Apache Info = Security

[Angel78]

If you have used this How-To :

http://forum.rackshack.net/showthrea...de+apache+info

then WHM will not show you if your Apache is vulnerable (and it wont prompt you to upgrade / run easyapache)

So it would be nice if Nick or CpanelJosh could make a sticky (for a day or two) when there is something that needs to be upgraded (apache related)

cPanel.net Support Ticket Number:

[casey]

So this message is sticky...does that mean apache needs to be updated? I have version 1.3.27 already, but yeah, I turned tokens off. Is there something in apache that needs to be updated even though the version has not changed?

cPanel.net Support Ticket Number:

[Angel78]

There is new Frontpage extensions package (old one is vulnerable), turn tokens on for a minute or two and you will see (then you can turn it off again)

cPanel.net Support Ticket Number:

[XPerties]

Im running:

WHM 7.2.0 Cpanel 7.2.0-R43
Apache Core 1.3.27
Bytes Logger 1.2
Bandwidth Limiter 1.0
PHP 4.3.2
FrontPage 5.0.2.2634
mod_ssl 2.8.14


Should I still follow that walk through?

cPanel.net Support Ticket Number:

[Angel78]

is the padlock next to installaed aplications closed or opened?

cPanel.net Support Ticket Number:

[XPerties]

all closed

cPanel.net Support Ticket Number:

[Angel78]

Then it's all ok

cPanel.net Support Ticket Number:

[Angel78]

FrontPage 5.0.2.2634 (this was the update)

cPanel.net Support Ticket Number:

[XPerties]

ahh..Thanks for the nice responses.

cPanel.net Support Ticket Number:

[masood]

Just so you know Apache 1.3.28 has been released and the lock is again open in WHM....

cPanel.net Support Ticket Number:

[goodmove]

What does Apache 1.28 have that 1.27 doesn't? What's vulnerable with 1.27?

cPanel.net Support Ticket Number:

[EcpHosting]

Yes, what is the difference? We JUST upgraded apache on all machines (for the new FrontPage patch) and now another upgrade is needed?! I dont mind doing it (we test it on our test machine and then apply it to the others), but I would like to know what is going on with this new update.

cPanel.net Support Ticket Number:

[howard]

I think the thing which most people will be interested in is

*) Prevent the server from crashing when entering infinite loops. The
new LimitInternalRecursion directive configures limits of subsequent
internal redirects and nested subrequests, after which the request
will be aborted. PR 19753 (and probably others).
[William Rowe, Jeff Trawick, Jim Jagielski, André Malo]

and

*) backport from 2.x series: Prevent endless loops of internal redirects
in mod_rewrite by aborting after exceeding a limit of internal redirects.
The limit defaults to 10 and can be changed using the RewriteOptions
directive. PR 17462. [André Malo]

There is also some stuff to prevent fd leakage

Certain 3rd party modules would bypass the Apache API and not
invoke ap_cleanup_for_exec() before creating sub-processes.
To such a child process, Apache's file descriptors (lock
fd's, log files, sockets) were accessible, allowing them
direct access to Apache log file etc. Where the OS allows,
we now add proactive close functions to prevent these file
descriptors from leaking to the child processes.
[Jim Jagielski, Martin Kraemer]

You can see the full list @ http://www.apache.org/dist/httpd/CHANGES_1.3
cPanel.net Support Ticket Number:

[EcpHosting]

Thanks for the link to the apache changes! That's what we were looking for.

cPanel.net Support Ticket Number:

[ciaociao]

Originally posted by Angel78
If you have used this How-To :

http://forum.rackshack.net/showthrea...de+apache+info

then WHM will not show you if your Apache is vulnerable (and it wont prompt you to upgrade / run easyapache)

So it would be nice if Nick or CpanelJosh could make a sticky (for a day or two) when there is something that needs to be upgraded (apache related)

cPanel.net Support Ticket Number:

RIGHT

i use into 9 server
ServerSignature Off

and into 2
ServerSignature YES

in this way i look when i must update APACHE..but i would like have all server with
ServerSignature Off


UP THREAD!

cPanel.net Support Ticket Number: