You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Florent Georges <li...@fgeorges.org> on 2009/03/09 12:57:32 UTC
[users@httpd] Validating HTTP requests
Hi,
I am looking for an HTTPD module. I've made a few searches
within the repository but didn't find anything. So just in
case I missed something...
I look for a tool to validate HTTP requests. The perfect
tool would install in the HTTP server and respond to HTTP
requests with a validation report (as text, or XML, or HTML,
or whatever.) By validating, I mean validate the request
against the HTTP grammar, checking that required info are
there, that "\r\n" are used and not just "\n", checking that
multipart requests are well-formed (Content-Length are
corrects, so are boundaries, etc.,) the different headers,
etc.
Do you know something corresponding (at least vaguely) to
that description? If you know any library that does that job
(instead of an HTTPD module,) I am also interested, I can
write a CGI script or anything else to plug it.
Regards,
--
Florent Georges
http://www.fgeorges.org/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Validating HTTP requests
Posted by Ivars Strazdiņš <iv...@gmail.com>.
Florent Georges wrote:
> Ivars Strazdiņš wrote:
>
> Ivars,
>
>
>> mod_security ?
>> http://www.modsecurity.org/
>>
>
> Thank you. But if I am right, this allows one to plug its own validation rules in Apache (or use built-in rules from ModSecurity but those are oriented to the application scope: injection detection, authentication etc.) I don't see how it could be use in my case, but I maybe have missed something? Did you think about a particular way to using it in that context?
>
No, not really. It was a gross assumption that you need a module which
verifies input and allows you to write your own rules.
BR,
Ivars
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Validating HTTP requests
Posted by Florent Georges <li...@fgeorges.org>.
Ivars Strazdiņš wrote:
Ivars,
> mod_security ?
> http://www.modsecurity.org/
Thank you. But if I am right, this allows one to plug its own validation rules in Apache (or use built-in rules from ModSecurity but those are oriented to the application scope: injection detection, authentication etc.) I don't see how it could be use in my case, but I maybe have missed something? Did you think about a particular way to using it in that context?
Regards,
--
Florent Georges
http://www.fgeorges.org/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Validating HTTP requests
Posted by Ivars Strazdiņš <iv...@gmail.com>.
Florent Georges wrote:
> I am looking for an HTTPD module. I've made a few searches
> within the repository but didn't find anything. So just in
> case I missed something...
>
> ...
>
mod_security ?
http://www.modsecurity.org/
Ivars
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Validating HTTP requests
Posted by Frank Gingras <fr...@gmail.com>.
Mohil,
Please disregard this troll. He has been known to infect every new
thread in this mailing list.
Frank.
Flowering Weeds wrote:
>
>
>
>> Subject: Re: [users@httpd] Validating HTTP requests
>>
>>
>> Brian Mearns wrote:
>>
>>
>>> Sorry, don't know of anything in particular, but it seems
>>> to me that Apache itself would necessarily be doing some
>>> amount of validation on the in coming requests.
>>>
>> Yes of course :-). But 1/ I'd like the validation to be as strict as possible (as you said, I expect Apache to be a bit lenient with its clients) and 2/ I'd like to have the report with useful information in case of failure to be sent in response to the request, instead of having to give the client the right to dig into the logs on the server.
>>
>> Thanks for your response, regards,
>>
>>
>
>
>
>
> One hates to say it but
>
>
>
> All current Windows systems have an object that does this
>
>
>
> http.sys
>
>
>
> Http.sys can be used by an application using HTTP (if one wishes to use http.sys), and all these apps can use the same IP / Port (or not).
>
>
>
> One can read the http.sys error log with Log Parser like this
>
>
>
> LogParser.exe "SELECT * FROM HTTPERR"
>
>
>
> I will soon have an Apache post where one will using the Windows .NET automation toool,
>
> PowerShell (like sed, bash, and perl but dealing with complete objects instead of only text),
>
> to check the http.sys error log. One will be able to compare these http.sys's error times to
>
> the times within the Apache access log and the Apache error log. This will also demo "finding
>
> same time" log actions for possible trouble checking of Apache.
>
>
>
>
>
> _________________________________________________________________
> Hotmail® is up to 70% faster. Now good news travels really fast.
> http://windowslive.com/online/hotmail?ocid=TXT_TAGLM_WL_HM_70faster_032009
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Validating HTTP requests
Posted by Frank Gingras <fr...@gmail.com>.
John,
It seems to have gone through just fine this time. Perhaps gmail got
wonky and thought it was spam (based on the content of your response).
We'll consider it an anomality for now, and cross our fingers.
Frank.
John Hudak wrote:
> Here is what I posted earlier....
> Hello:
> Running: ps aux |grep http|grep -v "\(root\|grep\)"|wc -l
> Yielded: 0
>
> Looking specifically for 'apache' and running: ps -lax
> Resulted in: (a partial list, the relevant processes)
> 1 0 4956 4917 20 0 2068 244 - S ? 0:00
> /usr/lib/courier/courier-
> authlib/authdaemond
> 1 0 4957 4917 20 0 2068 244 - S ? 0:00
> /usr/lib/courier/courier-authlib/authdaemond
> 1 0 4958 4917 20 0 2068 244 - S ? 0:00
> /usr/lib/courier/courier-authlib/authdaemond
> 1 0 4959 4917 20 0 2068 244 - S ? 0:00
> /usr/lib/courier/courier-authlib/authdaemond
> 1 0 4960 4917 20 0 2068 244 - S ? 0:00
> /usr/lib/courier/courier-authlib/authdaemond
> 5 0 4981 1 20 0 6044 2516 - Ss ? 0:00
> /usr/sbin/cupsd
> 1 10 6134 1 20 0 5068 1220 - Ss ? 0:00
> /usr/sbin/faxq
> 1 10 6136 1 20 0 4688 1016 - Ss ? 0:00
> /usr/sbin/hfaxd -i 4559
> 4 10 6144 1 20 0 5168 1900 - S ? 0:01
> /usr/sbin/faxgetty ttyACM0
> 4 0 6211 1 20 0 5396 1732 - Ss ? 0:06
> /usr/lib/postfix/master
> 4 107 6216 6211 20 0 5444 1684 - S ? 0:00
> qmgr -l -t fifo -u
> 5 0 6228 1 20 0 6536 1376 - Ss ? 0:04
> /usr/sbin/nmbd -D
> 5 0 6230 1 20 0 10124 2764 - Ss ? 0:00
> /usr/sbin/smbd -D
> 1 0 6244 6230 20 0 10124 1064 - S ? 0:00
> /usr/sbin/smbd -D
> 1 0 6245 1 20 0 8084 1612 - Ss ? 0:03
> /usr/sbin/winbindd
> 1 0 6261 6245 20 0 8212 1752 - S ? 0:01
> /usr/sbin/winbindd
> 5 0 6302 1 20 0 2072 624 - Ss ? 0:10
> /usr/sbin/dovecot
> 4 0 6315 6302 20 0 9008 2224 - S ? 0:09
> dovecot-auth
> 1 1 6316 1 20 0 1984 420 - Ss ? 0:00
> /usr/sbin/atd
> 1 0 6327 1 20 0 2104 892 - Ss ? 0:00
> /usr/sbin/cron
> 0 0 6371 1 20 0 1716 512 - Ss+ tty1 0:00
> /sbin/getty 38400 tty1
> 1 0 6391 6245 20 0 8084 868 - S ? 0:00
> /usr/sbin/winbindd
> 1 0 6392 6245 20 0 8216 1772 - S ? 0:01
> /usr/sbin/winbindd
> 5 33 11621 12988 20 0 23752 4396 - S ? 0:00
> /usr/sbin/apache2 -k start
> 5 33 11624 12988 20 0 23752 4376 - S ? 0:00
> /usr/sbin/apache2 -k start
> 5 33 11626 12988 20 0 23752 4384 - S ? 0:00
> /usr/sbin/apache2 -k start
> 5 33 11628 12988 20 0 23752 4372 - S ? 0:00
> /usr/sbin/apache2 -k start
> 5 33 11631 12988 20 0 23752 4368 - S ? 0:00
> /usr/sbin/apache2 -k start
> 5 33 12669 12988 20 0 23752 4368 - S ? 0:00
> /usr/sbin/apache2 -k start
> 5 33 12671 12988 20 0 23752 3888 - S ? 0:00
> /usr/sbin/apache2 -k start
> 5 33 12672 12988 20 0 23752 3880 - S ? 0:00
> /usr/sbin/apache2 -k start
> 5 33 12673 12988 20 0 23752 3880 - S ? 0:00
> /usr/sbin/apache2 -k start
> 5 33 12674 12988 20 0 23752 3880 - S ? 0:00
> /usr/sbin/apache2 -k start
> 4 0 12676 4343 20 0 11356 3776 - Ss ? 0:00
> sshd: jjh [priv]
> 5 1000 12679 12676 20 0 11356 1848 - S ? 0:00
> sshd: jjh@pts/0
> 0 1000 12680 12679 20 0 5608 3028 - Ss pts/0 0:00 -bash
> 4 107 12706 6211 20 0 5404 1652 - S ? 0:00
> pickup -l -t fifo -u -c
> 0 1000 12753 12680 20 0 2428 816 - R+ pts/0 0:00 ps -lax
> 0 1000 12754 12680 20 0 3156 828 - S+ pts/0 0:00 more
> 5 0 12988 1 20 0 23752 7668 - Ss ? 0:14
> /usr/sbin/apache2 -k start
> 5 0 28457 1 20 0 7600 2104 - Ssl ? 0:00
> /usr/sbin/console-kit-daemon
> 4 106 28592 6302 20 0 3484 1560 - S ? 0:05
> pop3-login
> 4 106 28635 6302 20 0 3484 1556 - S ? 0:05
> pop3-login
> 4 106 28636 6302 20 0 3484 1556 - S ? 0:05
> pop3-login
>
> Hope this helps....
> -J
> (I'd bottom post but can't figure out how the gmail web client can do
> that....)
> I'll post the error in the next email....
>
>
> On Tue, Mar 10, 2009 at 12:15 AM, Frank Gingras
> <francois.gingras@gmail.com <ma...@gmail.com>> wrote:
>
> John,
>
> I'll see if I can find anything specific about your email address.
>
> Frank
>
> John Hudak wrote:
>
> I started a thread last night, a person replied, I 'replied all'
> and got a message that my message was interpreted as spam and I
> would be blocked...I'll see if this reply gets through.
> John
>
>
> On Tue, Mar 10, 2009 at 12:06 AM, Frank Gingras
> <francois.gingras@gmail.com <ma...@gmail.com>
> <mailto:francois.gingras@gmail.com
> <ma...@gmail.com>>> wrote:
>
> John,
>
> You mean you cannot create new threads?
>
> Frank
>
> John Hudak wrote:
>
> hmmm anyone know why I am being blocked from posting?
> Thanks
> John
>
>
> On Mon, Mar 9, 2009 at 11:33 PM, William A. Rowe, Jr.
> <wrowe@rowe-clan.net <ma...@rowe-clan.net>
> <mailto:wrowe@rowe-clan.net <ma...@rowe-clan.net>>
> <mailto:wrowe@rowe-clan.net <ma...@rowe-clan.net>
> <mailto:wrowe@rowe-clan.net <ma...@rowe-clan.net>>>> wrote:
>
> Tom Evans wrote:
>
>
> Will no-one kill-list this troublesome troll?
>
>
> Just checked, this has been resolved. Move along folks.
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache
> HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for
> more info.
> To unsubscribe, e-mail:
> users-unsubscribe@httpd.apache.org
> <ma...@httpd.apache.org>
> <mailto:users-unsubscribe@httpd.apache.org
> <ma...@httpd.apache.org>>
> <mailto:users-unsubscribe@httpd.apache.org
> <ma...@httpd.apache.org>
> <mailto:users-unsubscribe@httpd.apache.org
> <ma...@httpd.apache.org>>>
>
> " from the digest:
> users-digest-unsubscribe@httpd.apache.org
> <ma...@httpd.apache.org>
> <mailto:users-digest-unsubscribe@httpd.apache.org
> <ma...@httpd.apache.org>>
> <mailto:users-digest-unsubscribe@httpd.apache.org
> <ma...@httpd.apache.org>
> <mailto:users-digest-unsubscribe@httpd.apache.org
> <ma...@httpd.apache.org>>>
>
> For additional commands, e-mail:
> users-help@httpd.apache.org <ma...@httpd.apache.org>
> <mailto:users-help@httpd.apache.org
> <ma...@httpd.apache.org>>
> <mailto:users-help@httpd.apache.org
> <ma...@httpd.apache.org>
> <mailto:users-help@httpd.apache.org
> <ma...@httpd.apache.org>>>
>
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> <ma...@httpd.apache.org>
> <mailto:users-unsubscribe@httpd.apache.org
> <ma...@httpd.apache.org>>
> " from the digest:
> users-digest-unsubscribe@httpd.apache.org
> <ma...@httpd.apache.org>
> <mailto:users-digest-unsubscribe@httpd.apache.org
> <ma...@httpd.apache.org>>
> For additional commands, e-mail: users-help@httpd.apache.org
> <ma...@httpd.apache.org>
> <mailto:users-help@httpd.apache.org
> <ma...@httpd.apache.org>>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> <ma...@httpd.apache.org>
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> <ma...@httpd.apache.org>
> For additional commands, e-mail: users-help@httpd.apache.org
> <ma...@httpd.apache.org>
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Validating HTTP requests
Posted by John Hudak <jj...@gmail.com>.
Here is what I posted earlier....
Hello:
Running: ps aux |grep http|grep -v "\(root\|grep\)"|wc -l
Yielded: 0
Looking specifically for 'apache' and running: ps -lax
Resulted in: (a partial list, the relevant processes)
1 0 4956 4917 20 0 2068 244 - S ? 0:00
/usr/lib/courier/courier-authlib/authdaemond
1 0 4957 4917 20 0 2068 244 - S ? 0:00
/usr/lib/courier/courier-authlib/authdaemond
1 0 4958 4917 20 0 2068 244 - S ? 0:00
/usr/lib/courier/courier-authlib/authdaemond
1 0 4959 4917 20 0 2068 244 - S ? 0:00
/usr/lib/courier/courier-authlib/authdaemond
1 0 4960 4917 20 0 2068 244 - S ? 0:00
/usr/lib/courier/courier-authlib/authdaemond
5 0 4981 1 20 0 6044 2516 - Ss ? 0:00
/usr/sbin/cupsd
1 10 6134 1 20 0 5068 1220 - Ss ? 0:00
/usr/sbin/faxq
1 10 6136 1 20 0 4688 1016 - Ss ? 0:00
/usr/sbin/hfaxd -i 4559
4 10 6144 1 20 0 5168 1900 - S ? 0:01
/usr/sbin/faxgetty ttyACM0
4 0 6211 1 20 0 5396 1732 - Ss ? 0:06
/usr/lib/postfix/master
4 107 6216 6211 20 0 5444 1684 - S ? 0:00 qmgr -l
-t fifo -u
5 0 6228 1 20 0 6536 1376 - Ss ? 0:04
/usr/sbin/nmbd -D
5 0 6230 1 20 0 10124 2764 - Ss ? 0:00
/usr/sbin/smbd -D
1 0 6244 6230 20 0 10124 1064 - S ? 0:00
/usr/sbin/smbd -D
1 0 6245 1 20 0 8084 1612 - Ss ? 0:03
/usr/sbin/winbindd
1 0 6261 6245 20 0 8212 1752 - S ? 0:01
/usr/sbin/winbindd
5 0 6302 1 20 0 2072 624 - Ss ? 0:10
/usr/sbin/dovecot
4 0 6315 6302 20 0 9008 2224 - S ? 0:09
dovecot-auth
1 1 6316 1 20 0 1984 420 - Ss ? 0:00
/usr/sbin/atd
1 0 6327 1 20 0 2104 892 - Ss ? 0:00
/usr/sbin/cron
0 0 6371 1 20 0 1716 512 - Ss+ tty1 0:00
/sbin/getty 38400 tty1
1 0 6391 6245 20 0 8084 868 - S ? 0:00
/usr/sbin/winbindd
1 0 6392 6245 20 0 8216 1772 - S ? 0:01
/usr/sbin/winbindd
5 33 11621 12988 20 0 23752 4396 - S ? 0:00
/usr/sbin/apache2 -k start
5 33 11624 12988 20 0 23752 4376 - S ? 0:00
/usr/sbin/apache2 -k start
5 33 11626 12988 20 0 23752 4384 - S ? 0:00
/usr/sbin/apache2 -k start
5 33 11628 12988 20 0 23752 4372 - S ? 0:00
/usr/sbin/apache2 -k start
5 33 11631 12988 20 0 23752 4368 - S ? 0:00
/usr/sbin/apache2 -k start
5 33 12669 12988 20 0 23752 4368 - S ? 0:00
/usr/sbin/apache2 -k start
5 33 12671 12988 20 0 23752 3888 - S ? 0:00
/usr/sbin/apache2 -k start
5 33 12672 12988 20 0 23752 3880 - S ? 0:00
/usr/sbin/apache2 -k start
5 33 12673 12988 20 0 23752 3880 - S ? 0:00
/usr/sbin/apache2 -k start
5 33 12674 12988 20 0 23752 3880 - S ? 0:00
/usr/sbin/apache2 -k start
4 0 12676 4343 20 0 11356 3776 - Ss ? 0:00 sshd:
jjh [priv]
5 1000 12679 12676 20 0 11356 1848 - S ? 0:00 sshd:
jjh@pts/0
0 1000 12680 12679 20 0 5608 3028 - Ss pts/0 0:00 -bash
4 107 12706 6211 20 0 5404 1652 - S ? 0:00 pickup
-l -t fifo -u -c
0 1000 12753 12680 20 0 2428 816 - R+ pts/0 0:00 ps -lax
0 1000 12754 12680 20 0 3156 828 - S+ pts/0 0:00 more
5 0 12988 1 20 0 23752 7668 - Ss ? 0:14
/usr/sbin/apache2 -k start
5 0 28457 1 20 0 7600 2104 - Ssl ? 0:00
/usr/sbin/console-kit-daemon
4 106 28592 6302 20 0 3484 1560 - S ? 0:05
pop3-login
4 106 28635 6302 20 0 3484 1556 - S ? 0:05
pop3-login
4 106 28636 6302 20 0 3484 1556 - S ? 0:05
pop3-login
Hope this helps....
-J
(I'd bottom post but can't figure out how the gmail web client can do
that....)
I'll post the error in the next email....
On Tue, Mar 10, 2009 at 12:15 AM, Frank Gingras
<fr...@gmail.com>wrote:
> John,
>
> I'll see if I can find anything specific about your email address.
>
> Frank
>
> John Hudak wrote:
>
>> I started a thread last night, a person replied, I 'replied all' and got a
>> message that my message was interpreted as spam and I would be
>> blocked...I'll see if this reply gets through.
>> John
>>
>>
>> On Tue, Mar 10, 2009 at 12:06 AM, Frank Gingras <
>> francois.gingras@gmail.com <ma...@gmail.com>> wrote:
>>
>> John,
>>
>> You mean you cannot create new threads?
>>
>> Frank
>>
>> John Hudak wrote:
>>
>> hmmm anyone know why I am being blocked from posting?
>> Thanks
>> John
>>
>>
>> On Mon, Mar 9, 2009 at 11:33 PM, William A. Rowe, Jr.
>> <wrowe@rowe-clan.net <ma...@rowe-clan.net>
>> <mailto:wrowe@rowe-clan.net <ma...@rowe-clan.net>>> wrote:
>>
>> Tom Evans wrote:
>>
>>
>> Will no-one kill-list this troublesome troll?
>>
>>
>> Just checked, this has been resolved. Move along folks.
>>
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP
>> Server
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> <ma...@httpd.apache.org>
>> <mailto:users-unsubscribe@httpd.apache.org
>> <ma...@httpd.apache.org>>
>>
>> " from the digest:
>> users-digest-unsubscribe@httpd.apache.org
>> <ma...@httpd.apache.org>
>> <mailto:users-digest-unsubscribe@httpd.apache.org
>> <ma...@httpd.apache.org>>
>>
>> For additional commands, e-mail: users-help@httpd.apache.org
>> <ma...@httpd.apache.org>
>> <mailto:users-help@httpd.apache.org
>> <ma...@httpd.apache.org>>
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> <ma...@httpd.apache.org>
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> <ma...@httpd.apache.org>
>> For additional commands, e-mail: users-help@httpd.apache.org
>> <ma...@httpd.apache.org>
>>
>>
>>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] Validating HTTP requests
Posted by John Hudak <jj...@gmail.com>.
ok, ty.....I'll try to repost my reply and see what happens
-J
On Tue, Mar 10, 2009 at 12:15 AM, Frank Gingras
<fr...@gmail.com>wrote:
> John,
>
> I'll see if I can find anything specific about your email address.
>
> Frank
>
> John Hudak wrote:
>
>> I started a thread last night, a person replied, I 'replied all' and got a
>> message that my message was interpreted as spam and I would be
>> blocked...I'll see if this reply gets through.
>> John
>>
>>
>> On Tue, Mar 10, 2009 at 12:06 AM, Frank Gingras <
>> francois.gingras@gmail.com <ma...@gmail.com>> wrote:
>>
>> John,
>>
>> You mean you cannot create new threads?
>>
>> Frank
>>
>> John Hudak wrote:
>>
>> hmmm anyone know why I am being blocked from posting?
>> Thanks
>> John
>>
>>
>> On Mon, Mar 9, 2009 at 11:33 PM, William A. Rowe, Jr.
>> <wrowe@rowe-clan.net <ma...@rowe-clan.net>
>> <mailto:wrowe@rowe-clan.net <ma...@rowe-clan.net>>> wrote:
>>
>> Tom Evans wrote:
>>
>>
>> Will no-one kill-list this troublesome troll?
>>
>>
>> Just checked, this has been resolved. Move along folks.
>>
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP
>> Server
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> <ma...@httpd.apache.org>
>> <mailto:users-unsubscribe@httpd.apache.org
>> <ma...@httpd.apache.org>>
>>
>> " from the digest:
>> users-digest-unsubscribe@httpd.apache.org
>> <ma...@httpd.apache.org>
>> <mailto:users-digest-unsubscribe@httpd.apache.org
>> <ma...@httpd.apache.org>>
>>
>> For additional commands, e-mail: users-help@httpd.apache.org
>> <ma...@httpd.apache.org>
>> <mailto:users-help@httpd.apache.org
>> <ma...@httpd.apache.org>>
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> <ma...@httpd.apache.org>
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> <ma...@httpd.apache.org>
>> For additional commands, e-mail: users-help@httpd.apache.org
>> <ma...@httpd.apache.org>
>>
>>
>>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] Validating HTTP requests
Posted by John Hudak <jj...@gmail.com>.
Frank:
Here is the error message...
This is an automatically generated Delivery Status Notification
Delivery to the following recipient failed permanently:
users@httpd.apache.org
Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the recipient
domain. We recommend contacting the other email provider for further
information about the cause of this error. The error that the other server
returned was: 552 552 spam score (5.0) exceeded threshold (state 18).
----- Original message -----
MIME-Version: 1.0
Received: by 10.229.82.83 with SMTP id a19mr2152493qcl.42.1236606697542;
Mon,
09 Mar 2009 06:51:37 -0700 (PDT)
In-Reply-To: <6e...@mail.gmail.com>
References: <92...@mail.gmail.com>
<6e...@mail.gmail.com>
Date: Mon, 9 Mar 2009 09:51:37 -0400
Message-ID: <92...@mail.gmail.com>
Subject: Re: [users@httpd] Why am I getting "Waiting for my_site_name"????
From: John Hudak <jj...@gmail.com>
To: users@httpd.apache.org
Content-Type: multipart/alternative; boundary=00163646d5c4f03f150464afee5f
--00163646d5c4f03f150464afee5f
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Hello:
Running: ps aux |grep http|grep -v "\(root\|grep\)"|wc -l
Yielded: 0
Looking specifically for 'apache' and running: ps -lax
Resulted in: (a partial list, the relevant processes)
----- Message truncated -----
-John
On Tue, Mar 10, 2009 at 12:15 AM, Frank Gingras
<fr...@gmail.com>wrote:
> John,
>
> I'll see if I can find anything specific about your email address.
>
> Frank
>
> John Hudak wrote:
>
>> I started a thread last night, a person replied, I 'replied all' and got a
>> message that my message was interpreted as spam and I would be
>> blocked...I'll see if this reply gets through.
>> John
>>
>>
>> On Tue, Mar 10, 2009 at 12:06 AM, Frank Gingras <
>> francois.gingras@gmail.com <ma...@gmail.com>> wrote:
>>
>> John,
>>
>> You mean you cannot create new threads?
>>
>> Frank
>>
>> John Hudak wrote:
>>
>> hmmm anyone know why I am being blocked from posting?
>> Thanks
>> John
>>
>>
>> On Mon, Mar 9, 2009 at 11:33 PM, William A. Rowe, Jr.
>> <wrowe@rowe-clan.net <ma...@rowe-clan.net>
>> <mailto:wrowe@rowe-clan.net <ma...@rowe-clan.net>>> wrote:
>>
>> Tom Evans wrote:
>>
>>
>> Will no-one kill-list this troublesome troll?
>>
>>
>> Just checked, this has been resolved. Move along folks.
>>
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP
>> Server
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> <ma...@httpd.apache.org>
>> <mailto:users-unsubscribe@httpd.apache.org
>> <ma...@httpd.apache.org>>
>>
>> " from the digest:
>> users-digest-unsubscribe@httpd.apache.org
>> <ma...@httpd.apache.org>
>> <mailto:users-digest-unsubscribe@httpd.apache.org
>> <ma...@httpd.apache.org>>
>>
>> For additional commands, e-mail: users-help@httpd.apache.org
>> <ma...@httpd.apache.org>
>> <mailto:users-help@httpd.apache.org
>> <ma...@httpd.apache.org>>
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> <ma...@httpd.apache.org>
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> <ma...@httpd.apache.org>
>> For additional commands, e-mail: users-help@httpd.apache.org
>> <ma...@httpd.apache.org>
>>
>>
>>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] Validating HTTP requests
Posted by Frank Gingras <fr...@gmail.com>.
John,
I'll see if I can find anything specific about your email address.
Frank
John Hudak wrote:
> I started a thread last night, a person replied, I 'replied all' and got
> a message that my message was interpreted as spam and I would be
> blocked...I'll see if this reply gets through.
> John
>
>
> On Tue, Mar 10, 2009 at 12:06 AM, Frank Gingras
> <francois.gingras@gmail.com <ma...@gmail.com>> wrote:
>
> John,
>
> You mean you cannot create new threads?
>
> Frank
>
> John Hudak wrote:
>
> hmmm anyone know why I am being blocked from posting?
> Thanks
> John
>
>
> On Mon, Mar 9, 2009 at 11:33 PM, William A. Rowe, Jr.
> <wrowe@rowe-clan.net <ma...@rowe-clan.net>
> <mailto:wrowe@rowe-clan.net <ma...@rowe-clan.net>>> wrote:
>
> Tom Evans wrote:
>
>
> Will no-one kill-list this troublesome troll?
>
>
> Just checked, this has been resolved. Move along folks.
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> <ma...@httpd.apache.org>
> <mailto:users-unsubscribe@httpd.apache.org
> <ma...@httpd.apache.org>>
>
> " from the digest:
> users-digest-unsubscribe@httpd.apache.org
> <ma...@httpd.apache.org>
> <mailto:users-digest-unsubscribe@httpd.apache.org
> <ma...@httpd.apache.org>>
>
> For additional commands, e-mail: users-help@httpd.apache.org
> <ma...@httpd.apache.org>
> <mailto:users-help@httpd.apache.org
> <ma...@httpd.apache.org>>
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> <ma...@httpd.apache.org>
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> <ma...@httpd.apache.org>
> For additional commands, e-mail: users-help@httpd.apache.org
> <ma...@httpd.apache.org>
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Validating HTTP requests
Posted by John Hudak <jj...@gmail.com>.
I started a thread last night, a person replied, I 'replied all' and got a
message that my message was interpreted as spam and I would be
blocked...I'll see if this reply gets through.
John
On Tue, Mar 10, 2009 at 12:06 AM, Frank Gingras
<fr...@gmail.com>wrote:
> John,
>
> You mean you cannot create new threads?
>
> Frank
>
> John Hudak wrote:
>
>> hmmm anyone know why I am being blocked from posting?
>> Thanks
>> John
>>
>>
>> On Mon, Mar 9, 2009 at 11:33 PM, William A. Rowe, Jr. <
>> wrowe@rowe-clan.net <ma...@rowe-clan.net>> wrote:
>>
>> Tom Evans wrote:
>>
>>
>> Will no-one kill-list this troublesome troll?
>>
>>
>> Just checked, this has been resolved. Move along folks.
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> <ma...@httpd.apache.org>
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> <ma...@httpd.apache.org>
>> For additional commands, e-mail: users-help@httpd.apache.org
>> <ma...@httpd.apache.org>
>>
>>
>>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] Validating HTTP requests
Posted by Frank Gingras <fr...@gmail.com>.
John,
You mean you cannot create new threads?
Frank
John Hudak wrote:
> hmmm anyone know why I am being blocked from posting?
> Thanks
> John
>
>
> On Mon, Mar 9, 2009 at 11:33 PM, William A. Rowe, Jr.
> <wrowe@rowe-clan.net <ma...@rowe-clan.net>> wrote:
>
> Tom Evans wrote:
>
>
> Will no-one kill-list this troublesome troll?
>
>
> Just checked, this has been resolved. Move along folks.
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> <ma...@httpd.apache.org>
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> <ma...@httpd.apache.org>
> For additional commands, e-mail: users-help@httpd.apache.org
> <ma...@httpd.apache.org>
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Validating HTTP requests
Posted by John Hudak <jj...@gmail.com>.
hmmm anyone know why I am being blocked from posting?
Thanks
John
On Mon, Mar 9, 2009 at 11:33 PM, William A. Rowe, Jr.
<wr...@rowe-clan.net>wrote:
> Tom Evans wrote:
>
>>
>> Will no-one kill-list this troublesome troll?
>>
>
> Just checked, this has been resolved. Move along folks.
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] Validating HTTP requests
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
Tom Evans wrote:
>
> Will no-one kill-list this troublesome troll?
Just checked, this has been resolved. Move along folks.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Validating HTTP requests
Posted by Tom Evans <te...@googlemail.com>.
On Mon, 2009-03-09 at 11:35 -0500, Flowering Weeds wrote:
>
>
> > Subject: Re: [users@httpd] Validating HTTP requests
> >
> >
> > Brian Mearns wrote:
> >
> > > Sorry, don't know of anything in particular, but it seems
> > > to me that Apache itself would necessarily be doing some
> > > amount of validation on the in coming requests.
> >
> > Yes of course :-). But 1/ I'd like the validation to be as strict as
> possible (as you said, I expect Apache to be a bit lenient with its
> clients) and 2/ I'd like to have the report with useful information in
> case of failure to be sent in response to the request, instead of
> having to give the client the right to dig into the logs on the
> server.
> >
> > Thanks for your response, regards,
> >
>
>
> One hates to say it but
>
> All current Windows systems have an object that does this
>
> http.sys
>
> Http.sys can be used by an application using HTTP (if one wishes to
> use http.sys), and all these apps can use the same IP / Port (or not).
>
> One can read the http.sys error log with Log Parser like this
>
> LogParser.exe "SELECT * FROM HTTPERR"
>
> I will soon have an Apache post where one will using the Windows .NET
> automation toool,
> PowerShell (like sed, bash, and perl but dealing with complete objects
> instead of only text),
> to check the http.sys error log. One will be able to compare these
> http.sys's error times to
> the times within the Apache access log and the Apache error log. This
> will also demo "finding
> same time" log actions for possible trouble checking of Apache.
>
Will no-one kill-list this troublesome troll? http.sys is a fantastic
idea, but has zero to do with apache user support.
So, please shut the **** up, and go elsewhere.
Thanks in advance
Tom
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Validating HTTP requests
Posted by Flowering Weeds <fl...@hotmail.com>.
> Subject: Re: [users@httpd] Validating HTTP requests
>
>
> Brian Mearns wrote:
>
> > Sorry, don't know of anything in particular, but it seems
> > to me that Apache itself would necessarily be doing some
> > amount of validation on the in coming requests.
>
> Yes of course :-). But 1/ I'd like the validation to be as strict as possible (as you said, I expect Apache to be a bit lenient with its clients) and 2/ I'd like to have the report with useful information in case of failure to be sent in response to the request, instead of having to give the client the right to dig into the logs on the server.
>
> Thanks for your response, regards,
>
One hates to say it but
All current Windows systems have an object that does this
http.sys
Http.sys can be used by an application using HTTP (if one wishes to use http.sys), and all these apps can use the same IP / Port (or not).
One can read the http.sys error log with Log Parser like this
LogParser.exe "SELECT * FROM HTTPERR"
I will soon have an Apache post where one will using the Windows .NET automation toool,
PowerShell (like sed, bash, and perl but dealing with complete objects instead of only text),
to check the http.sys error log. One will be able to compare these http.sys's error times to
the times within the Apache access log and the Apache error log. This will also demo "finding
same time" log actions for possible trouble checking of Apache.
_________________________________________________________________
Hotmail® is up to 70% faster. Now good news travels really fast.
http://windowslive.com/online/hotmail?ocid=TXT_TAGLM_WL_HM_70faster_032009
Re: [users@httpd] Validating HTTP requests
Posted by Florent Georges <li...@fgeorges.org>.
Brian Mearns wrote:
> Sorry, don't know of anything in particular, but it seems
> to me that Apache itself would necessarily be doing some
> amount of validation on the in coming requests.
Yes of course :-). But 1/ I'd like the validation to be as strict as possible (as you said, I expect Apache to be a bit lenient with its clients) and 2/ I'd like to have the report with useful information in case of failure to be sent in response to the request, instead of having to give the client the right to dig into the logs on the server.
Thanks for your response, regards,
--
Florent Georges
http://www.fgeorges.org/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Validating HTTP requests
Posted by Brian Mearns <me...@gmail.com>.
On Mon, Mar 9, 2009 at 7:57 AM, Florent Georges <li...@fgeorges.org> wrote:
>
> Hi,
>
> I am looking for an HTTPD module. I've made a few searches
> within the repository but didn't find anything. So just in
> case I missed something...
>
> I look for a tool to validate HTTP requests. The perfect
> tool would install in the HTTP server and respond to HTTP
> requests with a validation report (as text, or XML, or HTML,
> or whatever.) By validating, I mean validate the request
> against the HTTP grammar, checking that required info are
> there, that "\r\n" are used and not just "\n", checking that
> multipart requests are well-formed (Content-Length are
> corrects, so are boundaries, etc.,) the different headers,
> etc.
>
> Do you know something corresponding (at least vaguely) to
> that description? If you know any library that does that job
> (instead of an HTTPD module,) I am also interested, I can
> write a CGI script or anything else to plug it.
>
> Regards,
>
> --
> Florent Georges
> http://www.fgeorges.org/
Sorry, don't know of anything in particular, but it seems to me that
Apache itself would necessarily be doing some amount of validation on
the in coming requests. I don't know how strict Apache is at enforcing
the HTTP spec; probably not terribly as it's usually desirable to be a
little lenient about what you accept (and strict about what you
produce). But generally speaking, if Apache doesn't recognize it as a
valid HTTP request, then it won't be able to process it. Not sure if
that gets filed somewhere, or what.
-Brian
--
Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: http://pgp.mit.edu/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org