Synetech's questions

Is there a way to create a (self-signed) certificate that will cover all localhost IPs such as the full range for 127?

I tried both 127.* and 127.*.*.* but neither worked; I still got SSL error pages warning me that the the page (e.g., 127.2.3.4) did not match the certificate and/or was not a trusted root, despite the fact that I had made sure to close the browser, remove the old one, and install the new one each time.

There’s some webpages that show how to use wildcards in subdomains, but not IPs.

I have created a portable (relative paths) Apache installation. It works perfectly on my 32-bit system, but when I try to run it on a 64-bit system, it gives the following error:

>httpd -t
httpd: Syntax error on line … of …/httpd.conf: Cannot load …/modules/mod_ssl.so into server: %1 is not a valid Win32 application.

If I comment out the line that includes SSL.conf, then the server runs on the 64-bit system, but of course without SSL support.

I have tried searching for this but cannot find anything helpful. Does anybody know how to get Apache to use SSL on a 64-bit system (preferably in a way that is compatible with a 32-bit system)?

It is possible to use environment variables in an Apache .conf file, but what about MySQL, is there a way to use them in the MySQL configuration file (my.ini/my.cfg)?

The closest thing I could find was a MySQL man-page that mentions some variables but does not indicate how to use them or if they are even system variables or internal variables.

In my case, I need a way to specify that the logs should be stored in a subdirectory of the system temp-directory, but cannot figure out how to indicate that. For example:

log-error="${temp}/MySQL_Logs/error.log"
innodb_log_group_home_dir="%temp%/PS_Logs/Logs/MySQL/"
?

I was wondering if there are any benefits or common use-cases in which using separate Apache logs (access, agent, error, and referer) is better than using a single combined log file. I tried Googling it, but it seems that an analysis has not really been done on this particular dilemma.

Traditionally I have used separate ones simply because it made sense to separate data into groups (of course in another way, it is actually splitting grouped data; i.e., any given access is being split into multiple pieces—which means viewing four files at the same time and trying to keep them synchronized to the same timestamp).

I haven’t used too many log analyzers, but I suspect that at least some work better (or at all) with combined logs.

So is there a good reason to use separate over combined?

Is there a way to let Apache access the system environment variables? I know it has its own environment and can pass them to spawned processes like PHP, but is there a way to let the server itself access the system’s variables?

In this specific case, what I want to do is to configure Apache to put log files in a folder pointed to by an environment variable (let’s use TEMP as an easy example). Unfortunately I cannot find anything helpful because it is a somewhat unusual task. Using the following won’t work:

CustomLog "%{TEMP}e/access.log" common

The man page says to use the OS to modify system variables, but it says nothing about accessing them.

Is there a way for Apache to access system variables? Is there a way to put log files in a variable location? (I am willing to update Apache if necessary.)

I recently had an incident in which several MySQL files were wiped out (mostly from WordPress, but also a few of MySQL’s own files). The IBDATA1 file is unaffected, but several .frm are gone as are a few .myi and .myd files.

So now I need to find out if there is a way to rebuild the missing files from IBDATA1. I tried Googling it, assuming that such an issue has come up before, and indeed there were numerous search results (including this question), but all of the ones I looked at were the opposite, about recovering from .frm and .my* files or somehow required these files.

Is there a way to rebuild these files? I know I have a relatively recent backup (a .SQL file) if there isn’t, but I’m hoping that these are the kind of files that are rebuilt if missing or outdated.

I want to add a crossover to my network toolbox. Aside from an actual an actual crossover cable, I like the idea of an adapter (figure 1). There are crossover adapters available online, but I’m wondering about making one out of an Ethernet coupler (figure 2).

There are plenty of pages that show wiring diagrams for crossover cables, but it’s pretty confusing because there are several different wiring schemes depicted. Further, while it should only be needed with two 10/100 NICs, I want to make sure it doesn’t cause trouble if one or both of the NICs are GbE (I’m worried about damaging a NIC if the wires are not connected correctly).

Can anybody tell me whether there are any caveats about making a crossover from a coupler instead of a cable and which wires should be crossed?

Figure 1: Crossover adapter

Figure 2: Ethernet coupler

Yesterday I dumped my MySQL databases to an SQL file and renamed the ibdata1 file. I then recreated it and imported the SQL file and moved the new ibdata1 file to my MySQL data directory, deleting the old one.

I’ve done it before without issue, however this time something is not right. When I examine the (personal, not MySQL config) databases, they are all there, but they are empty… sort of. The data directory still has the .ibd files with the correct content in them and I can view the table list in the databases, but not the tables themselves. (I have file-per-table enabled, and am using InnoDB as default for everything.)

For example with the urls database and its urls table, I can successfully open mysql.exe or phpMyAdmin and use urls;. I can even show tables; to see the expected table, but then when I try to describe urls; or select * from urls;, it complains that the table does not exist (even though it just listed it). (The MySQL Administrator lists the databases, but does not even list the tables, it indicates that the dbs are completely empty.)

The problem now is that I have already deleted the SQL file (and cannot recover it even after scouring my hard-drive). So I am trying to figure out a way to repair these databases/tables. I can’t use the table repair function since it complains that the table does not exist, and I can’t dump them because again, it complains that the tables don’t exist.

Like I’ve said, the data itself is still present in the .ibd files and the table names are present. I just need a way to get MySQL to recognize that the tables exist in the databases (I can find the column names of the tables in question in the ibdata1 file using a hex-editor).

Any idea how I can repair this type of corruption? I don’t mind rolling up my sleeves, digging in, and taking a bunch of steps to fix it.

Thanks a lot.

I’m exhausted. I just spent the last two hours chasing a goose that I have been after on-and-off for the past year. Here is the goal, put as succinctly as possible.

Step 1: HOSTS File:

127.0.0.5 NastyAdServer.com
127.0.0.5 xssServer.com
127.0.0.5 SQLInjector.com
127.0.0.5 PornAds.com
127.0.0.5 OtherBadSites.com
…

Step 2: Apache httpd.conf

<VirtualHost 127.0.0.5:80>
    ServerName BlackHole
    DocumentRoot "X:\Docs\…\BlackHole"
    RewriteEngine On
    RewriteRule (\.(gif|jpg|png|jpeg)$) /p.png [L]
    RewriteRule (.*) /ad.htm [L]
</VirtualHost>

So basically what happens is that the HOSTS file redirects designated domains to the localhost, but to a specific loopback IP address. Apache listens for any requests on this address and serves either a transparent pixel graphic, or else an empty HTML file. Thus, any page or graphic on any of the bad sites is replaced with nothing (in other words an ad/malware/porn/etc. blocker).


This works great as is (and has been for me for years now). The problem is that these bad things are no longer limited to just HTTP traffic. For example:

<script src="http://NastyAdServer.com:99">
or
<iframe src="https://PornAds.com/ad.html">
or a Trojan using
ftp://spammaster.com/[email protected];[email protected];[email protected]
or an app “phoning home” with private info in a crafted ICMP packet by pinging
CardStealer.ru:99

Handling HTTPS is a relatively minor bump. I can create a separate VirtualHost just like the one above, replacing port 80 with 443, and adding in SSL directives. This leaves the other ports to be dealt with.

I tried using * for the port, but then I get overlap errors. I tried redirecting all request to the HTTPS server and visa-versa but neither worked; either the SSL requests wouldn’t redirect correctly or else the HTTP requests gave the You’re speaking plain HTTP to an SSL-enabled server port… error. Further, I cannot figure out a way to test if other ports are being successfully redirected (I could try using a browser, but what about FTP, ICMP, etc.?)


I realize that I could just use a port-blocker (eg ProtoWall, PeerBlock, etc.), but there’s two issues with that. First, I am blocking domains with this method, not IP addresses, so to use a port-blocker, I would have to get each and every domain’s IP, and update theme frequently. Second, using this method, I can have Apache keep logs of all the ad/malware/spam/etc. requests for future analysis (my current BlackHole logs are already 466MB right now).

I appreciate any help in successfully setting up an Apache VirtualHost blackhole. Thanks.

I am running an Apache webserver on my Windows machine. It is not generally a public server (most of the little bit of traffic comes from the machine itself, and most of the public traffic comes from crawlers). Basically, it is mostly just for use as a test-bed, development system.

I have read about how running PHP as FastCGI is better (ie faster and more stable) than as an Apache module. However, I really don’t like the idea of multiple PHP.exe processes (I don’t like that Apache has two processes and I’m not even too thrilled with Chromium’s multi-process model).

So I’m wondering if it would be worthwhile to change PHP to FastCGI for this scenario. If it is, how would I configure it? Pretty much all of the information I have seen has been either for non-Windows or for IIS. As I said, I’m running Windows+Apache.

Thanks a lot.

I want to use the -f command-line option for the Apache server so that I can store the conf files in a separate place (a data diectory) from the server binaries.

The problem is that I use the Include directive to separate and organize the configurations, but when I use a command like Include "addons/SVN.conf", it fails because Apache looks for addons/SVN.conf in relative to the ServerRoot directory instead of the ServerConfigFile directory.

I can work around this by using absolute paths (eg Include "e:\foo\bar\baz\Apache\conf\addons\svn.conf", but I don’t like that since it means I would have to change each and every Include directive if I move the conf folder as opposed to simply changing the -f option.

Does anyone know of a way to get the Include directive to work relative to the conf file that Apache is passed. I tried Include "./addons/SVN.conf", but that too was relative to the ServerRoot. This forced relative-to-ServerRoot Include behavior kind of defeats the whole purpose of specifying an alternate config file to the one in ServerRoot/conf.

Thanks.

I am baffled by some entries in my server logs, specifically the web-server logs. Other than normal, expected traffic, I have noticed three types of request errors (eg 404, etc.):

1. Broken links, ie links from old, external pages that point to pages that are no longer here
2. Sequences of probes, ie some jerk trying to hack in by scanning my server for a series of exploitable admin type pages and such
3. What appear to be completely random requests for things that have never existed on the server or even have anything to do with the server, and appear by themselves (ie not a series of requests like the probes)

Could it somehow be a mistyped URL or IP? That’s about the only thing that I can think of, but still, how could I get a request on say, foobar.dyndns.org (12.34.56.78) for something like www.wantsfly.com/prx2.php or /MNG/LIVE or http://ant.dsabuse.com/abc.php?auth=45V456b09m&strPassword=X%5BMTR__CBZ%40VA&nLoginId=43. (Those are a few actual requests from my logs.)

Can someone please explain scenario three to me? Thanks.

I recently overhauled my router’s firewall rules. I erased everything and added minimal permissions for the ports that I need to be open. However I found that Blogger was no longer able to publish to my system’s FTP server. I was able to fix it by setting my router to allow both TCP and UDP on my FTP port, where I had previously set it to only allow TCP.

Now I’m worried that other things (like HTTP/SVN/MySQL/etc.) could be incorrectly blocked because I have everything else set block UDP—or more accurately, to only allow traffic over TCP on the specified ports.

How can I find out which protocols various web-services use? For example, if I have the router set to allow Subversion traffic on port 3690, should I allow TCP, UDP, or BOTH? What about Telnet, POP3, HTTPS, and so on?

Thanks.

I’ve got a virtual host in my Apache config to deal with ads, spam, and malware sites. It works by having bad servers redirect to a specific loopback address that is mapped to the virtual host via the HOSTS file.

Using the following directives, I have been able to replace any pages from bad servers with something like [ad] and any graphics from bad servers with a local 1x1, transparent PNG file.

RewriteRule \.(gif|jpg|png|jpeg)$ /1x1-trans.png
ErrorDocument 404 "<p>[ad]</p>"

However recently, I have seen pages with broken IMG tags because they use a SRC without a file extension.

<img src="http://badserver.com/adsandjunk/foobar;tile=4;sz=575x90;othervariables=stuff?">

I tried using

RewriteRule ^.*$ "<p>ad</p>" [L]

But that gives the broken image placeholders again. Using this

RewriteRule ^.*$ /1x1-trans.png [L]

Fixes the images, but then any non-images (like pages, frames, etc.) pop up a Save As dialog for the PNG.

How can I get Apache to replace graphics (ie any IMG tag) with a graphic and everything else with a bit of HTML?

Thanks a lot.

I’ve got Subversion installed as an Apache module and it is set up and works just fine. The only problem is that I get all of the SVN stuff (eg PROPFIND, OPTIONS, etc.) logged to the same .LOG file as normal web accesses. I am trying to figure out how to get the SVN module to report to a custom log file.

Here is the part of my Apache conf file that loads the SVN module. I tried doing it with the CustomLog directive (as seen at the bottom), but that did not work.

################################################
#Subversion modules
LoadModule  dav_svn_module    "C:/SVN/bin/mod_dav_svn.so"
LoadModule  authz_svn_module  "C:/SVN/bin/mod_authz_svn.so"

# Configure Subversion repository
# This configures Apache so that all your Subversion repositories
# are available at http://myserver/svn/[repositoryName]
# The access is restricted to known users/passwords.
<Location             /svn/>
  DAV                 svn
  SVNIndexXSLT        "/svnindex.xsl"
  SVNParentPath       "C:/SVNRep/Repository/"
  SVNListParentPath   on
# SVNPath             "C:/SVNRep/Repository/" #for single repository 
  SVNPathAuthz        off
# SVNMasterURI        http://localhost/svn/ #for write-through proxying
  AuthType            Basic
  AuthName            "My Subversion repositories"
  AuthUserFile        "C:/SVNRep/passwd"
  Require             valid-user
  AuthzSVNAccessFile  "C:/SVNRep/acl"
</Location>
CustomLog "C:/Logs/Apache/SVN.log"  "%t %u %{SVN-ACTION}e" env=SVN-ACTION
################################################

Any ideas?

Thanks a lot.