Forum
AccessLogFile
Mustafa Ramadhan
23 November 2014, 10:44
Hiawatha version: 9.8
Operating System: CentOS 6.6
How to disable access.log?.
Setting with 'AccessLogfile = /dev/null' still not work (file create/update '/var/log/hiawatha/access.log')
Hugo Leisink
23 November 2014, 17:05
Have you set AccessLogfile for all virtual hosts and the default host?
Mustafa Ramadhan
24 November 2014, 03:22
Only default host.
Hugo Leisink
24 November 2014, 10:01
Do you have any virtual hosts defined?
Mustafa Ramadhan
24 November 2014, 10:51
Declared in pure hiawatha like:
and no declared in hiawatha-proxy.
AccessLogfile = /home/httpd/domain.com/stats/domain.com-custom_log
ErrorLogfile = /home/httpd/domain.com/stats/domain.com-error_log
and no declared in hiawatha-proxy.
Mustafa Ramadhan
28 November 2014, 05:43
Any solution for this issue?
Hugo Leisink
28 November 2014, 21:58
I've checked the code. Hiawatha only creates logfiles as specified via the configuration file. Can you show me your complete configuration?
Mustafa Ramadhan
29 November 2014, 06:24
- /etc/hiawatha/hiawatha.conf (for hiawatha alone)
- /etc/hiawatha/hiawatha.conf (for hiawatha-proxy)
# Hiawatha main configuration file
#
#ServerString = Hiawatha
ServerId = apache
ConnectionsTotal = 20480
ConnectionsPerIP = 64
SystemLogfile = /var/log/hiawatha/system.log
GarbageLogfile = /var/log/hiawatha/garbage.log
MaxUrlLength = 65536
PIDfile = /var/run/hiawatha.pid
BanOnGarbage = 300
BanOnMaxPerIP = 60
BanOnMaxReqSize = 300
KickOnBan = yes
RebanDuringBan = yes
## MR -- no ban for localhost
BanlistMask = deny 127.0.0.1
ThreadPoolSize = 100
MimetypeConfig = mimetype.conf
LogFormat = extended
## MR - use 'X-Hiawatha-Cache: <seconds>' to enable cacha (2-3600)
## and use 'X-Hiawatha-Cache-Remove: <url>' to remove cache in php file
#CacheSize = 100
#CacheRProxyExtensions = css, gif, html, jpg, js, png, txt, ttf, svg, eot
CGIhandler = /usr/bin/perl:pl
CGIhandler = /usr/bin/perl:cgi
#CGIhandler = /usr/bin/php-cgi:php
CGIhandler = /usr/bin/python:py
CGIhandler = /usr/bin/ruby:rb
CGIhandler = /usr/bin/ssi-cgi:shtml
#CGIextension = cgi
CGIwrapper = /usr/sbin/cgi-wrapper
MinSSLversion = TLS1.0
Include /opt/configs/hiawatha/conf/toolkits
Include /opt/configs/hiawatha/conf/defaults
Include /opt/configs/hiawatha/conf/domains
- /etc/hiawatha/hiawatha.conf (for hiawatha-proxy)
# Hiawatha main configuration file
#
#ServerString = Hiawatha
ServerId = apache
ConnectionsTotal = 20480
ConnectionsPerIP = 64
SystemLogfile = /var/log/hiawatha/system.log
GarbageLogfile = /var/log/hiawatha/garbage.log
MaxUrlLength = 65536
PIDfile = /var/run/hiawatha.pid
BanOnGarbage = 300
BanOnMaxPerIP = 60
BanOnMaxReqSize = 300
KickOnBan = yes
RebanDuringBan = yes
## MR -- no ban for localhost
BanlistMask = deny 127.0.0.1
ThreadPoolSize = 100
MimetypeConfig = mimetype.conf
LogFormat = extended
## MR - use 'X-Hiawatha-Cache: <seconds>' to enable cacha (2-3600)
## and use 'X-Hiawatha-Cache-Remove: <url>' to remove cache in php file
#CacheSize = 100
#CacheRProxyExtensions = css, gif, html, jpg, js, png, txt, ttf, svg, eot
CGIhandler = /usr/bin/perl:pl
CGIhandler = /usr/bin/perl:cgi
#CGIhandler = /usr/bin/php-cgi:php
CGIhandler = /usr/bin/python:py
CGIhandler = /usr/bin/ruby:rb
CGIhandler = /usr/bin/ssi-cgi:shtml
#CGIextension = cgi
CGIwrapper = /usr/sbin/cgi-wrapper
MinSSLversion = TLS1.0
Include /opt/configs/hiawatha/conf/defaults
Include /opt/configs/hiawatha/conf/proxies
Mustafa Ramadhan
29 November 2014, 06:28
- /opt/configs/hiawatha/conf/defaults/init.conf (for hiawatha alone)
- /opt/configs/hiawatha/conf/defaults/init.conf (for hiawatha-proxy)
### begin - web of initial - do not remove/modify this line
## MR - NOTE:
## add 'header("X-Hiawatha-Cache: 10");' to index.php
UrlToolkit {
ToolkitID = block_shellshock
Header * \(\)\s*\{ DenyAccess
}
UrlToolkit {
ToolkitID = findindexfile
Match ^([^?]*)/(\?.*)?$ Rewrite $1/index.php$2 Continue
RequestURI isfile Return
Match ^([^?]*)/index\.php(\?.*)?$ Rewrite $1/index.html$2 Continue
RequestURI isfile Return
Match ^([^?]*)/index\.html(\?.*)?$ Rewrite $1/index.shtml$2 Continue
RequestURI isfile Return
Match ^([^?]*)/index\.shtml(\?.*)?$ Rewrite $1/index.htm$2 Continue
RequestURI isfile Return
Match ^([^?]*)/index\.htm(\?.*)?$ Rewrite $1/index.pl$2 Continue
RequestURI isfile Return
Match ^([^?]*)/index\.pl(\?.*)?$ Rewrite $1/index.py$2 Continue
RequestURI isfile Return
Match ^([^?]*)/index\.py(\?.*)?$ Rewrite $1/index.cgi$2 Continue
RequestURI isfile Return
Match ^([^?]*)/index\.cgi(\?.*)?$ Rewrite $1/index.rb$2 Continue
RequestURI isfile Return
Match ^([^?]*)/index\.rb(\?.*)?$ Rewrite $1/default.htm$2 Continue
RequestURI isfile Return
Match ^([^?]*)/default\.htm(\?.*)?$ Rewrite $1/Default.aspx$2 Continue
RequestURI isfile Return
Match ^([^?]*)/Default\.aspx(\?.*)?$ Rewrite $1/Default.asp$2 Continue
RequestURI isfile Return
Match ^([^?]*)/Default\.asp(\?.*)?$ Rewrite $1/$2 Continue
}
UrlToolkit {
ToolkitID = permalink
RequestURI exists Return
## process for 'special dirs' of Kloxo-MR
Match ^/(stats|awstats|awstatscss|awstats)(/|$) Return
## process for 'special dirs' of Kloxo-MR
Match ^/(cp|error|webmail|__kloxo|kloxo|kloxononssl|cgi-bin)(/|$) Return
Match ^/(css|files|images|js)(/|$) Return
Match ^/(favicon.ico|robots.txt|sitemap.xml)$ Return
Match /(.*)\?(.*) Rewrite /index.php?path=$1&$2
Match .*\?(.*) Rewrite /index.php?$1
Match .* Rewrite /index.php
}
FastCGIserver {
FastCGIid = php_for_admin
ConnectTo = /opt/configs/php-fpm/sock/admin.sock
Extension = php
}
FastCGIserver {
FastCGIid = php_for_apache
ConnectTo = /opt/configs/php-fpm/sock/apache.sock
Extension = php
}
CGIhandler = /usr/bin/perl:pl
#CGIhandler = /usr/bin/php5-cgi:php
CGIhandler = /usr/bin/python:py
CGIhandler = /usr/bin/ruby:rb
CGIhandler = /usr/bin/ssi-cgi:shtml
#CGIextension = cgi
Binding {
BindingId = port_nonssl
Port = 80
#Interface = 0.0.0.0
MaxKeepAlive = 120
TimeForRequest = 480
MaxRequestSize = 102400
## not able more than 100MB; hiawatha-9.3-2+ able until 2GB
MaxUploadSize = 2000
}
Binding {
BindingId = port_ssl
Port = 443
#Interface = 0.0.0.0
MaxKeepAlive = 120
TimeForRequest = 480
MaxRequestSize = 102400
## not able more than 100MB; hiawatha-9.3-2+ able until 2GB
MaxUploadSize = 2000
SSLcertFile = /home/kloxo/httpd/ssl/eth0___localhost.pem
}
### 'default' config
set var_user = apache
Hostname = 0.0.0.0
WebsiteRoot = /home/kloxo/httpd/default
ErrorLogfile = /var/log/hiawatha/error.log
AccessLogfile = /dev/null
EnablePathInfo = yes
UseGZfile = yes
FollowSymlinks = no
TimeForCGI = 3600
Alias = /error:/home/kloxo/httpd/error
ErrorHandler = 401:/error/401.html
ErrorHandler = 403:/error/403.html
ErrorHandler = 404:/error/404.html
ErrorHandler = 501:/error/501.html
ErrorHandler = 503:/error/503.html
#UserDirectory = public_html
#UserWebsites = yes
UseFastCGI = php_for_var_user
UseToolkit = block_shellshock, findindexfile, permalink
#StartFile = index.php
### end - web of initial - do not remove/modify this line
- /opt/configs/hiawatha/conf/defaults/init.conf (for hiawatha-proxy)
### begin - web of initial - do not remove/modify this line
## MR - NOTE:
## add 'header("X-Hiawatha-Cache: 10");' to index.php
UrlToolkit {
ToolkitID = block_shellshock
Header * \(\)\s*\{ DenyAccess
}
UrlToolkit {
ToolkitID = findindexfile
Match ^([^?]*)/(\?.*)?$ Rewrite $1/index.php$2 Continue
RequestURI isfile Return
Match ^([^?]*)/index\.php(\?.*)?$ Rewrite $1/index.html$2 Continue
RequestURI isfile Return
Match ^([^?]*)/index\.html(\?.*)?$ Rewrite $1/index.shtml$2 Continue
RequestURI isfile Return
Match ^([^?]*)/index\.shtml(\?.*)?$ Rewrite $1/index.htm$2 Continue
RequestURI isfile Return
Match ^([^?]*)/index\.htm(\?.*)?$ Rewrite $1/index.pl$2 Continue
RequestURI isfile Return
Match ^([^?]*)/index\.pl(\?.*)?$ Rewrite $1/index.py$2 Continue
RequestURI isfile Return
Match ^([^?]*)/index\.py(\?.*)?$ Rewrite $1/index.cgi$2 Continue
RequestURI isfile Return
Match ^([^?]*)/index\.cgi(\?.*)?$ Rewrite $1/index.rb$2 Continue
RequestURI isfile Return
Match ^([^?]*)/index\.rb(\?.*)?$ Rewrite $1/default.htm$2 Continue
RequestURI isfile Return
Match ^([^?]*)/default\.htm(\?.*)?$ Rewrite $1/Default.aspx$2 Continue
RequestURI isfile Return
Match ^([^?]*)/Default\.aspx(\?.*)?$ Rewrite $1/Default.asp$2 Continue
RequestURI isfile Return
Match ^([^?]*)/Default\.asp(\?.*)?$ Rewrite $1/$2 Continue
}
UrlToolkit {
ToolkitID = permalink
RequestURI exists Return
## process for 'special dirs' of Kloxo-MR
Match ^/(stats|awstats|awstatscss|awstats)(/|$) Return
## process for 'special dirs' of Kloxo-MR
Match ^/(cp|error|webmail|__kloxo|kloxo|kloxononssl|cgi-bin)(/|$) Return
Match ^/(css|files|images|js)(/|$) Return
Match ^/(favicon.ico|robots.txt|sitemap.xml)$ Return
Match /(.*)\?(.*) Rewrite /index.php?path=$1&$2
Match .*\?(.*) Rewrite /index.php?$1
Match .* Rewrite /index.php
}
FastCGIserver {
FastCGIid = php_for_admin
ConnectTo = /opt/configs/php-fpm/sock/admin.sock
Extension = php
}
FastCGIserver {
FastCGIid = php_for_devel
ConnectTo = /opt/configs/php-fpm/sock/devel.sock
Extension = php
}
FastCGIserver {
FastCGIid = php_for_anzip
ConnectTo = /opt/configs/php-fpm/sock/anzip.sock
Extension = php
}
FastCGIserver {
FastCGIid = php_for_forfree
ConnectTo = /opt/configs/php-fpm/sock/forfree.sock
Extension = php
}
FastCGIserver {
FastCGIid = php_for_henri
ConnectTo = /opt/configs/php-fpm/sock/henri.sock
Extension = php
}
FastCGIserver {
FastCGIid = php_for_ifos
ConnectTo = /opt/configs/php-fpm/sock/ifos.sock
Extension = php
}
FastCGIserver {
FastCGIid = php_for_jciyogya
ConnectTo = /opt/configs/php-fpm/sock/jciyogya.sock
Extension = php
}
FastCGIserver {
FastCGIid = php_for_tsatir
ConnectTo = /opt/configs/php-fpm/sock/tsatir.sock
Extension = php
}
FastCGIserver {
FastCGIid = php_for_spectra
ConnectTo = /opt/configs/php-fpm/sock/spectra.sock
Extension = php
}
FastCGIserver {
FastCGIid = php_for_kadek
ConnectTo = /opt/configs/php-fpm/sock/kadek.sock
Extension = php
}
FastCGIserver {
FastCGIid = php_for_nandin
ConnectTo = /opt/configs/php-fpm/sock/nandin.sock
Extension = php
}
FastCGIserver {
FastCGIid = php_for_transit
ConnectTo = /opt/configs/php-fpm/sock/transit.sock
Extension = php
}
FastCGIserver {
FastCGIid = php_for_riginta
ConnectTo = /opt/configs/php-fpm/sock/riginta.sock
Extension = php
}
FastCGIserver {
FastCGIid = php_for_wulan
ConnectTo = /opt/configs/php-fpm/sock/wulan.sock
Extension = php
}
FastCGIserver {
FastCGIid = php_for_backuper
ConnectTo = /opt/configs/php-fpm/sock/backuper.sock
Extension = php
}
FastCGIserver {
FastCGIid = php_for_apache
ConnectTo = /opt/configs/php-fpm/sock/apache.sock
Extension = php
}
CGIhandler = /usr/bin/perl:pl
#CGIhandler = /usr/bin/php5-cgi:php
CGIhandler = /usr/bin/python:py
CGIhandler = /usr/bin/ruby:rb
CGIhandler = /usr/bin/ssi-cgi:shtml
#CGIextension = cgi
Binding {
BindingId = port_nonssl
Port = 80
#Interface = 0.0.0.0
MaxKeepAlive = 120
TimeForRequest = 480
MaxRequestSize = 102400
## not able more than 100MB; hiawatha-9.3-2+ able until 2GB
MaxUploadSize = 2000
}
Binding {
BindingId = port_ssl
Port = 443
#Interface = 0.0.0.0
MaxKeepAlive = 120
TimeForRequest = 480
MaxRequestSize = 102400
## not able more than 100MB; hiawatha-9.3-2+ able until 2GB
MaxUploadSize = 2000
SSLcertFile = /home/kloxo/httpd/ssl/eth0___localhost.pem
}
### 'default' config
set var_user = apache
Hostname = 0.0.0.0
WebsiteRoot = /home/kloxo/httpd/default
ErrorLogfile = /var/log/hiawatha/error.log
AccessLogfile = /dev/null
EnablePathInfo = yes
UseGZfile = yes
FollowSymlinks = no
TimeForCGI = 3600
Alias = /error:/home/kloxo/httpd/error
ErrorHandler = 401:/error/401.html
ErrorHandler = 403:/error/403.html
ErrorHandler = 404:/error/404.html
ErrorHandler = 501:/error/501.html
ErrorHandler = 503:/error/503.html
IgnoreDotHiawatha = yes
#ReverseProxy ^/.* http://127.0.0.1:30080/ 90 keep-alive
ReverseProxy !\.(pl|cgi|py|rb|shmtl) http://127.0.0.1:30080/ 90 keep-alive
UseToolkit = block_shellshock, findindexfile
#StartFile = index.php
### end - web of initial - do not remove/modify this line
Mustafa Ramadhan
29 November 2014, 06:36
- /opt/configs/hiawatha/conf/domains/ra1.mratwork.com.conf (for hiawatha alone)
### begin - web of 'ra1.mratwork.com' - do not remove/modify this line
## MR - NOTE:
## add 'header("X-Hiawatha-Cache: 10");' to index.php
Directory {
Path = /home/kloxo/httpd/awstats/wwwroot/cgi-bin
PasswordFile = basic:/home/httpd/ra1.mratwork.com/__dirprotect/__stats
}
UrlToolkit {
ToolkitID = redirect_ra1_mratwork_com
#RequestURI exists Return
Match ^/kloxo(/|$) Redirect https://ra1.mratwork.com:7777/$1
Match ^/kloxononssl(/|$) Redirect http://ra1.mratwork.com:7778/$1
Match ^/webmail(/|$) Redirect http://webmail.ra1.mratwork.com/$1
Match ^/cp(/|$) Redirect http://cp.ra1.mratwork.com/$1
Match ^/stats(/|$) Redirect http://ra1.mratwork.com/awstats/awstats.pl
}
## cp for 'ra1.mratwork.com'
VirtualHost {
RequiredBinding = port_nonssl
set var_user = apache
UseGZfile = yes
FollowSymlinks = no
Hostname = cp.ra1.mratwork.com
WebsiteRoot = /home/kloxo/httpd/cp
EnablePathInfo = yes
TimeForCGI = 3600
Alias = /error:/home/kloxo/httpd/error
ErrorHandler = 401:/error/401.html
ErrorHandler = 403:/error/403.html
ErrorHandler = 404:/error/404.html
ErrorHandler = 501:/error/501.html
ErrorHandler = 503:/error/503.html
ExecuteCGI = yes
UseFastCGI = php_for_var_user
UseToolkit = block_shellshock, findindexfile, permalink
#StartFile = index.php
}
## webmail for 'ra1.mratwork.com'
VirtualHost {
RequiredBinding = port_nonssl
set var_user = apache
UseGZfile = yes
FollowSymlinks = no
Hostname = webmail.ra1.mratwork.com
WebsiteRoot = /home/kloxo/httpd/webmail
EnablePathInfo = yes
TimeForCGI = 3600
Alias = /error:/home/kloxo/httpd/error
ErrorHandler = 401:/error/401.html
ErrorHandler = 403:/error/403.html
ErrorHandler = 404:/error/404.html
ErrorHandler = 501:/error/501.html
ErrorHandler = 503:/error/503.html
ExecuteCGI = yes
UseFastCGI = php_for_var_user
UseToolkit = block_shellshock, findindexfile, permalink
#StartFile = index.php
}
## web for 'ra1.mratwork.com'
VirtualHost {
RequiredBinding = port_nonssl
set var_user = admin
UseGZfile = yes
FollowSymlinks = no
Hostname = ra1.mratwork.com, www.ra1.mratwork.com
WebsiteRoot = /home/admin/ra1.mratwork.com
EnablePathInfo = yes
Alias = /__kloxo:/home/admin/kloxoscript
WrapCGI = admin_wrapper
ScriptAlias = /cgi-bin:/home/admin/ra1.mratwork.com/cgi-bin
AccessLogfile = /home/httpd/ra1.mratwork.com/stats/ra1.mratwork.com-custom_log
ErrorLogfile = /home/httpd/ra1.mratwork.com/stats/ra1.mratwork.com-error_log
ScriptAlias = /awstats:/home/kloxo/httpd/awstats/wwwroot/cgi-bin
Alias = /awstatscss:/home/kloxo/httpd/awstats/wwwroot/css
Alias = /awstatsicons:/home/kloxo/httpd/awstats/wwwroot/icon
UserWebsites = yes
TimeForCGI = 3600
Alias = /error:/home/kloxo/httpd/error
ErrorHandler = 401:/error/401.html
ErrorHandler = 403:/error/403.html
ErrorHandler = 404:/error/404.html
ErrorHandler = 501:/error/501.html
ErrorHandler = 503:/error/503.html
ExecuteCGI = yes
UseFastCGI = php_for_var_user
UseToolkit = block_shellshock, redirect_ra1_mratwork_com, findindexfile, permalink
#StartFile = index.php
ShowIndex = no
}
## cp for 'ra1.mratwork.com'
VirtualHost {
RequiredBinding = port_ssl
SSLcertFile = /home/kloxo/httpd/ssl/eth0___localhost.pem
SecureURL = no
#MinSSLversion = TLS1.1
set var_user = apache
UseGZfile = yes
FollowSymlinks = no
Hostname = cp.ra1.mratwork.com
WebsiteRoot = /home/kloxo/httpd/cp
EnablePathInfo = yes
TimeForCGI = 3600
Alias = /error:/home/kloxo/httpd/error
ErrorHandler = 401:/error/401.html
ErrorHandler = 403:/error/403.html
ErrorHandler = 404:/error/404.html
ErrorHandler = 501:/error/501.html
ErrorHandler = 503:/error/503.html
ExecuteCGI = yes
UseFastCGI = php_for_var_user
UseToolkit = block_shellshock, findindexfile, permalink
#StartFile = index.php
}
## webmail for 'ra1.mratwork.com'
VirtualHost {
RequiredBinding = port_ssl
SSLcertFile = /home/kloxo/httpd/ssl/eth0___localhost.pem
SecureURL = no
#MinSSLversion = TLS1.1
set var_user = apache
UseGZfile = yes
FollowSymlinks = no
Hostname = webmail.ra1.mratwork.com
WebsiteRoot = /home/kloxo/httpd/webmail
EnablePathInfo = yes
TimeForCGI = 3600
Alias = /error:/home/kloxo/httpd/error
ErrorHandler = 401:/error/401.html
ErrorHandler = 403:/error/403.html
ErrorHandler = 404:/error/404.html
ErrorHandler = 501:/error/501.html
ErrorHandler = 503:/error/503.html
ExecuteCGI = yes
UseFastCGI = php_for_var_user
UseToolkit = block_shellshock, findindexfile, permalink
#StartFile = index.php
}
## web for 'ra1.mratwork.com'
VirtualHost {
RequiredBinding = port_ssl
SSLcertFile = /home/kloxo/httpd/ssl/eth0___localhost.pem
SecureURL = no
#MinSSLversion = TLS1.1
set var_user = admin
UseGZfile = yes
FollowSymlinks = no
Hostname = ra1.mratwork.com, www.ra1.mratwork.com
WebsiteRoot = /home/admin/ra1.mratwork.com
EnablePathInfo = yes
Alias = /__kloxo:/home/admin/kloxoscript
WrapCGI = admin_wrapper
ScriptAlias = /cgi-bin:/home/admin/ra1.mratwork.com/cgi-bin
AccessLogfile = /home/httpd/ra1.mratwork.com/stats/ra1.mratwork.com-custom_log
ErrorLogfile = /home/httpd/ra1.mratwork.com/stats/ra1.mratwork.com-error_log
ScriptAlias = /awstats:/home/kloxo/httpd/awstats/wwwroot/cgi-bin
Alias = /awstatscss:/home/kloxo/httpd/awstats/wwwroot/css
Alias = /awstatsicons:/home/kloxo/httpd/awstats/wwwroot/icon
UserWebsites = yes
TimeForCGI = 3600
Alias = /error:/home/kloxo/httpd/error
ErrorHandler = 401:/error/401.html
ErrorHandler = 403:/error/403.html
ErrorHandler = 404:/error/404.html
ErrorHandler = 501:/error/501.html
ErrorHandler = 503:/error/503.html
ExecuteCGI = yes
UseFastCGI = php_for_var_user
UseToolkit = block_shellshock, redirect_ra1_mratwork_com, findindexfile, permalink
#StartFile = index.php
ShowIndex = no
}
### end - web of 'ra1.mratwork.com' - do not remove/modify this line
Mustafa Ramadhan
29 November 2014, 06:44
- /opt/configs/hiawatha/conf/proxies/ra1.mratwork.com.conf (for hiawatha-proxy)
Note: unable post the code because error 'Message seen as spam.'
Note: unable post the code because error 'Message seen as spam.'
Hugo Leisink
29 November 2014, 07:21
I see several virtual hosts in your configuration file with no AccessLogfile setting. Because of that, the default access logfile (/var/log/hiawatha/access.log) will be created.
Mustafa Ramadhan
8 December 2014, 04:21
In Hiawatha 9.9, still need 'AccessLogfile = /dev/null' to DISABLE of AccessLog?.
Hugo Leisink
8 December 2014, 11:14
No, you can set it to 'none'.
Mustafa Ramadhan
8 December 2014, 17:13
Thanks.
One question: what's different between:
and
in context to prevent vulnerability?
One question: what's different between:
## from https://www.hiawatha-webserver.org/weblog/77
UrlTookit {
ToolkitID = block_shellshock
Header * \(\)\s+\{ DenyAccess
}
and
## https://www.hiawatha-webserver.org/weblog/76
UrlTookit {
ToolkitID = block_bash_exploit
Header User-Agent \(\)\s*\{ DenyAccess
Header Referer \(\)\s*\{ DenyAccess
}
in context to prevent vulnerability?
Mustafa Ramadhan
8 December 2014, 17:28
Set 'AccessLogfile = none' will appear 'Starting Hiawatha web server: Syntax error in /opt/configs/hiawatha/conf/defaults/init.conf on line 195.'
Hugo Leisink
8 December 2014, 17:32
Damn, bug. Add 'return true;' to line 1296 in src/serverconfig.c:
if (strcasecmp(value, "none") == 0) {
host->access_logfile = NULL;
return true;
} else {
Kapageridis Stavros
17 December 2014, 22:30
Hugo, the fix is included in v9.9 or we must do it manual ?
Hugo Leisink
18 December 2014, 07:41
Yes, I discovered this bug shortly after releasing 9.9, so I fixed it in the 9.9 source. So, if you downloaded it recently, you already got the fix.
Kapageridis Stavros
18 December 2014, 09:33
Thank you Hugo.
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
