If you want to help out it would be very helpeful to check: will this work when you set gzip to 'no compression' (so you do apply gzip, just don't use any compression) if so, what is the smallest file you can make it break? Stefan
_______________________________________________ Cherokee mailing list Cherokee <at> lists.octality.com http://lists.octality.com/listinfo/cherokee
Hi, I'm wondering if in a high loaded server is better to have in "Handler" -> "Common CGI Options" the "Check file" enabled or not, and in "Rule" -> "Check local file" enabled or not... I would like to uncheck both for performance reasons, but I'm not sure to if there's any impact on security... Anyone can help me? -- --------------------- Hugo Vázquez Caramés "El trabajo que nunca se empieza es el que tarda más en finalizarse" (J. R. R. Tolkien) "La mayoría de las personas gastan más tiempo y energías en hablar de los problemas que en afrontarlos" (Henry Ford) "Lo imposible es el fantasma de los tímidos y el refugio de los cobardes" (N. Bonaparte) ======================================================== PENTEST Consultores Tel: 93 3962070 / Fax: 93 3962001 e-mail: hvazquez <at> pentest.es ======================================================== Gane credibilidad y confianza, visite http://www.pentest.es Este e-mail es confidencial y destinado únicamente a la persona a la cual va dirigido. Si Ud. no es el destinatario al cual va dirigido este e-mail o lo recibe por error, queda advertido que cualquier uso, difusión,impresión o copia de este mensaje está estrictamente prohibido. Si lo ha recibido por error, por favor, notifíquelo al remitente del mensaje This email is confidential and intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient,be advised that you have received this email in error and that any use,dissemination, forwarding, printing or copying of this email is strictly prohibited. If you have received this email in error please notify it to sender.
Hello Hugo,
I'm wondering if in a high loaded server is better to have in "Handler" -> "Common CGI Options" the "Check file" enabled or not,
and in "Rule" -> "Check local file" enabled or not... I would like to uncheck both for performance reasons, but I'm not sure to if there's any impact on security...
_______________________________________________ Cherokee mailing list Cherokee <at> lists.octality.com http://lists.octality.com/listinfo/cherokee
Hi Alvaro, my "I/O cache" is enabled: I did it as soon I saw itMy concern is about the impact on checking for the existence of a file on every request... that means that for every PHP request, there will be a disk access...?? My system has been designed to serve a minimum of 10k request/second serving php -actually it can support more than this-. I have no logs, and I have all I can running from memory/cached, etc. Having the "Check file" in my FastCGI handler, makes me think about Cherokee doing a disk access in every request...Is that right? But not having the "Check file" enabled, maybe would allow an attacker to pass requests to FastCGI of non-existent files, forcing the FastCGI to do a lot of disk access, and maybe, creating a denial of service condition... So, summarizing: what could happen if i disable the "Check file" in my FastCGI handler working with php-cgi? And also, what could happen if I disable the "Rule" -> "Check local file" in a "Extensions" rule -extensions: php,tpe-? Kind Regards, On Sat, 03 Sep 2011 14:00:44 +0200, Alvaro Lopez Ortega <alvaro <at> octality.com> wrote: > Hello Hugo, > > 2011/9/3 Hugo Vazquez Carames <hvazquez <at> pentest.es> > >> I'm wondering if in a high loaded server is better to have in "Handler" >> -> >> "Common CGI Options" the "Check file" enabled or not, >> > > Well, that would have quite a big impact on what information are passed > to > the *CGI. The option points the server whether it's executing the > content of > a file (CGI, a PHP file through FastCGI) or it's just passing the > requested > URL to a backend server (uWSGI, SCGI, FastCGI, etc) without even checking > whether the file exists. Imagine a Django/RoR app, for instance. In that > case you do not want the server to check any local file, simply because > they > do not exist. > > and in "Rule" -> "Check local file" enabled or not... I would like to >> uncheck both for performance reasons, but I'm not sure to if there's any >> impact on security... >> > > I'm confused about this one. It depends on the rule. Most likely you want > keep it enabled, but I could not tell you for sure without knowing a > little > more about the specific case. > > Anyway, if you are worried about performance AND it's a production system > you aren't developing on AND you can spend a few hundled Mb of RAM on it, > I'd strongly recommend you to enable "I/O-cache". That will have a > very positive impact on the overall server performance. > > Cheers! > -- --------------------- Hugo Vázquez Caramés "El trabajo que nunca se empieza es el que tarda más en finalizarse" (J. R. R. Tolkien) "La mayoría de las personas gastan más tiempo y energías en hablar de los problemas que en afrontarlos" (Henry Ford) "Lo imposible es el fantasma de los tímidos y el refugio de los cobardes" (N. Bonaparte) ======================================================== PENTEST Consultores Tel: 93 3962070 / Fax: 93 3962001 e-mail: hvazquez <at> pentest.es ======================================================== Gane credibilidad y confianza, visite http://www.pentest.es Este e-mail es confidencial y destinado únicamente a la persona a la cual va dirigido. Si Ud. no es el destinatario al cual va dirigido este e-mail o lo recibe por error, queda advertido que cualquier uso, difusión,impresión o copia de este mensaje está estrictamente prohibido. Si lo ha recibido por error, por favor, notifíquelo al remitente del mensaje This email is confidential and intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient,be advised that you have received this email in error and that any use,dissemination, forwarding, printing or copying of this email is strictly prohibited. If you have received this email in error please notify it to sender.
On Sat, 3 Sep 2011, Hugo Vazquez Carames wrote: > My concern is about the impact on checking for the existence of a file on > every request... that means that for every PHP request, there will be a disk > access...?? No for every file every five minutes a disk access is made. I/O-cache caches the diskaccess (stat). Stefan
On Mon, 2011-08-29 at 15:29 +0200, Alvaro Lopez Ortega wrote: > > > We could try to try something slightly more descriptive like: "Stop on > match" and "Continue on match". Spot on! +2 ;) -- -- Mateusz Pawlowski <js <at> yllq.net>
I think any succinct language here will likely lead to some form of ambiguity, and as previously mentioned, the only way around this is to use something lengthier. The problem with this is that you end up likely repeating yourself as terms become verbose. I think simplicity in the terms is best (eg something like Final vs Pass-Through) and have something as close as possible (because IMHO there's no one right answer).
Maybe provide something like tooltips and easily accessible documentation. I could see having the something like the current Final/Non-Final button in the left-hand listing, but also have another tab against each rule which could describe the differences.
My 2 cents worth :)
-- David
_______________________________________________ Cherokee mailing list Cherokee <at> lists.octality.com http://lists.octality.com/listinfo/cherokee
Hey, I'm having a tough time setting up an internal redirection based on the subdomains: sub.domain.com -> domain.com/sub I've managed to set up an external redirection just fine, but that's not excatly what I need :-/ It would be more of a "rewrite", so the browser keeps showing "sub.domain.com". There must be a way to do this, as with any other webserver, would somebody enlighten me on this one? Thanks a lot! -- Steffen (still on 1.2.2 / Debian)
Hello Steffen,
I'm having a tough time setting up an internal redirection based on
the subdomains:
sub.domain.com -> domain.com/sub
I've managed to set up an external redirection just fine, but that's
not excatly what I need :-/
It would be more of a "rewrite", so the browser keeps showing "sub.domain.com".
There must be a way to do this, as with any other webserver,
would somebody enlighten me on this one?
_______________________________________________ Cherokee mailing list Cherokee <at> lists.octality.com http://lists.octality.com/listinfo/cherokee
RSS Feed5 | |
|---|---|
35 | |
3 | |
55 | |
16 | |
60 | |
22 | |
31 | |
13 | |
7 | |
8 | |
22 | |
7 | |
28 | |
23 | |
63 | |
116 | |
82 | |
71 | |
83 | |
79 | |
66 | |
50 | |
83 | |
99 | |
106 | |
112 | |
174 | |
217 | |
209 | |
137 | |
230 | |
164 | |
120 | |
89 | |
255 | |
241 | |
175 | |
120 | |
163 | |
152 | |
215 | |
173 | |
258 | |
276 | |
299 | |
176 | |
224 | |
203 | |
199 | |
140 | |
92 | |
198 | |
143 | |
222 | |
254 | |
78 | |
152 | |
57 | |
71 | |
49 | |
63 | |
83 | |
43 | |
21 | |
47 | |
12 | |
51 | |
24 | |
25 | |
47 | |
46 | |
29 | |
38 | |
9 | |
46 | |
73 | |
88 | |
33 | |
86 | |
84 | |
88 | |
64 | |
29 | |
53 | |
64 | |
92 | |
72 | |
77 |
