Tracking Forums, Newsgroups, Maling Lists
Home Scripts Tutorials Tracker Forums
  Advanced Search
  HOME    TRACKER    Web Hosting


Advertisements:




SuperbHosting.net & Arvixe.com have generously sponsored dedicated servers and web hosting to ensure a reliable and scalable dedicated hosting solution for BigResource.com.







Configuring Suhosin ...


I've continually worked on it, but nothing seems to give.

I'll install it in the right place, but not have the config saved properly, or it's in the wrong place but saved right.


View Complete Thread with Replies

Sponsored Links:

Related Forum Messages:
Suhosin Extension Or Suhosin Patch
What is the difference between Suhosin Extension and Suhosin Patch?

View Replies!   View Related
Suhosin
I am thinking about installing the Suhosin option for PHP on some shared servers to improve PHP's security. Are there any gotchas I would need to be aware of? I've checked out the Suhosin site but there is not much there at all.

View Replies!   View Related
Suhosin
I've been testing out Suhosin Extension 0.9.29 from [url]

There are at least two areas (that I know of) where I need help.

1. Error messages go to /var/log/messages no matter what I set for suhosin.log.syslog.facility even though I have a corresponding /etc/syslog.conf facility going to /var/log/suhosin.log

If you have successfully set up suhosin to log outside of /var/log/messages, do you mind sharing your /etc/syslog.conf and php.ini settings for that change?

2. I am seeing a lot of "ALERT-SIMULATION - script tried to increase memory_limit to 4294967295 bytes which is above the allowed value (attacker 'REMOTE_ADDR not set', file 'unknown')" errors in /var/log/messages.

How can I find the IP and file involved?

For those that do include the increase memory_limit alert with an IP address and actual file, how can I determine if the activity is incorrect or correct and the suhosin memory limit needs to be increased?

For the shell script, awk/gawk, etc. experts, is there a way to consolidate the following messages into one line? ....

View Replies!   View Related
Suhosin And Php.ini
i have a dedicated server and i have installed suhosin through els

well
els never asked me for configurations or anything ,, it just installed it

any way

i'm trying to install AWBS on my server ,, AWBS needs safe_mode to be off

so i went (pico /usr/local/lib/php.ini)

all the lines were commented
suhosin added this to every line at the begining

PHP Code:

;suhosin.version=0.9.20 

so everyline became commented

any way

i was trying to turn off the safe mode
so i searched for it and replaced On with Off

but the changes didn't take effect

(locate suhosin)

found bunch of folders and suhosin.so files that i couldn't manage

is installing this extension ,, replaces the php.ini effect with another one ???
how can i configure php.ini to turn off the safe mode and also disable some functions while suhosin is there

+
how to remove suhosin without losing any data

which command shall i use

View Replies!   View Related
Suhosin
with suhosin, with conf in php.ini. For get this working i must do a change in php.ini

extension_dir = "./"

FOR

extension_dir = ""

and get working, but for the next day this is changed again.

View Replies!   View Related
Suhosin
I have Suhosin on the server to patch PHP and I now cannot use the PHP include('blah.php')statement.

I have no whitelist or blacklist but still get the error:

"ALERT - Include filename ('<url>')is an URL that is not allowed"

and all I get is a blank page - is there a way of letting the URL includes work?

View Replies!   View Related
How Install Suhosin
i have try:

wget [url]
tar -zxvf suhosin-0.9.27.tgz
./configure
make
make install

then:

ls –lah /usr/local/lib/php/extensions/no-debug-non-zts-20060613/

mkdir /usr/lib/php/extensions/

cp /usr/local/lib/php/extensions/no-debug-non-zts-20060613/suhosin.so /usr/lib/php/extensions/
no-debug-non-zts-20060613

vi php.ini

But i havent:
:/usr/lib/php:/usr/local/lib/php:/usr/lib/php/extensions:/usr/lib/php/extensions/no-debug-non-zts-20060613

in my php.ini and i have this:

;include_path = ".:/php/includes"

View Replies!   View Related
SuPHP Along With Suhosin
we have installed suPHP along with suhosin on server to prevent upload of illegal scripts but still we are having problems with scripts used for phishing web sites! We have a lot of Joomla users and other php apps installed on server.

View Replies!   View Related
Suphp And Suhosin ..
i have install suhosin and i want to know that should i install suphp too?

and

do you recomend me to install suphp?

View Replies!   View Related
Suhosin Block
in one of my servers i have this line in my ConfigServer Security & Firewall:

190.28.118.155 # lfd: 10 (suhosin) login failures from 190.28.118.155 - Mon Jun 16 23:27:50 2008

is this ok? i mean... its an attack of some sort? i know suhosin is meant to increase php security, so its blocking an attack right?

View Replies!   View Related
Suhosin Install
According to this Guide I installed Suhosin Extension
[url]

After installation each time I add

;;;;;;;;;;;;;;;;;;;;;;;;;

; Paths and Directories ;

;;;;;;;;;;;;;;;;;;;;;;;;;

include_path = ".:/usr/lib/php:/usr/local/lib/php:/usr/lib/php/extensions:/usr/lib/php/extensions/no-debug-non-zts-20020429:" ;

extension_dir = /usr/lib/php/extensions/no-debug-non-zts-20020429/ ; directory in which the loadable extensions (modules) reside

Http fail and php -v don't show that Suhosin installed

How can i check if Suhosin installed and working fine ?

View Replies!   View Related
Suhosin And Vbulletin
I have the max vars and all that set right to conform to vbulletin, Only problem is now I keep getting this in /var/log/messages

suhosin[8569]: ALERT - script tried to increase memory_limit to 4294967295 bytes which is above the allowed value (attacker '*******', file '/home/user/public_html/includes/class_xml.php', line 35)

The line its pertaining to is @ini_set('memory_limit', -1);

I'm pretty sure its not blocking anything, least nothing I see but it does this everytime someone accesses certain pages on a forum.

My memory_limit for php is 60 mb, I checked out different ways of configuring it, but the only thing I think would stop the alerts is setting the suhosin memory limit to 4 gb, as it says the script is calling for that. But I suppose if there was a crappy or malicious php script they would easily be able to ini-set and suck all the memory.

So basically what i want to do is just disable this alert as its filling the messages up. Has anyone dealt with this before?

View Replies!   View Related
Suhosin Config
I was wondering if anyone has a tried and tested suhosin config for an average webhosting box?

I tried the config on the webhostgear article and it caused a few problems with some sites. On my directadmin server I managed to do the patch and the extension. I was wanting to do the same on cpanel server. Has anyone done the patch as well with easyapache?

I figure you would have to go to where it saves the downloaded source and patch it then zip it back up.

View Replies!   View Related
Suhosin Installation
i install suhosin like this :

Code:
cd /usr/src
wget [url]
wget [url]
wget [url]
wget [url]
then :

Code:
gpg --import < hardened-php-signature-key.asc
extract php tarball

Code:
tar -zxf php-4.4.7.tar.gz
then :

Code:
md5sum suhosin-patch-4.4.7-0.9.6.patch.gz
gpg suhosin-patch-4.4.7-0.9.6.patch.gz.sig
gunzip suhosin-patch-4.4.7-0.9.6.patch.gz
paching php :

Code:

cd php-4.4.7
patch -p 1 -i ../suhosin-patch-4.4.7-0.9.6.patch
installing php : ( u must restore php.ini to the default before the installation )

Code:

./configure --with any thing .....
make
make test
make install
after that i cat suhosin.ini to php.ini

Code:
cat suhosi.ini > php.ini
i am using this setting :

Code:
;;;;;;;;;;;;;
; Suhosin ;
;;;;;;;;;;:;;
; -----------------------------------------------------------------------------
; This file was taken from Mandriva Linux with their permission
; -----------------------------------------------------------------------------
[suhosin]
; -----------------------------------------------------------------------------
; Logging Options
; Defines what classes of security alerts are logged to the syslog daemon.
; Logging of errors of the class S_MEMORY are always logged to syslog, no
; matter what this configuration says, because a corrupted heap could mean that
; the other logging options will malfunction during the logging process.
suhosin.log.syslog = 511
; Defines the syslog facility that is used when ALERTs are logged to syslog.
suhosin.log.syslog.facility = 9
; Defines the syslog priority that is used when ALERTs are logged to syslog.
suhosin.log.syslog.priority = 1
; Defines what classes of security alerts are logged through the SAPI error log.
suhosin.log.sapi = 511
; Defines what classes of security alerts are logged through the external
; logging.
suhosin.log.script = 511
; Defines what classes of security alerts are logged through the defined PHP
; script.
suhosin.log.phpscript = 511
; Defines the full path to a external logging script. The script is called with
; 2 parameters. The first one is the alert class in string notation and the
; second parameter is the log message. This can be used for example to mail
; failing MySQL queries to your email address, because on a production system
; these things should never happen.
suhosin.log.script.name =
; Defines the full path to a PHP logging script. The script is called with 2
; variables registered in the current scope: SUHOSIN_ERRORCLASS and
; SUHOSIN_ERROR. The first one is the alert class and the second variable is
; the log message. This can be used for example to mail attempted remote URL
; include attacks to your email address.
suhosin.log.phpscript.name =
; Undocumented
suhosin.log.phpscript.is_safe = Off
; When the Hardening-Patch logs an error the log message also contains the IP
; of the attacker. Usually this IP is retrieved from the REMOTE_ADDR SAPI
; environment variable. With this switch it is possible to change this behavior
; to read the IP from the X-Forwarded-For HTTP header. This is f.e. necessary
; when your PHP server runs behind a reverse proxy.
suhosin.log.use-x-forwarded-for = On
; -----------------------------------------------------------------------------
; Executor Options
; Defines the maximum stack depth allowed by the executor before it stops the
; script. Without this function an endless recursion in a PHP script could
; crash the PHP executor or trigger the configured memory_limit. A value of
; "0" disables this feature.
suhosin.executor.max_depth = 5
; Defines how many "../" an include filename needs to contain to be considered
; an attack and stopped. A value of "2" will block "../../etc/passwd", while a
; value of "3" will allow it. Most PHP applications should work flawlessly with
; values "4" or "5". A value of "0" disables this feature.
suhosin.executor.include.max_traversal = 2
; Comma separated whitelist of URL schemes that are allowed to be included from
; include or require statements. Additionally to URL schemes it is possible to
; specify the beginning of allowed URLs. (f.e.: php://stdin) If no whitelist is
; specified, then the blacklist is evaluated.
suhosin.executor.include.whitelist =
; Comma separated blacklist of URL schemes that are not allowed to be included
; from include or require statements. Additionally to URL schemes it is
; possible to specify the beginning of allowed URLs. (f.e.: php://stdin) If no
; blacklist and no whitelist is specified all URL schemes are forbidden.
suhosin.executor.include.blacklist =
; Comma separated whitelist of functions that are allowed to be called. If the
; whitelist is empty the blacklist is evaluated, otherwise calling a function
; not in the whitelist will terminate the script and get logged.
suhosin.executor.func.whitelist =
; Comma separated blacklist of functions that are not allowed to be called. If
; no whitelist is given, calling a function within the blacklist will terminate
; the script and get logged.
suhosin.executor.func.blacklist =
; Comma separated whitelist of functions that are allowed to be called from
; within eval(). If the whitelist is empty the blacklist is evaluated,
; otherwise calling a function not in the whitelist will terminate the script
; and get logged.
suhosin.executor.eval.whitelist =
; Comma separated blacklist of functions that are not allowed to be called from
; within eval(). If no whitelist is given, calling a function within the
; blacklist will terminate the script and get logged.
suhosin.executor.eval.blacklist =
; eval() is a very dangerous statement and therefore you might want to disable
; it completely. Deactivating it will however break lots of scripts. Because
; every violation is logged, this allows finding all places where eval() is
; used.
suhosin.executor.disable_eval = Off
; The /e modifier inside preg_replace() allows code execution. Often it is the
; cause for remote code execution exploits. It is wise to deactivate this
; feature and test where in the application it is used. The developer using the
; /e modifier should be made aware that he should use preg_replace_callback()
; instead.
suhosin.executor.disable_emodifier = Off
; This flag reactivates symlink() when open_basedir is used, which is disabled
; by default in Suhosin >= 0.9.6. Allowing symlink() while open_basedir is used
; is actually a security risk.
suhosin.executor.allow_symlink = Off
; -----------------------------------------------------------------------------
; Misc Options
; If you fear that Suhosin breaks your application, you can activate Suhosin's
; simulation mode with this flag. When Suhosin runs in simulation mode,
; violations are logged as usual, but nothing is blocked or removed from the
; request. (Transparent Encryptions are NOT deactivated in simulation mode.)
suhosin.simulation = Off
; APC 3.0.12(p1/p2) uses reserved resources without requesting a resource slot
; first. It always uses resource slot 0. If Suhosin got this slot assigned APC
; will overwrite the information Suhosin stores in this slot. When this flag is
; set Suhosin will request 2 Slots and use the second one. This allows working
; correctly with these buggy APC versions.
suhosin.apc_bug_workaround = Off
; When a SQL Query fails scripts often spit out a bunch of useful information
; for possible attackers. When this configuration directive is turned on, the
; script will silently terminate, after the problem has been logged. (This is
; not yet supported)
suhosin.sql.bailout_on_error = Off
; This is an experimental feature for shared environments. With this
; configuration option it is possible to specify a prefix that is automatically
; prepended to the database username, whenever a database connection is made.
; (Unless the username starts with the prefix)
suhosin.sql.user_prefix =
; This is an experimental feature for shared environments. With this
; configuration option it is possible to specify a postfix that is
; automatically appended to the database username, whenever a database
; connection is made. (Unless the username end with the postfix)
;
; With this feature it is possible for shared hosters to disallow customers to
; connect with the usernames of other customers. This feature is experimental,
; because support for PDO and PostgreSQL are not yet implemented.
suhosin.sql.user_postfix =
; This directive controls if multiple headers are allowed or not in a header()
; call. By default the Hardening-Patch forbids this. (HTTP headers spanning
; multiple lines are still allowed).
suhosin.multiheader = Off
; This directive controls if the mail() header protection is activated or not
; and to what degree it is activated. The appended table lists the possible
; activation levels.
suhosin.mail.protect = 1
; As long scripts are not running within safe_mode they are free to change the
; memory_limit to whatever value they want. Suhosin changes this fact and
; disallows setting the memory_limit to a value greater than the one the script
; started with, when this option is left at 0. A value greater than 0 means
; that Suhosin will disallows scripts setting the memory_limit to a value above
; this configured hard limit. This is for example usefull if you want to run
; the script normaly with a limit of 16M but image processing scripts may raise
; it to 20M.
suhosin.memory_limit = 0
; -----------------------------------------------------------------------------
; Transparent Encryption Options
; Flag that decides if the transparent session encryption is activated or not.
suhosin.session.encrypt = On
; Session data can be encrypted transparently. The encryption key used consists
; of this user defined string (which can be altered by a script via ini_set())
; and optionally the User-Agent, the Document-Root and 0-4 Octects of the
; REMOTE_ADDR.
suhosin.session.cryptkey =
; Flag that decides if the transparent session encryption key depends on the
; User-Agent field. (When activated this feature transparently adds a little
; bit protection against session fixation/hijacking attacks)
suhosin.session.cryptua = On
; Flag that decides if the transparent session encryption key depends on the
; Documentroot field.
suhosin.session.cryptdocroot = On
; Number of octets (0-4) from the REMOTE_ADDR that the transparent session
; encryption key depends on. Keep in mind that this should not be used on sites
; that have visitors from big ISPs, because their IP address often changes
; during a session. But this feature might be interesting for admin interfaces
; or intranets. When used wisely this is a transparent protection against
; session hijacking/fixation.
suhosin.session.cryptraddr = 0
; Number of octets (0-4) from the REMOTE_ADDR that have to match to decrypt the
; session. The difference to suhosin.session.cryptaddr is, that the IP is not
; part of the encryption key, so that the same session can be used for
; different areas with different protection levels on the site.
suhosin.session.checkraddr = 0
; Flag that decides if the transparent cookie encryption is activated or not.
suhosin.cookie.encrypt = 0
; Cookies can be encrypted transparently. The encryption key used consists of
; this user defined string and optionally the User-Agent, the Document-Root and
; 0-4 Octects of the REMOTE_ADDR.
suhosin.cookie.cryptkey =
; Flag that decides if the transparent session encryption key depends on the
; User-Agent field. (When activated this feature transparently adds a little
; bit protection against session fixation/hijacking attacks (if only session
; cookies are allowed))
suhosin.cookie.cryptua = On
; Flag that decides if the transparent cookie encryption key depends on the
; Documentroot field.
suhosin.cookie.cryptdocroot = On
; Number of octets (0-4) from the REMOTE_ADDR that the transparent cookie
; encryption key depends on. Keep in mind that this should not be used on sites
; that have visitors from big ISPs, because their IP address often changes
; during a session. But this feature might be interesting for admin interfaces
; or intranets. When used wisely this is a transparent protection against
; session hijacking/fixation.
suhosin.cookie.cryptraddr = 0
; Number of octets (0-4) from the REMOTE_ADDR that have to match to decrypt the
; cookie. The difference to suhosin.cookie.cryptaddr is, that the IP is not
; part of the encryption key, so that the same cookie can be used for different
; areas with different protection levels on the site.
suhosin.cookie.checkraddr = 0
; In case not all cookies are supposed to get encrypted this is a comma
; separated list of cookie names that should get encrypted. All other cookies
; will not get touched.
suhosin.cookie.cryptlist =
; In case some cookies should not be crypted this is a comma separated list of
; cookies that do not get encrypted. All other cookies will be encrypted.
suhosin.cookie.plainlist =
; -----------------------------------------------------------------------------
; Filtering Options
; Defines the reaction of Suhosin on a filter violation.
suhosin.filter.action = http://www.disney.com
; Defines the maximum depth an array variable may have, when registered through
; the COOKIE.
suhosin.cookie.max_array_depth = 100
; Defines the maximum length of array indices for variables registered through
; the COOKIE.
suhosin.cookie.max_array_index_length = 64
; Defines the maximum length of variable names for variables registered through
; the COOKIE. For array variables this is the name in front of the indices.
suhosin.cookie.max_name_length = 64
; Defines the maximum length of the total variable name when registered through
; the COOKIE. For array variables this includes all indices.
suhosin.cookie.max_totalname_length = 256
; Defines the maximum length of a variable that is registered through the
; COOKIE.
suhosin.cookie.max_value_length = 10000
; Defines the maximum number of variables that may be registered through the
; COOKIE.
suhosin.cookie.max_vars = 100
; When set to On ASCIIZ chars are not allowed in variables.
suhosin.cookie.disallow_nul = 1
; Defines the maximum depth an array variable may have, when registered through
; the URL
suhosin.get.max_array_depth = 50
; Defines the maximum length of array indices for variables registered through
; the URL
suhosin.get.max_array_index_length = 64
; Defines the maximum length of variable names for variables registered through
; the URL. For array variables this is the name in front of the indices.
suhosin.get.max_name_length = 64
; Defines the maximum length of the total variable name when registered through
; the URL. For array variables this includes all indices.
suhosin.get.max_totalname_length = 256
; Defines the maximum length of a variable that is registered through the URL.
suhosin.get.max_value_length = 512
; Defines the maximum number of variables that may be registered through the
; URL.
suhosin.get.max_vars = 100
; When set to On ASCIIZ chars are not allowed in variables.
suhosin.get.disallow_nul = 1
; Defines the maximum depth an array variable may have, when registered through
; a POST request.
suhosin.post.max_array_depth = 50
; Defines the maximum length of array indices for variables registered through
; a POST request.
suhosin.post.max_array_index_length = 64
; Defines the maximum length of variable names for variables registered through
; a POST request. For array variables this is the name in front of the indices.
suhosin.post.max_name_length = 64
; Defines the maximum length of the total variable name when registered through
; a POST request. For array variables this includes all indices.
suhosin.post.max_totalname_length = 256
; Defines the maximum length of a variable that is registered through a POST
; request.
suhosin.post.max_value_length = 65000
; Defines the maximum number of variables that may be registered through a POST
; request.
suhosin.post.max_vars = 200
; When set to On ASCIIZ chars are not allowed in variables.
suhosin.post.disallow_nul = 1
; Defines the maximum depth an array variable may have, when registered through
; GET , POST or COOKIE. This setting is also an upper limit for the separate
; GET, POST, COOKIE configuration directives.
suhosin.request.max_array_depth = 50
; Defines the maximum length of array indices for variables registered through
; GET, POST or COOKIE. This setting is also an upper limit for the separate
; GET, POST, COOKIE configuration directives.
suhosin.request.max_array_index_length = 64
; Defines the maximum length of variable names for variables registered through
; the COOKIE, the URL or through a POST request. This is the complete name
; string, including all indicies. This setting is also an upper limit for the
; separate GET, POST, COOKIE configuration directives.
suhosin.request.max_totalname_length = 256
; Defines the maximum length of a variable that is registered through the
; COOKIE, the URL or through a POST request. This setting is also an upper
; limit for the variable origin specific configuration directives.
suhosin.request.max_value_length = 65000
; Defines the maximum number of variables that may be registered through the
; COOKIE, the URL or through a POST request. This setting is also an upper
; limit for the variable origin specific configuration directives.
suhosin.request.max_vars = 200
; Defines the maximum name length (excluding possible array indicies) of
; variables that may be registered through the COOKIE, the URL or through a
; POST request. This setting is also an upper limit for the variable origin
; specific configuration directives.
suhosin.request.max_varname_length = 64
; When set to On ASCIIZ chars are not allowed in variables.
suhosin.request.disallow_nul = 1
; Defines the maximum number of files that may be uploaded with one request.
suhosin.upload.max_uploads = 25
; When set to On it is not possible to upload ELF executables.
suhosin.upload.disallow_elf = 1
; When set to On it is not possible to upload binary files.
suhosin.upload.disallow_binary = 0
; When set to On binary content is removed from the uploaded files.
suhosin.upload.remove_binary = 0
; This defines the full path to a verification script for uploaded files. The
; script gets the temporary filename supplied and has to decide if the upload
; is allowed. A possible application for this is to scan uploaded files for
; viruses. The called script has to write a 1 as first line to standard output
; to allow the upload. Any other value or no output at all will result in the
; file being deleted.
suhosin.upload.verification_script =
; Specifies the maximum length of the session identifier that is allowed. When
; a longer session identifier is passed a new session identifier will be
; created. This feature is important to fight bufferoverflows in 3rd party
; session handlers.
suhosin.session.max_id_length = 128
; Undocumented: Controls if suhosin coredumps when the optional suhosin patch
; detects a bufferoverflow, memory corruption or double free. This is only
; for debugging purposes and should not be activated.
suhosin.coredump = Off
; Undocumented: Controls if the encryption keys specified by the configuration
; are shown in the phpinfo() output or if they are hidden from it
suhosin.protectkey = 1
; Controls if suhosin loads in stealth mode when it is not the only
; zend_extension (Required for full compatibility with certain encoders
; that consider open source untrusted. e.g. ionCube, Zend)
suhosin.stealth = 1
; Controls if suhosin's ini directives are changeable per directory
; because the admin might want to allow some features to be controlable
; by .htaccess and some not. For example the logging capabilities can
; break safemode and open_basedir restrictions when .htaccess support is
; allowed and the admin forgot to fix their values in httpd.conf
; An empty value or a 0 will result in all directives not allowed in
; .htaccess. The string "legcprsum" will allow logging, execution, get,
; post, cookie, request, sql, upload, misc features in .htaccess
suhosin.perdir = "0"

• what u thing in these setting it is correct?

• should i use values like : ( 511 , 9 , 2 , 1 , 5 , 0 ... ) or Constants like ( S_ALL , S_MAIL , S_MEMORY , S_SQL ... ) ?

• sould i install Suhosin Extension 0.9.20 ?

• How i can know that suhosin work and protect my php?

View Replies!   View Related
Suhosin And .htaccess
I just installed suhosin to setup some limits on one of my servers, everything works well. however, user can still remove these limits by adding php_value in .htaccess, which is not so good.

View Replies!   View Related
How Do I Remove Suhosin-0.9.24 Extension
got suhosin-0.9.24 extension on my centos 5.2 server, the patch has NOT been applied.
how do i remove/uninstall suhosin-0.9.24?

View Replies!   View Related
Suhosin Not Installing Correctly
I have just ran easyapache to update from 5.2.4 to 5.2.5 and selected suhosin.

I can see no evidence of it by viewing phpinfo scripts such as vbulletin's.

i should be able to see something like this yes?
[url]

and there is nothing new in php.ini other than:

Directory in which the loadable extensions (modules) reside.
extension_dir = "/usr/local/lib/php/extensions/no-debug-non-zts-20060613"
zend_extension="/usr/local/IonCube/ioncube_loader_lin_5.2.so"
zend_extension_ts="/usr/local/IonCube/ioncube_loader_lin_5.2_ts.so"
extension="suhosin.so"

Via SSH i get this

# php -v
PHP 5.2.5 (cli) (built: Apr 26 2008 06:45:31)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
with the ionCube PHP Loader v3.1.32, Copyright (c) 2002-2007, by ionCube Ltd., and
with Zend Extension Manager v1.2.2, Copyright (c) 2003-2007, by Zend Technologies
with Suhosin v0.9.23, Copyright (c) 2007, by SektionEins GmbH
with Zend Optimizer v3.3.3, Copyright (c) 1998-2007, by Zend Technologies

# /usr/bin/php -v
PHP 5.2.5 (cgi) (built: Apr 26 2008 06:49:11)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
with the ionCube PHP Loader v3.1.32, Copyright (c) 2002-2007, by ionCube Ltd., and
with Zend Extension Manager v1.2.2, Copyright (c) 2003-2007, by Zend Technologies
with Suhosin v0.9.23, Copyright (c) 2007, by SektionEins GmbH
with Zend Optimizer v3.3.3, Copyright (c) 1998-2007, by Zend Technologies

View Replies!   View Related
Suhosin And Server With 300+sites, May It Cause A Conflict
Im using RHE 4 + cpanel

Im considering Suhosin, in fact i am using it in other plain server were i have 1 or 2 sites. But this is a very high traffic with 300 + sites, lot of sites are using cms apps..

may it cause conflicts with this apps?

View Replies!   View Related
Dedicated Server Resolver Since Suhosin Install
For the last several days on one of our dedicated servers, a AMD 3000+ 2GB RAM 2x80GB HDD 5TB traffic installed with CentOS 5.3 64-bit w/a GNU Linux kernel-2.6.18-128.1.10.el5, we use as a 'backup' to our master, we've been having resolver issues. If we attempt to ping, dig or nslookup ANY hostname, we get "unknown host domainexample.com". We can, however, ping IP addresses, including the external one for the server. (Pinging the server from another, not connected to the network returns 0% packet loss.)

Our package managers can't resolve hostnames, either. For instance, when we try to run yum, we get:

"Could not retrieve reponamehere [url]
[Errno 4] IOError: <urlopen error (-2, 'Name or service not known')>
Error: Cannot find a valid baseurl for repo: reponamehere"

We've already tried disabling several repos and it should be noted that when we use "wget" or "git" or any other package installer, we have the same resolving issues.

Our "/etc/resolv.conf" contains nameservers for the major upstream DC to our provider, which gave us permission to use them. We've tried two sets from them as well as those from our provider and from a DNS service provider. None have worked. (BTW, We have two servers with this provider and the other one is fine; the provider, though this is an unmanaged sever, is attempting to be very helpful and responsive. No problems there.)

We've tried rebooting the server and flushing IPtables as well as stopping it altogether. (Thankfully, we've set our DNS, SQL and httpd servers to run on boot) Nothing seems to resolve the issue (no pun intended).

However, we think this problem may have to do with having installed Suhosin on the server this past weekend since it seems to have started shortly after that but we're not sure. We are getting the following errors in from our httpd logs, though:

[Fri Jun 19 12:52:25 2009] [notice] Graceful restart requested, doing restart
[Fri Jun 19 12:52:25 2009] [error] (9)Bad file descriptor: apr_socket_accept: (client socket)
[Fri Jun 19 12:52:26 2009] [notice] Digest: generating secret for digest authentication ...
[Fri Jun 19 12:52:26 2009] [notice] Digest: done
PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib64/php/modules/suhosin.so' - /usr/lib64/php/modules/suhosin.so: undefined symbol: php_rfc1867_callback in Unknown on line 0
[Fri Jun 19 12:52:26 2009] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
[Fri Jun 19 12:52:27 2009] [notice] Apache configured -- resuming normal operations

When we ran 'tcpdump', all it returned was the IP address for the server connected on several ports via SSH. Running 'netstat -an' shows the server's IP address, again connected on different ports, and the localhost address connected on a few. No other IP addresses--and we have about 10--are showing as connected.

Anyway, this is all we've been able to figure out. Anyone had this problem and solved it successfully?

View Replies!   View Related
Server Ban Me, How2find If Iptables, Apf, Mod_security, Suhosin
My server ban me sometimes, while I am surfing on one of my websites(mostly Drupal, Joomla, Wordpress). Sometimes it happens with first visit sometimes later. I couldnt find the reason. Sometimes I cannot either create a ssh connection after ban. But ping answered after ban.

Which path/logs should I analize to find it? I tried with grep but couldnt find:

grep -iR 'my.old.ip' /var/log ... /etc/apf ... /usr/local/apache/...

I think mod_security and suhosin cannot block ssh, then iptables, lokkit or apf must be preventer here.

Where are logs of Iptables and APF? Or how can I find the reason?

View Replies!   View Related
Site Images Problem After Installing Suhosin
I installed suhosin successfully but most images in the website is not working it show red X box

this is the suhosin list from php info

This program makes use of the Zend Scripting Language Engine:
Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies with the ionCube PHP Loader v3.1.32, Copyright (c) 2002-2007, by ionCube Ltd., and with Zend Extension Manager v1.2.0, Copyright (c) 2003-2007, by Zend Technologies with Suhosin v0.9.18, Copyright (c) 2002-2006, by Hardened-PHP Project with Zend Optimizer v3.2.2, Copyright (c) 1998-2006, by Zend Technologies

suhosin
This server is protected with the Suhosin Extension 0.9.18

Copyright (c) 2006 Hardened-PHP Project  

Directive Local Value Master Value 
suhosin.apc_bug_workaround Off Off 
suhosin.cookie.checkraddr 0 0 
suhosin.cookie.cryptdocroot On On 
suhosin.cookie.cryptkey [ protected ] [ protected ] 
suhosin.cookie.cryptlist no value no value 
suhosin.cookie.cryptraddr 0 0 
suhosin.cookie.cryptua On On 
suhosin.cookie.disallow_nul 1 1 
suhosin.cookie.encrypt Off Off 
suhosin.cookie.max_array_depth 100 100 
suhosin.cookie.max_array_index_length 64 64 
suhosin.cookie.max_name_length 64 64 
suhosin.cookie.max_totalname_length 256 256 
suhosin.cookie.max_value_length 10000 10000 
suhosin.cookie.max_vars 100 100 
suhosin.cookie.plainlist no value no value 
suhosin.coredump Off Off 
suhosin.executor.allow_symlink Off Off 
suhosin.executor.disable_emodifier Off Off 
suhosin.executor.disable_eval Off Off 
suhosin.executor.eval.blacklist no value no value 
suhosin.executor.eval.whitelist no value no value 
suhosin.executor.func.blacklist no value no value 
suhosin.executor.func.whitelist no value no value 
suhosin.executor.include.blacklist no value no value 
suhosin.executor.include.max_traversal 0 0 
suhosin.executor.include.whitelist no value no value 
suhosin.executor.max_depth 0 0 
suhosin.filter.action no value no value 
suhosin.get.disallow_nul 1 1 
suhosin.get.max_array_depth 50 50 
suhosin.get.max_array_index_length 64 64 
suhosin.get.max_name_length 64 64 
suhosin.get.max_totalname_length 256 256 
suhosin.get.max_value_length 512 512 
suhosin.get.max_vars 100 100 
suhosin.log.file 0 0 
suhosin.log.file.name no value no value 
suhosin.log.phpscript 0 0 
suhosin.log.phpscript.is_safe Off Off 
suhosin.log.phpscript.name no value no value 
suhosin.log.sapi 0 0 
suhosin.log.script 0 0 
suhosin.log.script.name no value no value 
suhosin.log.syslog no value no value 
suhosin.log.syslog.facility no value no value 
suhosin.log.syslog.priority no value no value 
suhosin.log.use-x-forwarded-for Off Off 
suhosin.mail.protect 0 0 
suhosin.memory_limit 0 0 
suhosin.multiheader Off Off 
suhosin.post.disallow_nul 1 1 
suhosin.post.max_array_depth 100 100 
suhosin.post.max_array_index_length 64 64 
suhosin.post.max_name_length 64 64 
suhosin.post.max_totalname_length 256 256 
suhosin.post.max_value_length 65000 65000 
suhosin.post.max_vars 200 200 
suhosin.protectkey On On 
suhosin.request.disallow_nul 1 1 
suhosin.request.max_array_depth 100 100 
suhosin.request.max_array_index_length 64 64 
suhosin.request.max_totalname_length 256 256 
suhosin.request.max_value_length 65000 65000 
suhosin.request.max_varname_length 64 64 
suhosin.request.max_vars 200 200 
suhosin.session.checkraddr 0 0 
suhosin.session.cryptdocroot On On 
suhosin.session.cryptkey [ protected ] [ protected ] 
suhosin.session.cryptraddr 0 0 
suhosin.session.cryptua On On 
suhosin.session.encrypt On On 
suhosin.session.max_id_length 128 128 
suhosin.simulation Off Off 
suhosin.sql.bailout_on_error Off Off 
suhosin.sql.comment 0 0 
suhosin.sql.multiselect 0 0 
suhosin.sql.opencomment 0 0 
suhosin.sql.union 0 0 
suhosin.sql.user_postfix no value no value 
suhosin.sql.user_prefix no value no value 
suhosin.stealth On On 
suhosin.upload.disallow_binary 0 0 
suhosin.upload.disallow_elf 1 1 
suhosin.upload.max_uploads 25 25 
suhosin.upload.remove_binary 0 0 
suhosin.upload.verification_script no value no value 

View Replies!   View Related
Suhosin- Ipb , Vbulliten ,phpbb3 With The Images On The Forum Are Not Displaying Properly..
i have Suhosin installed on my server now some of my sites are facing problem i.e forums like ipb , vbulliten ,phpbb3 with the images on the forum are not displaying properly..

So is this problem related to the values of these two fields present in Suhosin

suhosin.post.max_value_length =

suhosin.request.max_value_length =

is Suhosin good for shared servers?

View Replies!   View Related
How To Install Mod_security, Suhosin, Mod_Evasive On Server Plesk (apache2, Php5)
how to install mod_security, suhosin, Mod_Evasive on server plesk (apache2, php5)?
win I loacate apxs I have empty results

View Replies!   View Related
Configuring IIS
I have IIS with the default site and a site i created. it appeared to be configured correctly but even from the server if i try to "browse" any of the pages i still get "internet explorer cannot display the page" from my site and "under construction" from the IIS default site.

View Replies!   View Related
Configuring USB-LAN
I have a machine which runs on Desktop board with 1 LAN port built in.
I just bought a new USB-LAN and plug into the USB but I have question about how to configure it. I cannot see eth1 inside /etc/sysconfig/network-scripts, so where can I configure USB LAN?

View Replies!   View Related
Configuring DNS And Nameservers
I got dedicated server with plesk 7.8 installed on it. Can anybody tell me what to do next to add new website.

I have ip through which i can login to plesk control panel.

I want to know how can i create name servers which i will use for my domains like ns1.abc.com ns2.abc.com.

What setting i need to create by use DNS button in control panel to run my sites properly.

View Replies!   View Related
WHM Is Not Actually Configuring Apache?
I'm over here trying to rebuild php with GD in WHM, I go through the entire motion of Apache Update (with GD selected as a PHP Module) and ummmm... after it's done, I check my phpinfo() and there is no GD section, let alone has the build date been changed.

View Replies!   View Related
Configuring DNS Information
I am moving my servers this week and my new host doesn't do domain hosting. This is my first time doing it, I need help in pointing my domain to the new server. I just need the basic settings for A, CNAME and MX records.

View Replies!   View Related
Configuring Sendmail
how to which will help me to make a correct configuration of mail server. I want to set up a mail server with e.g three domain names and all three domain names will have few similar email addresses like info, sales, marketing and so on. I know that this can be done by using control panels but I am not big fan of control panels I want to do a pure Linux administration using the command line.

View Replies!   View Related
Configuring A DR Site
Is there somewhere that either has a tutorial or explains how a DR site is setup and activated when the primary site goes down? And how do you configure it to fail-over to the primary site again once it is back up and running?

I'm planning to have a certain hardware configuration in place at a primary site (load balancers/web/app/database/SAN) supporting a service that MUST remain online. Because it's mission critical, I also will need a DR (disaster recovery) configuration at a secondary site. My challenge is how to configure DNS or whatever to fail over the primary site to the secondary site if the primary experiences a failure of some sort. Then fail it back post-recovery.

I am planning to use the secondary site to burn-in development prior to go-live and when ready, migrate the changes to the primary so both sites are identical.

I am doing some investigation regarding NetScaler appliances to understand how they work. At first glance it seems they are able to direct incoming traffic to specific locations based on various criteria (geo, speed, load capacity, etc). I noticed they are also a recommended solution by Citrix for traffic management... but a DR solution is evading me. And something is telling me it's not all about some piece of hardware.

View Replies!   View Related
Configuring My DNS And Godaddy
i got DNS and IIS installed and configued DNS completely by the book. I made 2 forward lookup zones ns1 and ns2.mydomain.net

what is this step im missing between that process and being able to tell godaddy to hit my nameserver. it just keeps telling me they are not registered nameservers so i must be missing something here.

View Replies!   View Related
Configuring SSL With CPanel/WHM
I have got a WHM Reseller Account, with a Dedicated IP address and RapidSSL Certificate.

My host has setup the SSL for me, and it works fine when I access [url](where main-domain.com is the Domain associated with my WHM account).

However when I try and access https on any Account which I've made under my Reseller Account, I'm just redirected back to [url]

I was under the impression that if I accessed a Domain on an account I made that shares the same IP as my SSL Certificate, that the SSL Certificate would appear for that Domain name too, but this isn't the case.

Is there any change the my DNS records, or something I can ask my host to do to get it to work?

View Replies!   View Related
Configuring Nagios ..
I want to configure Nagios to monitor Windows and Linux servers and their services. I have to install NSClient in Windows servers and NRPE in Linux servers to collect the data. I don't want to install any plugin in any server. Is there any guide available which describes how to enable Monitoring of servers using SNMP through Nagios?

View Replies!   View Related
Configuring Plesk
is it possible for us to set up plesk sp that it monitors bandwidth usage week on week instead of month on month?

View Replies!   View Related
Configuring My Iptables
I saw an ad on WHT by LimeStone Networks and decided to get a server from them. My server was made within few hours. On the server, I was only able to connect to the SSH on port 22, I could not login to the DirectAdmin or anything.

So, I tried shutting down the "iptables" firewall like this:

Code:
service iptables stop
and then tried to access the directadmin like this:

[url]

and it worked. So, the problem is that, my host only configured ssh on my server and didnt configure the rest.

How do I open the rest of ports, e.g.

2222 (directadmin)
80 (web server)
21 (ftp)
443 (https)
3306 (mysql)

etc... ?

on the welcome email, this is what they said about the firewall, but I don't quite understand

Quote:

Please be advised that your server's firewall is active for your protection and will only accept connections on port 22/tcp by default.

If you modify firewall or IPTable rules on your server, please be sure to have them configured to allow inbound and outbound traffic on all ports (TCP & UDP 1-65535) from 209.130.152.0/28.

View Replies!   View Related
Configuring PureFTPd On A VPS
I'm trying to install and configure pureFTPD on my VPS which I just got.

Right, here goes one of my stupid questions:

When I try to start pure-ftpd (with the command /usr/sbin/pure-ftpd & ), this is what I get:

[1] 20271

What does [1] 20271 mean (or it may be other random number)?

And I can't see pure-ftpd as a running process (ps -ef command). So what's happening, how do I start pure-ftpd properly? It is installed as far as I understand.

Quote:

...lots of other packages...
ii pure-ftpd 1.0.21-8 Pure-FTPd FTP server
ii pure-ftpd-comm 1.0.21-8 Pure-FTPd FTP server (Common Files)

View Replies!   View Related
Configuring Dedicated Ip
We check a domain under dnsreport and all seems ok

But, when we assign IP (not the main shared) to the account and check dnsreport we see this error:

Reverse DNS entries for MX records
ERROR: The IP of one or more of your mail server(s) have no reverse DNS (PTR) entries/* (if you see "Timeout" below, it may mean that your DNS servers did not respond fast enough)*/. RFC1912 2.1 says you should have a reverse DNS for all your mail servers. It is strongly urged that you have them, as many mailservers will not accept mail from mailservers with no reverse DNS entry. You can double-check using the 'Reverse DNS Lookup' tool at the DNSstuff site if you recently changed your reverse DNS entry (it contacts your servers in real time; the reverse DNS lookups in the DNS report use our local caching DNS server). The problem MX records are:
**** [No reverse DNS entry (rcode: 3 ancount: 0)

AND

Mail server host name in greeting
WARNING: One or more of your mailservers is claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). If your mailserver sends out E-mail using this domain in its EHLO or HELO, your E-mail might get blocked by anti-spam software. This is also a technical violation of RFC821 4.3 (and RFC2821 4.3.1). Note that the hostname given in the SMTP greeting should have an A record pointing back to the same server. Note that this one test may use a cached DNS record.

www.***.com claims to be host host.***.com [but that host is at **** (may be cached), not ****].

-------------------

View Replies!   View Related
Configuring A New Server
Actually my DSL provide me 1024 kbps of Internet Access. I am wanna connect computers to that network and rent the pc in my own country.

Here the features of that I have:

- 2 Desktop PC ready for connect.
- 1 router with 4 lan Port.
- 1 Dynamic ip
- 1024 kbps of Internet connection.

the desktop pc will be configuring with Centos 4.x and I wanna install on it a control panel like directadmin.

Here the issues:

- How I can configure 2 statics ip for each desktop pc?
- The desktop pc will be connected every one in the same router?
- How I can know how will be the rendiment with 1024 kbps?

View Replies!   View Related
Configuring POP3 Account
I am using lxadmin on my vps. In a mail system I need to configure pop3 account to fetch mails. I am using it on a folder "main site/folder". Please can any one tell me how to configure POP 3 account in lxadmin for the folder or any subdomain.

View Replies!   View Related
Configuring A ASA 5510 For Hosting
for setting up my ASA 5510? I'm assuming I'll configure it for just permit ip any any and let it do inspections. I wouldn't want to have to create a permit statement for every one of my customers'

View Replies!   View Related
Configuring Php/mysql On IIS Server
I have setup php and mysql on a windows IIS 6 server. php has installed fine and works but I have 2 problems

1. When i browse to http://localhost i get a 403 error but when browsing to http://localhost/index.php it works fine. It makes me think that the server does not know what extension to default to when doing a directory listing

2. I have phpmyadmin installed and the cfg file is set to do a 'config' authentication. That works but everytime i go to submit a form to create a new database or anything i get prompted with an HTTP user/pass. I'm not sure if this is a phpmyadmin issue or a php configuration issue

View Replies!   View Related
Configuring Linux For Colocation
I am setting up CentOS linux on a 1U server for colo, a CentOS basic install without graphic interface, just the compilers package and the basic stuff will be installed.

However, before I rack this server up I need to do some things to make it work. I already know that I have to disable IPtables (or clear the firewall rules).

Do you usually have a list of things to do before you colo a linux server? Please share, as I will have to go thru it.

View Replies!   View Related
Configuring Cpanel With Dnsonly
let's say I have 2 vps (ns1.myhost.xxx and ns2.myhost.xxx) running dnsonly cpanel and 2 dedi server running cpanel (srv1.myhost.xxx and srv2.myhost.xxx).

is it possible to have dns server only on the vps?

View Replies!   View Related
Configuring Multiple Servers
I was talking to my host the other day about configuring multiple servers as a private LAN. I was wondering if anyone has successfully set up a configuration of using separate servers for each task for shared hosting accounts. I.E. Having certain servers as web servers and others dedicated as MySQL servers, e-commerce servers, mail servers etc.

Does anyone do this? I can see it boosting performance.

View Replies!   View Related
Configuring Apache With SSL On Windows
i couldn't find a more suitable category to put this post in: I am setting up a development server local to my office here, so that we can develop projects using an SVN app, but the SVN system needs SSL for logging in. i am now going round in circles where httpd.exe cannot start as a service from the apache monitor, with the following error:

The Apache service named reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.84 for ServerName
in the windows event viewer.

I'm using:
Windows XP Home edition, SP3
Apache 2.2.9
full computer name is devserver
workgroup is WORKGROUP

I used openssl bundled with this version of apache to generate the SSL certificate, and they all seem to be ok. When i change the line

SSLEngine on

in the httpd-ssl.conf file, the apache service starts when the SSLEngine is off, but not when the SSLEngine is on.

i have trawled the internet but not found any answer. ive checked thru httpd.conf and httpd-ssl.conf several times but i just can't see anything wrong (although im not entirely experienced!).

View Replies!   View Related
Configuring Juniper Netscreen-25
I am tried of not finding a good documentation on now to configure netscreen-25 firewall.

This is the current setup;

Ethernet Drop -> Netscreen (connected via straight RJ-45)

NetScreen -> Switch (Connected via cross-over cable)

This is the what I want to be able to do...

I am assigned a 76.36.57.32/27 subnet
Netmask 255.255.255.224
Gateway 76.36.57.33

1) Make Netscreen accessible via IP 76.36.57.34 for remote management.

2) I dont want netscreen to assign IPs for my wired devices because I've already set all their IPs and those are the ones I want to use.

Now, I did read the manual [url] and went to Network -> Interfaces -> Ethernet 1 Trust *edit* and in the "IP address" box I typed 76.36.57.34 and netmask "/27".

In the "Manage IP" box, I typed 76.36.57.39/27 according to the manual.

After doing all that, I cant access any of my "wired" devices behind firewall and neither can I access the firewall itself with the IP I assigned.

View Replies!   View Related
Configuring Second Dedicated Server
I provide webhosting services (mycompany.com) to clients and I need some help regarding setting up my second server.

Till the domain name resolves, new clients are given the temporary url mycompany.com/~accountname where the A record of mycompany.com points to the main server i.p. of the first server

I am in process of setting up my second dedicated server.

mycompany.com/~accountname will not work on the second server as the I.P. of mycompany.com points to the first server.

How do I setup my company's url on the second server so that clients can access their accounts by mycompany.com/~accountname?

How do you setup accounts on both servers under mycompany.com.

View Replies!   View Related
Configuring PHP To Work With MySql
I'm using Windows XP and installed Apache, PHP 5 and MySql 5. They were all working before, but recently I had to format my hard drive. Fortunately, I had an image of my computer created from before but MySql was not installed when that image was created.

After deploying that image, everything seems to be working fine. The server is running and PHP scripts are executing as well. But I can't seem to have MySql to work. I've followed many tutorials online, but have no luck.

I have edited the php.ini file to point to the correct directory that holds the extentions or dll's. I also enabled the following:

extension=php_mbstring.dll
extension=php_mysqli.dll
extension=php_mysql.dll

I already tested to see if MySql was correctly installed by using the command line client and it seems to be installed. I was able to log in and see the default databases created.

But when I run the following php script

<? phpinfo() ?>

I don't see the MySql section anywhere and that's why I'm assuming that PHP is not currently working with MySql for me. However, interestingly, I do see the "mbstring" section, which I assume should show only if MySql is working with PHP. But nothing else related to MySql info shows up. I've attached part of the screen shot if it helps you.

View Replies!   View Related
Configuring Home Dir For Webapps
I'm on Apache/2.0.59 (Win32) mod_jk/1.2.21 Tomcat 5.5.9 and having a hard time configuring Home or Root dir for each domain.

For eg. domain1.com works as [url], but not directly. How do I set dir1 as domain1's root?

I tried the apache <virtualHost> directive in httpd.conf, which correctly sets dir1 as domain1's root but then the jsp doesn't work, index.jsp code is displayed in the browser.

I also tried several <host> combinations in server.xml, but nothing worked.

View Replies!   View Related
Configuring Apache To Run Php Without Shebang Line
I posted this problem in the PHP forum without a response. I thought this forum might be better.

View Replies!   View Related
Configuring Subdomains In Apache On A Localhost
I'm currently trying to configure apache 2 to handle subdomains. This is on a local machine (not tied to any domain names) and I'm only doing it to research how the final structure of a site 'could' be setup.

Basically I have a single install of Apache 2 running. The outcome eventually should be to have specific sub domains that all point to the same document root as the actual domain name. So eventually I will have:

http://www.mydomain.com
http://subdomain1.mydomain.com
http://subdomain2.mydomain.com

with both subdomains showing the content at mydomain.com (there is reasoning behind this but I'm not gonna go into that).

I have apache setup as follows:

NameVirtualHost *:80

<VirtualHost *:80>
ServerName daneastley
DocumentRoot "C:/Program Files/Apache Group/Apache2/htdocs"
</VirtualHost>


<VirtualHost *:80>
ServerName subdomain1.daneastley
DocumentRoot "C:/Program Files/Apache Group/Apache2/htdocs"
</VirtualHost>

<VirtualHost *:80>
ServerName subdomain2.daneastley
DocumentRoot "C:/Program Files/Apache Group/Apache2/htdocs"
</VirtualHost>

Now on my local machine, only the top one works - the subdomains dont. if I add the following into my hosts file in windows, they all work:
127.0.0.1 daneastley
127.0.0.1 subdomain1.daneastley
127.0.0.1 subdomain2.daneastley

the problem being, that I wish to test this enviroment on the local network. How would I go about having every computer being able to access this? I'm assuming it comes down to DNS stuff.

View Replies!   View Related
Configuring Passive FTP To Work With Firewall
I'm running a Win2003 dedicated server with IIS and Plesk v9. While trying to configure my FTP ports I found out that my host has a basic (free) hardware firewall on my main/shared IP with ports 2000-2015 reserved for passive FTP connections. I asked them if they could change the ports to match the default ones but to customize hardware firewall settings I'm require to upgrade to a paid solution.

I again tried to approach the problem by trying to get IIS to conform to the host's ports. However after some research I found that the default MSFTP range is 1025-5000 while custom values have to be between 5001-65535. My host recommends I upgrade to a personal hardware firewall or make do with a software firewall. Other than dropping the firewall is there nothing I can do here?

I've thought of serving FTP on a dedicated IP (which would be exempted from the hardware firewall) but when I tried to set it up I got a directory permission error during connection attempts. I may be mistaken but this appears to be an an issue with Plesk not liking to serve a website's HTTP and FTP on separate IPs. Is solving this problem my best bet?

View Replies!   View Related
Configuring A Linux Router/firewall
I run a small datacenter, and we are migrating from Cisco to Linux based routers.
This routers should run a firewall, DDOS mitigation rules, CBQ bandwidth limitation, etc..

I know how to mitigate DDOS using tcpdump, also I know how to route..

I just need some advice about the firewall, stopping basic DDOS, fragmented packets, etc..

Should I use APF firewall in this case? Is there a good IPTABLES set of rules I could use?

I'm giving up from Ciscos, as I just discovered there are some UDP packets that can easily break them. I tested it last night, and that was it, nothing secure A few traffic (bogus UDP packets) and the router was down for a few minutes.

View Replies!   View Related
Copyright © 2005-08 www.BigResource.com, All rights reserved