[thelist] Avoiding getting sued
Bird, Graham
Graham.Bird at rspb.org.uk
Mon Nov 1 06:10:03 CST 2004
-----Original Message-----
From: thelist-request at lists.evolt.org
[mailto:thelist-request at lists.evolt.org]
Sent: None
To: thelist at lists.evolt.org
Subject: thelist Digest, Vol 21, Issue 1
Send thelist mailing list submissions to
thelist at lists.evolt.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.evolt.org/mailman/listinfo/thelist
or, via email, send a message with subject or body 'help' to
thelist-request at lists.evolt.org
You can reach the person managing the list at
thelist-owner at lists.evolt.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of thelist digest..."
Today's Topics:
1. Re: Hide IIS6 Banner (Scott Dexter)
2. [apache] multiple applications (domains) on one server
(Paul Bennett)
3. Where is this from? (Chris Ditty)
4. Re: [apache] multiple applications (domains) on one server
(Hassan Schroeder)
5. Re: [apache] multiple applications (domains) on one
server (jsWalter)
6. Tip Harvest for the Week of Monday Oct 25, 2004
7. Submitting PDF search engines (Scott Wolpow)
8. Avoiding getting sued (Bird, Graham)
9. RE: Avoiding getting sued (Roger Newbrook)
----------------------------------------------------------------------
Date: Sun, 31 Oct 2004 05:48:24 -0800 (PST)
From: Scott Dexter <dexilalolai at yahoo.com>
To: Ken Schaefer <ken.schaefer at gmail.com>,
"thelist at lists.evolt.org" <thelist at lists.evolt.org>
Subject: Re: [thelist] Hide IIS6 Banner
Message-ID: <20041031134824.31989.qmail at web80411.mail.yahoo.com>
In-Reply-To: <11de06e20410310020121b3974 at mail.gmail.com>
Content-Type: text/plain; charset=us-ascii
MIME-Version: 1.0
Precedence: list
Reply-To: "thelist at lists.evolt.org" <thelist at lists.evolt.org>
Message: 1
> >
> > Because if I know what kind of server it is, I can plan my attack
> > strategy accordingly. It's called a passive attack. I investigate
> > what I'm dealing with, "Ooh! IIS6!" and go from there, "I can use
> xyz
> > attack to break in!"
>
> Doing this is generally called "security through obscurity", and if
> you talk to security people, they will tell you that "security
> through
> obscurity is not real security".
>
I never said this was a pancea :) Yes, I agree (and understand) that
this alone doesn't do much, but Every Little Bit Helps(tm), no?
------------------------------
Date: Mon, 01 Nov 2004 09:44:57 +1300
From: Paul Bennett <paul at web-business-pack.com>
To: "thelist at lists.evolt.org" <thelist at lists.evolt.org>
Subject: [thelist] [apache] multiple applications (domains) on one server
Message-ID: <41854EC9.5050507 at web-business-pack.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Precedence: list
Reply-To: "thelist at lists.evolt.org" <thelist at lists.evolt.org>
Message: 2
Hi there,
I am an Apache N00b who is getting to grips with documentroot,
virtualhost ect.
Q: I have ny current documentroot (dev server) set up to one application
directory
eg: /public/application1/
Trouble is I now want to also run and develop for /public/application2/
and apache sees doc root as inside public/application1 /
I know it is possible to run multiple sites / applications on one server
and have had a luckless try with virtualhost in the httpd.conf file, can
anyone give me some pointers as to how this can be set up?
(this is on apache 1.3.27 -> Win2k if that makes a difference)
Many thanks,
Paul B
------------------------------
Date: Sun, 31 Oct 2004 15:18:30 -0600
From: Chris Ditty <cditty at gmail.com>
To: TheList <thelist at lists.evolt.org>
Subject: [thelist] Where is this from?
Message-ID: <a2430d82041031131874150abf at mail.gmail.com>
Content-Type: text/plain; charset=US-ASCII
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Precedence: list
Reply-To: Chris Ditty <cditty at gmail.com>, "thelist at lists.evolt.org"
<thelist at lists.evolt.org>
Message: 3
Does anyone know where this image is from?
http://www.getprobed.com/lizard.png
I found it a LONG time ago and saved it to my computer. I believe it
is part of a images package as it most likely came from one of those
$25 logo sites. I would really like to use it, but want to get the
whole package first. I know it is not from those clickart/corel type
packages. The detail is just too good for one of them. (Besides,
I've looked.) :)
Thanks
Chris
------------------------------
Date: Sun, 31 Oct 2004 14:54:10 -0800
From: Hassan Schroeder <hassan at webtuitive.com>
To: "thelist at lists.evolt.org" <thelist at lists.evolt.org>
Subject: Re: [thelist] [apache] multiple applications (domains) on one
server
Message-ID: <41856D12.7010303 at webtuitive.com>
In-Reply-To: <41854EC9.5050507 at web-business-pack.com>
References: <41854EC9.5050507 at web-business-pack.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Precedence: list
Reply-To: "thelist at lists.evolt.org" <thelist at lists.evolt.org>
Message: 4
Paul Bennett wrote:
> I am an Apache N00b who is getting to grips with documentroot,
> virtualhost ect.
>
> Q: I have ny current documentroot (dev server) set up to one application
> directory
> eg: /public/application1/
>
> Trouble is I now want to also run and develop for /public/application2/
> and apache sees doc root as inside public/application1 /
>
> I know it is possible to run multiple sites / applications on one server
> and have had a luckless try with virtualhost in the httpd.conf file, can
> anyone give me some pointers as to how this can be set up?
Have you read this:
<http://httpd.apache.org/docs/vhosts/name-based.html>
Basically, as the above says, it's just:
NameVirtualHost *
<VirtualHost *>
ServerName www.domain.tld
DocumentRoot /www/domain
</VirtualHost>
<VirtualHost *>
ServerName www.otherdomain.tld
DocumentRoot /www/otherdomain
</VirtualHost>
If your configuration isn't working, run Apache -S to get a config
test, and post the result and your httpd.conf...
--
Hassan Schroeder ----------------------------- hassan at webtuitive.com
Webtuitive Design === (+1) 408-938-0567 === http://webtuitive.com
dream. code.
------------------------------
Date: Sun, 31 Oct 2004 17:29:37 -0600 (CST)
From: "jsWalter" <jsWalter at torres.ws>
To: "thelist at lists.evolt.org" <thelist at lists.evolt.org>
Subject: Re: [thelist] [apache] multiple applications (domains) on one
server
Message-ID: <2961.69.208.165.232.1099265377.squirrel at mail.braverock.com>
In-Reply-To: <41854EC9.5050507 at web-business-pack.com>
References: <41854EC9.5050507 at web-business-pack.com>
Content-Type: text/plain;charset=iso-8859-1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: list
Reply-To: jsWalter at torres.ws, "thelist at lists.evolt.org"
<thelist at lists.evolt.org>
Message: 5
> Hi there,
> I am an Apache N00b who is getting to grips with documentroot,
> virtualhost ect.
>
> Q: I have ny current documentroot (dev server) set up to one application
> directory eg: /public/application1/
>
>
> Trouble is I now want to also run and develop for /public/application2/
> and apache sees doc root as inside public/application1 /
>
> I know it is possible to run multiple sites / applications on one server
> and have had a luckless try with virtualhost in the httpd.conf file, can
> anyone give me some pointers as to how this can be set up?
>
> (this is on apache 1.3.27 -> Win2k if that makes a difference)
Win2k is the not tissue here.
The issue is whether you are using this for internal development/testing
or for public access..
If internal, it's easy.
If external, just a bit harder.
you need each domain to resolve to either:
1) it own IP
2) the same IP
Your DNS server must tell your server tis info as well.
(I have this info in my HOST file, since I do this for internal dev/test
only).
I have this at the bottom of my httpd.conf file:
#
# This directory is used to store configuration files for individually
# packaged modules, such as mod_ssl, mod_perl, and php.
# This will open ONLY .conf files!
#
include conf.d/*.conf
#
# This directory is used to store configuration files for virtual hosts
# on this system
#
# This will open ONLY .conf files!
#
include conf.vh/*.conf
in the conf.d directory, I have all my confioguration files for Per, PHP,
mod_perl, SSL
in the conf.vh directory I have an individual file for each domain I handle.
This is the first file in there..
a_virtual_hosts.conf
It HAS to load first, thus the 'a underscore'.
Hi Roger,
Thanks - a T&C that has to be accepted does sound like a good idea. I'm
particularly interested in whether anyone on here has done something similar
(legally 'safe' reviews online).
Other ideas are more than welcome.
Cheers,
Graham
...
More information about the thelist
mailing list
