[users@httpd] error document handling

[Alex Moon <A....@mdx.ac.uk>]

We have an apache server running perfectly well under windows under
normal cirumstances but cannot get the error docs to load - users are
always met with a 403 error when users try to view error docs.  Cannot
see where our mistake is.   Nor cannot see where the text of the error
message is coming from when it fails to find the error doc.
Any guidance appreciated
Many thanks
Alex

Re: [users@httpd] Security, 2.0.xx vs. 1.3.xx

[Joshua Slive <js...@gmail.com>]

On Tue, 5 Oct 2004 10:48:14 -0400, David P. Donahue
<dd...@ccs.neu.edu> wrote:
> I'm currently using Apache 1.3.31 for my web serving needs.  It's never
> really occurred to me to use the 2.0 series, as I've had plenty of luck
> with the 1.3 series and I can't really find anything wrong with it.
> But, just out of curiosity, is there a security benefit to using the 2.0
> series?  Features aren't really an issue, as I use it for pretty basic
> stuff.  But security is a definite concern.  Is 2.0.52 "more secure"
> than 1.3.31?  If so, in what way?

There's no real answer to that question because:
1. Security means different things to different people; and
2. Even with a specific definition of security, there are no concrete metrics.

In general, I don't see either as being particularly more secure at
this point.  If 1.3 does everything you need, then I wouldn't upgrade
for security reasons alone.

Joshua

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Security, 2.0.xx vs. 1.3.xx

[Jerry K <ap...@oryx.cc>]

I don't know that there are any specific security pluses to using 2.0.x over 
1.3.x.  At any given time, there may be a security issue with either of the 
products, or even both.  Its my opinion that the Apache people are pretty good 
about getting security fixes out in a timely manner.

It has been my observation that the hold up for most people is "so and so" 
module has not yet been ported to 2.0.x and that is what has been holding them 
back.  I do not yet require any modules that haven't been ported to 2.0.x and I 
have deployed 2.0.x without issue in new servers that I build.  The one "big" 
module that many people indicated they had problems with early on with 2.0.x was 
PHP.  I believe that for the most part, those issues are resolved.  At least I 
am currently having no 2.0.x/PHP issues.

As far as why, moving to 2.0.x just seems obvious as this is where new 
development is being done, just as probably one day, we will be making the move 
to Apache httpd 3.x.

I would be curious to hear from anyone who is sticking with 1.3.x for reasons 
other than your module hasn't been ported.

Jerry K



David P. Donahue wrote:

> I'm currently using Apache 1.3.31 for my web serving needs.  It's never
> really occurred to me to use the 2.0 series, as I've had plenty of luck
> with the 1.3 series and I can't really find anything wrong with it.
> But, just out of curiosity, is there a security benefit to using the 2.0
> series?  Features aren't really an issue, as I use it for pretty basic
> stuff.  But security is a definite concern.  Is 2.0.52 "more secure"
> than 1.3.31?  If so, in what way?
> 
> 
> Regards,
> David P. Donahue
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

[users@httpd] Security, 2.0.xx vs. 1.3.xx

["David P. Donahue" <dd...@ccs.neu.edu>]

I'm currently using Apache 1.3.31 for my web serving needs.  It's never
really occurred to me to use the 2.0 series, as I've had plenty of luck
with the 1.3 series and I can't really find anything wrong with it.
But, just out of curiosity, is there a security benefit to using the 2.0
series?  Features aren't really an issue, as I use it for pretty basic
stuff.  But security is a definite concern.  Is 2.0.52 "more secure"
than 1.3.31?  If so, in what way?


Regards,
David P. Donahue


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] error document handling

[Eimantas Vaiciunas <ei...@sc.vu.lt>]

On Tuesday 05 October 2004 11:49, Alex Moon wrote:
> We have an apache server running perfectly well under windows under
> normal cirumstances but cannot get the error docs to load - users are
> always met with a 403 error when users try to view error docs.  Cannot
> see where our mistake is.   Nor cannot see where the text of the error
> message is coming from when it fails to find the error doc.
> Any guidance appreciated
> Many thanks
> Alex
Error log should say more about your problem
-----
Eimis

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org