Easyapache

[hostmedic]

It seems that apache 2.2.11 and up do some strange things with mod_fcgi.
In short The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).

This is causing issues for a server.

I am trying to figure out how - with Easy Apache we can choose a 2.2 version prior to 2.2.11

any ideas?

See http://security-tracker.debian.org/t.../CVE-2009-1891

and

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=537922

While they both state this is a debian bug - others are seeing this on apache.
http://serverfault.com/questions/617...doesnt-respawn

My question here is not - how to fix the apache issue - but rather
how can we pick another apache vs the one that it picks for us under the 2.2 option ?

[hostmedic]

Message from syslogd@ at Fri Oct 16 14:57:01 2009 ...
share116 httpd[21840]: [emerg] (22)Invalid argument: mod_fcgid: can't get lock, pid: 21840
Message from syslogd@ at Fri Oct 16 14:57:01 2009 ...
share116 httpd[30138]: [emerg] mod_fcgid: server is restarted, 30138 must exit
Message from syslogd@ at Fri Oct 16 14:57:04 2009 ...
share116 httpd[29858]: [emerg] mod_fcgid: server is restarted, 29858 must exit

[cPanelDavidG]

EasyApache only offers the latest Apache 2.2, 2.0 and 1.3 versions. As of writing, the version of Apache 2.2 being offered is 2.2.14.