I am using the following Apache directive,Now what i am trying to do is that i want to disable all php and html and other extension not to be executed.In the particular directory,But this dosnt seem to be working.
How do you tell which apache version is currently running.
the situation is that I got multiply httpd.conf files on a solaris 2.6 server and I need to tell which version is what? I have checked the httpd.conf but no joy
Thanks in Advance (3 Replies)
I want to have multiple domains to be configured in apache web server on redhat linux
can i have that without DNS server configured. What all i have to do for that.What all to configure ?
And importantly
i want the site be accessed by name rather IP address.
Please help me
... (1 Reply)
I want to have multiple domains to be configured in apache web server on redhat linux
can i have that without DNS server being configured. What all i have to do for that.What all to configure ?
please note that i need to access the site by its name not by IP . I want this in a LAN . I dont... (4 Replies)
on my webserver, and im sure many of you who also run one see this all the time, but the majority of my access log is filled with attempted exploits from computers compromised by some virus (NIMBDA?) and anyway i know this is harmless to an apache/linux webserver, but its annoying, anyway, on... (5 Replies)
I am tring to configure Apache so that it displays the ip address of
users browsing the web in the header.
mod_header is installed on my apache as default.
I tried including the following in httpd.conf file but no joy
Header set remoteip %{REMOTE_ADDR}
I have also tried
Header add... (3 Replies)
Hi, I am new to unix and am trying to determine if apache is installed on my server. Is there a command to determine the running version or if it is even installed. I appreciate your help.
Thanks,
Eric (2 Replies)
Hi,
I'm new to developing modules for Apache. I understand the basics now and can develop something simple which allows a 'GET' request to happen, but what I want to do is actually 'POST' information to my site. I know the basic POST Request works and I can see that it is post by looking at... (2 Replies)
Have no idea on what the below error message is:
Process not running: /opt/java15/jdk/bin/java -classpath /opt/apache/apache-ant-1.7.0-mod/lib/ant-launcher.jar org.apache.tools.ant.launch.Launcher -buildfile build.xml dist.
Any help? (3 Replies)
Discussion started by: gull05
3 Replies
LEARN ABOUT REDHAT
upsset.conf
UPSSET.CONF(5) Network UPS Tools (NUT) UPSSET.CONF(5)NAME
upsset.conf - Configuration for Network UPS Tools upsset.cgi
DESCRIPTION
This file only does one job - it lets you convince upsset.cgi(8) that your system's CGI directory is secure. The program will not run
until this file has been properly defined.
SECURITY REQUIREMENTS upsset.cgi(8) allows you to try login name and password combinations. There is no rate limiting, as the program shuts down between every
request. Such is the nature of CGI programs.
Normally, attackers would not be able to access your upsd(8) server directly as it would be protected by the ACCESS/ACL directives in your
upsd.conf(5) file and hopefully local firewall settings in your OS.
Since upsset runs on your web server, it could provide a passage from the outside to the inside, bypassing any firewall rules or upsd
access control limitations, since it appears to be coming from the web server. This is why you must secure it first.
On Apache, you can use the .htaccess file or put the directives in your httpd.conf. It looks something like this, assuming the .htaccess
method:
<Files upsset.cgi>
deny from all
allow from your.network.addresses
</Files>
You will probably have to set "AllowOverride Limit" for this directory in your server-level configuration file as well.
If this doesn't make sense, then stop reading and leave this program alone. It's not something you absolutely need to have anyway.
Assuming you have all this done, and it actually works (test it!), then you may add the following directive to this file:
I_HAVE_SECURED_MY_CGI_DIRECTORY
If you lie to the program and someone beats on your upsd through your web server, don't blame me.
SEE ALSO upsset.cgi(8)
Internet resources:
The NUT (Network UPS Tools) home page: http://www.exploits.org/nut/
NUT mailing list archives and information: http://lists.exploits.org/
Tue Jul 30 2002 UPSSET.CONF(5)