We're trying to clean up one of our systems as much as possible & have found that despite our attempts to block, users are accessing a certain part of our system through a HTTP GET with their password in the URL. This results in our Apache logs recording their password in plain text on the server.
Is there an Apache directive or module that can filter out (or replace) certain patterns in its logs?
I am attempting to set up an LDAP "tunnel" to work around an application that requires a configuration slightly different to my environment.
I need to be able to bind as USER1 to an LDAP server & retrieve data that the user does not have access to, but a second user (USER2) does. Effectively authentication should be USER1 but then data retrieval done using USER2 for authorization.
So far I've looked in to using OpenLDAP's 'meta' backend to set up a kind-of tunnel but can't seem to get the configuration right. Here's my config running on the meta server attempting to tunnel to SERVER1 (the real server).
database meta
suffix o=me
uri "ldap://SERVER1/o=me"
And I've tried different variations around this bit but can't get anything that works. USER1 is the original low-priv user and USER2 is the escalated user.
idassert-bind bindmethod=simple binddn="cn=USER2,o=me" credentials="secret" mode=none
idassert-authzFrom "dn.exact:cn=USER1,o=me"
The 'test' case is this:
ldapsearch -h METASERVER -D "cn=USER1,o=me" -W -x -b "ou=what,o=me" cn=somethinghidden
I'm looking for a mailing list solution that meets a few criteria:
The end-goal is to create a mailing list (or lists) where certain staff are included by default (e.g. all technical departments) but users can opt in or out at their leisure. I want to ensure that all new staff get automatically added, but also that edge cases (e.g. seconded non-technical staff or project managers in technical teams) can opt in or out (respectively) if they wish.
We use both Active Directory and LDAP and have them both heavily populated with useful data. We also use Exchange so if there's a way we can do it there I'd be happy to hear it.
Commercial solutions are definitely not excluded, but free (as in dollars) would be preferred. I don't mind a bit of manual glue scripting but something all-inclusive would be preferred. Linux or Windows OS both OK.
TIA!
I'm attempting to implement cross-domain HTTP access control without touching any code.
I've got my Apache(2) server returning the correct Access Control headers with this block:
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Methods "POST, GET, OPTIONS"
I now need to prevent Apache from executing my code when the browser sends a HTTP OPTIONS request (it's stored in the REQUEST_METHOD environment variable), returning 200 OK.
How can I configure Apache to respond "200 OK" when the request method is OPTIONS?
I've tried this mod_rewrite block, but the Access Control headers are lost.
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
I'm running a web site under a shared hosting environment (it's Dreamhost, if it makes a difference) and attempting to use SetEnv from within a .htaccess file.
Everything else in the .htaccess file is working fine and Apache is not generating errors.
Since SetEnv requires Override FileInfo (ref), I figure that's my problem. I have a Perl script dumping out %ENV to test my config changes, but nothing I've tried works.
How can I test that AllowOverride FileInfo is enabled?
I'm trying to collect some stats on how much time is spent 'waiting' for certain fairly short running tasks so I can justify purchase of some automated tools. I've written bash function wrappers around a few common tasks I do using the GNU time utility along the lines of this:
function something() {
/usr/bin/time -o ~/wastedtime.log -a $path_to_original "$@"
}
I would now like to extend this a little further to a few more scripts & if possible catch the timings for other users on the same machine. I'm using a bash to syslog patch already.
What utilities exist to automatically record the execution times of commands & their arguments?