressed DLT, if lucky down to .25 size (not .1)
not that bad, eh? I think we have some dumb sysadmins. |
| 2001/3/13-14 [Computer/SW/WWW/Server, Computer/SW/Languages/Functional, Computer/SW/Unix] UID:20762 Activity:moderate |
3/11 Besides "my other car is a cdr", what's the best geek sticker you've
seen?
\_ That's hardly a "good" bumper sticker. It's completely lame. Or
maybe that's your point and you actually really do find it "kewl"?
\_ FEATURE (on a new bug)
and.. VRFY ME (frame says "my voice is my passport")
\_ STFU
\_ "Bus Error! Take the Train!"
\_ This doesn't really count but my old math teacher's maxima had
modified plates that read "dy/dx=0"
\_ My HS chem teachers read "PV=NRT"
\_ _
| x n
| e = f(u )
_|
\_ I saw plates once that said 3BPD826.
\_ What does that one mean?
\_ Not a God damned thing. It's a license plate.
\_ Lamer in my complex with GO7 R3WT
\_ I saw some dolt with "port 80" Who would do this?
Tim Berners Lee perhaps? _/
But I believe he lives in
Geneva so its probably not
him. I've also seen "httpd"
as a license plate. Thought
that it was pretty lame.
I saw RFC1771 and figured
it was Tony Li's car.
I think that a plate that
said RFC1149 would be really
cool, provided you contributed
to it.
Made me want to go get "port 70" now THAT would be L33T
\_ I've got dibs on port 22! |
| 2001/2/7 [Computer/SW/WWW/Server, Computer/SW/Languages/Misc] UID:20525 Activity:very high |
2/6 web monkey question: how can I make a webpage include the
contents of one html file from within another html file? for
example, I want my webpage, index.html to include the contents
of a file called title.html whenever it's loaded, so that I
can change titles by just changing title.html without touching
index.html. what's the easiest way to do this?
\_ you need some kind of server-side processing done. the exact
details it will depend on what kind of web server you're using.
Most of the time you'd just add a line like the following to your
page: <!--#include file="foo.html" --> . You may need to
specifically enable SSI on your web server and give your pages
a special extension (e.g. .shtml, .asp, ...)
\_ my webserver is Apache. Do I need to call the file index.shtml?
anything else I need to do?
\_ you might need to modify your .htaccess file. See
http://httpd.apache.org/docs/mod/mod_include.html
Note that if the web server you're talking about is soda,
you don't need to do anything special; just add the
<!--#include ... --> line.
\_ can you specify a url for the content of a CSS? -ali
\_ URLs to cascading style-sheets can be given in a <LINK ...>
tag, which will be handled by the client, not the server.
\_ not afaik, but you probably could use a combination of
SSI and <style> ... </style> tags to do what you want. |
| 2001/1/25-26 [Computer/SW/WWW/Server] UID:20430 Activity:kinda low |
1/24 I've heard of companies making daughterboards that process SSL
sessions to offload the CPU to do the real work. Anybody know where
I can find them? I searched for "SSL daughterboard" and some other
similar words and couldn't find anything. Thanks.
\_ Don't erase correct answers. SSL accelerator cards are made by
nCipher, Phobos and Rainbow.
\_ bigIP makes one for their load balancers. http://www.f5.com
\_ DON'T! DON'T DO IT! -John
\_ Intel makes a box you put in front of the web server. BigIP/F5
has an add-in card as stated above. Ask their sales guys how they
compare to their other competitors to get the full list. That
trick always works.
\_ The Intel Box 2180 kicks serious butt compared to the F5.
The daughtercard does RSA and cipher ops in HW and more
the point-- BigIP == BSDi + rainbow card. Check out
http://www.rainbow.com and there is one or two other people out
there selling similar products. THe bad thing there is
they only do the SSL symmetric key negotiation RSA ops in
HW. I.e.. you get one per interactive session, so you
in effect get little if any speedup in real situations.
What blows my mind is that Intel and F5 sell these boxes
for ~ $50k+. They are little more than BSD + regexp
parsing http headers in hacked kernel. ack...
\_ Intel has an ssl-decrypt-only box for much less
where you put their box inlineon the wire. SSL
goes in the front and decrypted stream comes out
the back wire. I _think_ it was about $1.5k/box
or so but I can't recall for sure. The $50k thing
was a full load balancer/ssl decrypter/switch/etc/
do everything box. You can put the ssl-only box
in front of your bigip or other load balancer.
Can you explain why you say there's no real speed
increase with the bigip/rainbox combo in the real
world? I'm not getting it. |
| 2000/12/12-13 [Computer/SW/Security, Computer/SW/WWW/Server] UID:20073 Activity:nil |
12/11 What are the security implecations of allowing the Delete method?
Does apache allow that by default? Does it really mean that any
user could send a header commanding your server to delete any file
that nobody is able to write? If so, how do you disable this methd?
\_ Something like
<Directory />
Deny all
Allow GET PUT other-explicit-methods-you-like
</Directory> |
| 2000/12/5-7 [Computer/SW/Security, Computer/SW/WWW/Server] UID:20009 Activity:very high |
4/249 I think my employer logs all web traffic. Is there any free software
I can run to block this? Like a proxy or some sort? Thanks.
\_ http://www.anonymizer.com
if you don't want to pay for ssl service do the following:
1. setup apache+ssl at home
2. write a cgi that takes in url request and then forwards
it to anonymizer and parses the response to get rid of
the annoying tags.
3. configure your browser to use your home box as a proxy
Other options include hacking junkbuster to support https.
\_ j is that you?
\_ you idiot, I can't even log into soda from work thanks
to a certain wonderful firewall.
\_ yes theres plenty of ways to do this.
\_ obhttp://www.zeroknowledge.com (it's what it was meant for -
i.e. people not knowing what you are doing exactly)
\_ How to check that the company logs all web traffic?
\_ write a bot that hammers a bunch of sites, such as http://apple.com,
http://sun.com and http://microsoft.com. run it on your machine and all the
other machines you can get your hands on. Clueless admins will
think that its 'software updates' or some such thing. Your
real traffic will be obscured by the noise. Eventually the will
give up and realize that logging is stupid. |
| 2000/11/7 [Computer/SW/WWW/Server] UID:19668 Activity:moderate |
11/07 If the URL is HTTPS, why do some sites have a popup to ask me to accept
a certificate while others don't? For the sites that don't, are they
pretending to have SSL turned on?
\_ The ones that don't prompt you are using a certificate that
your browser has already accepted, like one from Verisign or
Thawte. You can verify that the connection is really SSL by
checking for the key in the corner of your browser.
\_ Could be that your browser is set to automatically accept certs
from a trusted certificate authority. You can check the browser
to see which ones you will automatically trust. If the browser
doesn't recognize the CA as trusted, it will prompt you for
approval. |
| 2000/10/19-20 [Computer/SW/WWW/Server, Computer/SW/Unix] UID:19525 Activity:nil |
10/18 Why is soda so jerky and slow today?
Also, what's up with this httpd process?
PID USERNAME PRI NICE SIZE RES STATE TIME WCPU CPU COMMAND
11202 www 99 0 576K 676K RUN 81:53 38.53% 38.53% httpd
\_ Killed. -root |
| 2000/9/21-22 [Computer/SW/WWW/Server, Computer/SW/OS/Windows] UID:19304 Activity:moderate |
9/20 My Web page is getting an excessive number of hits from a
particular domain. What's a good way to block it?
\_ ipf
\_ Talk to your web server admin or read your web server docs.
\_ ACL on your router
\_ /bin/rm -rf $apache_dir $http_docs_dir
\_ OK I'll forward that request to root@csua right now
\_ use windows! |
| 2000/8/18 [Computer/SW/WWW/Server] UID:19031 Activity:nil |
8/17 Apache debugging question: why would "<DEAD>host/~peterm/"<DEAD> "<DEAD>host/~peterm/index.html"<DEAD> work but "<DEAD>host/~peterm"<DEAD> not work? What specific fault in httpd.conf? (apache 1.3.12) --PeterM \_ http://www.apache.org/docs/mod/mod_dir.html You should have this enabled in httpd.conf: LoadModule dir_module modules/mod_dir.so (seems to be default enabled in 1.3.3) -alexf \_ default pages should be set to index.html \_ apache needs to know that it's supposed to redirect directories to the tailing / version. And when it sees /, it goes to whatever is set to default (home.html, index.htm, etc) RTFM for the particular directive you need to use. \_ Answers: $1 Answers (requiring thought): $5 Answers (correct): $20 Dumb looks are still free. |
| 2000/8/16 [Computer/SW/WWW/Server] UID:19012 Activity:kinda low |
8/16 "A process that has exited and has a parent, but has not yet been
waited for by the parent, is marked <defunct>." Or so says the Man
page. I have a ton of <defunct> processes on a Solaris 5.7 box.
They are old Apache httpd processes. What should i do? (i restarted
the machine once before when this happened and now its happening
again). I can't believe Apache is giving me problems. Of all the
apps I've ever loved. I must be doing something wrong, but what?
\_ What version are you running? This was a problem with older
1.2.x and (don't remember) some 1.3 releases. Upgrade to 1.3.12
and your problem may disapper.
AFAIK, you shouldn't have to reboot to solve this problem,
just start and stop apache:
# cd <path to apache install directory>/bin
# ./apachectl stop
# ./apachectl start
for a ssl server use startssl instead of start. |
| 2000/8/6-7 [Computer/SW/Languages/Misc, Computer/SW/WWW/Server] UID:18894 Activity:high |
8/5 I set up apache and it has XBitHack set on. I read the apache
docs but i don't really understand what significance it has.
any pointers?
\_ if you chmod +x your html file, it will be server-parsed. -tom
\_ I don't understand what that means, to be parsed by the
server. What does the server DO to it that it wouldn't
otherwise -top
\_ http://www.apache.org/docs/mod/mod_include.html
\_ Look at www.csua/~phale and ~phale/stats.html
he uses them quite a bit... notice the date and
quotes from fortune.
\_ The fortune thing is kinda fun sometimes because it
sure brings up some fun/nasty sexual references on my
web page. Sure shocked the hell out of my mother!
Then again, if I wanted to shock people, I should just
post some of the discussions from the motd. -phale |
| 2000/7/31-8/2 [Computer/SW/WWW/Server] UID:18832 Activity:moderate |
7/31 What's the difference between compiling apache+ssl and apache using
mod-ssl?
\_ apache and SSL can integrate either using the mod_ssl module or
the ApacheSSL module. mod_ssl is just one of those two choices.
\_ mod_ssl is pretty much the standard, these days, it's well
maintained and integrates well.
\_ geez, man, don't cram opinions down their throat.
\_ It's the motd. It's obviously an opinion. The problem is
not their opinion but that they didn't answer the question.
\_ Apache+SSL is a patch directly to apache to handle SSL. mod_ssl
is some patches to apache to make it handle ESAPI (or something
like that, don't remember), then an upgradable module to handle
the actual SSL. |
| 2000/7/18 [Computer/SW/WWW/Server, Computer/SW/Unix] UID:18705 Activity:nil |
7/17 Anyone know of a website where you submit a CSR from your web
server, and sends you back a test certificate for your server?
A test CA I guess? I found a site that did just that before,
but I no longer have the http addr. Thanks -byeung
\_ http://www.verisign.com |
| 2000/6/26-27 [Computer/SW/WWW/Server, Computer/SW/OS/Solaris] UID:18552 Activity:moderate |
6/26 Trying to install Apache-ssl on solaris. I have neither /dev/random
nor /dev/urandom. Do i really need them? Where can i get them? /
how do i get around needing them?
\_ You can't get them. Try reading the instructions - other people
run on Solaris, so there must be a workaround.
\_ you CAN get /dev/random, FROM SUN. you have to know whewre
to look. but you dont "need" them, anyway. |
| 2000/6/23-24 [Computer/SW/WWW/Server] UID:18529 Activity:moderate |
6/22 I can't find Patch 2.1 or 2.5 for Apache with SSL! Where is it?
\_ Huh? Get Apache 1.3.12. Get mod_ssl 2.6.4 (http://www.modssl.org
\_Um, not using modss, using apache w/ open SSL. However, I am
a dumbass and the Patch, which i was being told is to old is
Gnu's "Patch" utility and not the SSL stuff that "patches" apache.
so now i have it and have another problem with getting it to
run both ssl and regular connections. -dumbass
\_ dumbass, it's you! Where have you been??? -dumbass #1 fan
\_ Reinstall with new apache and use mods. |
| 2000/3/3-4 [Computer/SW/WWW/Server, Computer/SW/OS/Windows] UID:17682 Activity:moderate |
3/2 for all you windows ppl, which is the best web server for win98?
\_ None. Win98 is a client OS, not a server.
\_ Personal web server.
\_ get this one; it comes from the m$ website or you can get
it along with vis studio. It's remeniscent of the iis setup.
\_ Apache.
\_ Back orifice. Yes, it has a web server, and if you are running one
on winderz you're going to get owned anyway.
\_ Don't do this. |
| 2000/2/8-9 [Computer/SW/WWW/Server] UID:17460 Activity:high |
2/8 SSLeay/OpenSSL question. I downloaded and built OpenSSL but
when I read the legal stuff, it sounds like its not legal for
me to use it unless I tell RSA or someone and pay for a license.
Does anyone know what I need to do if I intend to use it for
non-commerical purposes?
\_ Just use it. They're not going to bust you. really. sheesh.
\_ You have to use the RSAREF library or wait for the patent to expire
in the US.
\_ Am I correct in assuming that this library is the one
located in the rsaref directory in the OpenSSL sources?
OpenSSL seems to build it by default, so if its legal to
use this library, why do they have all the warnings?
\_ because it's only legal to use without a license for
non-commercial use as narrowly defined in their docs
\_ hasn't this stupid patent expired a million times already.
or am i getting that mixed up with some other encryption
patent?
\_ I believe it expires in September of this year.
\_ September 20. We should have a party or something.
\_ Uh yeah, whatever. As if the patent has stopped
_anyone_ from 'illegally' using it at home or for
other personal use.
\_ *I* can use it sure, but plenty of others can't
because they are for ex. companies and sueable.
The patent's expiration will help Internet
security by making it easier to distribute
things like IPsec.
\_ If they want it, they can fucking *pay*
for it. I shed no tears for corpo maggots
whining about not having the free use of
other's technology to improve their own
corpo maggot share value. |
| 2000/2/7-8 [Computer/SW/WWW/Server, Computer/SW/OS/FreeBSD] UID:17450 Activity:high |
2/6 What is the best way to do load balancing using Apache? Is there
such thing as a load balancing HW router that can re-route based on
HTTP header request (in the application layer)?
\_ Cisco's Local Director. F5's stuff.
\_ I first liked F5, and then their boxes started crashing with
extensive load. If you use any SSL connections, [SSL requires
session state], than don't go with F5.
\_ also arrowpoint, or if you dont want to spend $20k per box, you can
use the FREE linux virtual server. http://www.linuxvirtualserver.org
\_ Unless you want a stable and functional system for your
multi million dollar web corporation.
\_ Hey, if you have a multimillion dollar web corporation
then you wont mind paying $50k for a proper commercial
solution.
\_ First rule of coporate IS management. Why hack
something when you can just BUY it?
\_ Exactly my point. If you _need_ load balancing,
you can afford to _buy_ load balancing and the
price is just the cost of doing business. No big
deal. If you wince at the price, you didn't need
it (even if you thought you did). If you were
being sarcastic, which I think you were, I have
intentionally ignored the sarcasm because what you
say is true whether you think so or not. I don't
run my systems on a "hack".
\_ Except that what you get probably is an x86 PC
with a slightly modified Linux or *BSD on it. Just put
it in a fancy sealed case, call it ... "appliance" and
demand an exorbitant amout of money for it. Works
every time. The oldest product on the load balancing
router market is Coyote Point Equalizer and it uses
FreeBSD. -muchandr
\_ Yup and I get tech supprt and I keep my job when it
keels over and I know there are people on the other
side working on it everyday to keep their jobs, not
just for kicks when they feel like it. If you can't
afford the price, you didn't need it. Try telling
the CEO that you saved him $20k but killed his
company. It'll go much easier if you can point a
finger at the vendor and pressure them to fix it
*now*. If you're running your own startup, you can
try explaining to the VC's how you saved $20k of
their money but lost the $15m+ they gave you in
funding. Welcome to the business world. CYA. |
| 2000/1/31-2/1 [Computer/SW/WWW/Server] UID:17387 Activity:moderate |
1/31 How do you setup SSL on Apache? Is it very difficult?
\_ yes. If you want easy, PAY FOR A PRODUCT.
\_ If you want legal in the us, you must pay anyway.
\_ Summary: If you don't think RSA is going to hunt you down personally:
run mod_ssl which is fairly easy to build and install.
\_ i've never heard of an instance where anyone cared that RSA
was being used so much that they hunted the culprits down.
\_ They're silenced quickly. You wouldn't have heard.
If it's a high profile commercial site, use Raven
(http://www.covalent.com or, if you want to support Sameer,
use Stronghold (http://www.c2.net
\_ Sameer left C2 - read his interview on http://www.guru.com
\_ old old old news... |
| 2000/1/23-24 [Computer/SW/Security, Computer/SW/WWW/Server] UID:17302 Activity:nil |
1/21 Anyone have a page where I can find stuff on headers for our apache web
server? We have authentication, though we've realize that caching
really is another issue entirely and would like our pages to have the
same behavior as the portals (e.g., yahoo, aol) re browser based
email authentication
\_ http://www.hamsterdance.com
\_ Don't go to hamsterdance. You're looking for
http://windowsupdate.microsoft.com.
\_ Would you care to try again except use English and format to
between 76 and 80 columns?
\_ Reformatted to fit on 80-column punchcard. - motd punchcard god |
| 1999/10/28-31 [Computer/SW/WWW/Server] UID:16783 Activity:nil |
10/28 Web server development contract described in /csua/pub/jobs/WEBDEV
Check it out. -dqw |
| 1999/10/16-18 [Computer/SW/Security, Computer/SW/WWW/Server] UID:16714 Activity:nil |
10.15 Apache on RedHat- set UserDir to public_html in httpd.conf,
with no specific directory permissions. I still get
"Forbidden You don't have permission to access /~{user}
on this server." What do I have to set to make this work?
\_ look in your error log for chrissakes. -tom
\_ Oh. Thanks.
\_ You likely need to make sure that both the public_html dir AND
the USER directory are WORLD executable. -crebbs |
| 1999/10/12-13 [Computer/SW/OS/Linux, Computer/SW/WWW/Server] UID:16693 Activity:nil |
10/11 What settings do i have to change so that apache will allow ~user
Web pages on my linux box.
\_ UserDir -tom
- obvious troll deleted and will continually be. Lets have some good,
coherent discussion, people.
\_ drop the chalupa
\_ Read the conf file comments. It's pretty clear. I'd say RTFM,
but you don't even need to do that much reading to figure this
one out. |
| 1999/9/28-30 [Computer/SW/WWW/Server, Computer/SW/Security] UID:16614 Activity:high |
9/28 Hi -- say Im using apache+openssl, but Im using basic (not digest)
http authentication for a dir under https; is that initial password
transaction encryped over ssl? In other words, do I make basic http
auth more secure (non-sniffable) by using openssl, or am I still
screwed. Yes, I could sniff the packets, but Im lazy:)
\_ Get your lazy ass outta your chair, pick up your Visa, and buy
Stronghold!
\_ apache+openssl is working fine and free -- I just had the
above question, that's all. Do ya know the answer?
\_ And illegal in the US, but who cares about that...
\_ if you're too damn lazy to run "tcpdump 443 | strings", you
\_ They can have my STRONG CRYPTO when they pry
it out of my cold, dead hands!!!!~@~@!!!@~@!@!
\_ You'd be the first to give up your strong crypto
when the MIB show at your door. Talk is cheap.
\_ It's not the men in black coming after you
it's RSA's lawyers with patent infringement
lawsuits.
\_ What color suits do lawyers tend to wear
these days?
\_ if you're too damn lazy to run "tcpdump port 443 | strings", you
deserve to get hacked, then fired.
\_ I think a more important issue (it turns out) is client
caching of the password, so it's a bad idea anyway....
\_ I thought it was legal as long as you didn't use any of the
patented crypto code like idea and rsa. --marc
\_ I refuse to use anything unless my use is considered a
violation of patent, copyright, or arms control laws. |
| 1999/9/26-28 [Computer/SW/OS/Linux, Computer/SW/WWW/Server, Computer/SW/Unix] UID:16602 Activity:nil |
9/26 I have followed all the instructions in "INSTALL.REDHAT" to
install php3 on my linux box. However, when i run a "httpd -l" it
does not display mod_php.c. Can anyone tell me or point me to
docs which tell me how to find and install the correct binary?
Thanks. -crebbs
\_ Was it a dynamic module? I don't have the "INSTALL.REDHAT" file
you're talking about (I don't use Linux for web service) so I
have NFC what sorts of steps you went through. If this is in
fact a shared module, then did you activate it? The solution
to your problem isn't straightforward with the information you've
provided. --sowings
\_ Fdisk, reinstall. Run an operating system you're capable of
dealing with. |
| 1999/8/19-23 [Computer/SW/Compilers, Computer/SW/WWW/Server] UID:16344 Activity:moderate |
8/19 Anyone have any experience setting up name based virtual hosts using
Apache? This is fake but I have one IP, 128.56.139.5, and two
name entries http://foo.com and http://bar.com. In my httpd.conf file I have
<VirtualHost 128.56.139.5>
ServerName http://bar.com
DocumentRoot /~jondoe
<VirtualHost>
but now when I type http://foo.com or http://bar.com into the
browser it gives me the message
"Not Found The requested URL / was not found on this server."
Anyone know what's wrong with this.
\_ Apache doesn't grok "~"; use a full path. -tom
\_ grok? y00 R s0 ]<-00|_ !!!111
\_ D00de! Warez y0r dikshunary? Wutz 'gr0k' meen? U R K00l!11
\_
grok /grok/, var. /grohk/ /vt./ [from the novel
"Stranger in a Strange Land", by Robert A. Heinlein, where it
is a Martian word meaning literally `to drink' and metaphorically
`to be one with'] The emphatic form is `grok in
fullness'. 1. To understand, usually in a global sense. Connotes
intimate and exhaustive knowledge. Contrast {zen}, which is
similar supernal understanding experienced as a single brief flash.
See also {glark}. 2. Used of programs, may connote merely
sufficient understanding. "Almost all C compilers grok the
`void' type these days."
\_ d00de, t0m iz ay MARSHUN??? thatz r/-\d!!!11
\_ gr0k!!111 tom iz s0 k00l h3 kan gr0k!@111!11 d00ewde!!!@
\_ Y d0 yu kepe rem00vein mye k-rad c0mmetz 2 t0M? eye leik t0m,
hez s0 k00l cuz hez D gr0k mast0r!11 t0m iz rad!11 t0m iz rad!1
t0m iz rad!1 t0m iz raf!!1 yeh d00dez r0k 0n!1111
\_ Not only that, but grab the latest (1.3.9) for better
virtual hosting features. |
| 1999/7/5-6 [Computer/SW/WWW/Server, Computer/SW/OS/Windows] UID:16076 Activity:moderate |
7/5 Show all those linux freaks how superior Windows NT Internet
Information Server is over Apache. Check out:
http://www.eeye.com/database/advisories/ad06081999/ad06081999.html
A web server just isn't a web server unless you can execute
arbitrary commands remotely without authentication.
\_ This is old as the hills. Why don't you post solaris 2.3 holes
too? Be about as meaningful. Every decent admin on the planet
patched this long before you heard of it.
\_ Every decent admin wasn't using such flaky software to begin
with. |
| 1999/6/11-12 [Computer/SW/WWW/Server] UID:15949 Activity:very high |
6/11 I've got apache running as user 'nobody', but I'm writing some DB
access CGI's, that need to execute under a different user ID. Is
there any way of doing this short of running a second httpd on a
different port, the second instance of httpd running as the db
access user?
\_ compile apache with suexec, and put the database CGI's in
~database/public_html. And you really should be running
apache as something other than "nobody". -tom
\_ setuid bits might work. Most OS's will allow suid to do what you
want.
\_ No, some OS's won't let you run scripts suid.
\_ Already tried it... doesn't work (at least, not under apache
1.3.6) -- even setuid'ing the executable as the DBA
user, when the CGI is executed, it still runs as user
'nobody' (which is what I have httpd running as).
\_ Why did someone delete the correct response? Apache has a
mechanism for doing this--compile it with suexec, and put the
script in a user public_html directory. And you shouldn't
be running apache as "nobody". -tom |
| 1999/2/1-5 [Computer/SW/WWW/Server] UID:15339 Activity:nil |
2/1 Oh shoot, some junior university has the World's smallest web server.
<DEAD>wearables.stanford.edu<DEAD>
\_ Maybe the Post-PC people on this side will compete with them... |
| 1999/1/14-17 [Computer/SW/WWW/Server, Computer/HW] UID:15235 Activity:low |
1/13 I'm thinking of buying a RedHat Secure Web Server (it only cost $61
now at Frys). Here is my question. Must the secure server be on the
internet (persistent connection)? Can I install it on multiple machines
or is it single machine based (ie. I need a special certificate thingie
from the trusted site for each machine)?
\_ You can use one certificate for multiple machines provided that
they each have identical IP and FQDN. Beyond that it gets
pretty dicey. But this setup will allow you to round
robin to a large number of machines.
In general you want a web server to be persistantly
connected otherwise people won't use it. --appel
\_ You can use one certificate for multiple machines provided
that they each have identical IP and FQDN. Beyond that it
gets pretty dicey. But this setup will allow you to round
robin to a large number of machines. In general you want a
web server to be persistantly connected otherwise people
won't use it. --appel
\_ Ah, gotcha, so if I purchase a secure server, I can't install
it on many different servers because the secure server needs
some special certificate thingie from certified RSA sites right?
Why is the following server (with RSA license) so cheap $61????
<DEAD>necxdirect.necx.com/cgi-bin/auth/ifilelnk_q?key=0000131917&nonce=guest<DEAD>
\_ To use HTTPS you need to purchase a certificate from companies like
Verisign/Thawte/etc. The RedHat secure server is really a FALSE
ADVERTISEMENT. It is like advertising a new car that costs $5000.
After you purchase it, the manual, with fine print, says you must
purchase transmission and engine, sold separate for another $10,000.
\_ Generate them yourself with SSLeay! The user will then have
add the CA (you) to the list of trusted CAs
\_ is R.S.W.S. JUST a web server, or is it basically
"install this CDROM, and you get a black box that does web serving"?
(except technically, it's a clear box, but anyways...) |
| 1998/12/3-4 [Computer/SW/WWW/Server, Computer/SW/Unix] UID:15064 Activity:moderate |
12/3 According to "man www" if I want to have server side includes on
my web page off of csua, I need to either change the file
extension to .shtml or make it executable. Is there any reason why
I shouldn't just change all my web page file permissions so I can
avoid having everything end with .shtml?
\_ for files identified as SSI-capable, the web server preprocesses
them line by line for every page hit. normal files are served
up "straight" without this overhead. --jwang
\_ So we're talking about a difference of probably milliseconds
per page load here?
\_ I've done this on a Linux server. I found differences of
several seconds. I never did figure out why the huge
difference.
\_ the only way there might be that much of a difference is
if your WWW server is CPU-bound (extremely unlikely) or
you're getting the documents off NFS or something. It
should not be a noticable difference. -tom
\_ But it is possible. It does depend on what is being
interpreted by the SSI. Use .shtml only if necessary.
\_ Are you implying it's better to make your file
executable then? Or in general, use SSI only if
necessary.
\_ the latter. -tom |
| 1998/11/22-24 [Computer/SW/WWW/Server] UID:15000 Activity:nil |
11/21 Is csua's webserver php3 enabled?
\_ Mail www@csua and ask - they are the ones who know the answer
and will give you the right one, unlike the motd. Plus, you
don't have to worry about the question or answer being deleted
before it's read. |
| 1998/4/16-17 [Computer/SW/WWW/Server] UID:13966 Activity:high |
4/16 What do you have to do to have a web page with a secure
connection? I assume there must be a way for a CGI script to
interact with the server to send the info. How would it work on
Soda?
\_ SSL uses RSA, which means it costs money.
\_ SSL uses RSA, which means it costs money, which means no SSL on Soda
\_ ask root to install stronghold or apache-ssl
\_ apache-ssl is illegal in the us
\_ donate $175 for a server certificate or con sameer into
donating one or it's worthless
\_ sameer/C2 has offered stronghold to us in the past. We'd still need
to fork over $$ for a certificate, but that wouldn't be too bad.
Supposedly they're in the ~100/year range from thawte.
\_ stronghold is crap. c2 support is a joke.
\_ Think Netscape or M$oft will give us a similar product
that is 'supported' on freebsd? Compared to the
alternatives, C2 RULES!
\_ hell, if it even is produced, let alone supported
\_ And why hasnt the CSUA taken sameer up on this offer?
\_ need for a certificate, and/or excessive slack.
\_ Lack of real need.
\_ Whaddya mean, lack of real need? If soda supported SSL,
then safari could do a pay-for-porn Web site, taking
credit card numbers right there on the spot. The CSUA
could take 5-10% off the top . . . pay for the cert.,
plus a year-round fundraiser for the hardware fund.
\_ Yup. Like I said, "Lack of real need". Besides,
aren't you a member of the FPF?
\_ C2 rewls over all of you
\_ Hey, ast least they have Freebsd support. What are our
other secure-server options, and are they any better?
\_ I dont know too much about secure servers, what do they do for you
that is so great?
\_ Let you safely sell porn to net.people without fear of
their CC#s getting snooped. |
| 1998/2/20 [Computer/SW/WWW/Server] UID:13708 Activity:nil |
2/20 Apache 1.3beta5 Released |
| 1998/2/13-14 [Computer/SW/WWW/Server, Computer/SW/Languages/Web] UID:13666 Activity:kinda low |
2/13 So what's the new deal with soda webserver? Total quota now = 10MB?
\_ No. Use "quota -v"
cgi works? How--cgi-bin directory, anything called .cgi, etc...?
\_ *.cgi
what else does webserver do? Server-side includes, wrapping, logging?
\_ Yes, no, yes. |
| 1996/10/29 [Computer/SW/Security, Computer/SW/WWW/Server, Computer/SW/Unix] UID:31973 Activity:nil |
10/28 Why aren't the web server logs mounted on soda? People do like
to see who is accessing their web pages.
\_ Try mailing root and asking them. Most likely it's just something
no one's bothered to do yet as part of the changeover.
\_ I'll let you serve my logs baby
\_ I wanna see who's accessing your web pages, too... |
| 1996/10/19 [Computer/SW/WWW/Server, Computer/SW/OS/Windows] UID:31950 Activity:nil |
10/17 Hi, does anyone know of a web browser that runs on Linux, and/or
a web server that runs on Win95 (pref. free, of course). Thanks.
-barn
\_ go to http:///www.netscape.com for the Linux version of Netscape
and http://www.apache.org for the Apache WWW Server.
\_ Apache runs on Linux (and other unixes) but not 95
If you want to be a web server, get a real OS on that
box - Win95 will *NEVER* be a decent web server (you
could go to NT, but you'll have to pay through the nose
for NT Server since Microsoft has f*cked-up license
restrictions against using NT Workstation as a server).
\_ Thanks for the info. I just wanted to test a server on W95, not
actually use it for anything real. -barn |
| 11/23 |