toad.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server operated by David Troy, a tech pioneer and investigative journalist addressing threats to democracy. Thoughtful participation and discussion welcome.

Administered by:

Server stats:

198
active users

#apache

4 posts4 participants0 posts today

Today I learned, thanks to a comment on here, that the alphabetical order of your #Apache site config files is what determines the default site if somebody tries just punching your public IP address directly into a web browser. I always wondered why the default site config files were named "000-default.conf"; it's to make sure that one is always loaded first as the default if it's enabled.

Webinar on data integration using Apache Hop: On August 26, Stefan Keller of FH OST will lead a free webinar focused on (geo)data manipulation and integration using #Apache #Hop, an open-source, low-code platform for building data workflows. The session will also touch on emerging trends in...
spatialists.ch/posts/2025/07/1 #GIS #GISchat #geospatial #SwissGIS

Spatialists – geospatial newsWebinar on data integration using Apache Hop – Spatialists – geospatial news
More from Spatialists
Replied in thread

Okay, this SEEMS to work. The database is just the start addresses for lots of /8, /16, /24 or /32 ranges (depending on the size of the requested block - e.g. a /22 range gets written as the start address for four /24s) taken from okean.com/antispam/iptables/rc and mapped to "BLOCKED" and then built into a database file with `httxt2dbm`.

```
# Extract IP parts
RewriteCond %{REMOTE_ADDR} ^((([0-9]+)\.[0-9]+)\.[0-9]+)\.[0-9]+$
RewriteRule . - [E=subnet8:%3.0.0.0,E=subnet16:%2.0.0,E=subnet24:%1.0,E=subnet32:%0]

# Tarpit provided by a Mastodon user - mastodon.social/@pcarrier/1124
# We don't have access to mod_cspnonce yet, so fudge a random-ish value
RewriteCond ${greatfirewall:%{ENV:subnet8}} =BANNED [OR]
RewriteCond ${greatfirewall:%{ENV:subnet16}} =BANNED [OR]
RewriteCond ${greatfirewall:%{ENV:subnet24}} =BANNED [OR]
RewriteCond ${greatfirewall:%{ENV:subnet32}} =BANNED
RewriteRule . srv.us/tarpit?nonce=%{REMOTE_PORT}%{TIME} [L,E=donotlog:1,R=301]
```

(`donotlog` is used later to avoid logging, because when they hit so hard and so often then I don't need that bloat in my server logs!)
Not yet worked out why it only seemed to work within <VirtualHost> blocks.

Replied in thread

Deleted the database and recreated it from scratch (rather than updating it) and "page 599 is on free list with type 13", "PANIC: Invalid argument" and "Error string not specified yet" have all gone away. So apparently they mean "I don't like the existing database but can't handle it cleanly" 😐

Continued thread

Debugging this and… it looks like the problem might be the backref to a previous RewriteCond?

I've got a similar "block these hosts" RewriteMap using `%{REMOTE_ADDR}` as the key and that works. But using `%1` as a key when the previous RewriteCond is "extract a subset of the octets" fails to look up correctly. Which I've confirmed with a noddy "extract from the query string" lookup.

But then again, it's not working with an env var either. I can do a capture with a RewriteCond, set an env var with a RewriteRule, then do a second RewriteRule using the env var and it works. But if I use `${testmap:%{ENV:testvar}}` then it doesn't find anything. Even though I've shown that the env var on its own contains the expected value.

Seriously considering to substitute the Apache License for the MIT license due to the "Contributor issue," even for my small scripts. The APL is the only FOSS license that take into account that contributions to a project (think a patch or a pull request) are not the same thing as someone forking the project and adding their code. See APL2.0 section 5 (and section 1 for the definitions of "Contribution" and "Contributor").

Using the APL would allow for a legally coherent use of the generic "Copyright (C) Contributors of project whatever" copyright license that simplifies things a lot.

The only thing stopping me is that the text of the MIT License so short that "looks" right for scripts, but that's a totally extra-legal consideration 🤣

Continued thread

Oh, FFS. Can't get this working. And can't get Apache to give me enough logging to understand why.

I've got a rewrite map in bdb, it contains IP blocks that are banned (generated from a Python script). I've got rewrite conds that match each of four, three, two or one octets and then try to look them up in the map. If there's a match then it gets tar-pitted. But I'm always getting failed lookups.

The annoying bit is that even trace4 isn't telling me what the input to the map lookup is. Only the result of the lookup when it is compared to the "was it blocked" value.

Maybe I need to drop the zero octets rather than filling them in? Hopefully it's not that RewriteCond captures can't be used as a key in the map lookup.

GeoParquet and Iceberg vs. OGC API-Features: Ingo Simonis, Chief Technology Innovation Officer at #OGC, has published an article asking the question “Does #GeoParquet Replace OGC API-Features?”. The article positions GeoParquet (and #Apache #Iceberg) vis-à-vis OGC API-Features, the successor...
spatialists.ch/posts/2025/07/0 #GIS #GISchat #geospatial #SwissGIS

Spatialists – geospatial newsGeoParquet and Iceberg vs. OGC API-Features – Spatialists – geospatial news
More from Spatialists

The people committed to DDoSing the RuleQA server seem to have substantial resources. I’ve blocked a lot of them, but they keep coming, asking about things like the May 7 2017 performance of a single rule in one contributor's stats. Not stuff real people want.

Of course, there's a resource they do not have. Our sysadmins, both those employed by to watch all of our infra and the volunteer cadre focused on SA. We'll keep whacking the moles...