Today I learned, thanks to a comment on here, that the alphabetical order of your #Apache site config files is what determines the default site if somebody tries just punching your public IP address directly into a web browser. I always wondered why the default site config files were named "000-default.conf"; it's to make sure that one is always loaded first as the default if it's enabled.
Administered by:
#apache
4 posts4 participants0 posts today
J'ai oublié le p'tit dernier, et non des moindres, #Apache #Guacamole (https://guacamole.apache.org) qui passe en version 1.6.0
Server Admins:
There is an error with the latest #Plesk Obsidian update that is taking sites down.
Webinar on data integration using Apache Hop: On August 26, Stefan Keller of FH OST will lead a free webinar focused on (geo)data manipulation and integration using #Apache #Hop, an open-source, low-code platform for building data workflows. The session will also touch on emerging trends in...
https://spatialists.ch/posts/2025/07/15-webinar-on-data-integration-using-apache-hop/ #GIS #GISchat #geospatial #SwissGIS
Spatialists – geospatial newsWebinar on data integration using Apache Hop – Spatialists – geospatial news
More from 
Spatialists
A detailed description of CVE-2025-53020, a DoS vulnerability in the HTTP/2 implementation of Apache httpd. Fixed in 2.4.64.
#apache #httpd #http2
https://github.com/icing/blog/blob/main/hpack-bombing-apache.md
GitHubblog/hpack-bombing-apache.md at main · icing/blogContribute to icing/blog development by creating an account on GitHub.
Heads-up, the latest Apache update might break your site. It did mine, but it's all sorted now.
Replied in thread
Okay, this SEEMS to work. The database is just the start addresses for lots of /8, /16, /24 or /32 ranges (depending on the size of the requested block - e.g. a /22 range gets written as the start address for four /24s) taken from https://www.okean.com/antispam/iptables/rc.firewall.china and mapped to "BLOCKED" and then built into a database file with `httxt2dbm`.
```
# Extract IP parts
RewriteCond %{REMOTE_ADDR} ^((([0-9]+)\.[0-9]+)\.[0-9]+)\.[0-9]+$
RewriteRule . - [E=subnet8:%3.0.0.0,E=subnet16:%2.0.0,E=subnet24:%1.0,E=subnet32:%0]
# Tarpit provided by a Mastodon user - https://mastodon.social/@pcarrier/112429748041537087
# We don't have access to mod_cspnonce yet, so fudge a random-ish value
RewriteCond ${greatfirewall:%{ENV:subnet8}} =BANNED [OR]
RewriteCond ${greatfirewall:%{ENV:subnet16}} =BANNED [OR]
RewriteCond ${greatfirewall:%{ENV:subnet24}} =BANNED [OR]
RewriteCond ${greatfirewall:%{ENV:subnet32}} =BANNED
RewriteRule . https://srv.us/tarpit?nonce=%{REMOTE_PORT}%{TIME} [L,E=donotlog:1,R=301]
```
(`donotlog` is used later to avoid logging, because when they hit so hard and so often then I don't need that bloat in my server logs!)
Not yet worked out why it only seemed to work within <VirtualHost> blocks.
Replied in thread
Deleted the database and recreated it from scratch (rather than updating it) and "page 599 is on free list with type 13", "PANIC: Invalid argument" and "Error string not specified yet" have all gone away. So apparently they mean "I don't like the existing database but can't handle it cleanly" 
Continued thread
Debugging this and… it looks like the problem might be the backref to a previous RewriteCond?
I've got a similar "block these hosts" RewriteMap using `%{REMOTE_ADDR}` as the key and that works. But using `%1` as a key when the previous RewriteCond is "extract a subset of the octets" fails to look up correctly. Which I've confirmed with a noddy "extract from the query string" lookup.
But then again, it's not working with an env var either. I can do a capture with a RewriteCond, set an env var with a RewriteRule, then do a second RewriteRule using the env var and it works. But if I use `${testmap:%{ENV:testvar}}` then it doesn't find anything. Even though I've shown that the env var on its own contains the expected value.
Apache httpd 2.4.64 has just been released, fixing 8 vulnerabilities (5 moderate, 3 low).
Two HTTP/2 related CVEs also fixed in the latest mod_h2 release v2.0.33.
https://httpd.apache.org/security/vulnerabilities_24.html
https://github.com/icing/mod_h2/releases/tag/v2.0.33
httpd.apache.orgApache HTTP Server 2.4 vulnerabilities - The Apache HTTP Server Project
#Apache 2.4.64 is released! It fixes some vulnerabilities, listed here:
httpd.apache.orgApache HTTP Server 2.4 vulnerabilities - The Apache HTTP Server Project
Seriously considering to substitute the Apache License for the MIT license due to the "Contributor issue," even for my small scripts. The APL is the only FOSS license that take into account that contributions to a project (think a patch or a pull request) are not the same thing as someone forking the project and adding their code. See APL2.0 section 5 (and section 1 for the definitions of "Contribution" and "Contributor").
Using the APL would allow for a legally coherent use of the generic "Copyright (C) Contributors of project whatever" copyright license that simplifies things a lot.
The only thing stopping me is that the text of the MIT License so short that "looks" right for scripts, but that's a totally extra-legal consideration 
/13kWh
Mike Zaschka kicks off the #reCAP2025 talks in the blue room with his open source #SAPCAP plugin for #Apache #Kafka. Join the live stream via the links at https://recap-conf.dev/. #reCAP #CodeConnect
Continued thread
Oh, FFS. Can't get this working. And can't get Apache to give me enough logging to understand why.
I've got a rewrite map in bdb, it contains IP blocks that are banned (generated from a Python script). I've got rewrite conds that match each of four, three, two or one octets and then try to look them up in the map. If there's a match then it gets tar-pitted. But I'm always getting failed lookups.
The annoying bit is that even trace4 isn't telling me what the input to the map lookup is. Only the result of the lookup when it is compared to the "was it blocked" value.
Maybe I need to drop the zero octets rather than filling them in? Hopefully it's not that RewriteCond captures can't be used as a key in the map lookup.
GeoParquet and Iceberg vs. OGC API-Features: Ingo Simonis, Chief Technology Innovation Officer at #OGC, has published an article asking the question “Does #GeoParquet Replace OGC API-Features?”. The article positions GeoParquet (and #Apache #Iceberg) vis-à-vis OGC API-Features, the successor...
https://spatialists.ch/posts/2025/07/06-geoparquet-and-iceberg-vs-ogc-api-features/ #GIS #GISchat #geospatial #SwissGIS
Spatialists – geospatial newsGeoParquet and Iceberg vs. OGC API-Features – Spatialists – geospatial news
More from Spatialists
Bill Cole The people committed to DDoSing the #Apache #SpamAssassin RuleQA server seem to have substantial resources. I’ve blocked a lot of them, but they keep coming, asking about things like the May 7 2017 performance of a single rule in one contributor's stats. Not stuff real people want.
Of course, there's a resource they do not have. Our sysadmins, both those employed by #TheASF to watch all of our infra and the volunteer cadre focused on SA. We'll keep whacking the moles...
Nimtable: Open-source web UI to browse and manage Apache Iceberg tables
GitHubGitHub - nimtable/nimtable: The Control Plane for Apache Iceberg.The Control Plane for Apache Iceberg. Contribute to nimtable/nimtable development by creating an account on GitHub.
this is probably an unpopular opinion but what Channel 5 is doing to build a completely #independent #journalism source is extremely inspiring.
also, their segment on the #apache efforts to stop #copper #mining in #arizona is excellent.