|
12/25 |
2011/7/7-21 [Recreation/Dating, Computer/SW/WWW/Server] UID:54140 Activity:nil |
7/7 I haven't been to Berkeley lately. Has it been foggy at night? Wanna take my girlfriend up to see the view from somewhere near SSL. Also, is there a particularly good lookout point? \_ No not foggy, but that looks to be changing. Lawrence Hall of Science is always good. Science is always good. -ausman \_ There's a motel by almost oakland on telegraph, you can take your "girlfriend" there, they have hourly rates. \_ did cmlee get his soda account back? |
12/25 |
2010/4/28-5/10 [Computer/SW/WWW/Browsers, Computer/SW/WWW/Server] UID:53806 Activity:nil |
4/28 I just discovered http://en.wikipedia.org/wiki/Gene_Kan and the account ~genehkan. How depressing. Did anyone here know him? What was he like? \_ motd has link to more info than wiki: http://csua.com/?entry=25306 \_ guess what. he was depressed. \_ I didn't know him but he seemed pretty nice and geeky. He was active in the XCF, but I don't think that exists anymore. \_ He told me he got to meet Lars and he had come up with a good way to move forward with internet music. Then he "suicided". \_ No, but I was friends with the Naked Guy when he was at Cal. \_ The Naked Girl lived at my coop. \_ It was really funny how fast after he died that the sysadmins of csua and xcf purged all his mail/accounts/homedirs. |
2010/4/19-5/10 [Computer/SW/Security, Computer/SW/WWW/Server] UID:53791 Activity:nil |
4/18 http://Apache.org hacked: http://www.theinquirer.net/inquirer/news/1601103/apache-hacked |
2009/7/2-16 [Computer/SW/Mail, Computer/SW/Security, Computer/SW/WWW/Server] UID:53106 Activity:nil |
7/2 Is imaps working? What are the hostnames of the "incoming and outgoing mail servers" for CSUA email, and what kind of options should one set? I also noticed that we seem \_ Setup yer .forward or .procmailrc for now. I'm at a loss, too. \_ <DEAD>mail.csua.berkeley.edu<DEAD>. Using SSH (on default port 993) like before. \_ <DEAD>mail.csua.berkeley.edu<DEAD>. Over SSL (on default port 993) like before. \_ alpine doesnt seem to work. i try Folders on <DEAD>mail.csua.berkeley.edu<DEAD>:993 in cur but get timeouts .. using cur for "inbox" folder |
2009/5/12-20 [Computer/SW/Languages/Java, Computer/SW/WWW/Server] UID:52990 Activity:nil |
5/12 Anyone here use THE JIRA for issue tracking? How much does it suck? \_ Don't really use it. Our team evaluated it and decided in favor of Bugzilla. Bugzilla doesn't cost $2k--though cost is negligible. The real deciding factor was that in my environment it can take 6 months to deply software not already on an 'approved' list, and Bugzilla was already on that list and JIRA was not. At the time of evaluation, JIRA had no support for SVN interoperation, but that has since changed. I realize this answer is mostly useless, but hey, at least someone cared. \_ I'm spearheading an effort to install it into our process. It has a lot more features than Bugzilla. The SVN integration you buy with a different product, Fisheye. The downside: JIRA is written in Java, and sometimes throws stack traces. We have yet to lose any data though. \_ I worked at a place that went from Bugzilla and wiki to JIRA and Confluence and while the transition was quite a bit of work, the end result justified it. Out of the box, it is as good and has a bunch of cool work flow stuff you can put in there to make you and your managers life a lot easier. Setting up the work flow is a big job though, so if you just want a ticket tracking system, I don't know why you would switch. \_ whats wrong w/ trac? ... esp if you want great svn integration. |
2009/5/7-14 [Computer/SW/Database, Computer/SW/WWW/Server] UID:52965 Activity:nil |
5/7 is there a wiki who's backend is stored COMPLETELY in mysql? data, pages, images, all that stuff? thanks |
2009/5/7-14 [Computer/SW/WWW/Server] UID:52963 Activity:nil |
5/7 I am trying to reproduce a customer bug where their apache header has the content-encoding as the last line in the header. My test platform is running apache2.2 on ubuntu. Is there a way to do this ?i I have already read the apache 2.0 docs and I dont see anything obvious ? page is txt/html |
2007/12/11-14 [Computer/SW/OS/Linux, Computer/SW/WWW/Server] UID:48785 Activity:nil |
12/11 Apache/Linux question: I've got apache 2.0.52 on an idle redhat box (2.6.9-55 kernel). Every so often one to four apache procs will run the cpu at 100% for any where from 15 to 90 mins, then drop back to normal. USR and SYS time both increase to levels that the production boxes don't reach when serving traffic at noon. I've checked apache and linux kernel versions, several /etc files, httpd.conf vs. boxes that don't do this. Nothing interesting shows in the logs. This is supposed to be a clone of other boxes that don't do this. Reinstalling from scratch is not an option for various reasons. Any ideas? thanks. \_ strace them to see what the hell they are doing. \_ Perhaps you have been hacked? |
2007/9/23-24 [Computer/SW/Languages/Perl, Computer/SW/WWW/Server, Computer/SW/Languages/Web] UID:48152 Activity:kinda low |
9/23 I have an Apache question: If I have a directory which allows both CGI handler and Perl handler (mod_perl) how can I tell which is being invoked by the web server? The scripts are being executed, but I have no idea if mod_perl is running correctly or if the CGI Handler is just picking them up and running them. How can I tell? \_ If you like wasteful suburban living, chances are you don't need to know if they're running. They're all magically taken care of by other tax payers, like freeways and support systems for your big suburban mansion. \_ http://modperlbook.org/html/3-10-How-Can-I-Tell-if-mod_perl-Is-Running.html \_ http://urltea.com/1khw (modperlbook.org) Also you're supposed to get a 50X performance difference so try out a bunch of your own DoS clients and see the latency or something. \_ http://www.perlmonks.org/?node_id=377648 Check the http header! Look for: HTTP/1.1 200 OK Date: Tue, 27 Jul 2004 07:10:54 GMT Server: Apache/2.0.48 (Unix) mod_perl/1.99_13 Perl/v5.8.0 PHP/4.3.5 <=== !!! ... \_ I do not think this is valid for RHEL, which loads mod_perl as a .so. Certainly my server does not say this and yet it certainly does not complain when it loads the module. RHEL installs apache as an RPM and mod_perl as another RPM, so I don't think the apache ID string reflects reality. My question is not really "Is mod_perl installed?". I am sure it is. The question is "How do I know that my configuration is working the way I want it to, with mod_perl handling the .pl scripts instead of .cgi?" |
2007/4/30-5/4 [Computer/SW/Languages/C_Cplusplus, Computer/SW/WWW/Server] UID:46485 Activity:nil |
4/30 Technical question: I have a threaded webserver, one thread waits around and calls accept, then pulls threads out of a thread pool to handle the requests. I want to be able to shut down the webserver cleanly, so I have the main thread wait for a signal to shutdown. It then joins on the accept thread while the accept thread cleans up the threadpool. The only problem is, how do I get the accept thread to exit? I can't get it to stop waiting on accept. Even closing the socket out from under it doesn't always get it to wake up from the accept call. Is there a standard way to handle this? Addendum: Oops, Using C on *nix. \_ Umm, what language are you using? \_ obviously english. :D \_ Use select to see if there is something available on the socket before you accept. Create the accept socket with O_NONBLOCK. It's all in the man page for accept. \_ You generally need to use select(2)/poll(2) on the fd to make sure there is something to read before calling accept(2), or you will run into this problem. Take a look at Stevens, Unix Network Programming Vol. 1 2d Ed., Ch 6 and Ch 27 for fairly detailed examples of how to do this. \_ Use shutdown(fd, SHUT_RDWR) instead of close. It will wake up the accept. |
2007/4/20-24 [Science/GlobalWarming, Computer/SW/WWW/Server] UID:46387 Activity:nil |
4/20 Is there some reason why the apache logs are not world readable? \_ Because what other people are surfing is no one's business? \_ They used to be world readable. Among other things, this was useful because it allowed users to view the error log so they could debug cgi scripts. -dans \_ The undergrads surely made a conscious and well thought out decision to do things this way. Why don't you make a constructive suggestion instead of whining that things are done differently than they were in your day. |
2007/2/20-22 [Computer/SW/WWW/Server, Computer/SW/Security] UID:45782 Activity:high |
2/20 Any recommendations on a cheap/easy-to-use digital signature system? \- i dunno exactly wat you are looking for or what the status of this project is, but if the obvious [gnupg] wont do, you can google for AKENTI. --psb \_ What do you want exactly? A toolkit for digitally signing various files? OpenSSL is free. It is, however, a pain in the ass to use, but, once you know what you want to do with it, you probably won't ever have to figure it out again. -dans \_ Mostly documents that are federally mandated in the development process of medical software. The team is somewhat distributed, so I was hoping for something fairly easy to use. Years ago I'd have used PGP, but I don't know how things have progressed and what a good (preferably open) system is. \_ GnuPG is fairly easy to use and its free. Many commercial apps use it for digital signatures: http://gnupg.org \_ Yeah, I pretty much agree. If price is the key, find a decent frontend to gnupg and tweak it to fit your needs. If usability is key, it's worth buying a copy of PGP. Both support the OpenPGP standard. OpenSSL is too low level for what you want. -dans \_ GnuPG seems to be the way to go. I've got everything figured out except verifying signatures. Thanks for the advice. -op \_ This is from memory, not the man page, but I think it was something like gpg --verify. Or are you trying to do something more complicated? -dans \_ You're right that --verify is the command line solution, but I was going for something in a GUI. It turns out that GPGee (Win Explorer extension) has that ability, and works great. Thanks again. -op |
2007/2/13-17 [Computer/SW/Security, Computer/SW/WWW/Server] UID:45734 Activity:nil |
2/13 The personal webpages are now up \_ Ming-Hay \_ Thanks. Something seems a little messed up w/ the server config. The front page produces a server error for me, and the server is returning lists of files rather index.html for directories. \_ Agreed, things are fubar. I've written/tweaked/debugged an Apache config or twenty in my day so I'd be happy to look things over and help out, just ask. That said, I'm shockingly busy at the moment, so I may not be the quickest source of help. You may want to turn personal public_html directories off until you fix this as the current config does leak information, which has (IMO, minor) security implications. If you're a soda user, you can prevent people from browsing your public_html directories over the web until this is fixed with the following: chmod og-r ~/public_html -dans |
2007/2/11-13 [Computer/SW/Mail, Academia/Berkeley/CSUA, Computer/SW/WWW/Server] UID:45709 Activity:nil |
2/11 \_ Is POP back up? Haven't got it to work since Soda got back up. (SSL http://soda.csua.berkeley.edu port 995) \_ Legitimately curious, why use POP when you IMAP is available to you? -dans \_ Uh, isn't IMAP still down? I still can't access it -pmw \_ I neither know nor care. I forward mail off soda to a box where I run IMAP. :) -dans \_ In the past (1997) when I used IMAP, it would mark my messages as "read" when I read them on my client machine. I don't like this, I like to have the messages as two distinct instances, one on Soda and one on my home machine. If I read it on my client I want it to still show and unread on Soda. Also, IMAP is more for people with always on connections, which I don't have. That's why I prefer offline processing (Pop) vs interactive processing (IMAP). \_ Hmm, I don't understand why you'd want things you've read not to be marked as read, but if that's how you work, more power to you. It's worth noting that many modern IMAP clients, eg OS X's Mail.app, have excellent offline modes, which serves the same purposes as POP, but with IMAP's richer semantics. -dans \_ Thanks, maybe I'll check it out again. 10 yrs of software development may have fixed my intial hang-ups. |
2007/2/1-6 [Computer/SW/WWW/Server] UID:45637 Activity:nil |
2/1 Any recommendations for a real SSL cert provider? Is GoDaddy any good? \_ I used Verisign in 2000. Expensive but decent. Haven't tried anything else but I'm guessing they're pretty much similar these days. I like GoDaddy's fast web interface for domain name registration. |
2007/1/26-2/1 [Computer/SW/WWW/Server] UID:45600 Activity:nil |
1/26 Trying to connect to port 993 using SSL, in Thunderbird with no luck. \_ I can replicate this, but will have to tcpdump to figure out what the actual problem is. Try <DEAD>mail.csua.berkeley.edu<DEAD> (which hostname I'll have to gen a cert for at some point). -- darch \_ other than the cert not being in my CA list, SSL IMAP on mail.csua seems to work. Yay! Good job, darch! \_ what do you use for your imap path? I haven't been able to get file in my /var/spool/mail/{user} directory show up? |
2006/9/8-12 [Computer/SW/Unix, Computer/SW/Security, Computer/SW/WWW/Server] UID:44325 Activity:nil |
9/9 Is there a gzip-like unix command that will encrypt a file? I'm looking for something that's widely available. Thanks crypt (not very secure - DES). Or failing that, openssl or gnupg \_ openssl or gnupg... what are you looking for? Those will work fine.. \_ Thanks for the recommendations. I'm basically experimenting with a way of using my friend's computer to backup my personal files and using my computer to backup theirs. Of course, this means storing files in a way where we can't see each other's personal files. \_ I'd recommend checking out http://dar.linux.free.fr It makes the whole "backing up a bunch of files, encrypting it, and chunking it into bite-sized pieces" thing much easier than dump/tar + gzip + openssl. --dbushong \_ Oh, that is so cool. Thanks. My way was going to be much more convoluted involving ssh and a bunch of script writing. This should save some time. \_ One nice thing about using gpg (dump/tar | gpg) is you can do public key crypto and not ever have passwords stored in the script. I believe gpg also can chunk it into X byte chunks, optionally ascii armored, for emailing as well. (well, I suppose you could mime-attach it) \_ openssl bf-cbc -in file.txt -out file.txt.bfcbc # encrypt openssl bf-cbc -d -in file.txt.bfcbc -out file.txt # decrypt --dbushong \_ /usr/bin/{zip,unzip} on soda can take passwords. Don't know if they're widely available on other *nix's. |
2006/5/9 [Computer/SW/WWW/Server, Computer/SW/Unix, Computer/SW/Languages/Misc] UID:42993 Activity:nil |
5/9 Running httpd as nobody isn't that secure. If one asshole decides to do a DoS (fork script) as nobody, there's no way to track down the perpetrator. This is why "suexec" is highly recommended, plus users don't need to chmod a+rx script.cgi. \_ Uh, it's totally trivial to track down the perpetrator with or without suexec. httpd should run as something other than nobody, but that's only because nobody is over-used, and whether httpd runs as nobody is orthogonal to the question of whether suexec should be on. -tom \_ Ok fine. I gave a bad example, but we both agree that nobody is good. |
2006/4/24-25 [Computer/SW/WWW/Server] UID:42816 Activity:nil |
4/23 Is it possible to see the logs of the hits to my csua webpage? \_ /var/log/apache BTW, root types: it looks like whatever you have doing the rotation isn't HUP'ing apache after rotation: the server's currently (2006-04-24 16:41:52) ignoring "access.log" and is still writing to "access.log.1" --dbushong \_ I cannot read them, as I am not a root type. \_ Oh hey, sorry, whoops; didn't check the perms. There used to be some system wherein you touched a file in your homedir and logs to your /~username/* stuff got thrown there at rotation time... though I could be thinking of something else. --dbushong \_ I believe apache logs on old soda were wolrd readable. -dans |
2006/4/18-23 [Computer/SW/Security, Computer/SW/WWW/Server] UID:42779 Activity:nil |
4/18 Thanks mrauser for the call just now. root: I think one of the next priorities can be enabling POP3/SSL and IMAP/SSL. I'm going to download e-mail with the unencrypted connection, but I'll probably change my password once every couple weeks until the above gets online. Most if not all of the official UC e-mail systems now require SSL for downloading and sending e-mail, right? \_ Actually, all password transactions must be encrypted according to the Minimum Standards for Networked Devices policy. -tom \_ IMAP/SSL is now up, POP3 is down entirely. That should suffice for the moment. -michener |
2006/4/11-15 [Computer/SW/WWW/Server] UID:42731 Activity:nil |
4/11 Apache down also? \_ AFAIK, yes \_ it was up for a while? seems to be down now |
2006/2/28-3/1 [Computer/SW/WWW/Server] UID:42026 Activity:nil |
2/27 What apache2 directive should I use if I want apache to execute .cgi files that are symbolic links? Thanks. \_ http://httpd.apache.org/docs/2.2 Look at the Options directive. -dans |
2006/2/1-3 [Computer/SW/WWW/Server] UID:41660 Activity:nil |
2/1 In apache2 how do I make certain directories execute as certain user? Say I have the following and I want http://mydomain.com/bobby to execute as user 'bob': UserDir public_html <Directory /home/*/public_html> AllowOverride FileInfo AuthConfig Limit Options Indexes SymLinksIfOwnerMatch IncludesNoExec ExecCGI </Directory> Alias /bobby/ "/home/bob/public_html/" Alias /bobby "/home/bob/public_html/" \_ Not in currently released code from apache. they used to have an MPM that did something similar that never got enough work. But, you may want to lookup the "metux" MPM works along the same lines but is not "official" apache --Jon |
2006/1/3 [Computer/SW/WWW/Server] UID:41208 Activity:nil |
12/3 anyone know what the command is to see what modules my apache installation has installed? I know I've done this before but can never remember. tried googling. thanks. - rory \_ httpd -l will list the statically-compiled modules. For dynamic modules, I think you need to look for LoadModule lines in httpd.conf. -gm \_ perfect. thanks |
2006/1/2-4 [Computer/SW/WWW/Server, Computer/SW/OS/Solaris] UID:41196 Activity:nil |
12/3 Hello, I'd like to setup a wiki and a discussion board for people interested in a particular niche market I'm looking at (I can't give out details because someone may steal it). I already colo my family web site (<lastname>family.com) with a friend of mine on Solaris at InReach, Oakland. What's the best software to get to host a wiki and a discussion board, and do I have to setup suexec and mysql? |
2005/12/28-2006/1/4 [Computer/SW/WWW/Server, Computer/SW/OS/Linux] UID:41156 Activity:nil |
12/28 a little bit of history for csua folk: Stronghold sales ended some years ago and the product's last support date is December 31, 2005. \_ more info: http://www.redhat.com/en_us/USA/home/solutions/stronghold \_ So what ever happened to sameer? \_ sameer retired to the world of gang bang and hot chicks. I kid you not. -someone who knew him \_ "...band and..."? You don't mean "...banging..."? |
2005/10/22-24 [Computer/SW/Security, Computer/SW/WWW/Server] UID:40230 Activity:nil |
10/22 I want to set up a Wiki site for users of a software framework, but I'm concerned about security. Are there any Wiki engines that are particularly good about security? Any good sites discussing this? Thanks. - ciyer \_ Not twiki. \_ google for natswiki. It's a mod of twiki. |
2005/9/15-17 [Computer/SW/WWW/Server] UID:39699 Activity:nil |
9/15 What's the best method for limiting the amount of bandwidth used by a particular directory (podcast mp3s) on a vhost with Apache2 on Linux? \_ http://www.ivn.cl/apache |
2005/7/27-29 [Computer/SW/WWW/Server] UID:38845 Activity:nil |
7/27 Sorry, I broke my webserver (mod_perl fall down and go boom). http://csua.org/u stuff will hopefully be back up by tonight. --dbushong \_ Or...tomorrow. mod_perl is not happy. Sigh. \_ Does anyone actually USE http://csua.org? I don't and haven't even since http://tinyurl.com proved to be much better \_ Holy mythical creatures, batman! His wounds are closing! \_ OK, fixed. All it took was a buildworld, perl rebuild, apache rebuild, mod_perl rebuild, and a chicken. |
2005/7/5-7 [Computer/SW/Languages/C_Cplusplus, Computer/SW/WWW/Server] UID:38414 Activity:low |
7/5 You know what would be cool? Google maps + fast updating traffic condition data in the bay area + xplanet = neat background for my monitor. \_ Yahoo! maps has traffic conditions overlay. \_ Google earth should have licensed firework displays marked. -- ilyas \_ How about an overlay of parking rules and street-sweeping schedules? \_ How about an overlay of where dem hos at? \_ Plus meter-maid schedules. \_ And known speed traps! -John \_ So how hard would it be for you pros who can really do this stuff to jerryrig a Wiki version of Earth or Maps? -- ulysses (I do storm drains, not C) \_ You write software that manages storm drain projects? \_ I haven't written a significant amount of new code of any kind since finishing my master's program. It's an interesting idea, though. The available storm drain software kind of sucks. -- ulysses |
2005/4/15 [Computer/SW/WWW/Server, Computer/SW/Mail] UID:37204 Activity:high |
4/15 My company specifically blocks out port 995, which is pop3 over SSL. This makes me wonder, are they archiving all emails received through regular pop3 port? I don't see any other reason for blocking the port. Sending smtp via ssl is ok though... \_ Chances are they don't know about POP3/SSL. Send them a polite request to open the port. \_ What does your company do? \_ I can't retrieve gmails through pop. at home it works fine. |
2005/2/23-24 [Computer/SW/WWW/Server] UID:36378 Activity:nil |
2/23 What's the server/port for CSUA's imap server? \_ It's soda, port 993 (the default for SSL-secured IMAP). We don't support non-SSL IMAP anymore. --mconst \_ Thanks, that was exactly my problem. \_ fyi, I've been using SSL IMAP for a year or so on soda. Thanks to whoever got it working. For some reason spam has been much reduced recently, so thanks to whoever is fixing that. |
2005/2/21-22 [Computer/SW/WWW/Server] UID:36357 Activity:nil |
2/21 I'd like to post some MP3's on my soda web page. Is there an apache restriction against doing this? |
2004/12/17 [Computer/SW/WWW/Server, Computer/SW/Languages/Web] UID:35336 Activity:nil |
12/16 I've had Apache 1.3.27 installed for several months now. All of a sudden, as of two days ago, we're getting random "forbidden" pages throughout our site, including our webmail program and front page. httpd.conf hasn't been touched in over a month. Any ideas? \_ p0wn3d! \_ It is fairly likely that your installation has been broken into. Why did you install 1.3.27 several months ago? Current release is 1.3.33. But the most likely problem is with something like PHPBB or PHPwebsite; we're seeing many exploits in PHP systems on campus right now. -tom |
2004/11/23 [Computer/SW/WWW/Server, Academia/Berkeley/CSUA] UID:35032 Activity:nil |
11/23 The CSUA webserver is down \_ works for me as of 8:56am. --twohey \_ I just restarted it. To the original poster, could you please mail root when you notice things are broken? --mconst \_ Now works for me as well. (It didn't about 10 minutes ago.) |
2004/9/22-23 [Computer/SW/WWW/Server, Computer/SW/Unix] UID:33708 Activity:kinda low |
9/22 The DNS/web hosters for <DEAD>a.b.com<DEAD> are doing a HTTP 301 redirect to my site <DEAD>c.d.com<DEAD> How do I change the Apache httpd.conf on <DEAD>c.d.com<DEAD> so that it appears to the web browser that it is browsing <DEAD>a.b.com<DEAD> ? \_ You don't. \_ Do you own <DEAD>a.b.com<DEAD>? \_ you would have to redirect just a frame or something similar to that. the url at the top of the browser will still reflect the primary frame or div \_ JavaScript can rewrite the URL line. |
2004/9/14 [Computer/SW/WWW/Server, Computer/HW] UID:33513 Activity:kinda low |
9/13 My apache server doesn't understand a url if it doesn't have a trailing slash. in other words it knows what to do with http://myhost.com/dir but not with http://myhost.com/dir how do I get it to understand url's of the second format too? thanks. \_ That functionality is implemented by the mod_dir module; if for some reason you don't have that loaded, Apache won't do the redirect it's supposed to do: http://httpd.apache.org/docs/mod/mod_dir.html --dbushong |
2004/6/26-27 [Academia/Berkeley/CSUA, Computer/SW/WWW/Server] UID:31023 Activity:nil |
6/26 Is there something wrong with Soda's webserver? I can't reach http://www.csua.berkeley.edu \_ its borken for the same reason df is borken. i'm trying to find someone geographically closer then i to the csua fixed. - erikk |
2004/6/18-19 [Computer/SW/WWW/Server, Computer/SW/OS/Windows] UID:30912 Activity:kinda low |
6/18 Does anybody have experience with setting up a small wiki server on a win2k machine (possibly using Cygwin)? |
2004/6/9 [Computer/SW/WWW/Server] UID:30704 Activity:high |
6/9 Apache (2) question: I assume there is a quick easy way for me to put something in httpd.conf that will take all requests to http://www.mydomain.com and redirect them to http://www.mydomain.com/dir what is the best way to do this? tnx. \_ Look up redirect rules or just make /dir the document root. \_ so mod_rewrite, hun? |
2004/6/8 [Computer/SW/WWW/Server] UID:30676 Activity:moderate |
6/08 Does this look familiar to anyone? From apache2 error_log: File does not exist: srv/www/tomcat/base/webapps/MYDIRindex.jsp no matter how many "/"s i put on <DEAD>www.myserver.com/////index.jsp<DEAD> it still gives me this. What am i doing wrong? \_ isn't tomcat a stand-alone java application? Why would it be in the apache2 error_log. As for the ////////, do you really think a good webserver would let you go UP from the webroot, whether with / or .. (or encodings of both) \_ i'm using a connector (jk). As for the other, i'm not trying to transverse a directory. /// is treated just like "/" i'm just trying to make sure i get one in there. \_ Tomcat refusing to acknowledge the existence of a jsp or servlet is a very common problem and happens if any one of the 8 billion possible settings aren't exactly perfect. This is covered extensively in numerous FAQs (listing all of the possible causes is not in the purview of the motd) |
2004/5/27 [Computer/SW/WWW/Server] UID:30458 Activity:high |
5/27 MacOS X Mail complains about soda's certificate when connecting over SSL. Is there a way to silence it? Is there a public x509 certificate around here? The stuff in /etc/ssl/certs isn't readable by anyone but root. -jeffwong \_ There's a way to get Mail to suppress the warning... sorry, but I don't remember what it is off the top of my head. \_ public part of the cert is always obtainable. -dwc use openssl s_client -connect hostname:port \_ What is the complaint it gives? \_ when Mail.app complains , go to the "option" button. You will see a little icon looking like a certificate. Control-drag the certificate icon out to the Deskto(or other file location). Install the certificate in KeyChain.app (I suppose OS X looks through the KeyChain if the CA can't be found). It is all in Help.app -tyf |
2004/4/9 [Computer/SW/WWW/Server] UID:13108 Activity:moderate |
4/8 So I'm using Subversion for personal work. I set up a debian server and got apache2 running and svn-dav working so I can use http URL's for the repository. I've got basic authentication working, but I'd like to try https authentication. But I'm an apache newbie. Anyone have pointers to either doing this specific task or a tutorial on apache2 SSL configuration (including certificates, etc.)? \_ and it all went quiet in the city and the wind blew down the road someone cried out SUBVERT! and the people all went cold meanwhile back in subvert city someone's writing on the wall fuck the government spraypaint hero it's subvert city...it's subvert rule!! \_ google is your friend. But you can check out http://www.geotrust.com/quickssl/csr/index.htm and http://www.geotrust.com/quickssl/install/index.htm for more info |
2004/2/19 [Computer/SW/WWW/Server] UID:29824 Activity:high |
2/19 I have two CGI scripts on my Apache-hosted site which I want to be accessed only through https. I also use relative url's throughout all my pages and would like to keep it this way. As far as I can tell, the only way to link to a page over https is with a fully-qualified URL. My scheme: create some Rewrite Rules so that if any url ends with, for ex, "-secure", rewrite that to https, and then add a SSLRequireSSL directive so a clever user will be thwarted if they try to access the page w/out the "-secure". Does anyone see anything wrong with this solution? Is there a better way? \_Not really. Not quite sure what the problem is with people directly accessing your https server vs. being linked over. Since http is stateless, it could create potential problems when users use the back/forward buttons on their browsers I guess... \_ it's not the statelessness, it's the not-wanting to write absolute URLs, I think \_ exactly, I'd rather not start sprinkling absolute URLs throughout the site. -op \_ I think the mod_rewrite cookbook page even has examples of doing this with a suffix like :ssl --dbushong |
2004/2/5 [Computer/SW/WWW/Server] UID:12106 Activity:nil |
2/4 Apache_SSL vs. mod_ssl ... discuss \_ In Apache 2, ssl is built-in. It seems to work well. \_ Apache_SSL has not benn maintained in literally years. Use mod_ssl. \_ cool, thanks |
2004/2/3-4 [Computer/SW/WWW/Server] UID:12087 Activity:low |
2/3 Do I have to purchase an SSL cert from Verisign or one of those places inorder to allow my webserver to accept https requests? \_ yes. \_ You can set this up nicely with OpenSSL. Make sure that the server's DN in the cert matches your hostname so that the only message the browser pops up is something along the lines of "untrusted root certificate". Trusting an unmanaged certificate used only for SSL isn't a big deal. If it's only used by people you know, you can make a root cert available for them to import into their browser. Use google to find one of any number of howtos. -John \_ No. you can set up a dummy certificate if you don't mind getting a popup from your browser. if this is for end users, though, you'll want to buy one. \_ alright, so someone posed this question back on 1/9, but never quite got a full answer... in terms of cheap, reliable ssl sellers... anyone have any good/bad stories to tell about http://freessl.com ? Any other recommended cheap ssl cert vendors? thanks. - rory \_ I posted in january. I think http://freessl.com doesn't \_ I posted the question in january. http://freessl.com doesn't do wildcard certs, so you're limited to one FQDN. do wildcard certs, so you're limited to one FQDN. I want to use if for like <DEAD>mail.example.com<DEAD> and I need to use the cert for like <DEAD>mail.example.com<DEAD> and http://www.example.com and <DEAD>vhost.example.com<DEAD>. For now I'm using a self-signed cert (not "dummy") For clients using it for email, they can "install" or http://www.example.com and <DEAD>vhost.example.com<DEAD>. For now I'm using a self-signed cert (not "dummy") For folks using it for email, they just install the cert. If you're not doing ecommerce a self-signed cert may be all that you need. It does SSL _security_ fine but not without the _autentication_ (trust). -brett accept the cert the first time. If you're not doing ecommerce a self-signed cert may be all that you need. It does SSL security fine but not autentication (trust). -brett |
2003/11/12-13 [Computer/SW/WWW/Server] UID:11041 Activity:nil |
11/12 Anyone ever successfully used the mod-ssl directive SSLRequire (not to be confused with SSLRequireSSL)? I'd like to use it to require ssl to access resources that use Basic or Digest authentication. Something along the lines of: SSLRequire %{AUTH_TYPE} eq "Basic" or %{AUTH_TYPE} eq "Digest" Alternatively: SSLRequire %{AUTH_TYPE} ne "" Unfortunately the SSLRequire doesn't appear to work *at all*, even for simple cases like: SSLRequire 2 < 1 Suggestions? Is there a simpler way to accomplish the above? The alternative of requiring that SSLRequireSSL directives be sprinkled into every .htaccess file that specifies AuthType is lame and unmaintainable. -dans \_ A more useful answer than doing SSLRequire is to do a Redirect to the same URL but https:// in each situation. Two caveats: 1) this still doesn't solve the logic problem (if AUTH_TYPE ...) 2) you _can't_ do this in .htaccess, it has to be in the httpd.conf in a <Directory> or <Location> tag. If you put it in the .htaccess, it will try to do the redirect _after_ the basic auth <DEAD>..com<DEAD>e to think of it, you may be having the same problem w/ your SSLRequire; try putting it in the httpd.conf --dbushong \_ I've actually done this in the past, and it is a nice way to smooth over a user-unfriendly Forbidden message. Unfortunately it suffers from the same maintainability problems as teh sprinkling SSLRequireSSL statements everywhere :(. As for SSLRequire, I haven't been able to get it to work properly anywhere, either httpd.conf or .htaccess. Thanks for the response. -dans |
2003/10/1-3 [Computer/SW/Security, Computer/SW/WWW/Server] UID:10390 Activity:nil |
10/1 OpenSSL vulnerabilities. Patchpatchpatch... http://www.openssl.org/news/secadv_20030930.txt -John \_ is it enough to get install the new ssl rpm or does my mod_ssl need to be recompiled? \_ depends on whether mod_ssl is linked statically or not. I believe it's not since the only new RedHat updates that showed up today are openssl ones. In general, they a rarely use static linking, so to update a library, you just need to install the new library rpm and not worry about the applications that use it. \_ My new plan. Fuck ssh/ssl. I'm changing all external connections to vpn-only and then filtering the shit out of who is allowed to even try to connect to that. \_ Oh *that* will work. Because we all know that every VPN solution out there is utterly foolproof and secure. Nobody ever cracked DES or IOS. Blanket statements like that are incredibly ignorant and dangerous (although if it makes you feel safer, go ahead.) There is nothing fundamentally wrong with OpenSSH/SSL--no computer or software is or will ever be 100% secure. Just patch the fucking thing and get on with your life. There'll be others. -John \_ You're so ... manly! when you talk about security, John. It makes my heart go "thump! thump! thump!" Can I have your love child? Your IPSEC key? \_ DOS vulnerability. Not remote exploit. |
2003/7/22-23 [Computer/SW/WWW/Server, Computer/SW/Languages/Python] UID:29101 Activity:nil |
7/21 http://twistedmatrix.com/users/jh.twistd/python/moin.cgi/LiquidDemocracy Where Python, Democracy and the Tragedy Of The Commons all come together on the same page! I love this interweb thing! |
2003/7/10-11 [Computer/SW/Security, Computer/SW/WWW/Server] UID:28992 Activity:nil |
7/9 So, what are the cheapest "trusted" SSL certs out there? \_ Get a standard Windows install, open MMC, look in the certificates snap-in for trusted root certificates, go through those. Or failing that, in the 'security' settings of any browser under whatever incarnation of a 'certificate authorities' listing you have. (Thawte no longer exists.) What do you need a trusted root CA chain for? You can very often get away with issuing your own. -John \_ http://instantssl.com, price starting at $50 http://geotrust.com, price starting at $150 Never used either of them, so YMMV. |
2003/5/10-11 [Computer/SW/WWW/Server] UID:28395 Activity:nil |
5/9 SSL Common name verification bug in Safari (don't use it with SSL sites): http://www.secunia.com/advisories/8756 |
2003/4/10-6/15 [Computer/SW/OS/Linux, Computer/SW/WWW/Server] UID:28056 Activity:moderate |
4/9 Anybody knows what's up with alumni.eecs? \_ prob upgrading h/w and/or s/w again. http://alumni.eecs.berkeley.edu points to a fresh install of apache. \_ apparently it got rooted. \_ again? what's up, used to be alumni and ucsee were reliable. \_ I thought ucsee and alumni.eecs had a power outage for several days? \_ Why do people ask this shit here? Go find the alumni.eecs admins and email them. No one here knows anything about non-csua systems and almost as little about csua systems. \_ because some ppl are members of both groups. \_ so what? There are other csuaers that are members of my bird watching society. I don't ask them bird questions on the motd. \_ take a look at the array of questions that get asked on the motd, and the array of responses. I don't remember one in particular, but i'll bet bird questions have been answered here before. |
2003/3/20 [Computer/SW/WWW/Server] UID:27761 Activity:nil |
3/19 Just in case some of you haven't seen this yet, there is a new timing attack on RSA keys: http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf OpenSSL advisory is here: http://www.openssl.org/news/secadv_20030317.txt |
2003/2/21 [Computer/Domains, Computer/SW/WWW/Server, Computer/SW/Unix] UID:27473 Activity:nil |
2/20 Any suggestions for premium dedicated web server hosting? Our current setup is with a small hosting company, but we're not satisfied with uptime, and they don't allocate us guaranteed bandwidth. Thanks. \_ earthlink! |
2003/2/18-19 [Computer/SW/OS/FreeBSD, Computer/SW/WWW/Server] UID:27447 Activity:low |
2/18 My apache server (on my FreeBSD box) doesn't load up the page in a subdirectory if the final slash isn't present. In other words <DEAD>www.mydomain.org/test<DEAD> loads up wherease <DEAD>www.mydomain.org/test<DEAD> does not. How can I fix this? Thanks. \_ Probably your ServerName isn't set properly. If you request a directory without the trailing slash, you get sent a redirect to a URL based on your ServerName, including the slash. -tom \_ Are you using mod_rewrite? mod_perl? There are a number of things that could affect behavior on trailing slash. --scotsman \_ try replacing your apache config with the httpd.conf-dist file in the same directory. Then diff the 2 and see what's wrong. Caveat: won't work with cable modem. |
2003/2/16 [Computer/SW/WWW/Server] UID:27432 Activity:high |
2/15 Is there a way to record who, or at least which machine, have visited my web pages on soda, other than relying on them signing a guest book? Thanks. \_ er... the web logs? /var/log/httpd/access.log* \_ Thanks! What's the exact format of the lines? What man page should I read? There's none for apache. \_ 1). Read through /usr/local/apache/conf/httpd.conf , at least the parts about LogFormat and CustomLog directives, and the comments around there. 2). For further explanation, look up the particular directives in Apache docs (at http://apache.org) \_ We've switched to apache 2. the config file is now: /usr/local/etc/apache/httpd.conf /usr/local/etc/apache2/httpd.conf and the access log is here: /var/log/apache/access.log \_ man www. we've switched to apache2, these files are all old. The correct paths are in "man www" -www \_ erm. /var/log/httpd is a symlink to /var/log/apache. \_ Or, if you just want the answer: http://httpd.apache.org/docs/logs.html#combined \_ as an alternative, write a cgi script that's called using server-side includes from from the web page, that records REMOTE_ADDR, and other interesting environment variables in a separate data file. \_ at one point there was something that correlated the IP address of the people visiting your page with a csua username (based on lastlogin info). |
2003/1/31 [Computer/SW/WWW/Server] UID:27253 Activity:nil |
1/30 How do I configure apache to collect the referrer information in the access logs? \_ STFW. http://httpd.apache.org/docs-project \_ RTFCF. /usr/local/apache/conf/httpd.conf-dist \_ STFU \_ um, did you try it? it's all right there. |
2002/7/31-8/1 [Computer/SW/Mail, Computer/SW/WWW/Server] UID:25456 Activity:moderate |
7/30 Whoever got SSL IMAP working, I love you and want to have your children. \_ I'm sending money to the CSUA. They've provided me with so much over the years. \_ No thanks. -mgoodman \_ Er, SSL IMAP still doesn't work. It logs in but no folders show up. \_ varies from client to client. Try Pine or netscape. \_ I hope they like mailboxes getting stuffed now. |
2002/7/30-8/1 [Computer/SW/WWW/Server] UID:25452 Activity:nil |
7/30 SSL security announcement. Maybe this is you, maybe it's not, but if you've got SSL based services, read it. No public exploits known yet but it's only a matter of time of course. http://www.openssl.org/news/secadv_20020730.txt \_ "0.9.6d servers on 32-bit systems with SSL 2.0 disabled are not vulnerable." How do I disable SSL 2.0. Is it possible to disable it in an already running Apache-SSLeay setup? (P.S. thanks for the heads-up!) |
2002/7/30 [Academia/Berkeley/Ocf, Computer/SW/WWW/Server] UID:25446 Activity:high |
7/29 yay, POP3 over ssh works again! despite what motd.official says, though, I still can't get SSL POP3 working. \_ I'm using Eudora and it supports SSL. Still no POP3 or IMAP. \_ SSL with what? with POP3? with IMAP? \_ Both. IMAP connection goes through but no folders show up. POP3 has CSUA refusing connection. I know it's not me b/c OCF IMAP/POP works fine. \_ SSL POP3 is not working for me either. what gives? \_ Me neither, hope it works soon. (using Outlook Express) \_ Has anyone been able to get POP/IMAP to work? |
2002/7/6 [Computer/SW/WWW/Server] UID:25294 Activity:nil |
7/5 I have valid XHTML 1.1 web pages on soda that were working fine with the previous web-server, but since yesterday (upgrade), I get a error in opera 6.03: "XML parsing failed: not well-formed (256:16)". What should I do? \_ I should Read the motd.official. Sorry. |
2002/7/1-2 [Computer/SW/OS/FreeBSD, Computer/SW/WWW/Server] UID:25251 Activity:very high |
7/1 Silly observation: An internet worm that runs on Apache servers on FreeBSD is running amuck. We run apache (older version) on FreeBSD on soda. Shouldn't this be fixed ASAP? 11:54am eric@soda ~ > /usr/local/apache/bin/httpd -v Server version: Apache/1.3.12 (Unix) Server built: Sep 15 2000 17:35:27 -eric \_ Indeed. Mail root. \_ This is a 2 week old issue. That's why it's in the motd. \_ And yet still no one has mailed root. \_ so let's see: either no one on root reads the motd, or slashdot, or bugtraq, or comp.security.unix, or any of the dozens of other places they might have heard about this hole, or...they don't give a shit. Do you really think mail to root will make a difference? Occam's Razor. -tom \_ They upgraded OpenSSH to version 3.4 recently, so they must have been reading something to find out that there is a problem with openssh. It is surprising that apache went without being upgraded for so long.. \_ *Someone* on the motd said a day or two ago that this was only a DoS attack and we should not worry our pretty little heads about it. *cough* *ahem* \_ What DoS attack? Real remote exploits for apache on *BSD have already been posted and there are apache worms speading on the net. Would you feel good if script kiddiez got a shell on soda, even if it is running as "nobody"? \_ No I would not, but *other people* around here who think they're a lot smarter and a lot more talented than they are (they're certainly loud) were claiming a day or two ago that this is just a DoS and not a real exploit and we should all just relax. Fortunately these really smart and talented people usually sign their posts so we will all eventually learn to ignore their tech info and advice. \_ csua have been rooted already. \_ all your httpd are belong to us. |
2002/6/25-26 [Computer/SW/WWW/Server] UID:25191 Activity:very high |
6/24 Got that apache bug. Our e-commerce based site with a few million users is vulnerable. We're using some proprietary extension to apache so upgrading has become a "business decision". Fucking nuts. At least I'm on record as saying "patch it now! super serious! someone could hack in and wipe us out!" (paraphrasing my self of course). Sigh. When will they ever learn? And no, there's no fucking way I'm going to replace their proprietary apache with a totally open sourced one. \_ Lemme guess... websphere. Move to a different fucking platform. \_ Not websphere. I can't implement any changes or convince any one to do it or go along with it. Just crossing fingers. \_ got backups? \_ Lots of it but not all. It's many many terabytes worth anyway so even if we had perfect backups it would take uhm a long time to restore everything. \_ Get the vendor to release a fixed version. \_ I'm still guessing it's IBM's IHS, and GOOD FUCKING LUCK! |
2002/6/21-23 [Computer/SW/Security, Computer/SW/WWW/Server] UID:25167 Activity:very high |
6/21 Big bad apache hole in the wild. Patch/upgrade now. See http://apache.org or your favorite security site for details. \_ So they finally learned from Microshit? "In order to gain free press we need to introduce security holes." \_ Does anyone think this vulnerability could lead to a fast spreading worm like Code Red, for example? \_ What's the point? Apache + modules (esp. php) are full of holes. \_ So, don't use the modules you don't trust. Patch one, and there are still a hundred others that the '1337 H4X0R5 will use to break in. Even if you patch all the modules, you still have all your executable content (perl cgi, ssi, php, servlet, jsp, etc) which is undoubtedly riddled with holes. \_ 1) try formatting. 2) just because there are other holes is no reason not to patch this one. 3) glad you're not the admin at my company. \_ It is possible but cracking a site by exploiting the holes in locally written code is much harder than exploiting a widely publicized and well understood vulnerability that possibly affects nearly every apache site out there. If you care about security, run publicfile. \_ publicfile does not support CGI scripts or any kind of server side programming which makes it fairly useless for lots of users. \_ Um, it's not actually that bad. It's a DoS exploit at worst on many architectures. \_ nnnn! go read the security alert, not msnbc. \_ Actually I read all three. Plus the apache one. Plus the debian security-announce summary. It's a DoS explot. \_ Well you didn't read the one that said it's a full root exploit. Whatever, go use telnet. Not my problem. \_ At least one exploit (for openbsd) has already been posted on bugtraq with intent to prove people like you wrong. \_ If your OS doesn't execute data off the stack, it's not exploitable (but it's still DOS). And it's not a root hole, just the user Apache runs as. Still, it's potentially bad. -tom \_ Lots of people run apache as root. Lots of sites that run apache as 'www' or whatever will also have local holes if they haven't fixed this one. Thus it is highly likely that getting in through apache is just one step from root. Layers.... \_ I challenge you to find one person running Apache as root. -tom \- the csua used to run a WEEB server on it's name server. there was a bug that let you get a shell running as the WEEB server uid. now it turned out the WEEB server uid owned the WEEB config file, so you could just changed the run-as user to root and repeat the process and you would have a root shell on the name server. this is detailed in some comment by myself and P. Norby some time ago. I dont think this is that big a deal and right now the "real" denial of service is all the people running around recommend things like vulnerabilty people immidiately delete their defaultroutes and such. --psb |
2002/4/18-19 [Computer/SW/WWW/Server] UID:24488 Activity:very high |
4/18 Is anybody else getting spammed from http://jennyslist.com? Why isn't spamassassin blocking it? \_ Cuz spamassassin is dumb. use ifile. \_ grow up. --aaron \_ What? By "dumb" I meant "doesn't learn." ifile does. \_ Someone subscribed you. Unsub, or add to your own user_prefs file. |
2002/4/4-5 [Computer/SW/WWW/Server, Computer/SW/OS/Solaris] UID:24323 Activity:very high |
4/4 Is there a way to make Apache case-insenstive (on Solaris)? (i.e., http://foo.com/cgi-bin/bar?param1=foobar should be the same as http://foo.com/Cgi-bIn/BaR?param1=foobar; obvisouly, I can write my cgi-bin's so that all the params are case-insenstive, but the leading URIs?) I have used google and have been on Apache's web site. Thx. [...] \_ Look, dummy, the answer is you can't do it. Your only other choice is hacking the url parse code in apache to lower case the entire URL. Good luck with your coding project. \_ Ok, thx. That's what I thought and I just needed someone to confirm it. \_ it's wrong. mod_speling does exactly what you want. Try it, nimrod. \_ why is "mod_speling" spelled with only one L? Is it supposed to be some dumb attempt at being humorous? \_ yes. laugh a little! \_ Wow this was tough to find. Took me about 15 seconds. http://httpd.apache.org/docs/misc/FAQ-H.html#rewrite-nocase You're welcome. \_ errr...I have read that and the speling module. mod_speling only makes the document name referenced case-insenstive, not all the elements that construct the URI. all the elements that construct the URI. From Apache: "the module is unable to correct misspelled user names (as in <DEAD>my.host/~apahce<DEAD> just file names or directory names." \_ Grasshopper, the wind blows through the trees yet disturbs not the trunk, only the leaves.... \_ huh? \_ Grasshopper, the answer lies before your eyes are darkened by your own thoughts. \_ it corrects directory names, can't you read? \_ Run apache on windows. \_ Ew. |
2001/12/27-28 [Computer/SW/WWW/Server, Computer/SW/Unix] UID:23384 Activity:kinda low |
12/27 Is SSI Exec turned off? Is that why <!--#exec cmd="ls" --> won't work in a .shtml file? Yes I did "man www" It doesn't say. Why Is there no manual entry for "httpd"? \_ http://httpd.apache.org/docs Where is CSUA's SSI policy documented? \_ Apparently in /usr/local/apache/conf/httpd.conf. See part that starts with.. <Directory /home/*/*/public_html> AllowOverride FileInfo AuthConfig Limit Options MultiViews Indexes SymLinksIfOwnerMatch Includes ExecCGI that means that you can use SSI, including for executing programs. Look for the source of your problem somewhere else. Apache's error.log file is a good start. |
2001/11/21 [Computer/SW/WWW/Server] UID:23067 Activity:nil |
11/19 basice apache/PHP question. My apache doesn't not recognize php scripts embbed in HTML on my Redhat 7.1 When I start apache using: httpd start -DHAVE_PHP I got the following error: > httpd start -DHAVE_PHP Syntax error on line 254 of /etc/httpd/conf/httpd.conf: Cannot load /etc/httpd/modules/mod_php.so into server: /etc/httpd/modules/mod_php.so: cannot open shared object file: No such file or directory Where to find this mod_php.so? or is it the problem? Thanks -kngharv \_ The error message says that mod_php.so does not exist on your machine in /etc/httpd/modules/. If you do a search for mod_php on http://google.com, you can find out how to add PHP to apache on Linux (it's the 2nd hit that comes back). -sony \_ SEARCH THE FUCKING WEB. -phillip \_ What's so wrong about asking on the motd? Yes, he could find the answers out there, but he can find the answers here too. \_ It's called taking personal responsibility and not being a lazy slacker. At least give google 30 seconds worth of effort before asking here. Give a man a fish.... |
2001/10/9-10 [Computer/SW/Languages, Computer/SW/Security, Computer/SW/WWW/Server] UID:22674 Activity:very high |
10/9 so when is Berkeley's DNS supposed to be updated with soda's new address? \_ when i get done working taking over the world. --phillip \_ that's my line - the brain \_ HAHAHAHAHAHA! \_ At 3am every day \_ also, when is the web server going to be running again? \_ the joyride is over! call verio! \_ Apache doesn't like it when you don't have a valid name. Probably tomorrow. -tom \_ will emails received during the downtime be cached, rejected, or sent to /dev/null? \_ /dev/yermomisabigfatbitchbiggestbitchinthewholewideworld -root \_ they should be delivered once the name gets updated tonight. -tom \_ root is just so ... rude!!11! \_ you get what you pay for. if you want quality service try a professional colo \_ they'll all be forwarded to the FBI. \_ ln -s /dev/null /dev/fbi |
2001/10/5 [Computer/SW/WWW/Server] UID:22633 Activity:moderate |
10/4 Apache/network experts: I have an application that reads from an a few different servers. When i attach to an apache server i get all my data in one read UNLESS it is going through a proxy, in which case it gets broken up into multiple socket reads. However if i attach to another web server, (i.e. Oracle Web Server), even through a proxy, i still get all my data in ONE socket read. Any ideas why the difference? Any idea how i could make apache behave like the OWS box? \_ Sounds like it is the fault of the proxy, not the Apache. Post all the headers that both Apache and OWS send -- may be some of the headers make the proxy behave differently. |
2001/9/18-19 [Computer/SW/WWW/Server] UID:22510 Activity:kinda low |
9/18 I have an existig apache install with mod-so. I have the .c file of a module i want to add. How do i get the .so file? url would be great. \_ /path/to/apxs -i -a -c module.c -i: installs the .so in your apache dir -a: adds the AddModule and LoadModule lines to your conf -c: compiles the .c to a .so --dbushong |
2001/9/10 [Computer/SW/WWW/Server] UID:22369 Activity:high |
9/10 I've decided to be lazy and helpless and come crawling to the motd for help. RTFM is SO HARD! So, i installed a custom cert about a year ago. (apache-ssl) now it's expired. How do i update? \_ remake the cert. |
2001/8/18 [Computer/SW/Security, Computer/SW/WWW/Server] UID:22162 Activity:kinda low |
8/17 On 18 July, just as Code Red was starting to scan for vulnerable web servers, a CSX train carrying hazardous materials was derailed in the Howard Street tunnel in Baltimore, US. The derailment and subsequent fire severed cables running through the tunnel used by seven of the biggest net service providers to swap data. These companies started reporting disruption to the usual running of the net just as Code Red was hitting its stride, leading many people to assume that the worm was doing the damage. Analysis by Keynote has shown that even at its height, Code Red posed no threat to the running of the net. (http://news.bbc.co.uk/hi/english/sci/tech/newsid_1470000/1470246.stm - anyone else hear about the fire? \_ yes \_ It was in the news on TV. But I thought Code Red was later than the train accident. \_ What they DIDNT SAY, was that the train had a WBEM system, hosted under IIS, which caused the derailment once the web control interface crashed. \_ you gotta be kidding. \_ muah-hahahahahaha.... the sad thing is, it's plausible, eh? \_ It was noted right away in the RISKS digest (aka comp.risks) |
2001/7/26 [Politics/Foreign/MiddleEast/Iraq, Politics/Domestic, Computer/SW/WWW/Server] UID:21955 Activity:nil |
7/25 http://www.wikipedia.com Contribute your E190 research paper to posterity |
2001/7/18 [Computer/SW/WWW/Server, Computer/SW/Languages/Web] UID:21845 Activity:high |
7/19 I have a mysterious problem with a cgi program. It was working well. Then, I moved it to a different computer. Now, some of the screens will give 500: Internal... errors, but will work after hitting reload several times. What kind of server (apache) misconfiguration could cause a program to work only part of the time, given the same input/state? I'm mystified. \_ Possibly you moved it to a machine that's behind a load balancer, and you're only getting your machine 1 out of N trials? \_ There is only one machine, but I have been wondering if it is making a difference which of the apache child processes handles the request. \_ there are a million things that could be wrong. Check the apache error logs. -tom \_ Tried to do that, but logs have been intermittent. We have mod_cgi, and a ScriptLog directive. Many errors don't produce anything for the %response or the %stderr sections. So, all I get is the request, and an entry in error_log that says "Premature end of script headers." \_perhaps set up an http proxy to view what's happening, or send the GET request yourself via telnet... \_ Do you have mod_perl enabled? You may be stepping on variables. I'd disable ScriptLog, it's really not intended for production environments. Check your suexec log if you have suexec enabled (and you should). -tom \_ race condition |
2001/7/12-13 [Computer/SW/WWW/Server] UID:21788 Activity:moderate |
7/12 Hello MOTD, sorry to bother you (again) but you always know all the good (and bad) apps. I am looking for log utilities to manage my apache logs. I need something to rotate/gzip/etc. the logs and something to do simple analysis (and some historical) I'd prefer a script where i can see what is going on over a binary like webalizer, but whatever. As for the rotatelog utility that comes with apache, it is broke in the version i am running and i don't want to upgrade. \_ If you want to do this correctly, you need Apache's rotatelogs utility, which almost certainly works in the version you have, but not in the way you want it to. What rotatelogs does is accept web logs on stdin and write them to files with seconds-since-the-epoch filenames, starting a new file once a week. You need that, because you can't move the logs out from under Apache safely (and if you do, you need to restart the server, which would cause disruption of service). So then you just write a cron job to gzip the logs, and use analog to analyze them (analog will also analyze gzip'ped logs). -tom \_ I have an error_log.0994896000 that goes back to yesterday AND i have an error_log that goes back a long long time. This is broke or (perhaps more likely) i am doing something wrong. What would you suggest i am doing wrong? \_ you have to set up rotatelogs on your ErrorLog line as well as your TransferLog or CustomLog line in httpd.conf. -tom \_ Or cronolog, which lets you specify the naming scheme --dbushong \_ rotatelogs blows. cronolog is much better. -ERic \_ Hey tom, why is it unsafe to move logs out from under Apache if you restart it? Also, restarting Apache takes something on the order of seconds, so the disruption of service is nigh-invisble, is it not? - Rotates logs manually and restarts Apache \_ It depends what you're serving. If someone is downloading a big file, for example, either their download will hold up the server respawning, or the download will be killed when you restart. If you have only small content and don't care if you occasionally serve broken images or pages, it's not so bad. Still, it doesn't cost much to do it right. -tom \_ I ran an app that was using jserv, and stopping and restarting apache was a major pain. rotatelogs was the best solution. -ERic |
2001/6/12-13 [Computer/SW/WWW/Server] UID:21492 Activity:high |
6/12 Accourding to the Apache docs the "warn" loglevel gives you good stuff like: "child process 1234 did not exit, sending another SIGHUP" From experience, it also gives you lame ass stuff like every time some one hits a graphic. There must be a way to keep the former and loose the latter. Isn't there? If there isn't this will be the first time i have been disappointed with apache. If there is What is it? -tnx. \_ lose. Learn to spell, loser. \_ Ass. fuck off, you half-witted, anal-retentive ass-hole. \_ Moron. You can't even spell asshole properly. \_ Don't you mean "Learn to spell, looser" ? \_ Don't you mean "Learn to spell looser"? |
2001/4/14-15 [Computer/SW/WWW/Server, Computer/HW/Drives] UID:20977 Activity:low |
4/13 Marketing wants to keep all the apache logs FOREVER. I just can't see holding onto 50 lines of "GET /some/dumb/graphic.jpg" per page view per person. Anyone have any script(s) which will eliminate all that excess info and leave me with less log to archive? \_ grep \_ why do you care? let them do their stupid shit. \_ Yeah like this is so much work for you. gzip *.log and tar it to tape. Who cares how much is in the logs or that everything is crap or that no one will ever look at it again? Who is to say that those 50 lines of GETs have no value to someone else? Maybe someone will analyse the logs and determine they should be caching some stuff or build out a separate images server or use akamai or who knows? You don't. Just do your job and stfu. \_ Run samba on the webserver. Mount their personal Vindoez shares on the webserver. Give them the info. -John \_ I think they want it "archived permanently". The logs of any reasonably active site will outgrow disk space very quickly. \_ No they wont: do the math. 1M hits/day * 1k log/hit = 1GB. 1GB * .1 (compresses well) * 365 days/yr = 36GB/yr. Just buy the disk. -ausman \_ I did the math when I was in this position. I used /bin/du on my *.log.gz files and it was over 500m a day compressed and growing (as traffic increased). /bin/du on a real site gave better numbers than your guesstimates. Also, dumping to tape means the low end tape monkey just swaps tapes as usual when his email tells him to, as opposed to someone having to bother buying a new disk every X many months because someone decided "gzip *.log" was too hard to cron. Oh yeah, the cron would actually have to remove the logs after they hit the tape. Yeah, it's a toughy. Might take almost as long to write that script as we've spent talking about it. -hates "sloppy-sysadmining-for-no-reason" \_ toughy? doesnt it go away by itself? newsyslog, gzip compressed DLT, if lucky down to .25 size (not .1) not that bad, eh? I think we have some dumb sysadmins. |
2001/3/13-14 [Computer/SW/WWW/Server, Computer/SW/Languages/Functional, Computer/SW/Unix] UID:20762 Activity:moderate |
3/11 Besides "my other car is a cdr", what's the best geek sticker you've seen? \_ That's hardly a "good" bumper sticker. It's completely lame. Or maybe that's your point and you actually really do find it "kewl"? \_ FEATURE (on a new bug) and.. VRFY ME (frame says "my voice is my passport") \_ STFU \_ "Bus Error! Take the Train!" \_ This doesn't really count but my old math teacher's maxima had modified plates that read "dy/dx=0" \_ My HS chem teachers read "PV=NRT" \_ _ | x n | e = f(u ) _| \_ I saw plates once that said 3BPD826. \_ What does that one mean? \_ Not a God damned thing. It's a license plate. \_ Lamer in my complex with GO7 R3WT \_ I saw some dolt with "port 80" Who would do this? Tim Berners Lee perhaps? _/ But I believe he lives in Geneva so its probably not him. I've also seen "httpd" as a license plate. Thought that it was pretty lame. I saw RFC1771 and figured it was Tony Li's car. I think that a plate that said RFC1149 would be really cool, provided you contributed to it. Made me want to go get "port 70" now THAT would be L33T \_ I've got dibs on port 22! |
2001/2/7 [Computer/SW/WWW/Server, Computer/SW/Languages/Misc] UID:20525 Activity:very high |
2/6 web monkey question: how can I make a webpage include the contents of one html file from within another html file? for example, I want my webpage, index.html to include the contents of a file called title.html whenever it's loaded, so that I can change titles by just changing title.html without touching index.html. what's the easiest way to do this? \_ you need some kind of server-side processing done. the exact details it will depend on what kind of web server you're using. Most of the time you'd just add a line like the following to your page: <!--#include file="foo.html" --> . You may need to specifically enable SSI on your web server and give your pages a special extension (e.g. .shtml, .asp, ...) \_ my webserver is Apache. Do I need to call the file index.shtml? anything else I need to do? \_ you might need to modify your .htaccess file. See http://httpd.apache.org/docs/mod/mod_include.html Note that if the web server you're talking about is soda, you don't need to do anything special; just add the <!--#include ... --> line. \_ can you specify a url for the content of a CSS? -ali \_ URLs to cascading style-sheets can be given in a <LINK ...> tag, which will be handled by the client, not the server. \_ not afaik, but you probably could use a combination of SSI and <style> ... </style> tags to do what you want. |
2001/1/25-26 [Computer/SW/WWW/Server] UID:20430 Activity:kinda low |
1/24 I've heard of companies making daughterboards that process SSL sessions to offload the CPU to do the real work. Anybody know where I can find them? I searched for "SSL daughterboard" and some other similar words and couldn't find anything. Thanks. \_ Don't erase correct answers. SSL accelerator cards are made by nCipher, Phobos and Rainbow. \_ bigIP makes one for their load balancers. http://www.f5.com \_ DON'T! DON'T DO IT! -John \_ Intel makes a box you put in front of the web server. BigIP/F5 has an add-in card as stated above. Ask their sales guys how they compare to their other competitors to get the full list. That trick always works. \_ The Intel Box 2180 kicks serious butt compared to the F5. The daughtercard does RSA and cipher ops in HW and more the point-- BigIP == BSDi + rainbow card. Check out http://www.rainbow.com and there is one or two other people out there selling similar products. THe bad thing there is they only do the SSL symmetric key negotiation RSA ops in HW. I.e.. you get one per interactive session, so you in effect get little if any speedup in real situations. What blows my mind is that Intel and F5 sell these boxes for ~ $50k+. They are little more than BSD + regexp parsing http headers in hacked kernel. ack... \_ Intel has an ssl-decrypt-only box for much less where you put their box inlineon the wire. SSL goes in the front and decrypted stream comes out the back wire. I _think_ it was about $1.5k/box or so but I can't recall for sure. The $50k thing was a full load balancer/ssl decrypter/switch/etc/ do everything box. You can put the ssl-only box in front of your bigip or other load balancer. Can you explain why you say there's no real speed increase with the bigip/rainbox combo in the real world? I'm not getting it. |
2000/12/12-13 [Computer/SW/Security, Computer/SW/WWW/Server] UID:20073 Activity:nil |
12/11 What are the security implecations of allowing the Delete method? Does apache allow that by default? Does it really mean that any user could send a header commanding your server to delete any file that nobody is able to write? If so, how do you disable this methd? \_ Something like <Directory /> Deny all Allow GET PUT other-explicit-methods-you-like </Directory> |
2000/12/5-7 [Computer/SW/Security, Computer/SW/WWW/Server] UID:20009 Activity:very high |
4/249 I think my employer logs all web traffic. Is there any free software I can run to block this? Like a proxy or some sort? Thanks. \_ http://www.anonymizer.com if you don't want to pay for ssl service do the following: 1. setup apache+ssl at home 2. write a cgi that takes in url request and then forwards it to anonymizer and parses the response to get rid of the annoying tags. 3. configure your browser to use your home box as a proxy Other options include hacking junkbuster to support https. \_ j is that you? \_ you idiot, I can't even log into soda from work thanks to a certain wonderful firewall. \_ yes theres plenty of ways to do this. \_ obhttp://www.zeroknowledge.com (it's what it was meant for - i.e. people not knowing what you are doing exactly) \_ How to check that the company logs all web traffic? \_ write a bot that hammers a bunch of sites, such as http://apple.com, http://sun.com and http://microsoft.com. run it on your machine and all the other machines you can get your hands on. Clueless admins will think that its 'software updates' or some such thing. Your real traffic will be obscured by the noise. Eventually the will give up and realize that logging is stupid. |
2000/11/7 [Computer/SW/WWW/Server] UID:19668 Activity:moderate |
11/07 If the URL is HTTPS, why do some sites have a popup to ask me to accept a certificate while others don't? For the sites that don't, are they pretending to have SSL turned on? \_ The ones that don't prompt you are using a certificate that your browser has already accepted, like one from Verisign or Thawte. You can verify that the connection is really SSL by checking for the key in the corner of your browser. \_ Could be that your browser is set to automatically accept certs from a trusted certificate authority. You can check the browser to see which ones you will automatically trust. If the browser doesn't recognize the CA as trusted, it will prompt you for approval. |
2000/10/19-20 [Computer/SW/WWW/Server, Computer/SW/Unix] UID:19525 Activity:nil |
10/18 Why is soda so jerky and slow today? Also, what's up with this httpd process? PID USERNAME PRI NICE SIZE RES STATE TIME WCPU CPU COMMAND 11202 www 99 0 576K 676K RUN 81:53 38.53% 38.53% httpd \_ Killed. -root |
2000/9/21-22 [Computer/SW/WWW/Server, Computer/SW/OS/Windows] UID:19304 Activity:moderate |
9/20 My Web page is getting an excessive number of hits from a particular domain. What's a good way to block it? \_ ipf \_ Talk to your web server admin or read your web server docs. \_ ACL on your router \_ /bin/rm -rf $apache_dir $http_docs_dir \_ OK I'll forward that request to root@csua right now \_ use windows! |
2000/8/18 [Computer/SW/WWW/Server] UID:19031 Activity:nil |
8/17 Apache debugging question: why would "<DEAD>host/~peterm/"<DEAD> "<DEAD>host/~peterm/index.html"<DEAD> work but "<DEAD>host/~peterm"<DEAD> not work? What specific fault in httpd.conf? (apache 1.3.12) --PeterM \_ http://www.apache.org/docs/mod/mod_dir.html You should have this enabled in httpd.conf: LoadModule dir_module modules/mod_dir.so (seems to be default enabled in 1.3.3) -alexf \_ default pages should be set to index.html \_ apache needs to know that it's supposed to redirect directories to the tailing / version. And when it sees /, it goes to whatever is set to default (home.html, index.htm, etc) RTFM for the particular directive you need to use. \_ Answers: $1 Answers (requiring thought): $5 Answers (correct): $20 Dumb looks are still free. |
2000/8/16 [Computer/SW/WWW/Server] UID:19012 Activity:kinda low |
8/16 "A process that has exited and has a parent, but has not yet been waited for by the parent, is marked <defunct>." Or so says the Man page. I have a ton of <defunct> processes on a Solaris 5.7 box. They are old Apache httpd processes. What should i do? (i restarted the machine once before when this happened and now its happening again). I can't believe Apache is giving me problems. Of all the apps I've ever loved. I must be doing something wrong, but what? \_ What version are you running? This was a problem with older 1.2.x and (don't remember) some 1.3 releases. Upgrade to 1.3.12 and your problem may disapper. AFAIK, you shouldn't have to reboot to solve this problem, just start and stop apache: # cd <path to apache install directory>/bin # ./apachectl stop # ./apachectl start for a ssl server use startssl instead of start. |
2000/8/6-7 [Computer/SW/Languages/Misc, Computer/SW/WWW/Server] UID:18894 Activity:high |
8/5 I set up apache and it has XBitHack set on. I read the apache docs but i don't really understand what significance it has. any pointers? \_ if you chmod +x your html file, it will be server-parsed. -tom \_ I don't understand what that means, to be parsed by the server. What does the server DO to it that it wouldn't otherwise -top \_ http://www.apache.org/docs/mod/mod_include.html \_ Look at www.csua/~phale and ~phale/stats.html he uses them quite a bit... notice the date and quotes from fortune. \_ The fortune thing is kinda fun sometimes because it sure brings up some fun/nasty sexual references on my web page. Sure shocked the hell out of my mother! Then again, if I wanted to shock people, I should just post some of the discussions from the motd. -phale |
2000/7/31-8/2 [Computer/SW/WWW/Server] UID:18832 Activity:moderate |
7/31 What's the difference between compiling apache+ssl and apache using mod-ssl? \_ apache and SSL can integrate either using the mod_ssl module or the ApacheSSL module. mod_ssl is just one of those two choices. \_ mod_ssl is pretty much the standard, these days, it's well maintained and integrates well. \_ geez, man, don't cram opinions down their throat. \_ It's the motd. It's obviously an opinion. The problem is not their opinion but that they didn't answer the question. \_ Apache+SSL is a patch directly to apache to handle SSL. mod_ssl is some patches to apache to make it handle ESAPI (or something like that, don't remember), then an upgradable module to handle the actual SSL. |
2000/7/18 [Computer/SW/WWW/Server, Computer/SW/Unix] UID:18705 Activity:nil |
7/17 Anyone know of a website where you submit a CSR from your web server, and sends you back a test certificate for your server? A test CA I guess? I found a site that did just that before, but I no longer have the http addr. Thanks -byeung \_ http://www.verisign.com |
2000/6/26-27 [Computer/SW/WWW/Server, Computer/SW/OS/Solaris] UID:18552 Activity:moderate |
6/26 Trying to install Apache-ssl on solaris. I have neither /dev/random nor /dev/urandom. Do i really need them? Where can i get them? / how do i get around needing them? \_ You can't get them. Try reading the instructions - other people run on Solaris, so there must be a workaround. \_ you CAN get /dev/random, FROM SUN. you have to know whewre to look. but you dont "need" them, anyway. |
2000/6/23-24 [Computer/SW/WWW/Server] UID:18529 Activity:moderate |
6/22 I can't find Patch 2.1 or 2.5 for Apache with SSL! Where is it? \_ Huh? Get Apache 1.3.12. Get mod_ssl 2.6.4 (http://www.modssl.org \_Um, not using modss, using apache w/ open SSL. However, I am a dumbass and the Patch, which i was being told is to old is Gnu's "Patch" utility and not the SSL stuff that "patches" apache. so now i have it and have another problem with getting it to run both ssl and regular connections. -dumbass \_ dumbass, it's you! Where have you been??? -dumbass #1 fan \_ Reinstall with new apache and use mods. |
2000/3/3-4 [Computer/SW/WWW/Server, Computer/SW/OS/Windows] UID:17682 Activity:moderate |
3/2 for all you windows ppl, which is the best web server for win98? \_ None. Win98 is a client OS, not a server. \_ Personal web server. \_ get this one; it comes from the m$ website or you can get it along with vis studio. It's remeniscent of the iis setup. \_ Apache. \_ Back orifice. Yes, it has a web server, and if you are running one on winderz you're going to get owned anyway. \_ Don't do this. |
2000/2/8-9 [Computer/SW/WWW/Server] UID:17460 Activity:high |
2/8 SSLeay/OpenSSL question. I downloaded and built OpenSSL but when I read the legal stuff, it sounds like its not legal for me to use it unless I tell RSA or someone and pay for a license. Does anyone know what I need to do if I intend to use it for non-commerical purposes? \_ Just use it. They're not going to bust you. really. sheesh. \_ You have to use the RSAREF library or wait for the patent to expire in the US. \_ Am I correct in assuming that this library is the one located in the rsaref directory in the OpenSSL sources? OpenSSL seems to build it by default, so if its legal to use this library, why do they have all the warnings? \_ because it's only legal to use without a license for non-commercial use as narrowly defined in their docs \_ hasn't this stupid patent expired a million times already. or am i getting that mixed up with some other encryption patent? \_ I believe it expires in September of this year. \_ September 20. We should have a party or something. \_ Uh yeah, whatever. As if the patent has stopped _anyone_ from 'illegally' using it at home or for other personal use. \_ *I* can use it sure, but plenty of others can't because they are for ex. companies and sueable. The patent's expiration will help Internet security by making it easier to distribute things like IPsec. \_ If they want it, they can fucking *pay* for it. I shed no tears for corpo maggots whining about not having the free use of other's technology to improve their own corpo maggot share value. |
2000/2/7-8 [Computer/SW/WWW/Server, Computer/SW/OS/FreeBSD] UID:17450 Activity:high |
2/6 What is the best way to do load balancing using Apache? Is there such thing as a load balancing HW router that can re-route based on HTTP header request (in the application layer)? \_ Cisco's Local Director. F5's stuff. \_ I first liked F5, and then their boxes started crashing with extensive load. If you use any SSL connections, [SSL requires session state], than don't go with F5. \_ also arrowpoint, or if you dont want to spend $20k per box, you can use the FREE linux virtual server. http://www.linuxvirtualserver.org \_ Unless you want a stable and functional system for your multi million dollar web corporation. \_ Hey, if you have a multimillion dollar web corporation then you wont mind paying $50k for a proper commercial solution. \_ First rule of coporate IS management. Why hack something when you can just BUY it? \_ Exactly my point. If you _need_ load balancing, you can afford to _buy_ load balancing and the price is just the cost of doing business. No big deal. If you wince at the price, you didn't need it (even if you thought you did). If you were being sarcastic, which I think you were, I have intentionally ignored the sarcasm because what you say is true whether you think so or not. I don't run my systems on a "hack". \_ Except that what you get probably is an x86 PC with a slightly modified Linux or *BSD on it. Just put it in a fancy sealed case, call it ... "appliance" and demand an exorbitant amout of money for it. Works every time. The oldest product on the load balancing router market is Coyote Point Equalizer and it uses FreeBSD. -muchandr \_ Yup and I get tech supprt and I keep my job when it keels over and I know there are people on the other side working on it everyday to keep their jobs, not just for kicks when they feel like it. If you can't afford the price, you didn't need it. Try telling the CEO that you saved him $20k but killed his company. It'll go much easier if you can point a finger at the vendor and pressure them to fix it *now*. If you're running your own startup, you can try explaining to the VC's how you saved $20k of their money but lost the $15m+ they gave you in funding. Welcome to the business world. CYA. |
2000/1/31-2/1 [Computer/SW/WWW/Server] UID:17387 Activity:moderate |
1/31 How do you setup SSL on Apache? Is it very difficult? \_ yes. If you want easy, PAY FOR A PRODUCT. \_ If you want legal in the us, you must pay anyway. \_ Summary: If you don't think RSA is going to hunt you down personally: run mod_ssl which is fairly easy to build and install. \_ i've never heard of an instance where anyone cared that RSA was being used so much that they hunted the culprits down. \_ They're silenced quickly. You wouldn't have heard. If it's a high profile commercial site, use Raven (http://www.covalent.com or, if you want to support Sameer, use Stronghold (http://www.c2.net \_ Sameer left C2 - read his interview on http://www.guru.com \_ old old old news... |
2000/1/23-24 [Computer/SW/Security, Computer/SW/WWW/Server] UID:17302 Activity:nil |
1/21 Anyone have a page where I can find stuff on headers for our apache web server? We have authentication, though we've realize that caching really is another issue entirely and would like our pages to have the same behavior as the portals (e.g., yahoo, aol) re browser based email authentication \_ http://www.hamsterdance.com \_ Don't go to hamsterdance. You're looking for http://windowsupdate.microsoft.com. \_ Would you care to try again except use English and format to between 76 and 80 columns? \_ Reformatted to fit on 80-column punchcard. - motd punchcard god |
1999/10/28-31 [Computer/SW/WWW/Server] UID:16783 Activity:nil |
10/28 Web server development contract described in /csua/pub/jobs/WEBDEV Check it out. -dqw |
1999/10/16-18 [Computer/SW/Security, Computer/SW/WWW/Server] UID:16714 Activity:nil |
10.15 Apache on RedHat- set UserDir to public_html in httpd.conf, with no specific directory permissions. I still get "Forbidden You don't have permission to access /~{user} on this server." What do I have to set to make this work? \_ look in your error log for chrissakes. -tom \_ Oh. Thanks. \_ You likely need to make sure that both the public_html dir AND the USER directory are WORLD executable. -crebbs |
1999/10/12-13 [Computer/SW/OS/Linux, Computer/SW/WWW/Server] UID:16693 Activity:nil |
10/11 What settings do i have to change so that apache will allow ~user Web pages on my linux box. \_ UserDir -tom - obvious troll deleted and will continually be. Lets have some good, coherent discussion, people. \_ drop the chalupa \_ Read the conf file comments. It's pretty clear. I'd say RTFM, but you don't even need to do that much reading to figure this one out. |
1999/9/28-30 [Computer/SW/WWW/Server, Computer/SW/Security] UID:16614 Activity:high |
9/28 Hi -- say Im using apache+openssl, but Im using basic (not digest) http authentication for a dir under https; is that initial password transaction encryped over ssl? In other words, do I make basic http auth more secure (non-sniffable) by using openssl, or am I still screwed. Yes, I could sniff the packets, but Im lazy:) \_ Get your lazy ass outta your chair, pick up your Visa, and buy Stronghold! \_ apache+openssl is working fine and free -- I just had the above question, that's all. Do ya know the answer? \_ And illegal in the US, but who cares about that... \_ if you're too damn lazy to run "tcpdump 443 | strings", you \_ They can have my STRONG CRYPTO when they pry it out of my cold, dead hands!!!!~@~@!!!@~@!@! \_ You'd be the first to give up your strong crypto when the MIB show at your door. Talk is cheap. \_ It's not the men in black coming after you it's RSA's lawyers with patent infringement lawsuits. \_ What color suits do lawyers tend to wear these days? \_ if you're too damn lazy to run "tcpdump port 443 | strings", you deserve to get hacked, then fired. \_ I think a more important issue (it turns out) is client caching of the password, so it's a bad idea anyway.... \_ I thought it was legal as long as you didn't use any of the patented crypto code like idea and rsa. --marc \_ I refuse to use anything unless my use is considered a violation of patent, copyright, or arms control laws. |
1999/9/26-28 [Computer/SW/OS/Linux, Computer/SW/WWW/Server, Computer/SW/Unix] UID:16602 Activity:nil |
9/26 I have followed all the instructions in "INSTALL.REDHAT" to install php3 on my linux box. However, when i run a "httpd -l" it does not display mod_php.c. Can anyone tell me or point me to docs which tell me how to find and install the correct binary? Thanks. -crebbs \_ Was it a dynamic module? I don't have the "INSTALL.REDHAT" file you're talking about (I don't use Linux for web service) so I have NFC what sorts of steps you went through. If this is in fact a shared module, then did you activate it? The solution to your problem isn't straightforward with the information you've provided. --sowings \_ Fdisk, reinstall. Run an operating system you're capable of dealing with. |
1999/8/19-23 [Computer/SW/Compilers, Computer/SW/WWW/Server] UID:16344 Activity:moderate |
8/19 Anyone have any experience setting up name based virtual hosts using Apache? This is fake but I have one IP, 128.56.139.5, and two name entries http://foo.com and http://bar.com. In my httpd.conf file I have <VirtualHost 128.56.139.5> ServerName http://bar.com DocumentRoot /~jondoe <VirtualHost> but now when I type http://foo.com or http://bar.com into the browser it gives me the message "Not Found The requested URL / was not found on this server." Anyone know what's wrong with this. \_ Apache doesn't grok "~"; use a full path. -tom \_ grok? y00 R s0 ]<-00|_ !!!111 \_ D00de! Warez y0r dikshunary? Wutz 'gr0k' meen? U R K00l!11 \_ grok /grok/, var. /grohk/ /vt./ [from the novel "Stranger in a Strange Land", by Robert A. Heinlein, where it is a Martian word meaning literally `to drink' and metaphorically `to be one with'] The emphatic form is `grok in fullness'. 1. To understand, usually in a global sense. Connotes intimate and exhaustive knowledge. Contrast {zen}, which is similar supernal understanding experienced as a single brief flash. See also {glark}. 2. Used of programs, may connote merely sufficient understanding. "Almost all C compilers grok the `void' type these days." \_ d00de, t0m iz ay MARSHUN??? thatz r/-\d!!!11 \_ gr0k!!111 tom iz s0 k00l h3 kan gr0k!@111!11 d00ewde!!!@ \_ Y d0 yu kepe rem00vein mye k-rad c0mmetz 2 t0M? eye leik t0m, hez s0 k00l cuz hez D gr0k mast0r!11 t0m iz rad!11 t0m iz rad!1 t0m iz rad!1 t0m iz raf!!1 yeh d00dez r0k 0n!1111 \_ Not only that, but grab the latest (1.3.9) for better virtual hosting features. |
1999/7/5-6 [Computer/SW/WWW/Server, Computer/SW/OS/Windows] UID:16076 Activity:moderate |
7/5 Show all those linux freaks how superior Windows NT Internet Information Server is over Apache. Check out: http://www.eeye.com/database/advisories/ad06081999/ad06081999.html A web server just isn't a web server unless you can execute arbitrary commands remotely without authentication. \_ This is old as the hills. Why don't you post solaris 2.3 holes too? Be about as meaningful. Every decent admin on the planet patched this long before you heard of it. \_ Every decent admin wasn't using such flaky software to begin with. |
1999/6/11-12 [Computer/SW/WWW/Server] UID:15949 Activity:very high |
6/11 I've got apache running as user 'nobody', but I'm writing some DB access CGI's, that need to execute under a different user ID. Is there any way of doing this short of running a second httpd on a different port, the second instance of httpd running as the db access user? \_ compile apache with suexec, and put the database CGI's in ~database/public_html. And you really should be running apache as something other than "nobody". -tom \_ setuid bits might work. Most OS's will allow suid to do what you want. \_ No, some OS's won't let you run scripts suid. \_ Already tried it... doesn't work (at least, not under apache 1.3.6) -- even setuid'ing the executable as the DBA user, when the CGI is executed, it still runs as user 'nobody' (which is what I have httpd running as). \_ Why did someone delete the correct response? Apache has a mechanism for doing this--compile it with suexec, and put the script in a user public_html directory. And you shouldn't be running apache as "nobody". -tom |
1999/2/1-5 [Computer/SW/WWW/Server] UID:15339 Activity:nil |
2/1 Oh shoot, some junior university has the World's smallest web server. <DEAD>wearables.stanford.edu<DEAD> \_ Maybe the Post-PC people on this side will compete with them... |
1999/1/14-17 [Computer/SW/WWW/Server, Computer/HW] UID:15235 Activity:low |
1/13 I'm thinking of buying a RedHat Secure Web Server (it only cost $61 now at Frys). Here is my question. Must the secure server be on the internet (persistent connection)? Can I install it on multiple machines or is it single machine based (ie. I need a special certificate thingie from the trusted site for each machine)? \_ You can use one certificate for multiple machines provided that they each have identical IP and FQDN. Beyond that it gets pretty dicey. But this setup will allow you to round robin to a large number of machines. In general you want a web server to be persistantly connected otherwise people won't use it. --appel \_ You can use one certificate for multiple machines provided that they each have identical IP and FQDN. Beyond that it gets pretty dicey. But this setup will allow you to round robin to a large number of machines. In general you want a web server to be persistantly connected otherwise people won't use it. --appel \_ Ah, gotcha, so if I purchase a secure server, I can't install it on many different servers because the secure server needs some special certificate thingie from certified RSA sites right? Why is the following server (with RSA license) so cheap $61???? <DEAD>necxdirect.necx.com/cgi-bin/auth/ifilelnk_q?key=0000131917&nonce=guest<DEAD> \_ To use HTTPS you need to purchase a certificate from companies like Verisign/Thawte/etc. The RedHat secure server is really a FALSE ADVERTISEMENT. It is like advertising a new car that costs $5000. After you purchase it, the manual, with fine print, says you must purchase transmission and engine, sold separate for another $10,000. \_ Generate them yourself with SSLeay! The user will then have add the CA (you) to the list of trusted CAs \_ is R.S.W.S. JUST a web server, or is it basically "install this CDROM, and you get a black box that does web serving"? (except technically, it's a clear box, but anyways...) |
1998/12/3-4 [Computer/SW/WWW/Server, Computer/SW/Unix] UID:15064 Activity:moderate |
12/3 According to "man www" if I want to have server side includes on my web page off of csua, I need to either change the file extension to .shtml or make it executable. Is there any reason why I shouldn't just change all my web page file permissions so I can avoid having everything end with .shtml? \_ for files identified as SSI-capable, the web server preprocesses them line by line for every page hit. normal files are served up "straight" without this overhead. --jwang \_ So we're talking about a difference of probably milliseconds per page load here? \_ I've done this on a Linux server. I found differences of several seconds. I never did figure out why the huge difference. \_ the only way there might be that much of a difference is if your WWW server is CPU-bound (extremely unlikely) or you're getting the documents off NFS or something. It should not be a noticable difference. -tom \_ But it is possible. It does depend on what is being interpreted by the SSI. Use .shtml only if necessary. \_ Are you implying it's better to make your file executable then? Or in general, use SSI only if necessary. \_ the latter. -tom |
1998/11/22-24 [Computer/SW/WWW/Server] UID:15000 Activity:nil |
11/21 Is csua's webserver php3 enabled? \_ Mail www@csua and ask - they are the ones who know the answer and will give you the right one, unlike the motd. Plus, you don't have to worry about the question or answer being deleted before it's read. |
1998/4/16-17 [Computer/SW/WWW/Server] UID:13966 Activity:high |
4/16 What do you have to do to have a web page with a secure connection? I assume there must be a way for a CGI script to interact with the server to send the info. How would it work on Soda? \_ SSL uses RSA, which means it costs money. \_ SSL uses RSA, which means it costs money, which means no SSL on Soda \_ ask root to install stronghold or apache-ssl \_ apache-ssl is illegal in the us \_ donate $175 for a server certificate or con sameer into donating one or it's worthless \_ sameer/C2 has offered stronghold to us in the past. We'd still need to fork over $$ for a certificate, but that wouldn't be too bad. Supposedly they're in the ~100/year range from thawte. \_ stronghold is crap. c2 support is a joke. \_ Think Netscape or M$oft will give us a similar product that is 'supported' on freebsd? Compared to the alternatives, C2 RULES! \_ hell, if it even is produced, let alone supported \_ And why hasnt the CSUA taken sameer up on this offer? \_ need for a certificate, and/or excessive slack. \_ Lack of real need. \_ Whaddya mean, lack of real need? If soda supported SSL, then safari could do a pay-for-porn Web site, taking credit card numbers right there on the spot. The CSUA could take 5-10% off the top . . . pay for the cert., plus a year-round fundraiser for the hardware fund. \_ Yup. Like I said, "Lack of real need". Besides, aren't you a member of the FPF? \_ C2 rewls over all of you \_ Hey, ast least they have Freebsd support. What are our other secure-server options, and are they any better? \_ I dont know too much about secure servers, what do they do for you that is so great? \_ Let you safely sell porn to net.people without fear of their CC#s getting snooped. |
1998/2/20 [Computer/SW/WWW/Server] UID:13708 Activity:nil |
2/20 Apache 1.3beta5 Released |
1998/2/13-14 [Computer/SW/WWW/Server, Computer/SW/Languages/Web] UID:13666 Activity:kinda low |
2/13 So what's the new deal with soda webserver? Total quota now = 10MB? \_ No. Use "quota -v" cgi works? How--cgi-bin directory, anything called .cgi, etc...? \_ *.cgi what else does webserver do? Server-side includes, wrapping, logging? \_ Yes, no, yes. |
1996/10/29 [Computer/SW/Security, Computer/SW/WWW/Server, Computer/SW/Unix] UID:31973 Activity:nil |
10/28 Why aren't the web server logs mounted on soda? People do like to see who is accessing their web pages. \_ Try mailing root and asking them. Most likely it's just something no one's bothered to do yet as part of the changeover. \_ I'll let you serve my logs baby \_ I wanna see who's accessing your web pages, too... |
1996/10/19 [Computer/SW/WWW/Server, Computer/SW/OS/Windows] UID:31950 Activity:nil |
10/17 Hi, does anyone know of a web browser that runs on Linux, and/or a web server that runs on Win95 (pref. free, of course). Thanks. -barn \_ go to http:///www.netscape.com for the Linux version of Netscape and http://www.apache.org for the Apache WWW Server. \_ Apache runs on Linux (and other unixes) but not 95 If you want to be a web server, get a real OS on that box - Win95 will *NEVER* be a decent web server (you could go to NT, but you'll have to pay through the nose for NT Server since Microsoft has f*cked-up license restrictions against using NT Workstation as a server). \_ Thanks for the info. I just wanted to test a server on W95, not actually use it for anything real. -barn |
12/25 |