HTTPD Security Update - Slackware

This is a discussion on HTTPD Security Update - Slackware ; Don't forget to save your index.html file......

+ Reply to Thread
Results 1 to 7 of 7

Thread: HTTPD Security Update

  1. HTTPD Security Update

    Don't forget to save your index.html file...

  2. Re: HTTPD Security Update

    On Fri, 15 Feb 2008, Thomas Ronayne wrote:

    >
    > Don't forget to save your index.html file...


    huh, what are you on about



    --
    Cheers
    Res

    mysql> update auth set Framed-IP-Address='127.0.0.127' where user= 'troll';

  3. Re: HTTPD Security Update

    Res wrote:
    > On Fri, 15 Feb 2008, Thomas Ronayne wrote:
    >
    >>
    >> Don't forget to save your index.html file...

    >
    > huh, what are you on about
    >
    >
    >

    The update does not create an index.html.new (or and index.html.old) it
    just overwrites your existing /var/www/htdocs/index.html (thus blowing
    sending your web page to the Great Byte Bucket in the Sky).

  4. Re: HTTPD Security Update

    On Fri, 15 Feb 2008, Thomas Ronayne wrote:

    > The update does not create an index.html.new (or and index.html.old) it just
    > overwrites your existing /var/www/htdocs/index.html (thus blowing sending
    > your web page to the Great Byte Bucket in the Sky).


    I'm trying to reproduce that now on stock install box.. bugger you're
    right!
    (as I do some beta testing with apache i always use source direct from
    apache.org so i never noticed this)

    Please reply to your security update message informing Pat of this.


    --
    Cheers
    Res

    mysql> update auth set Framed-IP-Address='127.0.0.127' where user= 'troll';

  5. Re: HTTPD Security Update

    Res wrote:
    > On Fri, 15 Feb 2008, Thomas Ronayne wrote:
    >
    >> The update does not create an index.html.new (or and index.html.old)
    >> it just overwrites your existing /var/www/htdocs/index.html (thus
    >> blowing sending your web page to the Great Byte Bucket in the Sky).

    >
    > I'm trying to reproduce that now on stock install box.. bugger you're
    > right! (as I do some beta testing with apache i always use source
    > direct from apache.org so i never noticed this)
    >
    > Please reply to your security update message informing Pat of this.
    >
    >

    Oh, I did -- and found out that I've been doing it wrong all along,
    sigh. Seems you're not supposed to build your web stuff in //var/www/
    (who knew) but in //usr/local/ or somewhere or other.

    Sez Pat:

    The /var/www/htdocs/index.html is meant for the Apache
    documentation. Like any other file in a package, there are no
    promises that an upgrade will not overwrite it. FWIW, I've never
    run a web server using /var/www/htdocs/ as my DocumentRoot.

    Take care,

    Pat

    So I'm off trying to figure out how in blazes to get the thing working
    with a DocumentRoot //usr/local/apache/ or //usr/local/httpd/ and am
    having a hell of a time getting web pages to work and be able to select
    the Apache manual that's sitting in //var/www/htdocs./

    Oh, well, onward and downward, eh?

    Thomas

  6. Re: HTTPD Security Update

    On Fri, 15 Feb 2008 21:45:00 -0500, Thomas Ronayne wrote:

    >Res wrote:

    ....
    >> Please reply to your security update message informing Pat of this.
    >>
    >>

    >Oh, I did -- and found out that I've been doing it wrong all along,
    >sigh. Seems you're not supposed to build your web stuff in //var/www/
    >(who knew) but in //usr/local/ or somewhere or other.
    >
    >Sez Pat:
    >
    > The /var/www/htdocs/index.html is meant for the Apache
    > documentation. Like any other file in a package, there are no
    > promises that an upgrade will not overwrite it. FWIW, I've never
    > run a web server using /var/www/htdocs/ as my DocumentRoot.
    >
    > Take care,
    >
    > Pat
    >
    >So I'm off trying to figure out how in blazes to get the thing working
    >with a DocumentRoot //usr/local/apache/ or //usr/local/httpd/ and am
    >having a hell of a time getting web pages to work and be able to select
    >the Apache manual that's sitting in //var/www/htdocs./


    FWIW I have in /etc/apache/httpd.conf (slack-11, apache 1.3):
    ....
    DocumentRoot "/var/www/web"
    ....
    Alias /manual/ "/var/www/htdocs/manual/"
    ....

    and:

    ~$ ls -l /var/www/web
    lrwxrwxrwx 1 root root 10 2007-01-30 09:14 /var/www/web -> /home/web/

    So web site's /manual/ -> the right place, but this available only locally,
    my public web sites are virtual servers a level down in the web directory
    hierarchy so that the local documentation is not served to the public.
    (And direct access by the public IP goes to a nonsense server -- splat!).

    Grant.
    --
    http://bugsplatter.mine.nu/

  7. Re: HTTPD Security Update

    On Fri, 15 Feb 2008, Thomas Ronayne wrote:

    > Oh, I did -- and found out that I've been doing it wrong all along, sigh.
    > Seems you're not supposed to build your web stuff in //var/www/ (who knew)
    > but in //usr/local/ or somewhere or other.


    Ah OK
    I've alwyas used /var/www/html

    >
    > Sez Pat:
    >
    > The /var/www/htdocs/index.html is meant for the Apache
    > documentation. Like any other file in a package, there are no


    That's rather strange, and for once in my entire life i actually disagree
    with Pat, because since he keeps things mostly true to how they are meant
    to be, Apache source is:

    #
    # DocumentRoot: The directory out of which you will serve your
    # documents. By default, all requests are taken from this directory, but
    # symbolic links and aliases may be used to point to other locations.
    #
    DocumentRoot "/usr/local/apache/htdocs"
    (most people always substitute this to /var/www so it can have its own
    disks etc)

    #
    # Provide access to the documentation on your server as
    # http://yourserver.example.com/manual/
    # The documentation is always available at
    # http://httpd.apache.org/docs/2.2/
    #
    # Required modules: mod_alias, mod_setenvif, mod_negotiation
    #






    --
    Cheers
    Res

    mysql> update auth set Framed-IP-Address='127.0.0.127' where user= 'troll';

+ Reply to Thread