headers
Jer | 1 Feb 2004 03:46

Status codes 323 & 256

Dear all I am seeing this is my log file while trying to POST a flie to a 
php script

Sometimes it works and sometimes it doesn't

These are both the same type of file with the same ext just one is about 
20k bigger then the other

yet if i upload a small file of  25k it works with a code of 323
but a file of 40k fails with a 256 return

Any ideas/

Thanks

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
   "   from the digest: users-digest-unsubscribe <at> httpd.apache.org
For additional commands, e-mail: users-help <at> httpd.apache.org
Permalink | Reply | 1 comment |
headers
David | 1 Feb 2004 04:10
Picon
Favicon

newbie here need just a little push in the right direction

sry for the newbie stuff here but well...we all got to learn
somehow/somewhere..right...so why not ask people that has been there and
done that.

so here goes

i need to configure Apache 2.0.48 for a single website (  ill get into the
multi site later  ))
but does Apache support

1. FTP log in

2. hosting from behind a router for FTP  and user registerstration via
    port  ( 8080 )  and working with personal website via FTP and a HTML
    editor such as DREAMWEAVER or FRONTPAGE  for uploading
     webpages and etc...
and thanks to all who help me  ahead of time

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
   "   from the digest: users-digest-unsubscribe <at> httpd.apache.org
For additional commands, e-mail: users-help <at> httpd.apache.org
Permalink | Reply | 2 comments |
headers
David Potesta | 1 Feb 2004 05:05
Picon
Favicon

New to Apache

I just ran Nikto against my new install and found quite a list of
vulnerabilities, inclucing: HTTP PUT and DELETE abilities, Directory
indexing.  is there a good Baseline security guidline document anywhere that
someone could recommend?  I looked at the online main doc under 'Security
Tips' and I didn't see these topics discussed.

Thanks
David
 
Permalink | Reply | 0 comments |
headers
David | 1 Feb 2004 08:04

Apache Stops Parsing PHP

Hello,

I've installed the latest ver of both apache and php.

When I start Apache it works great but eventually will stop parsing php files and Apache will send the .php file as a download to the client.

I'm using virtual hosts, one other hosts will keep working even though another will stop parsing the .php, in the end however they all stop parsing.

To fix this I just need to stop Apache and then start it again, every 5-10 minutes.

Details RH9

CFLAGS="-I/usr/kerberos/include -DSECURITY_HOLE_PASS_AUTHORIZATION"

./configure --prefix=/usr/local/apache --enable-so --enable-cgi

--enable-info --enable-rewrite --enable-speling --enable-usertrack

--enable-deflate --enable-ssl --enable-mime-magic

make

make install

 

CFLAGS="-I/usr/kerberos/include -DSECURITY_HOLE_PASS_AUTHORIZATION"

./configure --with-apxs2=/usr/local/apache/bin/apxs --with-gettext

--with-imap=/dl/imap-2001a --with-kerberos --with-glibcc --with-xml

--with-mysql

make

make install

 

Thank you for any suggestions,

 

David

Permalink | Reply | 3 comments |
headers
Nick Kew | 1 Feb 2004 09:38

Re: Status codes 323 & 256

On Sat, 31 Jan 2004, Jer wrote:

> Dear all I am seeing this is my log file while trying to POST a flie to a
> php script
>
> yet if i upload a small file of  25k it works with a code of 323
> but a file of 40k fails with a 256 return

Those are undefined status codes.  If they were defined, they
wouldn't mean what you say.

Conclusion: either you've misreported a problem, or your PHP is garbage.

--

-- 
Nick Kew

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
   "   from the digest: users-digest-unsubscribe <at> httpd.apache.org
For additional commands, e-mail: users-help <at> httpd.apache.org
Permalink | Reply | 0 comments |
headers
David | 1 Feb 2004 09:41

RE: Apache Stops Parsing PHP

Hello,

 

Further information regarding this Apache Stops Parsing PHP.

I had previously thougt that once a virtual domain was not functioning it would not function at all.  But on a test using two computers I proved that while site1 would try to dl the .php file on computerA site1 on computerB would still be working.  I've resorted to isolating this new nonworking version of Apache onto a seperate computer and restore the backup of the working RPM ver of Apache.  I've compared the httpd.conf files and made some adjustments so the nonworking server has the same info regarding min/max clients threads/etc.  This did not appear to make any difference. I'm a newbie with this, but it feels as though a single apache process just can't keep up and instead of parsing it, it just sends the file.  It had appeared that Apache was able to recover from this byitself and start parsing again, but now it appears that once all the apache processes fails they do not recover and Apache has to be restarted. 

 

Regards,

 

David

 

-----Original Message-----
From: David [mailto:david <at> bizeweb.com]
Sent: Sunday, February 01, 2004 4:35 PM
To: users <at> httpd.apache.org
Subject: [users <at> httpd] Apache Stops Parsing PHP

 

Hello,

I've installed the latest ver of both apache and php.

When I start Apache it works great but eventually will stop parsing php files and Apache will send the .php file as a download to the client.

I'm using virtual hosts, one other hosts will keep working even though another will stop parsing the .php, in the end however they all stop parsing.

To fix this I just need to stop Apache and then start it again, every 5-10 minutes.

Details RH9

CFLAGS="-I/usr/kerberos/include -DSECURITY_HOLE_PASS_AUTHORIZATION"

./configure --prefix=/usr/local/apache --enable-so --enable-cgi

--enable-info --enable-rewrite --enable-speling --enable-usertrack

--enable-deflate --enable-ssl --enable-mime-magic

make

make install

 

CFLAGS="-I/usr/kerberos/include -DSECURITY_HOLE_PASS_AUTHORIZATION"

./configure --with-apxs2=/usr/local/apache/bin/apxs --with-gettext

--with-imap=/dl/imap-2001a --with-kerberos --with-glibcc --with-xml

--with-mysql

make

make install

 

Thank you for any suggestions,

 

David

Permalink | Reply | 2 comments |
headers
trashMan | 1 Feb 2004 12:26

Security problem with mod_proxy


I've a big problem with security!!
I use apache with mod_proxy and rewriterule with zope Application Server and
there are a lot of server that use my apache as proxy without permission! 

I know that mod_proxy is open by default so i've inserted in httpd.conf

<LocationMatch  "^[^/]">
  Deny from all
</LocationMatch>

without result.

My site work with ip and is:

Win 2000 server
Zope 263
Apache 2.0.48

The httpd.conf is

ServerRoot "C:/Programmi/Apache Group/Apache2"
PidFile logs/httpd.pid
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15

<IfModule mpm_winnt.c>
ThreadsPerChild 250
MaxRequestsPerChild  0
</IfModule>

Listen 217.xx:80

LoadModule access_module modules/mod_access.so LoadModule actions_module
modules/mod_actions.so LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so LoadModule auth_module
modules/mod_auth.so LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cgi_module modules/mod_cgi.so LoadModule dir_module
modules/mod_dir.so LoadModule env_module modules/mod_env.so LoadModule
log_config_module modules/mod_log_config.so LoadModule mime_module
modules/mod_mime.so LoadModule proxy_module modules/mod_proxy.so LoadModule
proxy_http_module modules/mod_proxy_http.so LoadModule negotiation_module
modules/mod_negotiation.so LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so LoadModule userdir_module
modules/mod_userdir.so

ServerAdmin admin <at> xxx.it
ServerName yy.xxx.it:80
UseCanonicalName Off
DocumentRoot "C:/Programmi/Apache Group/Apache2/htdocs"
<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>
DirectoryIndex index.html
AccessFileName .htaccess
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>
TypesConfig conf/mime.types
DefaultType text/plain
HostnameLookups Off
ErrorLog logs/error.log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i
-> %U" referer LogFormat "%{User-agent}i" agent

CustomLog logs/access.log common
ServerTokens Full
ServerSignature On
ScriptAlias /cgi-bin/ "C:/Programmi/Apache Group/Apache2/cgi-bin/"
<Directory "C:/Programmi/Apache Group/Apache2/cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
</Directory>

<LocationMatch  "^[^/]">
  Deny from all
</LocationMatch>

<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^.*:80$
RewriteRule ^/(.*)
http://127.0.0.1:8080/VirtualHostBase/http/%{HTTP_HOST}/$1 [L,P]
</VirtualHost>

<VirtualHost 217.xx:80>
NameVirtualHost  217.xx:80
CustomLog logs/sito-access_log combined
ErrorLog logs/sito-error_log
ServerName 217.xx
ServerAdmin admin
RewriteEngine on
RewriteRule ^/(.*)
http://localhost:8080/VirtualHostBase/http/217.xx:80/sito.it/VirtualHostRoot
/$1 [L,P]

</VirtualHost>

Can you help me?? 

Massimiliano

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
   "   from the digest: users-digest-unsubscribe <at> httpd.apache.org
For additional commands, e-mail: users-help <at> httpd.apache.org
Permalink | Reply | 0 comments |
headers
Issac Goldstand | 1 Feb 2004 12:38
Gravatar

(70007)The timeout specified has expired: ap_content_length_filter: apr_bucket_read() failed

Can someone tell me what the above means?  I get it in the error logs with
long executing CGI scripts.

  Issac

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
   "   from the digest: users-digest-unsubscribe <at> httpd.apache.org
For additional commands, e-mail: users-help <at> httpd.apache.org
Permalink | Reply | 1 comment |
headers
Andre Malo | 1 Feb 2004 12:34
Picon

Re: Security problem with mod_proxy

On Sun, 1 Feb 2004 12:26:22 +0100
"trashMan" <trashman <at> httconsulting.com> wrote:

> I've a big problem with security!!
> I use apache with mod_proxy and rewriterule with zope Application
> Server and there are a lot of server that use my apache as proxy
> without permission!

How do you know?

> I know that mod_proxy is open by default so i've inserted in
> httpd.conf

Who told you that? The docs had told you something else:
http://httpd.apache.org/docs-2.0/mod/mod_proxy.html#proxyrequests

Default is "off".

nd

P.S.: Please don't post unrelated config stuff here, it's just annoying
and not helpful by any means.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
   "   from the digest: users-digest-unsubscribe <at> httpd.apache.org
For additional commands, e-mail: users-help <at> httpd.apache.org
Permalink | Reply | 1 comment |
headers
trashMan | 1 Feb 2004 13:39

R: [users <at> httpd] Security problem with mod_proxy

Sorry but...i'm deprived of hope!

I've an application server and i use apache as front end so apache must
redirect only the request for Zope (the app.server). I use the virtualhost
and rewriterule with [p] flag for activate the reverse proxy. 

With  ProxyRequests Off directive the forward proxy is disable but the
problem persists.

What can i do?? 

They are 3 days and 3 nights that I am studying like resolving and I do not
succeed to find the solution :-(

I think that must use the module <proxy> but I do not know like:

<Proxy *>
Order deny,allow
Deny from all
</Proxy>

All it is blocked while the demands for my application server on port 8080
must pass

Excused and  Thanks for your answer

Massimiliano

-----Messaggio originale-----
Da: Andre Malo [mailto:nd <at> perlig.de] 
Inviato: domenica 1 febbraio 2004 12.34
A: users <at> httpd.apache.org
Oggetto: Re: [users <at> httpd] Security problem with mod_proxy

On Sun, 1 Feb 2004 12:26:22 +0100
"trashMan" <trashman <at> httconsulting.com> wrote:

> I've a big problem with security!!
> I use apache with mod_proxy and rewriterule with zope Application 
> Server and there are a lot of server that use my apache as proxy 
> without permission!

How do you know?

> I know that mod_proxy is open by default so i've inserted in 
> httpd.conf

Who told you that? The docs had told you something else:
http://httpd.apache.org/docs-2.0/mod/mod_proxy.html#proxyrequests

Default is "off".

nd

P.S.: Please don't post unrelated config stuff here, it's just annoying and
not helpful by any means.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
   "   from the digest: users-digest-unsubscribe <at> httpd.apache.org
For additional commands, e-mail: users-help <at> httpd.apache.org

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
   "   from the digest: users-digest-unsubscribe <at> httpd.apache.org
For additional commands, e-mail: users-help <at> httpd.apache.org
Permalink | Reply | 0 comments |

Gmane