Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
Does anybody know if there is a fix for Slow HTTP POST Vulnerabity for Apache?
http://www.darkreading.com/vulnerability-management/167901026/security/attacks-breaches/228000532/researchers-to-demonstrate-new-attack-that-exploits-http.html
Here is a tool to test the vulnerabilty:
http://code.google.com/p/slowhttptest/
And here is documentation for Apache Module mod_reqtimeout, which I believe might help:
http://httpd.apache.org/docs/2.3/mod/mod_reqtimeout.html
I believe you can use mod_antiloris to prevent this. There are a number of other ways, but this might be a better solution.
You could use ModSecurity:
For the purposes of identifying RUDY types of attacks, we can add the
following directive to our Apache configs:
RequestReadTimeout header=30, body=30
This places a threshold of 30 seconds to completely receive the
request body data. If the data is not received by that time, Apache
will issue a 408 Request-Timeout status code. With this directive in
place, we then add in some new ModSecurity rules that do the
following:
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
Experimenting AntiXSS in ServiceStack. I saw you have lots of work put into AntiXsrf namespace. I added token in form, tried AntiForgery.Validate using global and request filter, all seem work fine.
Also, if I use request filter, is there a way to decorate auth/credential? Since I also has a CustomAuthProvider, I can authService.RequestContext.Get() and run validate separately if necessary.
Just want to verify this is the right approach, or in case you already have something built in that I missed.
BTW, is stackoverflow the preferred place to ask all these amateurish questions ^_^ ? Or should I ask more often in the google groups?
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
Are there some nice libraries (and if so, what are they) for automating website queries using Haskell.
Basically I want to get a form, fill in some values and get the results (and naturally, do this repeatedly).
I'm not sure whether you're looking for a web scraper or just a way to make GET/POST requests. In the latter case, there's Network.HTTP, or the Haskell libcurl bindings. In the former, you could look into HandsomeSoup, or one of the other HTML parsing libraries (I've never actually used these myself, so I can't recommend a specific one).
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Is there any difference at all in server load when adding new lines to a big vs. small access.log file?
What I mean is, should I delete my access.log files if they become too big or leave it. It is 6GB right now. I do not rotate.
I'm not sure about the performance difference of big or small files, but maybe you want to split them every month and compress old access-log files. For that you can use logrotate. More information in the man page
Log rotation is an important part of maintaining a server. Without it, you'r likely to fill up your disk, and then your server will behave extremely strangely, depending on the app.
Regardless of performance, you should be using logrotate or something similar.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I don't understand really well the domains business, but I have seen some rare domains around, for example these webpages:
http://c9.io/
http://repl.it/
And I want to know if it is possible to get any domain I want, lets say a .rf domain or a .kj domain.
Thanks for your help
No, it don't seem to be possible to get a .df domain. Here is a list of the possible domain extensions:
http://www.idcwebs.com/Understanding_Web_Extensions.htm
http://www.webopedia.com/quick_ref/topleveldomains/countrycodeA-E.asp
You can probably get df.someavailabledomainextension, example: df.com or df.me and then create subdomains, like mysite.df.com if that would work for you
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I would like learn about .htaccess file, from the very basic to the complex portions. All its capacities, with blocking user, authentication, hiding files, redirection. So far I have only used them, but I want to learn about them, understand them. So that I will be able to create my own rule.
Could you please guide me through this, and point me to the basic and expert guides or lessons or even books. Anything, from basic to complex.
This page more .htaccess tips and tricks is the best simple introduction to using htaccess for rewriting and redirecting that I've found and it's easier to understand than the official Apache guide. You have to figure everything out from the examples, but it's a good selection of most of the common things you'd want to do, rewrite-wise.
Here an "ultimate" sample htaccess file and Apache's rewriting guide.