RE: Internal Server Error

------_=_NextPart_001_01C1C9E8.898BA2F0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

For better or worse, my site has no CGIs or scripts!

james pelton

-----Original Message-----
From: Carlos Costa Portela [mailto:
Sent: Monday, March 11, 2002 6:06 PM
To: 'users@httpd.apache.org'
Subject: Re: Internal Server Error


You must see what is provoking this Internal Server Error. If it
is a cgi or script, for example, try to execute it via command line.

Good luck,
Carlos.

On Mon, 11 Mar 2002, Pelton, James wrote:

> Some of my links are now generating "Internal Server Error" messages.
> However, these events aren't showing up in my error log. How can I =
track
> down what's going on?
>
> james pelton
>

http://www.tertulandia.com : sea cual sea tu tema... all=ED est=E1 tu =
sitio!

_______Carlos Costa
Portela_________________________________________________
| e-mail: ccosta@servidores.net | home page: =
http://casa.ccp.servidores.net
|
|_____T=F3dalas persoas maiores foron nenos antes, pero poucas se
lembran______|


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server =
Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

------_=_NextPart_001_01C1C9E8.898BA2F0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable




charset=3Diso-8859-1">
5.5.2653.12">

For better or worse, my site has no CGIs or =
scripts!

james pelton

-----Original Message-----

From: Carlos Costa Portela [mailto:

Sent: Monday, March 11, 2002 6:06 PM

To: 'users@httpd.apache.org'

Subject: Re: Internal Server Error

        You must =
see what is provoking this Internal Server Error. If it

is a cgi or script, for example, try to execute it =
via command line.

        Good =
luck,

        =
        SIZE=3D2>Carlos.

On Mon, 11 Mar 2002, Pelton, James wrote:

> Some of my links are now generating =
"Internal Server Error" messages.

> However, these events aren't showing up in my =
error log. How can I track

> down what's going on?

>

> james pelton

>

  TARGET=3D"_blank">http://www.tertulandia.com : sea cual sea tu =
tema... all=ED est=E1 tu sitio!

 _______Carlos Costa =
Portela_________________________________________________

| e-mail:  ccosta@servidores.net | home page: =
TARGET=3D"_blank">http://casa.ccp.servidores.net |

|_____T=F3dalas persoas maiores foron nenos antes, =
pero poucas se lembran______|

SIZE=3D2>--------------------------------------------------- ------------=
------

The official User-To-User support forum of the =
Apache HTTP Server Project.

See <URL: HREF=3D"http://httpd.apache.org/userslist.html" =
TARGET=3D"_blank">http://httpd.apache.org/userslist.html> for =
more info.

To unsubscribe, e-mail: =
users-unsubscribe@httpd.apache.org

For additional commands, e-mail: =
users-help@httpd.apache.org

Re:

----__JWM__J26db.4f20S.3961M
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Content-Type: text/plain; charset=windows-1252

So what you are telling me is that there IS no REAL 2-way handshaking go=
ing on. Then we've lost ALL hope of security.


See us online at http://www.LOVEnCompany.com.

---------- Original Message ----------
From: Rich Bowen
To: users@httpd.apache.org
Subject: Re: [users@httpd]
Date: Tue, 10 Nov 2009 11:55:05 -0500



On Nov 10, 2009, at 08:19 , Stephen Love wrote:

> I have set up a routine in my server that logs all incoming IP =

> addresses and parses for duplicates in the same list. HOWEVER...a =

> person posting almost NEVER has the same address. I believe I am not =
=

> using the actual IP Address at all. What I WANT is the actual SERIAL =
=

> NUMBER (If you could call it that!) of the HARDWARE (Network =

> Adapter) actually sending the message, or its REPLY TO address... =

> the address it is COMMUNICATING FROM in order to actually send the =

> message. I am SURE if it is to establish a 2-way link to send and =

> confirm the message, the receiving end HAS that info, buried deep =

> within what it receives. HOW can I get that, so that the route steps =
=

> inbetween do not matter?
>

No, you can't. It's impossible. That information (the MAC address) =

doesn't make it past the first hop, and there's numerous pieces of =

hardware (routers, firewalls, proxy servers, etc) between client and =

server. The receiving end does NOT have that info, buried or =

otherwise. It's simply not there.

--
Rich Bowen
rbowen@rcbowen.com




------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Projec=
t.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
____________________________________________________________
Free Copier Price Quotes
Get free copier price quotes from multiple dealers and save!
http://thirdpartyoffers.juno.com/TGL2131/c?cp=3D0LuXbYcQxGi7 Lq9uayJHvwAA=
Jz1cSR5zxtI8-KAHzBSY23cQAAQAAAAFAAAAAPLSTT4AAAMlAAAAAAAAAAAA AAAAABIVZAAA=
AAA=3D
----__JWM__J26db.4f20S.3961M
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Content-Type: text/html; charset=windows-1252

So what you are telling me is that there IS no REAL 2-way handshak=
ing going on. Then we've lost ALL hope of security.


See us on=
line at http://www.LOVEnCompany.com.

---------- Original Message =
----------
From: Rich Bowen <rbowen@rcbowen.com>
To: users@h=
ttpd.apache.org
Subject: Re: [users@httpd]
Date: Tue, 10 Nov 2009 =
11:55:05 -0500



On Nov 10, 2009, at 08:19 , Stephen Love w=
rote:

> I have set up a routine in my server that logs all inc=
oming IP  
> addresses and parses for duplicates in the same =
list. HOWEVER...a  
> person posting almost NEVER has the sam=
e address. I believe I am not  
> using the actual IP Address=
at all. What I WANT is the actual SERIAL  
> NUMBER (If you =
could call it that!) of the HARDWARE (Network  
> Adapter) ac=
tually sending the message, or its REPLY TO address...  
> th=
e address it is COMMUNICATING FROM in order to actually send the  <=
BR>> message. I am SURE if it is to establish a 2-way link to send an=
d  
> confirm  the message, the receiving end HAS that i=
nfo, buried deep  
> within what it receives. HOW can I get t=
hat, so that the route steps  
> inbetween do not matter?
=
>

No, you can't. It's impossible. That information (the MAC ad=
dress)  
doesn't make it past the first hop, and there's numerou=
s pieces of  
hardware (routers, firewalls, proxy servers, etc) =
between client and  
server. The receiving end does NOT have tha=
t info, buried or  
otherwise. It's simply not there.

--<=
BR>Rich Bowen
rbowen@rcbowen.com




-----------------=
----------------------------------------------------
The official Use=
r-To-User support forum of the Apache HTTP Server Project.
See <UR=
L:http://httpd.apache.org/userslist.html> for more info.
To unsubs=
cribe, e-mail: users-unsubscribe@httpd.apache.org
  "  =
; from the digest: users-digest-unsubscribe@httpd.apache.org
For=
additional commands, e-mail: users-help@httpd.apache.org




______________________=
______________________________________

i7Lq9uayJHvwAAJz1cSR5zxtI8-KAHzBSY23cQAAQAAAAFAAAAAPLSTT4AAA MlAAAAAAAAAA=
AAAAAAABIVZAAAAAA=3D target=3D"_blank">Free Copier Price Quotes
Get f=
ree copier price quotes from multiple dealers and save!

----__JWM__J26db.4f20S.3961M--

Re:

On Tue, Nov 10, 2009 at 6:20 PM, Stephen Love wrote:
> So what you are telling me is that there IS no REAL 2-way handshaking going
> on. Then we've lost ALL hope of security.
>

What's "REAL" in this context? It's not authenticated and doesn't
result in some session establishment unless you configure your
application to require/manage such a thing?

--
Eric Covener
covener@gmail.com

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re:

It was thus said that the Great Stephen Love once stated:
> So what you are telling me is that there IS no REAL 2-way handshaking
> going on. Then we've lost ALL hope of security.

There is a 2-way handshake, but it's at the TCP layer, which is used to
establish a reliable, stream-oriented sequence of data. As far as the
browser and server are concerned, they're talking directly to each other:

HTTP client <-----> HTTP server


but in reality, the HTTP protocol is wrapped in the TCP layer:

HTTP client HTTP server
^ ^
| |
v v
TCP <-------------------> TCP

but in reality, the TCP protocol (which establishes reliability and a
stream oriented (or line oriented if you care to view it that way) over the
IP protocol (which itself doesn't guarentee reliability, and is packet
oriented, not stream-oriented):

HTTP client HTTP server
^ ^
| |
v v
TCP TCP
^ ^
| |
v v
IP <-----------------------> IP

And thus completes a full TCP/IP connection. IP itself is embedded in a
multitude of hardware layer protocols, like Ethernet, T1 (which has a few
framing protocols itself), PPP, PPPoE, SCSI [1] or even avian carriers
[2][3], so the lower layers of the stack (below the IP layer) that get
stripped and added as the packet makes it way across the Internet. An
example might look like:

HTTP client HTTP server
^ ^
| |
v v
TCP TCP
^ ^
| |
v v
IP +- IP --+ +- IP --+ IP
^ | | | | ^
| | | | | |
v v v v v v
Ethernet <--> Ethernet T1 <--> T1 Ethernet <--> Ethernet
client router router server
^
|
Any number of hops here

(also note that the T1 listed here is just an example; it most likely is
PPPoE over ATM (which comprises DSL I think), so there may even be a few
layers below the IP layer)

The MAC address of the client doesn't even survive the first hop. The
server ends up with the MAC address of the router as the "sender", even
though the IP packet comes from the client somewhere else on the Internet.

It helps to think of it this way: IP allows individual computers to
communiate; TCP allows individual programs to communiate.

Once you get a connection, you have a few pieces of information about the
other side:

it's an HTTP connection (a given)
over a TCP connection (a given)
the local side's TCP port # (usually 80 if HTTP)
the local side's IP address (typically a given)
the remote side's TCP port #
the remote site's IP address

If you want more unique inforamtion, then you need to look into stuff like
cookies and session management (which is beyond the scope of HTTP for the
most part).

-spc (Hope this clears up some misconceptions)

[1] RFC-2143 [5]

[2] RFC-1149, updated by RFC-2549

[3] No, really! It's even been done. [4]

[4] http://en.wikipedia.org/wiki/IP_over_Avian_Carriers

[5] RFCs are documents that document the various Internet standards.

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re:

On Tue, Nov 10, 2009 at 6:37 PM, Eric Covener wrote:
> On Tue, Nov 10, 2009 at 6:20 PM, Stephen Love wrot=
e:
>> So what you are telling me is that there IS no REAL 2-way handshaking go=
ing
>> on. Then we've lost ALL hope of security.
>>
>
> What's "REAL" in this context? =A0It's not authenticated and doesn't
> result in some session establishment unless you configure your
> application to require/manage such a thing?
>
> --
> Eric Covener
> covener@gmail.com
[clip]

Yes, why don't you tell us exactly what you want to do, what's your
end goal? Visitor stats? Geographic locating? Authentication of a
real-world identity? There's a lot of very bright and very
knowledgeable people on this list, so if there's any way at all to do
what you want, then there is a very good chance that somebody here
will be able to tell you. It just might not be done the way you think
it should be.

As many of us have said, TCP is an end to end protocol. And in fact,
it is stateful, so you can send messages back and forth between the
two end points for as long as the connection is open. There is a
handshake that goes on between the two end points to setup this
connection, but this is not any sort of real authentication process
that confirms the identity of either end. What TCP gets you is pretty
good confidence that you are talking to the same person you were when
you started the conversation, but even that confidence is really only
upheld in the absence of active attacks like IP spoofing, and it
provides absolutely no confidence that there aren't other people
listening to the conversation, and potentially even participating in
the conversation.

If you're looking for security: like making sure no one else is
listening to the conversation, no one else is modifying the
conversation data, and or making sure that the person on the other end
is who they claim to be...then you're going to need a much more
sophisticated protocol than TCP, IP, or HTTP. SSL/TLS provides all
these things, with the latest TLS version believed to be quite secure
with current technologies and techniques. HTTPS layers HTTP over a
secure SSL or TLS connection, and is available in Apache with mod_ssl.

Your comment that "we've lost ALL hope of security" is quite accurate
with regards to HTTP, TCP, and IP alone. These protocols were really
not designed with any attention to security as security wasn't really
an acknowledged concern at the time they were created. Thus we have
add on protocols like SSL and TLS.

Anyway, back to my point: tell us what you're actually trying to do
and there's a good chance someone can help you, as long as you're
willing to let go of any preconceived notions on how to get the job
done (that's always the biggest stumbling block to learning something
new).

Cheers,
-Brian

--=20
Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: http://keys.gnupg.net

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org