Thread View: gmane.comp.apache.apacheweek
1 messages
1 total messages
Started by Apache Week
Fri, 09 Jan 2004 17:17
Apache Week issue 340
Author: Apache Week
Date: Fri, 09 Jan 2004 17:17
Date: Fri, 09 Jan 2004 17:17
90 lines
4103 bytes
4103 bytes
APACHE WEEK
The essential weekly guide for users of the world's most popular Web server.
Issue 340: 9th January 2004
In this issue
* Under development
* Featured articles
* Apache Week giveaway
Under development
A new module, mod_log_forensic, was committed to both the 2.1
development tree and the 1.3 tree by [1]Ben Laurie over the New
Year. The module writes each request (including headers) to a log
file before request processing begins, including a unique request
ID. After request processing is completed, the unique ID is again
logged to the log file. If a security issue is exploited on a
server running mod_log_forensic, crashing a child process, the log
can then be used to discover exactly what request was used in the
exploit, allowing further investigation.
There has been some discussion about a security fix committed last
month; the patch for [2]CAN-2003-0020 ensures that any unsafe
characters are escaped before being written to the error log. This
prevents attackers from being able to create fake log entries and
also prevents the error log being used for exploits of escape
sequence processing bugs in terminal emulators. However, some users
are used to being able to log multi-line error messages from
modules or CGI scripts: such messages now get the newline character
escaped. A compile-time option has been proposed to disable the
error log escaping as a workaround.
Featured articles
In this section we highlight some of the articles on the web that
are of interest to Apache users.
Rich Bowen shares his dislike for the word 'virtual' in day two of
[3]"A Day in the Life of #Apache". This article looks at some of
the problems users have dealing with the configuration of virtual
hosts.
The Mercury News talks to [4]Brian Behlendorf in their article
[5]"Luminary in open-source movement developed the Apache Web
server"
[6]"Who's Patching Open Source?" asks Enterprise Linux IT. The
answer of course depends on what the software is, and the article
looks at the differences between support and security updates in
closed source and open source software.
Apache Week giveaway
Congratulations to the four lucky winners of our last book
competition. Amongst the winners were Simon Boase (UK), Erik Abele
(Germany), and Michael Zaleski (USA) - your books are in the post.
We were pretty impressed with this O'Reilly book. Read the
[7]Apache Week review of Practical mod_perl and look out for more
book competitions and reviews of Apache related books coming soon.
______________________________________________________________
This issue brought to you by: Mark J Cox, Joe Orton
Comments or criticisms? Please email us at
[8]editors@apacheweek.com.
[9]Apache Week is Copyright 2003 [10]Red Hat, Inc.
References
1. http://httpd.apache.org/contributors/#laurie
2. http://cve.mitre.org/cgi-bin/cvename.cgi?nameΓN-2003-0020
3. http://www.onlamp.com/pub/a/apache/2004/01/08/apacheckbk.html
4. http://httpd.apache.org/contributors/#behlendorf
5. http://www.mercurynews.com/mld/mercurynews/business/7532827.htm
6. http://enterprise-linux-it.newsfactor.com/story.xhtml?story_id"959
7. http://www.apacheweek.com/features/book-practicalmodperl
8. mailto:editors@apacheweek.com
9. http://www.apacheweek.com/
10. http://www.redhat.com/
----------------------------------------------------------------------
To unsubscribe visit https://www.redhat.com/mailman/listinfo/apacheweek
or send the message "unsubscribe" to apacheweek-request@redhat.com
----------------------------------------------------------------------
Thread Navigation
This is a paginated view of messages in the thread with full content displayed inline.
Messages are displayed in chronological order, with the original post highlighted in green.
Use pagination controls to navigate through all messages in large threads.
Back to All Threads