wave of WebDAV attacks

Sorry if this isn't the proper place, but I'm seeing a huge wave of
attempted WebDAV / CURL attacks within the last week.

I'm running 1.3.28 on FreeBSD. Here's an example if you haven't seen them:

65.71.40.50 - - [31/Mar/2004:16:40:46 -0600] "SEARCH
\x90\x02\xb1\x02\xb1\x02\...(pages of this)............

are getting handled with  414 342 codes, and end up in the error log as
'URI too long'.

Is something new going on I should know about?  This doesn't seem to
effect anything other than sucking my bandwidth, but I thought I'd ask.

Thanks,

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
   "   from the digest: users-digest-unsubscribe <at> httpd.apache.org
For additional commands, e-mail: users-help <at> httpd.apache.org

Re: wave of WebDAV attacks

On Wed, 31 Mar 2004, sysadmin wrote:
> Sorry if this isn't the proper place, but I'm seeing a huge wave of
> attempted WebDAV / CURL attacks within the last week.

It is fine to ask on this list, but you should check the archives first,
since this was asked and answered earlier today (and earlier in the week,
too).

It is simply someone trying to exploit a problem with MS-IIS's webdav.  It
is no danger to apache.  Search google or www.cert.org for "webdav search"
or the like.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
   "   from the digest: users-digest-unsubscribe <at> httpd.apache.org
For additional commands, e-mail: users-help <at> httpd.apache.org

Re: wave of WebDAV attacks

Hello, sysadmin!

http://www.fatelabs.com/library/fatelabs-ntdll-analysis.pdf

With best regards, Björn Friebel.  E-mail: dragon5 <at> uni.de

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
   "   from the digest: users-digest-unsubscribe <at> httpd.apache.org
For additional commands, e-mail: users-help <at> httpd.apache.org

Location and Listen directives

Hi,

when you define a <Location> is it valid for all the Listen Ports defined
with the directive Listen???
for example.. is my server is listening two ports: 80 and 8080. and it has a
<Location /server-status> this can be accessed using port 80 and 8080....
Always happen this or is there a way to restrict the Location to a specific
port????

thank you,
EP

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
   "   from the digest: users-digest-unsubscribe <at> httpd.apache.org
For additional commands, e-mail: users-help <at> httpd.apache.org

Re: Location and Listen directives

On Wed, 31 Mar 2004, Esteban Pizzini wrote:
> when you define a <Location> is it valid for all the Listen Ports defined
> with the directive Listen???
> for example.. is my server is listening two ports: 80 and 8080. and it has a
> <Location /server-status> this can be accessed using port 80 and 8080....
> Always happen this or is there a way to restrict the Location to a specific
> port????

That is what <VirtualHost>s are for: to restric application of directives
to particular IP addresses, hostnames, or ports.  See the apache
documentation for IP virtual hosts -- everything there applies equally to
port-based virtual hosts.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
   "   from the digest: users-digest-unsubscribe <at> httpd.apache.org
For additional commands, e-mail: users-help <at> httpd.apache.org

Rotating websites

Hello, 
         I was curious if this could be done solely in apache.
I have a number of websites (10) and I want to have each website displayed
for a certain amount of time and then move on to a new website. Or would
have to write a script in php/perl to get this job done? 

Thanks,
Shashank

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
   "   from the digest: users-digest-unsubscribe <at> httpd.apache.org
For additional commands, e-mail: users-help <at> httpd.apache.org

Re: Rotating websites

On Wed, 31 Mar 2004, Shashank wrote:

> Hello,
>          I was curious if this could be done solely in apache.
> I have a number of websites (10) and I want to have each website displayed
> for a certain amount of time and then move on to a new website. Or would
> have to write a script in php/perl to get this job done?

mod_rewrite can do random or time-of-day based rewriting.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
   "   from the digest: users-digest-unsubscribe <at> httpd.apache.org
For additional commands, e-mail: users-help <at> httpd.apache.org

RE: Rotating websites

	 Not a timed rotation, however? If I need a timed rotation, I would
be hard-coding the time-of-the-day each website is going to be displayed?
Random looks more promising in such a case then, I think. 
Thanks,
Shashank

-----Original Message-----
From: Joshua Slive [mailto:joshua <at> slive.ca] 
Sent: Wednesday, March 31, 2004 9:45 PM
To: users <at> httpd.apache.org
Subject: Re: [users <at> httpd] Rotating websites

On Wed, 31 Mar 2004, Shashank wrote:

> Hello,
>          I was curious if this could be done solely in apache.
> I have a number of websites (10) and I want to have each website displayed
> for a certain amount of time and then move on to a new website. Or would
> have to write a script in php/perl to get this job done?

mod_rewrite can do random or time-of-day based rewriting.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
   "   from the digest: users-digest-unsubscribe <at> httpd.apache.org
For additional commands, e-mail: users-help <at> httpd.apache.org

mod_asp

Hi,
is there anybody experienced with mod_asp? I want to offer ASP to my 
customers, but I'm not running win :o) How much functions does mod_asp 
implement and how much is it reliable?

Is it a good idea to install this module and tell customers, that they 
can use ASP the same way as it is a Misrosoft's implementation on 
Windows machine?

Many thanks.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe <at> httpd.apache.org
   "   from the digest: users-digest-unsubscribe <at> httpd.apache.org
For additional commands, e-mail: users-help <at> httpd.apache.org

compiling current apache against updated openssl

Hi All,

 

    I was running some tests, and wanted to know if I had this procedure down 100%.

 

Current Apache is 2.0.48   (configured with --enable-ssl --with-ssl=/usr/local/ssl --enable-headers)

Current OpenSSL is 0.9.7c (straight ./config; make; make test; make install)

 

Here is what I did to get the httpd-2.0.48 recompiled against OpenSSL 0.9.7d (configured as above, btw)

 

make clean

./configure --enable-ssl --with-ssl=/usr/local/ssl --enable-headers
make
make install

 

I start up apache with apachectl --start (using startssl gives me a error due to no cert generation, no problem).

 

With Server Tokens set to FULL, I get the following header from a telnet localhost 80

 

Apache/2.0.48 (Unix) mod_ssl/2.0.48 OpenSSL/0.9.7d Server at nermal

 

The only real question I have is the issue of certificates generated and placed OpenSSL /usr/local/ssl tree,

do these get affected at all during a source recompile and install (I would tend to think NOT, since the

cert is usually an add on afterwards)?

 

Any comments would be useful

 

Bill