archive-de.com » DE » K » KW-BERLIN.DE

Total: 256

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • SSL/TLS Strong Encryption: Compatibility - Apache HTTP Server
    renamed SSL X509VerifyDir arg SSLCACertificatePath arg renamed SSL Log file SSLLogFile file renamed SSL Connect flag SSLEngine flag renamed SSL ClientAuth arg SSLVerifyClient arg renamed SSL X509VerifyDepth arg SSLVerifyDepth arg renamed SSL FetchKeyPhraseFrom arg not directly mappable use SSLPassPhraseDialog SSL SessionDir dir not directly mappable use SSLSessionCache SSL Require expr not directly mappable use SSLRequire SSL CertFileType arg functionality not supported SSL KeyFileType arg functionality not supported SSL X509VerifyPolicy arg functionality not supported SSL LogX509Attributes arg functionality not supported Stronghold 2 x compatibility StrongholdAccelerator engine SSLCryptoDevice engine renamed StrongholdKey dir functionality not needed StrongholdLicenseFile dir functionality not needed SSLFlag flag SSLEngine flag renamed SSLSessionLockFile file SSLMutex file renamed SSLCipherList spec SSLCipherSuite spec renamed RequireSSL SSLRequireSSL renamed SSLErrorFile file functionality not supported SSLRoot dir functionality not supported SSL CertificateLogDir dir functionality not supported AuthCertDir dir functionality not supported SSL Group name functionality not supported SSLProxyMachineCertPath dir SSLProxyMachineCertificatePath dir renamed SSLProxyMachineCertFile file SSLProxyMachineCertificateFile file renamed SSLProxyCipherList spec SSLProxyCipherSpec spec renamed Environment Variables The mapping between environment variable names used by the older SSL solutions and the names used by mod ssl is given in Table 2 Table 2 Environment Variable Derivation Old Variable mod ssl Variable Comment SSL PROTOCOL VERSION SSL PROTOCOL renamed SSLEAY VERSION SSL VERSION LIBRARY renamed HTTPS SECRETKEYSIZE SSL CIPHER USEKEYSIZE renamed HTTPS KEYSIZE SSL CIPHER ALGKEYSIZE renamed HTTPS CIPHER SSL CIPHER renamed HTTPS EXPORT SSL CIPHER EXPORT renamed SSL SERVER KEY SIZE SSL CIPHER ALGKEYSIZE renamed SSL SERVER CERTIFICATE SSL SERVER CERT renamed SSL SERVER CERT START SSL SERVER V START renamed SSL SERVER CERT END SSL SERVER V END renamed SSL SERVER CERT SERIAL SSL SERVER M SERIAL renamed SSL SERVER SIGNATURE ALGORITHM SSL SERVER A SIG renamed SSL SERVER DN SSL SERVER S DN renamed SSL SERVER CN SSL SERVER S DN CN renamed SSL SERVER EMAIL SSL SERVER S DN Email renamed SSL SERVER O SSL SERVER S DN O renamed SSL SERVER OU SSL SERVER S DN OU renamed SSL SERVER C SSL SERVER S DN C renamed SSL SERVER SP SSL SERVER S DN SP renamed SSL SERVER L SSL SERVER S DN L renamed SSL SERVER IDN SSL SERVER I DN renamed SSL SERVER ICN SSL SERVER I DN CN renamed SSL SERVER IEMAIL SSL SERVER I DN Email renamed SSL SERVER IO SSL SERVER I DN O renamed SSL SERVER IOU SSL SERVER I DN OU renamed SSL SERVER IC SSL SERVER I DN C renamed SSL SERVER ISP SSL SERVER I DN SP renamed SSL SERVER IL SSL SERVER I DN L renamed SSL CLIENT CERTIFICATE SSL CLIENT CERT renamed SSL CLIENT CERT START SSL CLIENT V START renamed SSL CLIENT CERT END SSL CLIENT V END renamed SSL CLIENT CERT SERIAL SSL CLIENT M SERIAL renamed SSL CLIENT SIGNATURE ALGORITHM SSL CLIENT A SIG renamed SSL CLIENT DN SSL CLIENT S DN renamed SSL CLIENT CN SSL CLIENT S DN CN renamed SSL CLIENT EMAIL SSL CLIENT S DN Email renamed SSL CLIENT O SSL CLIENT S DN O

    Original URL path: http://xserve.kw-berlin.de/manual/ssl/ssl_compat.html (2016-02-16)
    Open archived version from archive


  • SSL/TLS Strong Encryption: How-To - Apache HTTP Server
    finally deny all browsers which haven t upgraded SSLRequire SSL CIPHER USEKEYSIZE 128 Directory How can I create an SSL server which accepts all types of ciphers in general but requires a strong ciphers for access to a particular URL Obviously a server wide SSLCipherSuite which restricts ciphers to the strong variants isn t the answer here However mod ssl can be reconfigured within Location blocks to give a per directory solution and can automatically force a renegotiation of the SSL parameters to meet the new configuration This can be done as follows be liberal in general SSLCipherSuite ALL ADH RC4 RSA HIGH MEDIUM LOW SSLv2 EXP eNULL Location strong area but https hostname strong area and below requires strong ciphers SSLCipherSuite HIGH MEDIUM Location Client Authentication and Access Control How can I force clients to authenticate using certificates How can I force clients to authenticate using certificates for a particular URL but still allow arbitrary clients to access the rest of the server How can I allow only clients who have certificates to access a particular URL but allow all clients to access the rest of the server How can I require HTTPS with strong ciphers and either basic authentication or client certificates for access to part of the Intranet website for clients coming from the Internet How can I force clients to authenticate using certificates When you know all of your users eg as is often the case on a corporate Intranet you can require plain certificate authentication All you need to do is to create client certificates signed by your own CA certificate ca crt and then verify the clients against this certificate httpd conf require a client certificate which has to be directly signed by our CA certificate in ca crt SSLVerifyClient require SSLVerifyDepth 1 SSLCACertificateFile conf ssl crt ca crt How can I force clients to authenticate using certificates for a particular URL but still allow arbitrary clients to access the rest of the server To force clients to authenticate using certificates for a particular URL you can use the per directory reconfiguration features of mod ssl httpd conf SSLVerifyClient none SSLCACertificateFile conf ssl crt ca crt Location secure area SSLVerifyClient require SSLVerifyDepth 1 Location How can I allow only clients who have certificates to access a particular URL but allow all clients to access the rest of the server The key to doing this is checking that part of the client certificate matches what you expect Usually this means checking all or part of the Distinguished Name DN to see if it contains some known string There are two ways to do this using either mod auth basic or SSLRequire The mod auth basic method is generally required when the certificates are completely arbitrary or when their DNs have no common fields usually the organisation etc In this case you should establish a password database containing all clients allowed as follows httpd conf SSLVerifyClient none Directory usr local apache2 htdocs secure area SSLVerifyClient require

    Original URL path: http://xserve.kw-berlin.de/manual/ssl/ssl_howto.html (2016-02-16)
    Open archived version from archive

  • How-To / Tutorials - Apache HTTP Server
    access to a resource based on arbitrary criteria There are a variety of different ways that this can be accomplished See Access Control Dynamic Content with CGI The CGI Common Gateway Interface defines a way for a web server to interact with external content generating programs which are often referred to as CGI programs or CGI scripts It is the simplest and most common way to put dynamic content on your web site This document will be an introduction to setting up CGI on your Apache web server and getting started writing CGI programs See CGI Dynamic Content htaccess files htaccess files provide a way to make configuration changes on a per directory basis A file containing one or more configuration directives is placed in a particular document directory and the directives apply to that directory and all subdirectories thereof See htaccess files Introduction to Server Side Includes SSI Server Side Includes are directives that are placed in HTML pages and evaluated on the server while the pages are being served They let you add dynamically generated content to an existing HTML page without having to serve the entire page via a CGI program or other dynamic technology See Server

    Original URL path: http://xserve.kw-berlin.de/manual/howto/ (2016-02-16)
    Open archived version from archive

  • Platform Specific Notes - Apache HTTP Server
    This document explain them See Compiling Apache for Microsoft Windows Other Platforms Novell NetWare This document explains how to install configure and run Apache 2 0 under Novell NetWare 5 1 and above See Using Apache With Novell NetWare EBCDIC Version 1 3 of the Apache HTTP Server is the first version which includes a port to a non ASCII mainframe machine which uses the EBCDIC character set as its

    Original URL path: http://xserve.kw-berlin.de/manual/platform/ (2016-02-16)
    Open archived version from archive

  • Compiling Apache for Microsoft Windows - Apache HTTP Server
    re export of encryption software to see if this is permitted See http www wassenaar org for more information Configuring and building OpenSSL requires perl to be installed OpenSSL must be installed into a srclib subdirectory named openssl obtained from http www openssl org source in order to compile mod ssl or the abs exe project which is ab c with SSL support enabled To prepare OpenSSL to be linked to Apache mod ssl or abs exe and disable patent encumbered features in OpenSSL you might use the following build commands perl Configure no rc5 no idea enable mdc2 enable zlib VC WIN32 Ipath to srclib zlib Lpath to srclib zlib ms do masm bat nmake f ms ntdll mak It is not advisable to use zlib dynamic as that transfers the cost of deflating SSL streams to the first request which must load the zlib dll Note the suggested patch enables the L flag to work with windows builds corrects the name of zdll lib and ensures pdb files are generated for troubleshooting If the assembler is not installed you would add no asm above and use ms do ms bat instead of the ms do masm bat script Optional Database libraries for mod dbd and mod authn dbm The apr util library exposes dbm keyed database and dbd query oriented database client functionality to the httpd server and its modules such as authentication and authorization The sdbm dbm and odbc dbd providers are compiled unconditionally The dbd support includes the Oracle instantclient package MySQL PostgreSQL and sqlite To build these all for example set up the LIB to include the library path INCLUDE to include the headers path and PATH to include the dll bin path of all four SDK s and set the DBD LIST environment variable to inform the build which client driver SDKs are installed correctly e g set DBD LIST sqlite3 pgsql oracle mysql Similarly the dbm support can be extended with DBM LIST to build a Berkeley DB provider db and or gdbm provider by similarly configuring LIB INCLUDE and PATH first to ensure the client library libs and headers are available set DBM LIST db gdbm Depending on the choice of database distributions it may be necessary to change the actual link target name e g gdbm lib vs libgdb lib that are listed in the corresponding dsp mak files within the directories srclib apr util dbd or dbm See the README win32 txt file for more hints on obtaining the various database driver SDKs Command Line Build Makefile win is the top level Apache makefile To compile Apache on Windows simply use one of the following commands to build the release or debug flavor nmake f Makefile win apacher nmake f Makefile win apached Either command will compile Apache The latter will disable optimization of the resulting files making it easier to single step the code to find bugs and track down problems You can add your apr util dbd and

    Original URL path: http://xserve.kw-berlin.de/manual/platform/win_compiling.html (2016-02-16)
    Open archived version from archive

  • Running a High-Performance Web Server on HPUX - Apache HTTP Server
    This is accomplished with adb against the disc image of the kernel The variable name is tcp hash size Notice that it s critically important that you use W to write a 32 bit quantity not w to write a 16 bit value when patching the disc image because the tcp hash size variable is a 32 bit quantity How to pick the value Examine the output of ftp ftp cup hp com dist networking tools connhist and see how many total TCP connections exist on the system You probably want that number divided by the hash table size to be reasonably small say less than 10 Folks can look at HP s SPECweb96 disclosures for some common settings These can be found at http www specbench org If an HP UX system was performing at 1000 SPECweb96 connections per second the TIME WAIT time of 60 seconds would mean 60 000 TCP connections being tracked Folks can check their listen queue depths with ftp ftp cup hp com dist networking misc listenq If folks are running Apache on a PA 8000 based system they should consider chatr ing the Apache executable to have a large page size This would be chatr pi L BINARY The GID of the running executable must have MLOCK privileges Setprivgrp 1m should be consulted for assigning MLOCK The change can be validated by running Glance and examining the memory regions of the server s to make sure that they show a non trivial fraction of the text segment being locked If folks are running Apache on MP systems they might consider writing a small program that uses mpctl to bind processes to processors A simple pid numcpu algorithm is probably sufficient This might even go into the source code If folks are concerned about

    Original URL path: http://xserve.kw-berlin.de/manual/platform/perf-hp.html (2016-02-16)
    Open archived version from archive

  • ab - Apache HTTP server benchmarking tool - Apache HTTP Server
    gnuplot file as the results are already binned f protocol Specify SSL TLS protocol SSL2 SSL3 TLS1 or ALL g gnuplot file Write all measured values out as a gnuplot or TSV Tab separate values file This file can easily be imported into packages like Gnuplot IDL Mathematica Igor or even Excel The labels are on the first line of the file h Display usage information H custom header Append extra headers to the request The argument is typically in the form of a valid header line containing a colon separated field value pair i e Accept Encoding zip zop 8bit i Do HEAD requests instead of GET k Enable the HTTP KeepAlive feature i e perform multiple requests within one HTTP session Default is no KeepAlive n requests Number of requests to perform for the benchmarking session The default is to just perform a single request which usually leads to non representative benchmarking results p POST file File containing data to POST Remember to also set T P proxy auth username password Supply BASIC Authentication credentials to a proxy en route The username and password are separated by a single and sent on the wire base64 encoded The string is sent regardless of whether the proxy needs it i e has sent an 407 proxy authentication needed q When processing more than 150 requests ab outputs a progress count on stderr every 10 or 100 requests or so The q flag will suppress these messages r Don t exit on socket receive errors s When compiled in ab h will show you use the SSL protected https rather than the http protocol This feature is experimental and very rudimentary You probably do not want to use it S Do not display the median and standard deviation values nor display

    Original URL path: http://xserve.kw-berlin.de/manual/programs/ab.html (2016-02-16)
    Open archived version from archive

  • apachectl - Apache HTTP Server Control Interface - Apache HTTP Server
    on success and 0 if an error occurs For more details view the comments in the script Synopsis Options See also Starting Apache Stopping Apache Configuration Files Platform Docs httpd Synopsis When acting in pass through mode apachectl can take all the arguments available for the httpd binary apachectl httpd argument When acting in SysV init mode apachectl takes simple one word commands defined below apachectl command Options Only the SysV init style options are defined here Other arguments are defined on the httpd manual page start Start the Apache httpd daemon Gives an error if it is already running This is equivalent to apachectl k start stop Stops the Apache httpd daemon This is equivalent to apachectl k stop restart Restarts the Apache httpd daemon If the daemon is not running it is started This command automatically checks the configuration files as in configtest before initiating the restart to make sure the daemon doesn t die This is equivalent to apachectl k restart fullstatus Displays a full status report from mod status For this to work you need to have mod status enabled on your server and a text based browser such as lynx available on your system The URL used to access the status report can be set by editing the STATUSURL variable in the script status Displays a brief status report Similar to the fullstatus option except that the list of requests currently being served is omitted graceful Gracefully restarts the Apache httpd daemon If the daemon is not running it is started This differs from a normal restart in that currently open connections are not aborted A side effect is that old log files will not be closed immediately This means that if used in a log rotation script a substantial delay may be necessary to

    Original URL path: http://xserve.kw-berlin.de/manual/programs/apachectl.html (2016-02-16)
    Open archived version from archive



  •