Computer SW WWW Server - Berkeley CSUA MOTD
Berkeley CSUA MOTD:Computer:SW:WWW:Server:
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2024/12/25 [General] UID:1000 Activity:popular
12/25   

2011/7/7-21 [Recreation/Dating, Computer/SW/WWW/Server] UID:54140 Activity:nil
7/7     I haven't been to Berkeley lately. Has it been foggy at night? Wanna
        take my girlfriend up to see the view from somewhere near SSL. Also, is
        there a particularly good lookout point?
        \_ No not foggy, but that looks to be changing. Lawrence Hall of
           Science is always good.
           Science is always good. -ausman
        \_ There's a motel by almost oakland on telegraph, you can take your
           "girlfriend" there, they have hourly rates.
           \_ did cmlee get his soda account back?
2010/4/28-5/10 [Computer/SW/WWW/Browsers, Computer/SW/WWW/Server] UID:53806 Activity:nil
4/28    I just discovered http://en.wikipedia.org/wiki/Gene_Kan and the
        account ~genehkan. How depressing. Did anyone here know him? What was he
        like?
        \_ motd has link to more info than wiki:
           http://csua.com/?entry=25306
        \_ guess what.  he was depressed.
        \_ I didn't know him but he seemed pretty nice and geeky. He was active
           in the XCF, but I don't think that exists anymore.
        \_ He told me he got to meet Lars and he had come up with a good way
           to move forward with internet music.  Then he "suicided".
        \_ No, but I was friends with the Naked Guy when he was at Cal.
           \_ The Naked Girl lived at my coop.
        \_ It was really funny how fast after he died that the sysadmins of
           csua and xcf purged all his mail/accounts/homedirs.
2010/4/19-5/10 [Computer/SW/Security, Computer/SW/WWW/Server] UID:53791 Activity:nil
4/18    http://Apache.org hacked:
        http://www.theinquirer.net/inquirer/news/1601103/apache-hacked
2009/7/2-16 [Computer/SW/Mail, Computer/SW/Security, Computer/SW/WWW/Server] UID:53106 Activity:nil
7/2     Is imaps working?  What are the hostnames of the "incoming and
        outgoing mail servers" for CSUA email, and what kind of options
        should one set?

        I also noticed that we seem
        \_ Setup yer .forward or .procmailrc for now. I'm at a loss, too.
        \_ <DEAD>mail.csua.berkeley.edu<DEAD>. Using SSH (on default port 993) like before.
        \_ <DEAD>mail.csua.berkeley.edu<DEAD>. Over SSL (on default port 993) like before.
          \_ alpine doesnt seem to work. i try
                Folders on <DEAD>mail.csua.berkeley.edu<DEAD>:993 in cur
                but get timeouts .. using cur for "inbox" folder
2009/5/12-20 [Computer/SW/Languages/Java, Computer/SW/WWW/Server] UID:52990 Activity:nil
5/12    Anyone here use THE JIRA for issue tracking? How much does it suck?
        \_ Don't really use it.  Our team evaluated it and decided in
           favor of Bugzilla.  Bugzilla doesn't cost $2k--though cost
           is negligible.  The real deciding factor was that in my
           environment it can take 6 months to deply software not
           already on an 'approved' list, and Bugzilla was already
           on that list and JIRA was not.  At the time of evaluation,
           JIRA had no support for SVN interoperation, but that
           has since changed.  I realize this answer is mostly useless,
           but hey, at least someone cared.
        \_ I'm spearheading an effort to install it into our process.
           It has a lot more features than Bugzilla.  The SVN integration
           you buy with a different product, Fisheye.  The downside:
           JIRA is written in Java, and sometimes throws stack traces.
           We have yet to lose any data though.
        \_ I worked at a place that went from Bugzilla and wiki to JIRA
           and Confluence and while the transition was quite a bit of work,
           the end result justified it. Out of the box, it is as good and
           has a bunch of cool work flow stuff you can put in there to make
           you and your managers life a lot easier. Setting up the work flow
           is a big job though, so if you just want a ticket tracking system,
           I don't know why you would switch.
        \_ whats wrong w/ trac? ... esp if you want great svn integration.
2009/5/7-14 [Computer/SW/Database, Computer/SW/WWW/Server] UID:52965 Activity:nil
5/7     is there a wiki who's backend is stored COMPLETELY in mysql?
        data, pages, images, all that stuff?  thanks
2009/5/7-14 [Computer/SW/WWW/Server] UID:52963 Activity:nil
5/7     I am trying to reproduce a customer bug where their apache header
        has the content-encoding as the last line in the header.
        My test platform is running apache2.2 on ubuntu. Is there a way
        to do this ?i I have already read the apache 2.0 docs and
        I dont see anything obvious ? page is txt/html
2007/12/11-14 [Computer/SW/OS/Linux, Computer/SW/WWW/Server] UID:48785 Activity:nil
12/11   Apache/Linux question: I've got apache 2.0.52 on an idle redhat
        box (2.6.9-55 kernel).  Every so often one to four apache procs
        will run the cpu at 100% for any where from 15 to 90 mins, then
        drop back to normal.  USR and SYS time both increase to levels
        that the production boxes don't reach when serving traffic at
        noon.  I've checked apache and linux kernel versions, several
        /etc files, httpd.conf vs. boxes that don't do this.  Nothing
        interesting shows in the logs.  This is supposed to be a clone
        of other boxes that don't do this.  Reinstalling from scratch
        is not an option for various reasons.   Any ideas?  thanks.
        \_ strace them to see what the hell they are doing.
        \_ Perhaps you have been hacked?
2024/12/25 [General] UID:1000 Activity:popular
12/25   

2007/9/23-24 [Computer/SW/Languages/Perl, Computer/SW/WWW/Server, Computer/SW/Languages/Web] UID:48152 Activity:kinda low
9/23    I have an Apache question:
        If I have a directory which allows both CGI handler and Perl
        handler (mod_perl) how can I tell which is being invoked by the
        web server? The scripts are being executed, but I have no idea if
        mod_perl is running correctly or if the CGI Handler is just
        picking them up and running them. How can I tell?
        \_ If you like wasteful suburban living, chances are you don't
           need to know if they're running. They're all magically taken
           care of by other tax payers, like freeways and support systems
           for your big suburban mansion.
        \_ http://modperlbook.org/html/3-10-How-Can-I-Tell-if-mod_perl-Is-Running.html
        \_ http://urltea.com/1khw (modperlbook.org)
           Also you're supposed to get a 50X performance difference so try out
           a bunch of your own DoS clients and see the latency or something.
        \_ http://www.perlmonks.org/?node_id=377648
           Check the http header! Look for:
HTTP/1.1 200 OK
Date: Tue, 27 Jul 2004 07:10:54 GMT
Server: Apache/2.0.48 (Unix) mod_perl/1.99_13 Perl/v5.8.0 PHP/4.3.5  <=== !!!
...
           \_ I do not think this is valid for RHEL, which loads mod_perl
              as a .so. Certainly my server does not say this and yet it
              certainly does not complain when it loads the module. RHEL
              installs apache as an RPM and mod_perl as another RPM, so I
              don't think the apache ID string reflects reality. My
              question is not really "Is mod_perl installed?". I am sure
              it is. The question is "How do I know that my configuration
              is working the way I want it to, with mod_perl handling the
              .pl scripts instead of .cgi?"
2007/4/30-5/4 [Computer/SW/Languages/C_Cplusplus, Computer/SW/WWW/Server] UID:46485 Activity:nil
4/30    Technical question:
        I have a threaded webserver, one thread waits around and calls
        accept, then pulls threads out of a thread pool to handle the
        requests.  I want to be able to shut down the webserver cleanly, so
        I have the main thread wait for a signal to shutdown.  It then
        joins on the accept thread while the accept thread cleans up the
        threadpool.  The only problem is, how do I get the accept thread
        to exit?  I can't get it to stop waiting on accept.  Even closing
        the socket out from under it doesn't always get it to wake up from
        the accept call.  Is there a standard way to handle this?
        Addendum: Oops, Using C on *nix.
        \_ Umm, what language are you using?
           \_ obviously english. :D
        \_ Use select to see if there is something available on the socket
           before you accept.  Create the accept socket with O_NONBLOCK.
           It's all in the man page for accept.
        \_ You generally need to use select(2)/poll(2) on the fd to make
           sure there is something to read before calling accept(2), or
           you will run into this problem. Take a look at Stevens, Unix
           Network Programming Vol. 1 2d Ed., Ch 6 and Ch 27 for fairly
           detailed examples of how to do this.
        \_ Use shutdown(fd, SHUT_RDWR) instead of close.  It will wake up
           the accept.
2007/4/20-24 [Science/GlobalWarming, Computer/SW/WWW/Server] UID:46387 Activity:nil
4/20    Is there some reason why the apache logs are not world readable?
        \_ Because what other people are surfing is no one's business?
           \_ They used to be world readable.  Among other things, this was
              useful because it allowed users to view the error log so they
              could debug cgi scripts. -dans
              \_ The undergrads surely made a conscious and well thought out
                 decision to do things this way. Why don't you make a
                 constructive suggestion instead of whining that things are
                 done differently than they were in your day.
2007/2/20-22 [Computer/SW/WWW/Server, Computer/SW/Security] UID:45782 Activity:high
2/20    Any recommendations on a cheap/easy-to-use digital signature system?
        \- i dunno exactly wat you are looking for or what the status of this
           project is, but if the obvious [gnupg] wont do, you can google
           for AKENTI. --psb
        \_ What do you want exactly?  A toolkit for digitally signing various
           files?  OpenSSL is free.  It is, however, a pain in the ass to use,
           but, once you know what you want to do with it, you probably won't
           ever have to figure it out again. -dans
           \_ Mostly documents that are federally mandated in the development
              process of medical software. The team is somewhat distributed, so
              I was hoping for something fairly easy to use.  Years ago I'd
              have used PGP, but I don't know how things have progressed and
              what a good (preferably open) system is.
        \_ GnuPG is fairly easy to use and its free. Many commercial apps use
           it for digital signatures: http://gnupg.org
           \_ Yeah, I pretty much agree.  If price is the key, find a decent
               frontend to gnupg and tweak it to fit your needs.  If usability
               is key, it's worth buying a copy of PGP.  Both support the
               OpenPGP standard.  OpenSSL is too low level for what you want.
               -dans
               \_ GnuPG seems to be the way to go. I've got everything figured
                  out except verifying signatures. Thanks for the advice. -op
                  \_ This is from memory, not the man page, but I think it was
                     something like gpg --verify.  Or are you trying to do
                     something more complicated? -dans
                     \_ You're right that --verify is the command line
                        solution, but I was going for something in a GUI. It
                        turns out that GPGee (Win Explorer extension) has that
                        ability, and works great. Thanks again. -op
2007/2/13-17 [Computer/SW/Security, Computer/SW/WWW/Server] UID:45734 Activity:nil
2/13    The personal webpages are now up
        \_ Ming-Hay
        \_ Thanks. Something seems a little messed up w/ the server config.
           The front page produces a server error for me, and the server
           is returning lists of files rather index.html for directories.
           \_ Agreed, things are fubar.  I've written/tweaked/debugged an
              Apache config or twenty in my day so I'd be happy to look things
              over and help out, just ask.  That said, I'm shockingly busy at
              the moment, so I may not be the quickest source of help.  You
              may want to turn personal public_html directories off until you
              fix this as the current config does leak information, which has
              (IMO, minor) security implications.  If you're a soda user, you
              can prevent people from browsing your public_html directories
              over the web until this is fixed with the following:
              chmod og-r ~/public_html
              -dans
2007/2/11-13 [Computer/SW/Mail, Academia/Berkeley/CSUA, Computer/SW/WWW/Server] UID:45709 Activity:nil
2/11    \_ Is POP back up?  Haven't got it to work since Soda got back
        up.  (SSL  http://soda.csua.berkeley.edu port 995)
        \_ Legitimately curious, why use POP when you IMAP is available to you?
           -dans
           \_ Uh, isn't IMAP still down?  I still can't access it
              -pmw
              \_ I neither know nor care.  I forward mail off soda to a box
                 where I run IMAP. :) -dans
           \_ In the past (1997) when I used IMAP, it would mark my messages
              as "read" when I read them on my client machine.  I don't like
              this, I like to have the messages as two distinct instances, one
              on Soda and one on my home machine.  If I read it on my client I
              want it to still show and unread on Soda.  Also, IMAP is more for
              people with always on connections, which I don't have.  That's
              why I prefer offline processing (Pop) vs interactive processing
              (IMAP).
              \_ Hmm, I don't understand why you'd want things you've read not
                 to be marked as read, but if that's how you work, more power
                 to you.  It's worth noting that many modern IMAP clients, eg
                 OS X's Mail.app, have excellent offline modes, which serves
                 the same purposes as POP, but with IMAP's richer semantics.
                 -dans
                 \_ Thanks, maybe I'll check it out again.  10 yrs of software
                    development may have fixed my intial hang-ups.
2007/2/1-6 [Computer/SW/WWW/Server] UID:45637 Activity:nil
2/1     Any recommendations for a real SSL cert provider? Is GoDaddy any good?
        \_ I used Verisign in 2000. Expensive but decent. Haven't tried
           anything else but I'm guessing they're pretty much similar
           these days. I like GoDaddy's fast web interface for domain
           name registration.
2007/1/26-2/1 [Computer/SW/WWW/Server] UID:45600 Activity:nil
1/26    Trying to connect to port 993 using SSL, in Thunderbird with no luck.
        \_ I can replicate this, but will have to tcpdump to figure out what
           the actual problem is.  Try <DEAD>mail.csua.berkeley.edu<DEAD> (which hostname
           I'll have to gen a cert for at some point).  -- darch
           \_ other than the cert not being in my CA list, SSL IMAP
              on mail.csua seems to work.  Yay!  Good job, darch!
              \_ what do you use for your imap path?  I haven't been able
                 to get file in my /var/spool/mail/{user} directory show up?
2006/9/8-12 [Computer/SW/Unix, Computer/SW/Security, Computer/SW/WWW/Server] UID:44325 Activity:nil
9/9     Is there a gzip-like unix command that will encrypt a file?
        I'm looking for something that's widely available. Thanks
        crypt (not very secure - DES).  Or failing that, openssl or gnupg
        \_ openssl or gnupg... what are you looking for?  Those will work fine..
           \_ Thanks for the recommendations. I'm basically experimenting
              with a way of using my friend's computer to backup my
              personal files and using my computer to backup theirs.
              Of course, this means storing files in a way where we can't
              see each other's personal files.
              \_ I'd recommend checking out http://dar.linux.free.fr
                 It makes the whole "backing up a bunch of files, encrypting
                 it, and chunking it into bite-sized pieces" thing much easier
                 than dump/tar + gzip + openssl.  --dbushong
                 \_ Oh, that is so cool. Thanks. My way was going to
                    be much more convoluted involving ssh and a bunch
                    of script writing. This should save some time.
              \_ One nice thing about using gpg (dump/tar | gpg) is you
                 can do public key crypto and not ever have passwords stored
                 in the script.  I believe gpg also can chunk it into X
                 byte chunks, optionally ascii armored, for emailing as
                 well. (well, I suppose you could mime-attach it)
        \_ openssl bf-cbc -in file.txt -out file.txt.bfcbc    # encrypt
           openssl bf-cbc -d -in file.txt.bfcbc -out file.txt # decrypt
           --dbushong
        \_ /usr/bin/{zip,unzip} on soda can take passwords.  Don't know if
           they're widely available on other *nix's.
2006/5/9 [Computer/SW/WWW/Server, Computer/SW/Unix, Computer/SW/Languages/Misc] UID:42993 Activity:nil
5/9     Running httpd as nobody isn't that secure. If one asshole decides to
        do a DoS (fork script) as nobody, there's no way to track down the
        perpetrator. This is why "suexec" is highly recommended, plus
        users don't need to chmod a+rx script.cgi.
        \_ Uh, it's totally trivial to track down the perpetrator with or
           without suexec.  httpd should run as something other than nobody,
           but that's only because nobody is over-used, and whether httpd
           runs as nobody is orthogonal to the question of whether suexec
           should be on.  -tom
           \_ Ok fine. I gave a bad example, but we both agree that nobody
              is good.
2006/4/24-25 [Computer/SW/WWW/Server] UID:42816 Activity:nil
4/23    Is it possible to see the logs of the hits to my csua
        webpage?
        \_ /var/log/apache
           BTW, root types: it looks like whatever you have doing the rotation
           isn't HUP'ing apache after rotation: the server's currently
           (2006-04-24 16:41:52) ignoring "access.log" and is still writing to
           "access.log.1"  --dbushong
           \_ I cannot read them, as I am not a root type.
              \_ Oh hey, sorry, whoops; didn't check the perms.  There used to
                 be some system wherein you touched a file in your homedir
                 and logs to your /~username/* stuff got thrown there at
                 rotation time... though I could be thinking of something
                 else.  --dbushong
              \_ I believe apache logs on old soda were wolrd readable. -dans
2006/4/18-23 [Computer/SW/Security, Computer/SW/WWW/Server] UID:42779 Activity:nil
4/18    Thanks mrauser for the call just now.
        root:  I think one of the next priorities can be enabling POP3/SSL
        and IMAP/SSL.  I'm going to download e-mail with the unencrypted
        connection, but I'll probably change my password once every couple
        weeks until the above gets online.
        Most if not all of the official UC e-mail systems now require SSL
        for downloading and sending e-mail, right?
        \_ Actually, all password transactions must be encrypted according
           to the Minimum Standards for Networked Devices policy.  -tom
        \_ IMAP/SSL is now up, POP3 is down entirely. That should suffice
           for the moment. -michener
2006/4/11-15 [Computer/SW/WWW/Server] UID:42731 Activity:nil
4/11    Apache down also?
        \_ AFAIK, yes
           \_ it was up for a while? seems to be down now
2006/2/28-3/1 [Computer/SW/WWW/Server] UID:42026 Activity:nil
2/27    What apache2 directive should I use if I want apache to
        execute .cgi files that are symbolic links? Thanks.
        \_ http://httpd.apache.org/docs/2.2
           Look at the Options directive. -dans
2006/2/1-3 [Computer/SW/WWW/Server] UID:41660 Activity:nil
2/1     In apache2 how do I make certain directories execute as certain
        user? Say I have the following and I want
        http://mydomain.com/bobby to execute as user 'bob':

        UserDir public_html
        <Directory /home/*/public_html>
          AllowOverride FileInfo AuthConfig Limit
          Options Indexes SymLinksIfOwnerMatch IncludesNoExec ExecCGI
        </Directory>
        Alias /bobby/ "/home/bob/public_html/"
        Alias /bobby "/home/bob/public_html/"
        \_ Not in currently released code from apache.  they used to
           have an MPM that did something similar that never got enough
           work.  But, you may want to lookup the "metux" MPM works
           along the same lines but is not "official" apache  --Jon
2006/1/3 [Computer/SW/WWW/Server] UID:41208 Activity:nil
12/3    anyone know what the command is to see what modules my apache
        installation has installed? I know I've done this before but
        can never remember. tried googling. thanks.       - rory
        \_ httpd -l will list the statically-compiled modules. For dynamic
           modules, I think you need to look for LoadModule lines in
           httpd.conf. -gm
           \_ perfect. thanks
2006/1/2-4 [Computer/SW/WWW/Server, Computer/SW/OS/Solaris] UID:41196 Activity:nil
12/3    Hello, I'd like to setup a wiki and a discussion board for
        people interested in a particular niche market I'm looking at
        (I can't give out details because someone may steal it). I
        already colo my family web site (<lastname>family.com) with a
        friend of mine on Solaris at InReach, Oakland. What's the best
        software to get to host a wiki and a discussion board, and do
        I have to setup suexec and mysql?
2005/12/28-2006/1/4 [Computer/SW/WWW/Server, Computer/SW/OS/Linux] UID:41156 Activity:nil
12/28   a little bit of history for csua folk:
        Stronghold sales ended some years ago and the product's last
        support date is December 31, 2005.
        \_ more info:
           http://www.redhat.com/en_us/USA/home/solutions/stronghold
        \_ So what ever happened to sameer?
           \_ sameer retired to the world of gang bang and hot chicks.
              I kid you not.                    -someone who knew him
              \_ "...band and..."?  You don't mean "...banging..."?
2005/10/22-24 [Computer/SW/Security, Computer/SW/WWW/Server] UID:40230 Activity:nil
10/22   I want to set up a Wiki site for users of a software framework, but
        I'm concerned about security. Are there any Wiki engines that are
        particularly good about security? Any good sites discussing this?
        Thanks. - ciyer
        \_ Not twiki.
           \_ google for natswiki.  It's a mod of twiki.
2005/9/15-17 [Computer/SW/WWW/Server] UID:39699 Activity:nil
9/15    What's the best method for limiting the amount of bandwidth
        used by a particular directory (podcast mp3s) on a vhost
        with Apache2 on Linux?
        \_ http://www.ivn.cl/apache
2005/7/27-29 [Computer/SW/WWW/Server] UID:38845 Activity:nil
7/27    Sorry, I broke my webserver (mod_perl fall down and go boom).
        http://csua.org/u stuff will hopefully be back up by tonight.  --dbushong
        \_ Or...tomorrow.  mod_perl is not happy.  Sigh.
        \_ Does anyone actually USE http://csua.org? I don't and haven't even since
           http://tinyurl.com proved to be much better
           \_ Holy mythical creatures, batman!  His wounds are closing!
        \_ OK, fixed.  All it took was a buildworld, perl rebuild, apache
           rebuild, mod_perl rebuild, and a chicken.
2005/7/5-7 [Computer/SW/Languages/C_Cplusplus, Computer/SW/WWW/Server] UID:38414 Activity:low
7/5     You know what would be cool?  Google maps + fast updating
        traffic condition data in the bay area + xplanet =
        neat background for my monitor.
        \_ Yahoo! maps has traffic conditions overlay.
        \_ Google earth should have licensed firework displays marked. -- ilyas
        \_ How about an overlay of parking rules and street-sweeping schedules?
           \_ How about an overlay of where dem hos at?
           \_ Plus meter-maid schedules.
           \_ And known speed traps!  -John
              \_ So how hard would it be for you pros who can really do this
                 stuff to jerryrig a Wiki version of Earth or Maps?
                 -- ulysses (I do storm drains, not C)
                 \_ You write software that manages storm drain projects?
                    \_ I haven't written a significant amount of new code of
                       any kind since finishing my master's program. It's an
                       interesting idea, though. The available storm drain
                       software kind of sucks. -- ulysses
2005/4/15 [Computer/SW/WWW/Server, Computer/SW/Mail] UID:37204 Activity:high
4/15    My company specifically blocks out port 995, which is pop3 over
        SSL.  This makes me wonder, are they archiving all emails
        received through regular pop3 port? I don't see any other
        reason for blocking the port. Sending smtp via ssl is ok
        though...
        \_ Chances are they don't know about POP3/SSL.
           Send them a polite request to open the port.
        \_ What does your company do?
           \_ I can't retrieve gmails through pop. at home it works fine.
2005/2/23-24 [Computer/SW/WWW/Server] UID:36378 Activity:nil
2/23    What's the server/port for CSUA's imap server?
        \_ It's soda, port 993 (the default for SSL-secured IMAP).  We don't
           support non-SSL IMAP anymore.  --mconst
           \_ Thanks, that was exactly my problem.
              \_ fyi, I've been using SSL IMAP for a year or so on soda.
                 Thanks to whoever got it working.
                 For some reason spam has been much reduced recently, so thanks
                 to whoever is fixing that.
2005/2/21-22 [Computer/SW/WWW/Server] UID:36357 Activity:nil
2/21    I'd like to post some MP3's on my soda web page.  Is there an apache
        restriction against doing this?
2004/12/17 [Computer/SW/WWW/Server, Computer/SW/Languages/Web] UID:35336 Activity:nil
12/16   I've had Apache 1.3.27 installed for several months now. All of a
        sudden, as of two days ago, we're getting random "forbidden" pages
        throughout our site, including our webmail program and front page.
        httpd.conf hasn't been touched in over a month. Any ideas?
        \_ p0wn3d!
           \_ It is fairly likely that your installation has been broken into.
              Why did you install 1.3.27 several months ago?  Current release
              is 1.3.33.  But the most likely problem is with something like
              PHPBB or PHPwebsite; we're seeing many exploits in PHP systems
              on campus right now.  -tom
2004/11/23 [Computer/SW/WWW/Server, Academia/Berkeley/CSUA] UID:35032 Activity:nil
11/23   The CSUA webserver is down
        \_ works for me as of 8:56am. --twohey
           \_ I just restarted it.  To the original poster, could you
              please mail root when you notice things are broken?  --mconst
        \_ Now works for me as well.  (It didn't about 10 minutes ago.)
2004/9/22-23 [Computer/SW/WWW/Server, Computer/SW/Unix] UID:33708 Activity:kinda low
9/22    The DNS/web hosters for <DEAD>a.b.com<DEAD> are doing a HTTP 301 redirect
        to my site <DEAD>c.d.com<DEAD> How do I change the Apache httpd.conf on
        <DEAD>c.d.com<DEAD> so that it appears to the web browser that it is browsing
        <DEAD>a.b.com<DEAD> ?
        \_ You don't.
        \_ Do you own <DEAD>a.b.com<DEAD>?
        \_ you would have to redirect just a frame or something similar to
           that. the url at the top of the browser will still reflect
           the primary frame or div
        \_ JavaScript can rewrite the URL line.
2004/9/14 [Computer/SW/WWW/Server, Computer/HW] UID:33513 Activity:kinda low
9/13    My apache server doesn't understand a url if it doesn't have a
        trailing slash. in other words it knows what to do with
        http://myhost.com/dir but not with http://myhost.com/dir
        how do I get it to understand url's of the second format too?
        thanks.
        \_ That functionality is implemented by the mod_dir module; if for
           some reason you don't have that loaded, Apache won't do the redirect
           it's supposed to do:
           http://httpd.apache.org/docs/mod/mod_dir.html  --dbushong
2004/6/26-27 [Academia/Berkeley/CSUA, Computer/SW/WWW/Server] UID:31023 Activity:nil
6/26    Is there something wrong with Soda's webserver?  I can't reach
        http://www.csua.berkeley.edu
        \_ its borken for the same reason df is borken. i'm trying to
           find someone geographically closer then i to the csua
              fixed. - erikk
2004/6/18-19 [Computer/SW/WWW/Server, Computer/SW/OS/Windows] UID:30912 Activity:kinda low
6/18    Does anybody have experience with setting up a small wiki server on
        a win2k machine (possibly using Cygwin)?
2004/6/9 [Computer/SW/WWW/Server] UID:30704 Activity:high
6/9     Apache (2) question:  I assume there is a quick easy way for me to put
        something in httpd.conf that will take all requests to
        http://www.mydomain.com and redirect them to
        http://www.mydomain.com/dir what is the best way to do this? tnx.
        \_ Look up redirect rules or just make /dir the document root.
           \_ so mod_rewrite, hun?
2004/6/8 [Computer/SW/WWW/Server] UID:30676 Activity:moderate
6/08    Does this look familiar to anyone?  From apache2 error_log:

        File does not exist: srv/www/tomcat/base/webapps/MYDIRindex.jsp

        no matter how many "/"s i put on <DEAD>www.myserver.com/////index.jsp<DEAD>
        it still gives me this.  What am i doing wrong?
        \_ isn't tomcat a stand-alone java application?  Why would it be in
           the apache2 error_log.  As for the ////////, do you really think a
           good webserver would let you go UP from the webroot, whether with
           / or .. (or encodings of both)
           \_ i'm using a connector (jk).  As for the other, i'm not trying
              to transverse a directory.  /// is treated just like "/" i'm
              just trying to make sure i get one in there.
        \_ Tomcat refusing to acknowledge the existence of a jsp or servlet
           is a very common problem and happens if any one of the 8 billion
           possible settings aren't exactly perfect.  This is covered
           extensively in numerous FAQs  (listing all of the possible causes
           is not in the purview of the motd)
2004/5/27 [Computer/SW/WWW/Server] UID:30458 Activity:high
5/27    MacOS X Mail complains about soda's certificate when connecting over
        SSL.  Is there a way to silence it?  Is there a public x509 certificate
        around here?  The stuff in /etc/ssl/certs isn't readable by anyone but
        root.   -jeffwong
        \_ There's a way to get Mail to suppress the warning... sorry, but I
           don't remember what it is off the top of my head.
        \_ public part of the cert is always  obtainable.  -dwc
           use openssl s_client -connect hostname:port
        \_ What is the complaint it gives?
        \_ when Mail.app complains , go to the "option" button.  You will
           see a little icon looking like a certificate.  Control-drag
           the certificate icon out to the Deskto(or other file location).
           Install the certificate in KeyChain.app  (I suppose OS X looks
           through the KeyChain if the CA can't be found).  It is all
           in Help.app -tyf
2004/4/9 [Computer/SW/WWW/Server] UID:13108 Activity:moderate
4/8     So I'm using Subversion for personal work.  I set up a debian server
        and got apache2 running and svn-dav working so I can use http URL's for
        the repository.  I've got basic authentication working, but I'd like to
        try https authentication.  But I'm an apache newbie.  Anyone have
        pointers to either doing this specific task or a tutorial on apache2
        SSL configuration (including certificates, etc.)?
        \_ and it all went quiet in the city
           and the wind blew down the road
           someone cried out SUBVERT!
           and the people all went cold
           meanwhile back in subvert city
           someone's writing on the wall
           fuck the government spraypaint hero
           it's subvert city...it's subvert rule!!
        \_ google is your friend.  But you can check out
           http://www.geotrust.com/quickssl/csr/index.htm and
           http://www.geotrust.com/quickssl/install/index.htm for more info
2004/2/19 [Computer/SW/WWW/Server] UID:29824 Activity:high
2/19    I have two CGI scripts on my Apache-hosted site which I want
        to be accessed only through https. I also use relative url's
        throughout all my pages and would like to keep it this way. As
        far as I can tell, the only way to link to a page over https
        is with a fully-qualified URL. My scheme: create some Rewrite
        Rules so that if any url ends with, for ex, "-secure", rewrite
        that to https, and then add a SSLRequireSSL directive so a
        clever user will be thwarted if they try to access the page w/out
        the "-secure". Does anyone see anything wrong with this solution?
        Is there a better way?
        \_Not really. Not quite sure what the problem is with people
          directly accessing your https server vs. being linked over.
          Since http is stateless, it could create potential problems
          when users use the back/forward buttons on their browsers
          I guess...
          \_ it's not the statelessness, it's the not-wanting to write
             absolute URLs, I think
             \_ exactly, I'd rather not start sprinkling absolute URLs
                throughout the site. -op
        \_ I think the mod_rewrite cookbook page even has examples of doing
           this with a suffix like :ssl  --dbushong
2004/2/5 [Computer/SW/WWW/Server] UID:12106 Activity:nil
2/4     Apache_SSL vs. mod_ssl ... discuss
        \_ In Apache 2, ssl is built-in. It seems to work well.
        \_ Apache_SSL has not benn maintained in literally years.  Use
           mod_ssl.
           \_ cool, thanks
2004/2/3-4 [Computer/SW/WWW/Server] UID:12087 Activity:low
2/3     Do I have to purchase an SSL cert from Verisign or one of those
        places inorder to allow my webserver to accept https requests?
        \_ yes.
        \_ You can set this up nicely with OpenSSL.  Make sure that the
           server's DN in the cert matches your hostname so that the only
           message the browser pops up is something along the lines of
           "untrusted root certificate".  Trusting an unmanaged certificate
           used only for SSL isn't a big deal.  If it's only used by people
           you know, you can make a root cert available for them to import
           into their browser.  Use google to find one of any number of
           howtos.  -John
        \_ No.  you can set up a dummy certificate if you don't mind getting
           a popup from your browser.  if this is for end users, though, you'll
           want to buy one.
           \_ alright, so someone posed this question back on 1/9, but never
              quite got a full answer... in terms of cheap, reliable ssl
              sellers... anyone have any good/bad stories to tell about
              http://freessl.com ? Any other recommended cheap ssl cert vendors?
              thanks.                   - rory
              \_ I posted in january. I think http://freessl.com doesn't
              \_ I posted the question in january. http://freessl.com doesn't
                 do wildcard certs, so you're limited to one FQDN.
                 do wildcard certs, so you're limited to one FQDN.
                 I want to use if for like <DEAD>mail.example.com<DEAD> and
                 I need to use the cert for like <DEAD>mail.example.com<DEAD> and
                 http://www.example.com and <DEAD>vhost.example.com<DEAD>.
                 For now I'm using a self-signed cert (not "dummy")
                 For clients using it for email, they can "install" or
                 http://www.example.com and <DEAD>vhost.example.com<DEAD>.
                 For now I'm using a self-signed cert (not "dummy")
                 For folks using it for email, they just install the cert.
                 If you're not doing ecommerce a self-signed cert may
                 be all that you need. It does SSL  _security_ fine
                 but not without the _autentication_ (trust). -brett
                 accept the cert the first time.  If you're not doing
                 ecommerce a self-signed cert may be all that you need. It
                 does SSL security fine but not autentication (trust). -brett
2003/11/12-13 [Computer/SW/WWW/Server] UID:11041 Activity:nil
11/12   Anyone ever successfully used the mod-ssl directive SSLRequire
        (not to be confused with SSLRequireSSL)?  I'd like to use it to
        require ssl to access resources that use Basic or Digest
        authentication.  Something along the lines of:
        SSLRequire %{AUTH_TYPE} eq "Basic" or %{AUTH_TYPE} eq "Digest"
        Alternatively:
        SSLRequire %{AUTH_TYPE} ne ""
        Unfortunately the SSLRequire doesn't appear to work *at all*,
        even for simple cases like:
        SSLRequire 2 < 1
        Suggestions?  Is there a simpler way to accomplish the above?
        The alternative of requiring that SSLRequireSSL directives be
        sprinkled into every .htaccess file that specifies AuthType is lame
        and unmaintainable. -dans
        \_ A more useful answer than doing SSLRequire is to do a Redirect
           to the same URL but https:// in each situation.  Two caveats:
           1) this still doesn't solve the logic problem (if AUTH_TYPE ...)
           2) you _can't_ do this in .htaccess, it has to be in the httpd.conf
              in a <Directory> or <Location> tag.  If you put it in the
              .htaccess, it will try to do the redirect _after_ the basic auth
              <DEAD>..com<DEAD>e to think of it, you may be having the same problem w/
              your SSLRequire; try putting it in the httpd.conf  --dbushong
              \_ I've actually done this in the past, and it is a nice way
                 to smooth over a user-unfriendly Forbidden message.
                 Unfortunately it suffers from the same maintainability
                 problems as teh sprinkling SSLRequireSSL statements
                 everywhere :(.  As for SSLRequire, I haven't been able to
                 get it to work properly anywhere, either httpd.conf or
                 .htaccess.  Thanks for the response. -dans
2003/10/1-3 [Computer/SW/Security, Computer/SW/WWW/Server] UID:10390 Activity:nil
10/1    OpenSSL vulnerabilities.  Patchpatchpatch...
        http://www.openssl.org/news/secadv_20030930.txt  -John
        \_ is it enough to get install the new ssl rpm or does my mod_ssl
           need to be recompiled?
           \_ depends on whether mod_ssl is linked statically or not. I believe
              it's not since the only new RedHat updates that showed up today
              are openssl ones. In general, they a rarely use static linking,
              so to update a library, you just need to install the new library
              rpm and not worry about the applications that use it.
        \_ My new plan.  Fuck ssh/ssl.  I'm changing all external connections
           to vpn-only and then filtering the shit out of who is allowed to
           even try to connect to that.
                \_ Oh *that* will work.  Because we all know that every VPN
                   solution out there is utterly foolproof and secure.  Nobody
                   ever cracked DES or IOS.  Blanket statements like that are
                   incredibly ignorant and dangerous (although if it makes you
                   feel safer, go ahead.)  There is nothing fundamentally
                   wrong with OpenSSH/SSL--no computer or software is or
                   will ever be 100% secure.  Just patch the fucking thing
                   and get on with your life.  There'll be others.  -John
                   \_ You're so ... manly! when you talk about security, John.
                      It makes my heart go "thump! thump! thump!"  Can I have
                      your love child?  Your IPSEC key?
        \_ DOS vulnerability.  Not remote exploit.
2003/7/22-23 [Computer/SW/WWW/Server, Computer/SW/Languages/Python] UID:29101 Activity:nil
7/21    http://twistedmatrix.com/users/jh.twistd/python/moin.cgi/LiquidDemocracy
        Where Python, Democracy and the Tragedy Of The Commons all come
        together on the same page!  I love this interweb thing!
2003/7/10-11 [Computer/SW/Security, Computer/SW/WWW/Server] UID:28992 Activity:nil
7/9     So, what are the cheapest "trusted" SSL certs out there?
        \_ Get a standard Windows install, open MMC, look in the certificates
           snap-in for trusted root certificates, go through those.  Or failing
           that, in the 'security' settings of any browser under whatever
           incarnation of a 'certificate authorities' listing you have.
           (Thawte no longer exists.)  What do you need a trusted root CA
           chain for?  You can very often get away with issuing your own.
                                                                -John
        \_ http://instantssl.com, price starting at $50
           http://geotrust.com, price starting at $150
           Never used either of them, so YMMV.
2003/5/10-11 [Computer/SW/WWW/Server] UID:28395 Activity:nil
5/9     SSL Common name verification bug in Safari (don't use it with SSL
        sites): http://www.secunia.com/advisories/8756
2003/4/10-6/15 [Computer/SW/OS/Linux, Computer/SW/WWW/Server] UID:28056 Activity:moderate
4/9     Anybody knows what's up with alumni.eecs?
        \_ prob upgrading h/w and/or s/w again. http://alumni.eecs.berkeley.edu
           points to a fresh install of apache.
        \_ apparently it got rooted.
           \_ again?  what's up, used to be alumni and ucsee were reliable.
           \_ I thought ucsee and alumni.eecs had a power outage for
              several days?
        \_ Why do people ask this shit here?  Go find the alumni.eecs admins
           and email them.  No one here knows anything about non-csua systems
           and almost as little about csua systems.
           \_ because some ppl are members of both groups.
              \_ so what?  There are other csuaers that are members of my bird
                 watching society.  I don't ask them bird questions on the
                 motd.
                 \_ take a look at the array of questions that get asked on
                    the motd, and the array of responses.  I don't remember
                    one in particular, but i'll bet bird questions have been
                    answered here before.
2003/3/20 [Computer/SW/WWW/Server] UID:27761 Activity:nil
3/19    Just in case some of you haven't seen this yet, there is
        a new timing attack on RSA keys:
        http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf
        OpenSSL advisory is here:
        http://www.openssl.org/news/secadv_20030317.txt
2003/2/21 [Computer/Domains, Computer/SW/WWW/Server, Computer/SW/Unix] UID:27473 Activity:nil
2/20    Any suggestions for premium dedicated web server hosting?  Our
        current setup is with a small hosting company, but we're not
        satisfied with uptime, and they don't allocate us guaranteed
        bandwidth.  Thanks.
        \_ earthlink!
2003/2/18-19 [Computer/SW/OS/FreeBSD, Computer/SW/WWW/Server] UID:27447 Activity:low
2/18    My apache server (on my FreeBSD box) doesn't load up the page
        in a subdirectory if the final slash isn't present. In other words
        <DEAD>www.mydomain.org/test<DEAD> loads up wherease <DEAD>www.mydomain.org/test<DEAD>
        does not. How can I fix this? Thanks.
        \_ Probably your ServerName isn't set properly.  If you request a
           directory without the trailing slash, you get sent a redirect
           to a URL based on your ServerName, including the slash.  -tom
        \_ Are you using mod_rewrite?  mod_perl?  There are a number of things
           that could affect behavior on trailing slash. --scotsman
           \_ try replacing your apache config with the httpd.conf-dist
              file in the same directory.  Then diff the 2 and see what's
              wrong.  Caveat: won't work with cable modem.
2003/2/16 [Computer/SW/WWW/Server] UID:27432 Activity:high
2/15    Is there a way to record who, or at least which machine, have visited
        my web pages on soda, other than relying on them signing a guest book?
        Thanks.
        \_ er... the web logs?  /var/log/httpd/access.log*
           \_ Thanks!  What's the exact format of the lines?  What man page
              should I read?  There's none for apache.
              \_ 1). Read through /usr/local/apache/conf/httpd.conf , at least
                 the parts about LogFormat and CustomLog directives, and the
                 comments around there.
                 2). For further explanation, look up the particular directives
                 in Apache docs (at http://apache.org)
                  \_ We've switched to apache 2. the config file is now:
                     /usr/local/etc/apache/httpd.conf
                     /usr/local/etc/apache2/httpd.conf
                     and the access log is here:
                     /var/log/apache/access.log
                 \_ man www. we've switched to apache2, these files
                    are all old. The correct paths are in "man www" -www
                    \_ erm.  /var/log/httpd is a symlink to /var/log/apache.
                 \_ Or, if you just want the answer:
                    http://httpd.apache.org/docs/logs.html#combined
        \_ as an alternative, write a cgi script that's called using
           server-side includes from from the web page, that records
           REMOTE_ADDR, and other interesting environment variables in
           a separate data file.
           \_ at one point there was something that correlated the IP
              address of the people visiting your page with a csua
              username (based on lastlogin info).
2003/1/31 [Computer/SW/WWW/Server] UID:27253 Activity:nil
1/30    How do I configure apache to collect the referrer information
        in the access logs?
        \_ STFW. http://httpd.apache.org/docs-project
        \_ RTFCF. /usr/local/apache/conf/httpd.conf-dist
                \_ STFU
                   \_ um, did you try it?  it's all right there.
2002/7/31-8/1 [Computer/SW/Mail, Computer/SW/WWW/Server] UID:25456 Activity:moderate
7/30    Whoever got SSL IMAP working, I love you and want to have your
        children.
        \_ I'm sending money to the CSUA.  They've provided me with so much
           over the years.
        \_ No thanks. -mgoodman
        \_ Er, SSL IMAP still doesn't work.  It logs in but no folders show up.
                \_ varies from client to client. Try Pine or netscape.
        \_ I hope they like mailboxes getting stuffed now.
2002/7/30-8/1 [Computer/SW/WWW/Server] UID:25452 Activity:nil
7/30    SSL security announcement.  Maybe this is you, maybe it's not, but
        if you've got SSL based services, read it.  No public exploits known
        yet but it's only a matter of time of course.
        http://www.openssl.org/news/secadv_20020730.txt
        \_ "0.9.6d servers on 32-bit systems with SSL 2.0 disabled are not
           vulnerable." How do I disable SSL 2.0.  Is it possible to disable
           it in an already running Apache-SSLeay setup?
           (P.S. thanks for the heads-up!)
2002/7/30 [Academia/Berkeley/Ocf, Computer/SW/WWW/Server] UID:25446 Activity:high
7/29    yay, POP3 over ssh works again!  despite what motd.official says,
        though, I still can't get SSL POP3 working.
        \_ I'm using Eudora and it supports SSL.  Still no POP3 or IMAP.
           \_ SSL with what?  with POP3?  with IMAP?
              \_ Both.  IMAP connection goes through but no folders show up.
                 POP3 has CSUA refusing connection.  I know it's not me b/c
                 OCF IMAP/POP works fine.
        \_ SSL POP3 is not working for me either.  what gives?
        \_ Me neither, hope it works soon.  (using Outlook Express)
        \_ Has anyone been able to get POP/IMAP to work?
2002/7/6 [Computer/SW/WWW/Server] UID:25294 Activity:nil
7/5     I have valid XHTML 1.1 web pages on soda that were working fine
        with the previous web-server, but since yesterday (upgrade),
        I get a error in opera 6.03:
        "XML parsing failed: not well-formed (256:16)".  What should I do?
        \_ I should Read the motd.official. Sorry.
2002/7/1-2 [Computer/SW/OS/FreeBSD, Computer/SW/WWW/Server] UID:25251 Activity:very high
7/1     Silly observation: An internet worm that runs on Apache servers on
        FreeBSD is running amuck.  We run apache (older version) on FreeBSD
        on soda.  Shouldn't this be fixed ASAP?

        11:54am eric@soda ~ > /usr/local/apache/bin/httpd -v
        Server version: Apache/1.3.12 (Unix)
        Server built:   Sep 15 2000 17:35:27

        -eric
        \_ Indeed.  Mail root.
          \_ This is a 2 week old issue.  That's why it's in the motd.
             \_ And yet still no one has mailed root.
                \_ so let's see: either no one on root reads the motd, or
                   slashdot, or bugtraq, or comp.security.unix, or any of
                   the dozens of other places they might have heard about this
                   hole, or...they don't give a shit.  Do you really think
                   mail to root will make a difference?  Occam's Razor.  -tom
                   \_ They upgraded OpenSSH to version 3.4 recently, so they
                      must have been reading something to find out that
                      there is a problem with openssh. It is surprising that
                      apache went without being upgraded for so long..
                      \_ *Someone* on the motd said a day or two ago that this
                         was only a DoS attack and we should not worry our
                         pretty little heads about it.  *cough*  *ahem*
                         \_ What DoS attack? Real remote exploits for apache
                            on *BSD have already been posted and there are
                            apache worms speading on the net. Would you feel
                            good if script kiddiez got a shell on soda, even
                            if it is running as "nobody"?
                            \_ No I would not, but *other people* around here
                               who think they're a lot smarter and a lot more
                               talented than they are (they're certainly loud)
                               were claiming a day or two ago that this is just
                               a DoS and not a real exploit and we should all
                               just relax.  Fortunately these really smart and
                               talented people usually sign their posts so we
                               will all eventually learn to ignore their tech
                               info and advice.
                \_ csua have been rooted already.
                   \_ all your httpd are belong to us.
2002/6/25-26 [Computer/SW/WWW/Server] UID:25191 Activity:very high
6/24    Got that apache bug.  Our e-commerce based site with a few million
        users is vulnerable.  We're using some proprietary extension to apache
        so upgrading has become a "business decision".  Fucking nuts.  At least
        I'm on record as saying "patch it now!  super serious!  someone could
        hack in and wipe us out!" (paraphrasing my self of course).  Sigh.
        When will they ever learn?  And no, there's no fucking way I'm going
        to replace their proprietary apache with a totally open sourced one.
        \_ Lemme guess... websphere.  Move to a different fucking platform.
           \_ Not websphere.  I can't implement any changes or convince any
              one to do it or go along with it.  Just crossing fingers.
        \_ got backups?
           \_ Lots of it but not all.  It's many many terabytes worth anyway
              so even if we had perfect backups it would take uhm a long time
              to restore everything.
        \_ Get the vendor to release a fixed version.
           \_ I'm still guessing it's IBM's IHS, and GOOD FUCKING LUCK!
2002/6/21-23 [Computer/SW/Security, Computer/SW/WWW/Server] UID:25167 Activity:very high
6/21    Big bad apache hole in the wild.  Patch/upgrade now.  See http://apache.org
        or your favorite security site for details.
        \_ So they finally learned from Microshit?  "In order to gain free
           press we need to introduce security holes."
        \_ Does anyone think this vulnerability could lead to a fast spreading
           worm like  Code Red, for example?
        \_ What's the point? Apache + modules (esp. php) are full of holes.
           \_ So, don't use the modules you don't trust.
           Patch one, and there are still a hundred others that the '1337
           H4X0R5 will use to break in. Even if you patch all the modules,
           you still have all your executable content (perl cgi, ssi, php,
           servlet, jsp, etc) which is undoubtedly riddled with holes.
              \_ 1) try formatting.  2) just because there are other holes is
                 no reason not to patch this one.  3) glad you're not the admin
                 at my company.
           \_ It is possible but cracking a site by exploiting the holes
              in locally written code is much harder than exploiting a widely
              publicized and well understood vulnerability that possibly
              affects nearly every apache site out there.
           If you care about security, run publicfile.
           \_ publicfile does not support CGI scripts or any kind of server
              side programming which makes it fairly useless for lots of
              users.
        \_ Um, it's not actually that bad.  It's a DoS exploit at worst on
           many architectures.
           \_ nnnn!  go read the security alert, not msnbc.
              \_ Actually I read all three.  Plus the apache one.  Plus the
                 debian security-announce summary.  It's a DoS explot.
                 \_ Well you didn't read the one that said it's a full root
                    exploit.  Whatever, go use telnet.  Not my problem.
                 \_ At least one exploit (for openbsd) has already been posted
                    on bugtraq with intent to prove people like you wrong.
                    \_ If your OS doesn't execute data off the stack, it's
                       not exploitable (but it's still DOS).  And it's not
                       a root hole, just the user Apache runs as.  Still,
                       it's potentially bad.  -tom
                       \_ Lots of people run apache as root.  Lots of sites
                          that run apache as 'www' or whatever will also have
                          local holes if they haven't fixed this one.  Thus it
                          is highly likely that getting in through apache is
                          just one step from root.  Layers....
                          \_ I challenge you to find one person running
                             Apache as root.  -tom
                             \- the csua used to run a WEEB server on it's
                             name server. there was a bug that let you get
                             a shell running as the WEEB server uid. now it
                             turned out the WEEB server uid owned the WEEB
                             config file, so you could just changed the run-as
                             user to root and repeat the process and you would
                             have a root shell on the name server. this is
                             detailed in some comment by myself and P. Norby
                             some time ago. I dont think this is that big a
                             deal and right now the "real" denial of service
                             is all the people running around recommend things
                             like vulnerabilty people immidiately delete their
                             defaultroutes and such. --psb
2002/4/18-19 [Computer/SW/WWW/Server] UID:24488 Activity:very high
4/18    Is anybody else getting spammed from http://jennyslist.com?  Why isn't
        spamassassin blocking it?
        \_ Cuz spamassassin is dumb.  use ifile.
           \_ grow up. --aaron
              \_ What? By "dumb" I meant "doesn't learn."  ifile does.
        \_ Someone subscribed you. Unsub, or add to your own user_prefs file.
2002/4/4-5 [Computer/SW/WWW/Server, Computer/SW/OS/Solaris] UID:24323 Activity:very high
4/4     Is there a way to make Apache case-insenstive (on Solaris)?
        (i.e., http://foo.com/cgi-bin/bar?param1=foobar should be
        the same as http://foo.com/Cgi-bIn/BaR?param1=foobar; obvisouly,
        I can write my cgi-bin's so that all the params are
        case-insenstive, but the leading URIs?)
        I have used google and have been on Apache's web site.  Thx.
        [...]
                      \_ Look, dummy, the answer is you can't do it.  Your only
                         other choice is hacking the url parse code in apache
                         to lower case the entire URL.  Good luck with your
                         coding project.
                         \_ Ok, thx.  That's what I thought and I just
                            needed someone to confirm it.
                            \_ it's wrong.  mod_speling does exactly what
                               you want.  Try it, nimrod.
                               \_ why is "mod_speling" spelled with only one
                                  L?  Is it supposed to be some dumb attempt at
                                  being humorous?
                                \_ yes.  laugh a little!
        \_ Wow this was tough to find.  Took me about 15 seconds.
           http://httpd.apache.org/docs/misc/FAQ-H.html#rewrite-nocase
           You're welcome.
           \_ errr...I have read that and the speling module.  mod_speling
              only makes the document name referenced case-insenstive, not
              all the elements that construct the URI.
              all the elements that construct the URI. From Apache:
              "the module is unable to correct misspelled user names (as
               in <DEAD>my.host/~apahce<DEAD> just file names or directory
               names."
              \_ Grasshopper, the wind blows through the trees yet disturbs
                 not the trunk, only the leaves....
                 \_ huh?
                    \_ Grasshopper, the answer lies before your eyes are
                       darkened by your own thoughts.
                \_ it corrects directory names, can't you read?
        \_ Run apache on windows.
           \_ Ew.
2001/12/27-28 [Computer/SW/WWW/Server, Computer/SW/Unix] UID:23384 Activity:kinda low
12/27   Is SSI Exec turned off? Is that why <!--#exec cmd="ls" -->
        won't work in a .shtml file? Yes I did "man www" It doesn't say.
        Why Is there no manual entry for "httpd"?
        \_ http://httpd.apache.org/docs
        Where is CSUA's SSI policy documented?
        \_ Apparently in /usr/local/apache/conf/httpd.conf. See part that
           starts with..
<Directory /home/*/*/public_html>
    AllowOverride FileInfo AuthConfig Limit
    Options MultiViews Indexes SymLinksIfOwnerMatch Includes ExecCGI

           that means that you can use SSI, including for executing programs.
           Look for the source of your problem somewhere else. Apache's
           error.log file is a good start.
2001/11/21 [Computer/SW/WWW/Server] UID:23067 Activity:nil
11/19   basice apache/PHP question.  My apache doesn't not recognize php
        scripts embbed in HTML on my Redhat 7.1  When I start apache
        using: httpd start -DHAVE_PHP
        I got the following error:
        > httpd start -DHAVE_PHP
        Syntax error on line 254 of /etc/httpd/conf/httpd.conf:
        Cannot load /etc/httpd/modules/mod_php.so into server:
        /etc/httpd/modules/mod_php.so: cannot open shared object
        file: No such file or directory
        Where to find this mod_php.so? or is it the problem? Thanks
                                                        -kngharv
        \_ The error message says that mod_php.so does not exist on your
           machine in /etc/httpd/modules/.  If you do a search for mod_php
           on http://google.com, you can find out how to add PHP to apache on Linux
           (it's the 2nd hit that comes back). -sony
        \_ SEARCH THE FUCKING WEB. -phillip
           \_ What's so wrong about asking on the motd? Yes, he could find
              the answers out there, but he can find the answers here too.
                \_ It's called taking personal responsibility and not being a
                   lazy slacker.  At least give google 30 seconds worth of
                   effort before asking here.  Give a man a fish....
2001/10/9-10 [Computer/SW/Languages, Computer/SW/Security, Computer/SW/WWW/Server] UID:22674 Activity:very high
10/9    so when is Berkeley's DNS supposed to be updated with soda's new
        address?
        \_ when i get done working taking over the world. --phillip
          \_ that's my line - the brain
        \_ HAHAHAHAHAHA!
        \_ At 3am every day
        \_ also, when is the web server going to be running again?
           \_ the joyride is over! call verio!
           \_ Apache doesn't like it when you don't have a valid name.
              Probably tomorrow.  -tom
        \_ will emails received during the downtime be cached, rejected,
           or sent to /dev/null?
           \_ /dev/yermomisabigfatbitchbiggestbitchinthewholewideworld -root
           \_ they should be delivered once the name gets updated tonight. -tom
              \_ root is just so ... rude!!11!
                 \_ you get what you pay for.  if you want quality service
                    try a professional colo
           \_ they'll all be forwarded to the FBI.
              \_ ln -s /dev/null /dev/fbi
2001/10/5 [Computer/SW/WWW/Server] UID:22633 Activity:moderate
10/4    Apache/network experts:  I have an application that reads from an
        a few different servers.  When i attach to an apache server
        i get all my data in one read UNLESS it is going through a proxy,
        in which case it gets broken up into multiple socket reads.  However
        if i attach to another web server, (i.e. Oracle Web Server), even
        through a proxy, i still get all my data in ONE socket read.  Any
        ideas why the difference?  Any idea how i could make apache behave
        like the OWS box?
        \_ Sounds like it is the fault of the proxy, not the Apache.
           Post all the headers that both Apache and OWS send -- may be some
           of the headers make the proxy behave differently.
2001/9/18-19 [Computer/SW/WWW/Server] UID:22510 Activity:kinda low
9/18    I have an existig apache install with mod-so.
        I have the .c file of a module i want to add.
        How do i get the .so file?  url would be great.
        \_ /path/to/apxs -i -a -c module.c
           -i: installs the .so in your apache dir
           -a: adds the AddModule and LoadModule lines to your conf
           -c: compiles the .c to a .so
           --dbushong
2001/9/10 [Computer/SW/WWW/Server] UID:22369 Activity:high
9/10    I've decided to be lazy and helpless and come
        crawling to the motd for help. RTFM is SO HARD!
        So, i installed a custom cert about a year ago.
        (apache-ssl) now it's expired.  How do i update?
        \_ remake the cert.
2001/8/18 [Computer/SW/Security, Computer/SW/WWW/Server] UID:22162 Activity:kinda low
8/17    On 18 July, just as Code Red was starting to scan for vulnerable
        web servers, a CSX train carrying hazardous materials was
        derailed in the Howard Street tunnel in Baltimore, US.
        The derailment and subsequent fire severed cables running through
        the tunnel used by seven of the biggest net service providers to
        swap data.
        These companies started reporting disruption to the usual running
        of the net just as Code Red was hitting its stride, leading many
        people to assume that the worm was doing the damage.
        Analysis by Keynote has shown that even at its height, Code Red
        posed no threat to the running of the net.
        (http://news.bbc.co.uk/hi/english/sci/tech/newsid_1470000/1470246.stm
        - anyone else hear about the fire?
        \_ yes
        \_ It was in the news on TV.  But I thought Code Red was later than the
           train accident.
           \_ What they DIDNT SAY, was that the train had a WBEM system,
              hosted under IIS, which caused the derailment once the
              web control interface crashed.
              \_ you gotta be kidding.
                 \_ muah-hahahahahaha.... the sad thing is, it's plausible, eh?
        \_ It was noted right away in the RISKS digest (aka comp.risks)
2001/7/26 [Politics/Foreign/MiddleEast/Iraq, Politics/Domestic, Computer/SW/WWW/Server] UID:21955 Activity:nil
7/25    http://www.wikipedia.com
        Contribute your E190 research paper to posterity
2001/7/18 [Computer/SW/WWW/Server, Computer/SW/Languages/Web] UID:21845 Activity:high
7/19    I have a mysterious problem with a cgi program.  It was working
        well.  Then, I moved it to a different computer.  Now, some of the
        screens will give 500: Internal... errors, but will work after
        hitting reload several times.  What kind of server (apache)
        misconfiguration could cause a program to work only part of the
        time, given the same input/state?  I'm mystified.
        \_ Possibly you moved it to a machine that's behind a load balancer,
           and you're only getting your machine 1 out of N trials?
           \_ There is only one machine, but I have been wondering if
              it is making a difference which of the apache child
              processes handles the request.
                \_ there are a million things that could be wrong.  Check
                   the apache error logs.  -tom
                   \_ Tried to do that, but logs have been intermittent.
                      We have mod_cgi, and a ScriptLog directive.  Many
                      errors don't produce anything for the %response
                      or the %stderr sections.  So, all I get is the
                      request, and an entry in error_log that says
                      "Premature end of script headers."
                      \_perhaps set up an http proxy to view what's
                      happening, or send the GET request yourself via
                      telnet...
                      \_ Do you have mod_perl enabled?  You may be stepping
                         on variables.  I'd disable ScriptLog, it's really
                         not intended for production environments.  Check
                         your suexec log if you have suexec enabled (and you
                         should).  -tom
        \_ race condition
2001/7/12-13 [Computer/SW/WWW/Server] UID:21788 Activity:moderate
7/12    Hello MOTD, sorry to bother you (again) but you always know
        all the good (and bad) apps.  I am looking for log utilities
        to manage my apache logs.  I need something to rotate/gzip/etc.
        the logs and something to do simple analysis (and some historical)
        I'd prefer a script where i can see what is going on over a binary
        like webalizer, but whatever.  As for the rotatelog utility that
        comes with apache, it is broke in the version i am running and i
        don't want to upgrade.
        \_ If you want to do this correctly, you need Apache's rotatelogs
           utility, which almost certainly works in the version you have, but
           not in the way you want it to.  What rotatelogs does is accept web
           logs on stdin and write them to files with seconds-since-the-epoch
           filenames, starting a new file once a week.  You need that, because
           you can't move the logs out from under Apache safely (and if
           you do, you need to restart the server, which would cause
           disruption of service).  So then you just write a cron job to
           gzip the logs, and use analog to analyze them (analog will also
           analyze gzip'ped logs).  -tom
                \_ I have an error_log.0994896000 that goes back to yesterday
                   AND i have an error_log that goes back a long long time.
                   This is broke or (perhaps more likely) i am doing something
                   wrong. What would you suggest i am doing wrong?
                        \_ you have to set up rotatelogs on your ErrorLog
                           line as well as your TransferLog or CustomLog
                           line in httpd.conf.  -tom
           \_ Or cronolog, which lets you specify the naming scheme --dbushong
                \_ rotatelogs blows. cronolog is much better.  -ERic
           \_ Hey tom, why is it unsafe to move logs out from under Apache
              if you restart it?  Also, restarting Apache takes something
              on the order of seconds, so the disruption of service is
              nigh-invisble, is it not?
              - Rotates logs manually and restarts Apache
                \_ It depends what you're serving.  If someone is downloading
                   a big file, for example, either their download will hold up
                   the server respawning, or the download will be killed when
                   you restart.  If you have only small content and don't
                   care if you occasionally serve broken images or pages,
                   it's not so bad.  Still, it doesn't cost much to do it
                   right.  -tom
                   \_  I ran an app that was using jserv, and stopping and
                       restarting apache was a major pain.  rotatelogs was
                       the best solution.  -ERic
2001/6/12-13 [Computer/SW/WWW/Server] UID:21492 Activity:high
6/12    Accourding to the Apache docs the "warn" loglevel gives you good
        stuff like:
         "child process 1234 did not exit, sending another SIGHUP"
        From experience, it also gives you lame ass stuff like every time
        some one hits a graphic.  There must be a way to keep the former
        and loose the latter. Isn't there?  If there isn't this will be
        the first time i have been disappointed with apache.  If there is
        What is it?  -tnx.
        \_ lose.  Learn to spell, loser.
            \_ Ass.  fuck off, you half-witted, anal-retentive ass-hole.
               \_ Moron.  You can't even spell asshole properly.
        \_ Don't you mean "Learn to spell, looser" ?
           \_ Don't you mean "Learn to spell looser"?
2001/4/14-15 [Computer/SW/WWW/Server, Computer/HW/Drives] UID:20977 Activity:low
4/13    Marketing wants to keep all the apache logs FOREVER.  I just can't
        see holding onto 50 lines of "GET /some/dumb/graphic.jpg" per page
        view per person.  Anyone have any script(s) which will eliminate
        all that excess info and leave me with less log to archive?
        \_ grep
        \_ why do you care? let them do their stupid shit.
        \_ Yeah like this is so much work for you.  gzip *.log and tar it to
           tape.  Who cares how much is in the logs or that everything is
           crap or that no one will ever look at it again?  Who is to say that
           those 50 lines of GETs have no value to someone else?  Maybe someone
           will analyse the logs and determine they should be caching some
           stuff or build out a separate images server or use akamai or who
           knows?  You don't.  Just do your job and stfu.
        \_ Run samba on the webserver.  Mount their personal Vindoez shares
           on the webserver.  Give them the info.  -John
           \_ I think they want it "archived permanently".  The logs of any
              reasonably active site will outgrow disk space very quickly.
              \_ No they wont: do the math. 1M hits/day * 1k log/hit = 1GB.
                 1GB * .1 (compresses well) * 365 days/yr = 36GB/yr.
                 Just buy the disk. -ausman
                 \_ I did the math when I was in this position.  I used /bin/du
                    on my *.log.gz files and it was over 500m a day compressed
                    and growing (as traffic increased).  /bin/du on a real site
                    gave better numbers than your guesstimates.  Also, dumping
                    to tape means the low end tape monkey just swaps tapes as
                    usual when his email tells him to, as opposed to someone
                    having to bother buying a new disk every X many months
                    because someone decided "gzip *.log" was too hard to cron.
                    Oh yeah, the cron would actually have to remove the logs
                    after they hit the tape.  Yeah, it's a toughy.  Might take
                    almost as long to write that script as we've spent talking
                    about it.  -hates "sloppy-sysadmining-for-no-reason"
                    \_ toughy? doesnt it go away by itself? newsyslog, gzip
                       compressed DLT, if lucky down to .25 size (not .1)
                       not that bad, eh? I think we have some dumb sysadmins.
2001/3/13-14 [Computer/SW/WWW/Server, Computer/SW/Languages/Functional, Computer/SW/Unix] UID:20762 Activity:moderate
3/11    Besides "my other car is a cdr", what's the best geek sticker you've
        seen?
        \_ That's hardly a "good" bumper sticker.  It's completely lame.  Or
           maybe that's your point and you actually really do find it "kewl"?
        \_ FEATURE (on a new bug)
           and.. VRFY ME (frame says "my voice is my passport")
        \_ STFU
        \_ "Bus Error! Take the Train!"
        \_ This doesn't really count but my old math teacher's maxima had
           modified plates that read "dy/dx=0"
           \_ My HS chem teachers read "PV=NRT"
        \_    _
             |  x      n
             | e  = f(u )
            _|
        \_ I saw plates once that said 3BPD826.
           \_ What does that one mean?
                \_ Not a God damned thing.  It's a license plate.
        \_ Lamer in my complex with GO7 R3WT
           \_ I saw some dolt with "port 80"  Who would do this?
                     Tim Berners Lee perhaps? _/
                     But I believe he lives in
                     Geneva so its probably not
                     him. I've also seen "httpd"
                     as a license plate. Thought
                     that it was pretty lame.
                     I saw RFC1771 and figured
                     it was Tony Li's car.
                     I think that a plate that
                     said RFC1149 would be really
                     cool, provided you contributed
                     to it.
              Made me want to go get "port 70" now THAT would be L33T
                \_ I've got dibs on port 22!
2001/2/7 [Computer/SW/WWW/Server, Computer/SW/Languages/Misc] UID:20525 Activity:very high
2/6     web monkey question: how can I make a webpage include the
        contents of one html file from within another html file? for
        example, I want my webpage, index.html to include the contents
        of a file called title.html whenever it's loaded, so that I
        can change titles by just changing title.html without touching
        index.html. what's the easiest way to do this?
        \_ you need some kind of server-side processing done.  the exact
           details it will depend on what kind of web server you're using.
           Most of the time you'd just add a line like the following to your
           page: <!--#include file="foo.html" --> .  You may need to
           specifically enable SSI on your web server and give your pages
           a special extension (e.g. .shtml, .asp, ...)
           \_ my webserver is Apache. Do I need to call the file index.shtml?
              anything else I need to do?
              \_ you might need to modify your .htaccess file.  See
                 http://httpd.apache.org/docs/mod/mod_include.html
                 Note that if the web server you're talking about is soda,
                 you don't need to do anything special; just add the
                 <!--#include ... --> line.
           \_ can you specify a url for the content of a CSS? -ali
              \_ URLs to cascading style-sheets can be given in a <LINK ...>
                 tag, which will be handled by the client, not the server.
              \_ not afaik, but you probably could use a combination of
                 SSI and <style> ... </style> tags to do what you want.
2001/1/25-26 [Computer/SW/WWW/Server] UID:20430 Activity:kinda low
1/24    I've heard of companies making daughterboards that process SSL
        sessions to offload the CPU to do the real work.  Anybody know where
        I can find them?  I searched for "SSL daughterboard" and some other
        similar words and couldn't find anything.  Thanks.
        \_ Don't erase correct answers. SSL accelerator cards are made by
                nCipher, Phobos and Rainbow.
        \_ bigIP makes one for their load balancers. http://www.f5.com
                \_ DON'T!  DON'T DO IT!  -John
        \_ Intel makes a box you put in front of the web server.  BigIP/F5
           has an add-in card as stated above.  Ask their sales guys how they
           compare to their other competitors to get the full list.  That
           trick always works.
                \_ The Intel Box 2180 kicks serious butt compared to the F5.
                   The daughtercard does RSA and cipher ops in HW and more
                   the point--  BigIP == BSDi + rainbow card.  Check out
                   http://www.rainbow.com and there is one or two other people out
                   there selling similar products.  THe bad thing there is
                   they only do the SSL symmetric key negotiation RSA ops in
                   HW.  I.e..  you get one per interactive session, so you
                   in effect get little if any speedup in real situations.
                   What blows my mind is that Intel and F5 sell these boxes
                   for ~ $50k+.  They are little more than BSD + regexp
                   parsing http headers in hacked kernel.  ack...
                        \_ Intel has an ssl-decrypt-only box for much less
                           where you put their box inlineon the wire.  SSL
                           goes in the front and decrypted stream comes out
                           the back wire.  I _think_ it was about $1.5k/box
                           or so but I can't recall for sure.  The $50k thing
                           was a full load balancer/ssl decrypter/switch/etc/
                           do everything box.  You can put the ssl-only box
                           in front of your bigip or other load balancer.
                           Can you explain why you say there's no real speed
                           increase with the bigip/rainbox combo in the real
                           world?  I'm not getting it.
2000/12/12-13 [Computer/SW/Security, Computer/SW/WWW/Server] UID:20073 Activity:nil
12/11   What are the security implecations of allowing the Delete method?
        Does apache allow that by default?  Does it really mean that any
        user could send a header commanding your server to delete any file
        that nobody is able to write?  If so, how do you disable this methd?
        \_ Something like
        <Directory />
         Deny all
         Allow GET PUT other-explicit-methods-you-like
        </Directory>
2000/12/5-7 [Computer/SW/Security, Computer/SW/WWW/Server] UID:20009 Activity:very high
4/249   I think my employer logs all web traffic. Is there any free software
        I can run to block this?  Like a proxy or some sort?  Thanks.
        \_ http://www.anonymizer.com
           if you don't want to pay for ssl service do the following:
           1. setup apache+ssl at home
           2. write a cgi that takes in url request and then forwards
              it to anonymizer and parses the response to get rid of
              the annoying tags.
           3. configure your browser to use your home box as a proxy
           Other options include hacking junkbuster to support https.
        \_ j is that you?
              \_ you idiot, I can't even log into soda from work thanks
                 to a certain wonderful firewall.
        \_ yes theres plenty of ways to do this.
        \_ obhttp://www.zeroknowledge.com (it's what it was meant for -
           i.e. people not knowing what you are doing exactly)

        \_ How to check that the company logs all web traffic?
        \_ write a bot that hammers a bunch of sites, such as http://apple.com,
           http://sun.com and http://microsoft.com. run it on your machine and all the
           other machines you can get your hands on. Clueless admins will
           think that its 'software updates' or some such thing. Your
           real traffic will be obscured by the noise. Eventually the will
           give up and realize that logging is stupid.
2000/11/7 [Computer/SW/WWW/Server] UID:19668 Activity:moderate
11/07  If the URL is HTTPS, why do some sites have a popup to ask me to accept
       a certificate while others don't?  For the sites that don't, are they
       pretending to have SSL turned on?
       \_ The ones that don't prompt you are using a certificate that
          your browser has already accepted, like one from Verisign or
          Thawte.  You can verify that the connection is really SSL by
          checking for the key in the corner of your browser.
       \_ Could be that your browser is set to automatically accept certs
          from a trusted certificate authority.  You can check the browser
          to see which ones you will automatically trust.  If the browser
          doesn't recognize the CA as trusted, it will prompt you for
          approval.
2000/10/19-20 [Computer/SW/WWW/Server, Computer/SW/Unix] UID:19525 Activity:nil
10/18   Why is soda so jerky and slow today?
        Also, what's up with this httpd process?
        PID USERNAME PRI NICE SIZE    RES STATE    TIME   WCPU    CPU COMMAND
        11202 www      99   0   576K   676K RUN     81:53 38.53% 38.53% httpd
        \_ Killed. -root
2000/9/21-22 [Computer/SW/WWW/Server, Computer/SW/OS/Windows] UID:19304 Activity:moderate
9/20    My Web page is getting an excessive number of hits from a
        particular domain. What's a good way to block it?
        \_ ipf
        \_ Talk to your web server admin or read your web server docs.
        \_ ACL on your router
        \_ /bin/rm -rf $apache_dir $http_docs_dir
           \_ OK I'll forward that request to root@csua right now
        \_ use windows!
2000/8/18 [Computer/SW/WWW/Server] UID:19031 Activity:nil
8/17    Apache debugging question:  why would "<DEAD>host/~peterm/"<DEAD>
        "<DEAD>host/~peterm/index.html"<DEAD> work but "<DEAD>host/~peterm"<DEAD> not work?
        What specific fault in httpd.conf?  (apache 1.3.12)
        --PeterM
        \_ http://www.apache.org/docs/mod/mod_dir.html
           You should have this enabled in httpd.conf:
           LoadModule dir_module         modules/mod_dir.so
           (seems to be default enabled in 1.3.3)  -alexf
        \_ default pages should be  set to index.html
       \_ apache needs to know that it's supposed to redirect directories
           to the tailing / version.  And when it sees /, it goes to
           whatever is set to default (home.html, index.htm, etc)
           RTFM for the particular directive you need to use.
                \_ Answers: $1
                   Answers (requiring thought): $5
                   Answers (correct): $20
                   Dumb looks are still free.
2000/8/16 [Computer/SW/WWW/Server] UID:19012 Activity:kinda low
8/16    "A process that has exited and has a parent, but has not yet been
         waited for by the parent, is marked <defunct>."  Or so says the Man
         page.  I have a ton of <defunct> processes on a Solaris 5.7 box.
         They are old Apache httpd processes. What should i do?  (i restarted
         the machine once before when this happened and now its happening
         again).  I can't believe Apache is giving me problems.  Of all the
         apps I've ever loved.  I must be doing something wrong, but what?
         \_ What version are you running? This was a problem with older
            1.2.x and (don't remember) some 1.3 releases. Upgrade to 1.3.12
            and your problem may disapper.

            AFAIK, you shouldn't have to reboot to solve this problem,
            just start and stop apache:

            # cd <path to apache install directory>/bin
            # ./apachectl stop
            # ./apachectl start

            for a ssl server use startssl instead of start.
2000/8/6-7 [Computer/SW/Languages/Misc, Computer/SW/WWW/Server] UID:18894 Activity:high
8/5     I set up apache and it has XBitHack set on.  I read the apache
        docs but i don't really understand what significance it has.
        any pointers?
        \_ if you chmod +x your html file, it will be server-parsed. -tom
            \_ I don't understand what that means, to be parsed by the
                server.  What does the server DO to it that it wouldn't
                otherwise -top
                \_ http://www.apache.org/docs/mod/mod_include.html
                \_ Look at www.csua/~phale and ~phale/stats.html
                   he uses them quite a bit... notice the date and
                   quotes from fortune.
                        \_ The fortune thing is kinda fun sometimes because it
                        sure brings up some fun/nasty sexual references on my
                        web page.  Sure shocked the hell out of my mother!
                        Then again, if I wanted to shock people, I should just
                        post some of the discussions from the motd. -phale
2000/7/31-8/2 [Computer/SW/WWW/Server] UID:18832 Activity:moderate
7/31    What's the difference between compiling apache+ssl and apache using
        mod-ssl?
        \_ apache and SSL can integrate either using the mod_ssl module or
           the ApacheSSL module. mod_ssl is just one of those two choices.
        \_ mod_ssl is pretty much the standard, these days, it's well
           maintained and integrates well.
           \_ geez, man, don't cram opinions down their throat.
                \_ It's the motd.  It's obviously an opinion.  The problem is
                   not their opinion but that they didn't answer the question.
        \_ Apache+SSL is a patch directly to apache to handle SSL.  mod_ssl
           is some patches to apache to make it handle ESAPI (or something
           like that, don't remember), then an upgradable module to handle
           the actual SSL.
2000/7/18 [Computer/SW/WWW/Server, Computer/SW/Unix] UID:18705 Activity:nil
7/17    Anyone know of a website where you submit a CSR from your web
        server, and sends you back a test certificate for your server?
        A test CA I guess?  I found a site that did just that before,
        but I no longer have the http addr.  Thanks -byeung
        \_ http://www.verisign.com
2000/6/26-27 [Computer/SW/WWW/Server, Computer/SW/OS/Solaris] UID:18552 Activity:moderate
6/26    Trying to install Apache-ssl on solaris. I have neither /dev/random
        nor /dev/urandom.  Do i really need them?  Where can i get them? /
        how do i get around needing them?
        \_ You can't get them.  Try reading the instructions - other people
           run on Solaris, so there must be a workaround.
           \_ you CAN get /dev/random, FROM SUN. you have to know whewre
              to look. but you dont "need" them, anyway.
2000/6/23-24 [Computer/SW/WWW/Server] UID:18529 Activity:moderate
6/22   I can't find Patch 2.1 or 2.5 for Apache with SSL!  Where is it?
       \_ Huh?  Get Apache 1.3.12.  Get mod_ssl 2.6.4 (http://www.modssl.org
          \_Um, not using modss, using apache w/ open SSL.  However, I am
           a dumbass and the Patch, which i was being told is to old is
           Gnu's "Patch" utility and not the SSL stuff that "patches" apache.
           so now i have it and have another problem with getting it to
           run both ssl and regular connections. -dumbass
           \_ dumbass, it's you! Where have you been???  -dumbass #1 fan
           \_ Reinstall with new apache and use mods.
2000/3/3-4 [Computer/SW/WWW/Server, Computer/SW/OS/Windows] UID:17682 Activity:moderate
3/2     for all you windows ppl, which is the best web server for win98?
        \_ None.  Win98 is a client OS, not a server.
        \_ Personal web server.
           \_ get this one; it comes from the m$ website or you can get
              it along with vis studio.  It's remeniscent of the iis setup.
        \_ Apache.
        \_ Back orifice. Yes, it has a web server, and if you are running one
           on winderz you're going to get owned anyway.
        \_ Don't do this.
2000/2/8-9 [Computer/SW/WWW/Server] UID:17460 Activity:high
2/8     SSLeay/OpenSSL question. I downloaded and built OpenSSL but
        when I read the legal stuff, it sounds like its not legal for
        me to use it unless I tell RSA or someone and pay for a license.
        Does anyone know what I need to do if I intend to use it for
        non-commerical purposes?
        \_ Just use it. They're not going to bust you. really. sheesh.
        \_ You have to use the RSAREF library or wait for the patent to expire
           in the US.
           \_ Am I correct in assuming that this library is the one
              located in the rsaref directory in the OpenSSL sources?
              OpenSSL seems to build it by default, so if its legal to
              use this library, why do they have all the warnings?
                \_ because it's only legal to use without a license for
                   non-commercial use as narrowly defined in their docs
           \_ hasn't this stupid patent expired a million times already.
              or am i getting that mixed up with some other encryption
              patent?
              \_ I believe it expires in September of this year.
                 \_ September 20. We should have a party or something.
                        \_ Uh yeah, whatever.  As if the patent has stopped
                           _anyone_ from 'illegally' using it at home or for
                           other personal use.
                           \_ *I* can use it sure, but plenty of others can't
                              because they are for ex. companies and sueable.
                              The patent's expiration will help Internet
                              security by making it easier to distribute
                              things like IPsec.
                                \_ If they want it, they can fucking *pay*
                                   for it.  I shed no tears for corpo maggots
                                   whining about not having the free use of
                                   other's technology to improve their own
                                   corpo maggot share value.
2000/2/7-8 [Computer/SW/WWW/Server, Computer/SW/OS/FreeBSD] UID:17450 Activity:high
2/6     What is the best way to do load balancing using Apache? Is there
        such thing as a load balancing HW router that can re-route based on
        HTTP header request (in the application layer)?
        \_ Cisco's Local Director. F5's stuff.
           \_ I first liked F5, and then their boxes started crashing with
              extensive load. If you use any SSL connections, [SSL requires
              session state], than don't go with F5.
        \_ also arrowpoint, or if you dont want to spend $20k per box, you can
           use the FREE linux virtual server. http://www.linuxvirtualserver.org
                \_ Unless you want a stable and functional system for your
                   multi million dollar web corporation.
                   \_ Hey, if you have a multimillion dollar web corporation
                       then you wont mind paying $50k for a proper commercial
                       solution.
                       \_ First rule of coporate IS management.  Why hack
                         something when you can just BUY it?
                         \_ Exactly my point.  If you _need_ load balancing,
                            you can afford to _buy_ load balancing and the
                            price is just the cost of doing business.  No big
                            deal.  If you wince at the price, you didn't need
                            it (even if you thought you did).  If you were
                            being sarcastic, which I think you were, I have
                            intentionally ignored the sarcasm because what you
                            say is true whether you think so or not.  I don't
                            run my systems on a "hack".
                        \_ Except that what you get probably is an x86 PC
                        with a slightly modified Linux or *BSD on it. Just put
                        it in a fancy sealed case, call it ... "appliance" and
                        demand an exorbitant amout of money for it. Works
                        every time. The oldest product on the load balancing
                        router market is Coyote Point Equalizer and it uses
                        FreeBSD.        -muchandr
                        \_ Yup and I get tech supprt and I keep my job when it
                           keels over and I know there are people on the other
                           side working on it everyday to keep their jobs, not
                           just for kicks when they feel like it.  If you can't
                           afford the price, you didn't need it.  Try telling
                           the CEO that you saved him $20k but killed his
                           company.  It'll go much easier if you can point a
                           finger at the vendor and pressure them to fix it
                           *now*.  If you're running your own startup, you can
                           try explaining to the VC's how you saved $20k of
                           their money but lost the $15m+ they gave you in
                           funding.  Welcome to the business world.  CYA.
2000/1/31-2/1 [Computer/SW/WWW/Server] UID:17387 Activity:moderate
1/31    How do you setup SSL on Apache? Is it very difficult?
        \_ yes. If you want easy, PAY FOR A PRODUCT.
                \_ If you want legal in the us, you must pay anyway.
        \_ Summary: If you don't think RSA is going to hunt you down personally:
           run mod_ssl which is fairly easy to build and install.
           \_ i've never heard of an instance where anyone cared that RSA
              was being used so much that they hunted the culprits down.
                \_ They're silenced quickly. You wouldn't have heard.
           If it's a high profile commercial site, use Raven
           (http://www.covalent.com or, if you want to support Sameer,
           use Stronghold (http://www.c2.net
                \_ Sameer left C2 - read his interview on http://www.guru.com
                   \_ old old old news...
2000/1/23-24 [Computer/SW/Security, Computer/SW/WWW/Server] UID:17302 Activity:nil
1/21    Anyone have a page where I can find stuff on headers for our apache web
        server?  We have authentication, though we've realize that caching
        really is another issue entirely and would like our pages to have the
        same behavior as the portals (e.g., yahoo, aol) re browser based
        email authentication
        \_ http://www.hamsterdance.com
        \_ Don't go to hamsterdance.  You're looking for
           http://windowsupdate.microsoft.com.
        \_ Would you care to try again except use English and format to
           between 76 and 80 columns?
        \_ Reformatted to fit on 80-column punchcard. - motd punchcard god
1999/10/28-31 [Computer/SW/WWW/Server] UID:16783 Activity:nil
10/28   Web server development contract described in /csua/pub/jobs/WEBDEV
        Check it out.  -dqw
1999/10/16-18 [Computer/SW/Security, Computer/SW/WWW/Server] UID:16714 Activity:nil
10.15   Apache on RedHat- set UserDir to public_html in httpd.conf,
        with no specific directory permissions.  I still get
        "Forbidden You don't have permission to access /~{user}
        on this server."  What do I have to set to make this work?
        \_ look in your error log for chrissakes. -tom
          \_ Oh.  Thanks.
        \_  You likely need to make sure that both the public_html dir AND
            the USER directory are WORLD executable.    -crebbs
1999/10/12-13 [Computer/SW/OS/Linux, Computer/SW/WWW/Server] UID:16693 Activity:nil
10/11   What settings do i have to change so that apache will allow ~user
        Web pages on my linux box.
        \_ UserDir  -tom

        - obvious troll deleted and will continually be.   Lets have some good,
        coherent discussion, people.
        \_ drop the chalupa
        \_ Read the conf file comments.  It's pretty clear.  I'd say RTFM,
           but you don't even need to do that much reading to figure this
           one out.
1999/9/28-30 [Computer/SW/WWW/Server, Computer/SW/Security] UID:16614 Activity:high
9/28    Hi -- say Im using apache+openssl, but Im using basic (not digest)
        http authentication for a dir under https;  is that initial password
        transaction encryped over ssl?  In other words, do I make basic http
        auth more secure (non-sniffable) by using openssl, or am I still
        screwed.  Yes, I could sniff the packets, but Im lazy:)
        \_ Get your lazy ass outta your chair, pick up your Visa, and buy
           Stronghold!
              \_ apache+openssl is working fine and free -- I just had the
              above question, that's all.  Do ya know the answer?
                \_ And illegal in the US, but who cares about that...
        \_ if you're too damn lazy to run "tcpdump 443 | strings", you
                        \_ They can have my STRONG CRYPTO when they pry
                           it out of my cold, dead hands!!!!~@~@!!!@~@!@!
                           \_ You'd be the first to give up your strong crypto
                              when the MIB show at your door.  Talk is cheap.
                                \_ It's not the men in black coming after you
                                   it's RSA's lawyers with patent infringement
                                   lawsuits.
                                   \_ What color suits do lawyers tend to wear
                                      these days?
        \_ if you're too damn lazy to run "tcpdump port 443 | strings", you
           deserve to get hacked, then fired.
           \_ I think a more important issue (it turns out) is client
              caching of the password, so it's a bad idea anyway....
        \_ I thought it was legal as long as you didn't use any of the
           patented crypto code like idea and rsa. --marc
                \_ I refuse to use anything unless my use is considered a
                   violation of patent, copyright, or arms control laws.
1999/9/26-28 [Computer/SW/OS/Linux, Computer/SW/WWW/Server, Computer/SW/Unix] UID:16602 Activity:nil
9/26    I have followed all the instructions in "INSTALL.REDHAT"  to
        install php3 on my linux box.  However, when i run a "httpd -l" it
        does not display mod_php.c.  Can anyone tell me or point me to
        docs which tell me how to find and install the correct binary?
        Thanks.  -crebbs
        \_ Was it a dynamic module?  I don't have the "INSTALL.REDHAT" file
           you're talking about (I don't use Linux for web service) so I
           have NFC what sorts of steps you went through.  If this is in
           fact a shared module, then did you activate it?  The solution
           to your problem isn't straightforward with the information you've
           provided.  --sowings
        \_ Fdisk, reinstall.  Run an operating system you're capable of
           dealing with.
1999/8/19-23 [Computer/SW/Compilers, Computer/SW/WWW/Server] UID:16344 Activity:moderate
8/19    Anyone have any experience setting up name based virtual hosts using
        Apache?  This is fake but I have one IP, 128.56.139.5, and two
        name entries http://foo.com and http://bar.com.  In my httpd.conf file I have

        <VirtualHost 128.56.139.5>
        ServerName http://bar.com
        DocumentRoot /~jondoe
        <VirtualHost>

        but now when I type http://foo.com or http://bar.com into the
        browser it gives me the message
        "Not Found The requested URL / was not found on this server."
        Anyone know what's wrong with this.
        \_ Apache doesn't grok "~"; use a full path.  -tom
                \_ grok?  y00 R s0 ]<-00|_ !!!111
                \_ D00de!  Warez y0r dikshunary?  Wutz 'gr0k' meen? U R K00l!11
                  \_
  grok /grok/, var. /grohk/ /vt./  [from the novel
     "Stranger in a Strange Land", by Robert A. Heinlein, where it
     is a Martian word meaning literally `to drink' and metaphorically
     `to be one with'] The emphatic form is `grok in
     fullness'. 1. To understand, usually in a global sense.  Connotes
     intimate and exhaustive knowledge.  Contrast {zen}, which is
     similar supernal understanding experienced as a single brief flash.
     See also {glark}.  2. Used of programs, may connote merely
     sufficient understanding.  "Almost all C compilers grok the
     `void' type these days."

        \_ d00de, t0m iz ay MARSHUN??? thatz r/-\d!!!11
           \_ gr0k!!111 tom iz s0 k00l h3 kan gr0k!@111!11 d00ewde!!!@
           \_ Y d0 yu kepe rem00vein mye k-rad c0mmetz 2 t0M?  eye leik t0m,
              hez s0 k00l cuz hez D gr0k mast0r!11  t0m iz rad!11  t0m iz rad!1
              t0m iz rad!1 t0m iz raf!!1 yeh d00dez r0k 0n!1111
        \_ Not only that, but grab the latest (1.3.9) for better
           virtual hosting features.
1999/7/5-6 [Computer/SW/WWW/Server, Computer/SW/OS/Windows] UID:16076 Activity:moderate
7/5     Show all those linux freaks how superior Windows NT Internet
        Information Server is over Apache.  Check out:
        http://www.eeye.com/database/advisories/ad06081999/ad06081999.html
        A web server just isn't a web server unless you can execute
        arbitrary commands remotely without authentication.
        \_ This is old as the hills.  Why don't you post solaris 2.3 holes
           too?  Be about as meaningful.  Every decent admin on the planet
           patched this long before you heard of it.
           \_ Every decent admin wasn't using such flaky software to begin
              with.
1999/6/11-12 [Computer/SW/WWW/Server] UID:15949 Activity:very high
6/11    I've got apache running as user 'nobody', but I'm writing some DB
        access CGI's, that need to execute under a different user ID. Is
        there any way of doing this short of running a second httpd on a
        different port, the second instance of httpd running as the db
        access user?
        \_ compile apache with suexec, and put the database CGI's in
           ~database/public_html.  And you really should be running
           apache as something other than "nobody".  -tom
        \_ setuid bits might work.  Most OS's will allow suid to do what you
           want.
           \_ No, some OS's won't let you run scripts suid.
           \_ Already tried it... doesn't work (at least, not under apache
              1.3.6) -- even setuid'ing the executable as the DBA
              user, when the CGI is executed, it still runs as user
              'nobody' (which is what I have httpd running as).
        \_ Why did someone delete the correct response?  Apache has a
           mechanism for doing this--compile it with suexec, and put the
           script in a user public_html directory.  And you shouldn't
           be running apache as "nobody".  -tom
1999/2/1-5 [Computer/SW/WWW/Server] UID:15339 Activity:nil
2/1     Oh shoot, some junior university has the World's smallest web server.
        <DEAD>wearables.stanford.edu<DEAD>
        \_ Maybe the Post-PC people on this side will compete with them...
1999/1/14-17 [Computer/SW/WWW/Server, Computer/HW] UID:15235 Activity:low
1/13    I'm thinking of buying a RedHat Secure Web Server (it only cost $61
        now at Frys). Here is my question. Must the secure server be on the
        internet (persistent connection)? Can I install it on multiple machines
        or is it single machine based (ie. I need a special certificate thingie
        from the trusted site for each machine)?
        \_ You can use one certificate for multiple machines provided that
                they each have identical IP and FQDN. Beyond that it gets
                pretty dicey. But this setup will allow you to round
                robin to a large number of machines.
                In general you want a web server to be persistantly
                connected otherwise people won't use it. --appel
        \_ You can use one certificate for multiple machines provided
           that they each have identical IP and FQDN. Beyond that it
           gets pretty dicey. But this setup will allow you to round
           robin to a large number of machines.  In general you want a
           web server to be persistantly connected otherwise people
           won't use it. --appel
           \_ Ah, gotcha, so if I purchase a secure server, I can't install
              it on many different servers because the secure server needs
              some special certificate thingie from certified RSA sites right?
              Why is the following server (with RSA license) so cheap $61????
   <DEAD>necxdirect.necx.com/cgi-bin/auth/ifilelnk_q?key=0000131917&nonce=guest<DEAD>
        \_ To use HTTPS you need to purchase a certificate from companies like
           Verisign/Thawte/etc. The RedHat secure server is really a FALSE
           ADVERTISEMENT. It is like advertising a new car that costs $5000.
           After you purchase it, the manual, with fine print, says you must
           purchase transmission and engine, sold separate for another $10,000.
                \_ Generate them yourself with SSLeay! The user will then have
                        add the CA (you) to the list of trusted CAs
        \_ is R.S.W.S. JUST a web server, or is it basically
          "install this CDROM, and you get a black box that does web serving"?
          (except technically, it's a clear box, but anyways...)
1998/12/3-4 [Computer/SW/WWW/Server, Computer/SW/Unix] UID:15064 Activity:moderate
12/3    According to "man www" if I want to have server side includes on
        my web page off of csua, I need to either change the file
        extension to .shtml or make it executable. Is there any reason why
        I shouldn't just change all my web page file permissions so I can
        avoid having everything end with .shtml?
        \_ for files identified as SSI-capable, the web server preprocesses
           them line by line for every page hit.  normal files are served
           up "straight" without this overhead.  --jwang
           \_ So we're talking about a difference of probably milliseconds
              per page load here?
              \_ I've done this on a Linux server. I found differences of
                 several seconds. I never did figure out why the huge
                 difference.
                \_ the only way there might be that much of a difference is
                   if your WWW server is CPU-bound (extremely unlikely) or
                   you're getting the documents off NFS or something.  It
                   should not be a noticable difference.  -tom
                   \_ But it is possible. It does depend on what is being
                      interpreted by the SSI. Use .shtml only if necessary.
                      \_ Are you implying it's better to make your file
                         executable then? Or in general, use SSI only if
                         necessary.
                         \_ the latter.  -tom
1998/11/22-24 [Computer/SW/WWW/Server] UID:15000 Activity:nil
11/21   Is csua's webserver php3 enabled?
        \_ Mail www@csua and ask - they are the ones who know the answer
          and will give you the right one, unlike the motd.  Plus, you
          don't have to worry about the question or answer being deleted
          before it's read.
1998/4/16-17 [Computer/SW/WWW/Server] UID:13966 Activity:high
4/16    What do you have to do to have a web page with a secure
        connection?  I assume there must be a way for a CGI script to
        interact with the server to send the info.  How would it work on
        Soda?
        \_ SSL uses RSA, which means it costs money.
        \_ SSL uses RSA, which means it costs money, which means no SSL on Soda
        \_ ask root to install stronghold or apache-ssl
                                        \_ apache-ssl is illegal in the us
                \_ donate $175 for a server certificate or con sameer into
                        donating one or it's worthless
        \_ sameer/C2 has offered stronghold to us in the past. We'd still need
            to fork over $$ for a certificate, but that wouldn't be too bad.
            Supposedly they're in the ~100/year range from thawte.
                \_ stronghold is crap.  c2 support is a joke.
                  \_ Think Netscape or M$oft will give us a similar product
                     that is 'supported' on freebsd?  Compared to the
                     alternatives, C2 RULES!
                     \_ hell, if it even is produced, let alone supported
            \_ And why hasnt the CSUA taken sameer up on this offer?
              \_ need for a certificate, and/or excessive slack.
              \_ Lack of real need.
                 \_ Whaddya mean, lack of real need?  If soda supported SSL,
                    then safari could do a pay-for-porn Web site, taking
                    credit card numbers right there on the spot.  The CSUA
                    could take 5-10% off the top . . . pay for the cert.,
                    plus a year-round fundraiser for the hardware fund.
                    \_ Yup.  Like I said, "Lack of real need".  Besides,
                       aren't you a member of the FPF?
        \_ C2 rewls over all of you
                  \_ Hey, ast least they have Freebsd support.  What are our
                     other secure-server options, and are they any better?
        \_ I dont know too much about secure servers, what do they do for you
           that is so great?
                \_ Let you safely sell porn to net.people without fear of
                   their CC#s getting snooped.
1998/2/20 [Computer/SW/WWW/Server] UID:13708 Activity:nil
2/20    Apache 1.3beta5 Released
1998/2/13-14 [Computer/SW/WWW/Server, Computer/SW/Languages/Web] UID:13666 Activity:kinda low
2/13    So what's the new deal with soda webserver?  Total quota now = 10MB?
                                                        \_ No.  Use "quota -v"
        cgi works? How--cgi-bin directory, anything called .cgi, etc...?
                                                \_ *.cgi
        what else does webserver do?  Server-side includes, wrapping, logging?
                                        \_ Yes, no, yes.
1996/10/29 [Computer/SW/Security, Computer/SW/WWW/Server, Computer/SW/Unix] UID:31973 Activity:nil
10/28   Why aren't the web server logs mounted on soda? People do like
        to see who is accessing their web pages.
        \_ Try mailing root and asking them.  Most likely it's just something
           no one's bothered to do yet as part of the changeover.
        \_ I'll let you serve my logs baby
        \_ I wanna see who's accessing your web pages, too...
1996/10/19 [Computer/SW/WWW/Server, Computer/SW/OS/Windows] UID:31950 Activity:nil
10/17   Hi, does anyone know of a web browser that runs on Linux, and/or
        a web server that runs on Win95 (pref. free, of course). Thanks.
        -barn
        \_ go to http:///www.netscape.com for the Linux version of Netscape
           and http://www.apache.org for the Apache WWW Server.
         \_ Apache runs on Linux (and other unixes) but not 95
            If you want to be a web server, get a real OS on that
            box - Win95 will *NEVER* be a decent web server (you
            could go to NT, but you'll have to pay through the nose
            for NT Server since Microsoft has f*cked-up license
            restrictions against using NT Workstation as a server).
        \_ Thanks for the info.  I just wanted to test a server on W95, not
           actually use it for anything real.  -barn
2024/12/25 [General] UID:1000 Activity:popular
12/25   
Berkeley CSUA MOTD:Computer:SW:WWW:Server:
.