httpbl-beta — mod_httpbl Beta Testers

Re: [Httpbl-beta] Missing /apsx/ directory

[David W. <djw...@gm...>]

Mark,
   It's come to my attention that the Windows Apache install doesn't come
with APXS.  It seems the only way to compile a module for Windows is via
Cygwin/mod_perl or using VIsual C++.

   Eric L (who is the moderator of this SourceForge Project and this mailing
list) is looking into options for us to better support the Windows folks.

Dave











On 7/6/07, Mark A. Craig <mar...@gm...> wrote:
>
>  Dave:
>
> I don't see it in the /bin/ directory, either.  I grabbed my install
> directly from the Apache Foundation site, no mucking around with third
> parties.  I was more thorough this time, and did a search of the entire tree
> for aspx*.*, and came up empty.  I will pose the question in the Apache User
> listserv.  This is supposed to be an EXE, right?
>
> Mark
>
> -------- Original Message  --------
> Subject: Re:[Httpbl-beta] Missing /apsx/ directory
> From: David Wortham <djw...@gm...> <djw...@gm...>
> To: mod_httpbl Beta Testers <htt...@li...><htt...@li...>
> Date: Friday, July 06, 2007 11:37:02 AM
>
> Mark,
>    I don't remember offhand if there is an APXS directory.  The important
> thing is to have an APXS binary file in the /bin/ directory.
>
> I believe APXS comes with the standard Windows MSI installer from
> http://httpd.apache.org/
>
> I could be completely wrong... it's been a while since I've installed
> Apache on a Windows machine.
>
> How did you get the installer?  Was it from that website or some other way
> (packaged with some other software, etc.)?
>
> Dave
>
>
>
>
> On 7/6/07, Mark A. Craig <mar...@gm...> wrote:
> >
> > My Windows install of Apache 2.24 doesn't seem to have the necessary
> > /apsx/ directory.  Is this because a port of this module compiler to
> > Windows is absent, or because I omitted components during the install of
> > Apache?
> >
> > Mark
>
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Httpbl-beta mailing list
> Htt...@li...
> https://lists.sourceforge.net/lists/listinfo/httpbl-beta
>
>

Re: [Httpbl-beta] Missing /apsx/ directory

[Mark A. C. <mar...@gm...>]

Eric:

I suspect you're right that it's not included.  I should have an answer 
how to make up for that by tonight.  I have found APSX at the Apache 
Lounge site and downloaded it.  If the instructions are clear and it 
poses no threat to my existing install, I might not have to wait for an 
answer from the Apache Users listserv.

Actually I'll have to consider replacing my Apache with the optimized 
one at Apache Lounge, and some of the other tweaks there.

Mark

>
> Eric Langheinrich wrote:
> Please correct me if I'm wrong, but the version of Apache for windows 
> that you get from Apache.org does not include apxs. You can get apache 
> for windows and apxs from www.apachelounge.com 
> <http://www.apachelounge.com>. I have not tried installing apxs from 
> apachelounge.com on top of apache from apache.org. I also haven't 
> tried installing http:BL with it.
>  
> I will be playing around with both this afternoon. I'll let you know 
> what I find out, but would be interested to hear anyone else's results 
> as well.
>  
> Thank you,
>  
> Eric
>
>     ------------------------------------------------------------------------
>     *From:* htt...@li...
>     [mailto:htt...@li...] *On Behalf Of
>     *David Wortham
>     *Sent:* Friday, July 06, 2007 12:37 PM
>     *To:* mod_httpbl Beta Testers
>     *Subject:* Re: [Httpbl-beta] Missing /apsx/ directory
>
>     Mark,
>        I don't remember offhand if there is an APXS directory.  The
>     important thing is to have an APXS binary file in the /bin/ directory.
>
>     I believe APXS comes with the standard Windows MSI installer from
>     http://httpd.apache.org/
>
>     I could be completely wrong... it's been a while since I've
>     installed Apache on a Windows machine.
>
>     How did you get the installer?  Was it from that website or some
>     other way (packaged with some other software, etc.)?
>
>     Dave
>
>
>
>
>     On 7/6/07, *Mark A. Craig* <mar...@gm...
>     <mailto:mar...@gm...>> wrote:
>
>         My Windows install of Apache 2.24 doesn't seem to have the
>         necessary
>         /apsx/ directory.  Is this because a port of this module
>         compiler to
>         Windows is absent, or because I omitted components during the
>         install of
>         Apache?
>
>         Mark
>
>         -------------------------------------------------------------------------
>         This SF.net email is sponsored by DB2 Express
>         Download DB2 Express C - the FREE version of DB2 express and take
>         control of your XML. No limits. Just data. Click to get it now.
>         http://sourceforge.net/powerbar/db2/
>         _______________________________________________
>         Httpbl-beta mailing list
>         Htt...@li...
>         <mailto:Htt...@li...>
>         https://lists.sourceforge.net/lists/listinfo/httpbl-beta
>
>
> ------------------------------------------------------------------------
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> ------------------------------------------------------------------------
>
> _______________________________________________
> Httpbl-beta mailing list
> Htt...@li...
> https://lists.sourceforge.net/lists/listinfo/httpbl-beta
>   
>
> --------end quoting--------
>

Re: [Httpbl-beta] Missing /apsx/ directory

[Mark A. C. <mar...@gm...>]

Sorry, A*P*SX, as in what's needed to participate in this beta (because I have 
to compile the beta module for Windows before I can try it out and contribute, 
for what little that's gonna be worth since I don't code these days).

I asked about it in the Apache listserv, and I'm sure I'll have a useful reply 
by this evening; there's some obviously competent and dedicated guys (i.e. they 
have no social lives) in that list.  I'll report back here, for the sake of 
spreading the wealth.

Mark

James Beckett wrote:
> Mark A. Craig wrote:
>> tree for aspx*.*, and came up empty.  I will pose the question in the 
>> Apache User listserv.  This is supposed to be an EXE, right?
> 
> Are you looking for aspx, as in .NET, or apxs, as in Apache?
> Or apsx, as in... something else?
> 
> -jmb

Re: [Httpbl-beta] Missing /apsx/ directory

[James B. <jmb...@ha...>]

Mark A. Craig wrote:
> tree for aspx*.*, and came up empty.  I will pose the question in the 
> Apache User listserv.  This is supposed to be an EXE, right?

Are you looking for aspx, as in .NET, or apxs, as in Apache?
Or apsx, as in... something else?

-jmb
-- 
James Beckett <jm...@ha...> <http://www.hackery.net/jmb/>
F601 C085 1482 B92A C812  556C A985 1497 209B 4E65
D6AC 333B FA95 595D 6D76  0F13 A5E2 044E 60D5 880B

Re: [Httpbl-beta] Missing /apsx/ directory

[Mark A. C. <mar...@gm...>]

Dave:

I don't see it in the /bin/ directory, either.  I grabbed my install 
directly from the Apache Foundation site, no mucking around with third 
parties.  I was more thorough this time, and did a search of the entire 
tree for aspx*.*, and came up empty.  I will pose the question in the 
Apache User listserv.  This is supposed to be an EXE, right?

Mark

> -------- Original Message  --------
> Subject: Re:[Httpbl-beta] Missing /apsx/ directory
> From: David Wortham <djw...@gm...>
> To: mod_httpbl Beta Testers <htt...@li...>
> Date: Friday, July 06, 2007 11:37:02 AM
>
> Mark,
>    I don't remember offhand if there is an APXS directory.  The 
> important thing is to have an APXS binary file in the /bin/ directory.
>
> I believe APXS comes with the standard Windows MSI installer from 
> http://httpd.apache.org/
>
> I could be completely wrong... it's been a while since I've installed 
> Apache on a Windows machine.
>
> How did you get the installer?  Was it from that website or some other 
> way (packaged with some other software, etc.)?
>
> Dave
>
>
>
>
> On 7/6/07, *Mark A. Craig* <mar...@gm... 
> <mailto:mar...@gm...>> wrote:
>
>     My Windows install of Apache 2.24 doesn't seem to have the necessary
>     /apsx/ directory.  Is this because a port of this module compiler to
>     Windows is absent, or because I omitted components during the
>     install of
>     Apache?
>
>     Mark
>

Re: [Httpbl-beta] Missing /apsx/ directory

[Eric L. <er...@pr...>]

Please correct me if I'm wrong, but the version of Apache for windows that
you get from Apache.org does not include apxs. You can get apache for
windows and apxs from www.apachelounge.com. I have not tried installing apxs
from apachelounge.com on top of apache from apache.org. I also haven't tried
installing http:BL with it. 
 
I will be playing around with both this afternoon. I'll let you know what I
find out, but would be interested to hear anyone else's results as well.
 
Thank you,
 
Eric


  _____  

From: htt...@li...
[mailto:htt...@li...] On Behalf Of David
Wortham
Sent: Friday, July 06, 2007 12:37 PM
To: mod_httpbl Beta Testers
Subject: Re: [Httpbl-beta] Missing /apsx/ directory


Mark,
   I don't remember offhand if there is an APXS directory.  The important
thing is to have an APXS binary file in the /bin/ directory.

I believe APXS comes with the standard Windows MSI installer from
http://httpd.apache.org/

I could be completely wrong... it's been a while since I've installed Apache
on a Windows machine.

How did you get the installer?  Was it from that website or some other way
(packaged with some other software, etc.)? 

Dave





On 7/6/07, Mark A. Craig <mar...@gm...> wrote: 

My Windows install of Apache 2.24 doesn't seem to have the necessary
/apsx/ directory.  Is this because a port of this module compiler to
Windows is absent, or because I omitted components during the install of
Apache?

Mark

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Httpbl-beta mailing list 
Htt...@li...
https://lists.sourceforge.net/lists/listinfo/httpbl-beta 

Re: [Httpbl-beta] Missing /apsx/ directory

[David W. <djw...@gm...>]

Mark,
   I don't remember offhand if there is an APXS directory.  The important
thing is to have an APXS binary file in the /bin/ directory.

I believe APXS comes with the standard Windows MSI installer from
http://httpd.apache.org/

I could be completely wrong... it's been a while since I've installed Apache
on a Windows machine.

How did you get the installer?  Was it from that website or some other way
(packaged with some other software, etc.)?

Dave




On 7/6/07, Mark A. Craig <mar...@gm...> wrote:
>
> My Windows install of Apache 2.24 doesn't seem to have the necessary
> /apsx/ directory.  Is this because a port of this module compiler to
> Windows is absent, or because I omitted components during the install of
> Apache?
>
> Mark
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Httpbl-beta mailing list
> Htt...@li...
> https://lists.sourceforge.net/lists/listinfo/httpbl-beta
>

[Httpbl-beta] Missing /apsx/ directory

[Mark A. C. <mar...@gm...>]

My Windows install of Apache 2.24 doesn't seem to have the necessary 
/apsx/ directory.  Is this because a port of this module compiler to 
Windows is absent, or because I omitted components during the install of 
Apache?

Mark

[Httpbl-beta] Typo in Version 1.3

[ZyanKLee <zya...@zy...>]

hey,

tried the apache2.0 sourceforge version 1.3 recently.
In header of mod_httpbl.c there is mentioned a config-parameter named
HTTPBLRBLEnable      On
this should be changed to look as follows:
HTTPBLRBLEnabled      On
else Apache2 will report an error.

also stated in bug "[ 1711552 ] Enabling in httpd.conf -
HTTPBLRBLEnabled" but unchanged since 2007-05-03 00:41

How is work going on?
I am very happy with the httpbl module. It works quite fast and as far
as I can see with good quality.

Greetz

[Httpbl-beta] Typo in Version 1.3

[ZyanKLee <zya...@gm...>]

hey,

tried the apache2.0 sourceforge version 1.3 recently.
In header of mod_httpbl.c there is mentioned a config-parameter named
HTTPBLRBLEnable      On
this should be changed to look as follows:
HTTPBLRBLEnabled      On
else Apache2 will report an error.

also stated in bug "[ 1711552 ] Enabling in httpd.conf - 
HTTPBLRBLEnabled" but unchanged since 2007-05-03 00:41

How is work going on?
I am very happy with the httpbl module. It works quite fast and as far 
as I can see with good quality.

Greetz

Re: [Httpbl-beta] New revision

[Jasper <ja...@ti...>]

David,

Ive compiled the httpbl 1.2 without any problems on debian etch with 
apache 2.2.4.

The problem with lstat and apr are indeed gone.

Thanks for the update, ill do some extra tests to see if things are 
broken (which i dont hope)

Regards Jasper

David Wortham wrote:
> Dear mod_httpbl testers,
>   There is a new revision of mod_httpbl.c on the SourceForce project website
> www.SourceForge.net/projects/httpbl 
> <http://www.SourceForge.net/projects/httpbl>
> 
>    Changes include:
> - Removed the hard-coded IP_TO_LOOKUP
> - Some warnings removed (only about half)
> - Hid the tests that aren't being performed (for now)
> 
> As I have mentioned in other mailing list emails, I don't yet have the 
> ability to test Apache 2.2.x (or APR v 1.0 or greater).
> Please let me know if there are any obvious errors or new warnings.  
> SourceForge bug reports are preferable and questions/comments on the 
> mailing list always help.
> 
> The new "version" of the mod_httpbl.c source code is revision 1.2.
> 
> Regards,
> Dave
> 
> 
> ------------------------------------------------------------------------
> 
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Httpbl-beta mailing list
> Htt...@li...
> https://lists.sourceforge.net/lists/listinfo/httpbl-beta

[Httpbl-beta] New revision

[David W. <djw...@gm...>]

Dear mod_httpbl testers,
  There is a new revision of mod_httpbl.c on the SourceForce project website
www.SourceForge.net/projects/httpbl

   Changes include:
- Removed the hard-coded IP_TO_LOOKUP
- Some warnings removed (only about half)
- Hid the tests that aren't being performed (for now)

As I have mentioned in other mailing list emails, I don't yet have the
ability to test Apache 2.2.x (or APR v 1.0 or greater).
Please let me know if there are any obvious errors or new warnings.
SourceForge bug reports are preferable and questions/comments on the mailing
list always help.

The new "version" of the mod_httpbl.c source code is revision 1.2.

Regards,
Dave

Re: [Httpbl-beta] Error starting Apache2 with mod_httpbl

[Christian G. <ge...@go...>]

Hi Matti,

Thanks for the patch.
My Module is now working.

HTTPBL Internal Diagnostics Testing
Test Results
[ + ]	Write to the log directory (/var/log/httpbl/)
[ + ]	Write to the repos directory (/var/log/httpbl/)
[ + ]	Resolve and reach the RBL domain (www.projecthoneypot.org)
[ * ]	Authenticate with the Project Honey Pot RBL (*.dave.httpbl.org)
[ * ]	Submit 404 data to the server
(http://192.168.3.100:11000/record_404.php)
[ * ]	Submit POST data to the server
(http://192.168.3.100:11000/record_post.php)
[ * ]	Query for honeypots (http://hpr1.projecthoneypot.org/cgi/serve.php)

Now I can play around with the allow/deny rules.
Any suggestions for that, just for the start ?

Regards,
Christian

> -----Original Message-----
> From: htt...@li... [mailto:httpbl-beta-
> bo...@li...] On Behalf Of Matti P. T. Juvonen
> Sent: 31 May 2007 02:59
> To: mod_httpbl Beta Testers
> Subject: Re: [Httpbl-beta] Error starting Apache2 with mod_httpbl
> 
> Hi Christian,
> 
> > apache2: Syntax error on line 185 of /etc/apache2/apache2.conf:
> Syntax error
> > on line 1 of /etc/apache2/mods-enabled/httpbl.load: Cannot load
> > /usr/lib/apache2/modules/mod_httpbl.so into server:
> > /usr/lib/apache2/modules/mod_httpbl.so: undefined symbol:
> > apr_socket_create_ex
> 
> I ran into the same problem. It seems that the code does not support
> some of the more recent versions of libapr -- my Debian etch system
> comes with 1.2.7-8.2. Specifically, according to apr 0.9 documentation,
> apr_socket_create_ex and apr_lstat are deprecated. Both are missing
> from
> version 1.2.
> 
> I wrote a short patch to fix these issues, although I haven't really
> tested it (so I may have missed something). It is available at
> http://enneu.net/files/mod_httpbl_apr.patch
> 
> :mpj
> 
> -----------------------------------------------------------------------
> --
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Httpbl-beta mailing list
> Htt...@li...
> https://lists.sourceforge.net/lists/listinfo/httpbl-beta

Re: [Httpbl-beta] http method matching

[David W. <djw...@gm...>]

James,
   I'm looking into why only GETs and POSTs seem to be matching.

   When we set out to create the module, our intention was to make it HTTP
1.0 compatible (which does not provide support for all of the 20-something
HTTP "verbs" supported in newer versions of the HTTP protocol and in mode
versatile ).

   Off the top of my head, I would say that the best way to handle the
plethora of other "verbs" (the lesser used ones) would be to throw them all
in a catch-all bit.
On the other hand, the "verb bitset" isn't required to be only 8 bits
because it is not part of the httpBL system (it is used in mod_httpbl, not
the underlying DNS system).  Perhaps making a larger bitset in a future
version of the module is the way to go.

Dave


On 5/30/07, James Beckett <jmb...@ha...> wrote:
>
> My last email to list grew longer than planned, so I'll keep this one
> short.
>
> The first parameter in a HTTPBLRBLReqHandler rule is for matching the type
> of the HTTP request - here's the code that makes that test:
>
> static int is_method_accepted_by_rbl_handler(const char* the_method, const
> unsigned long the_verb_bs)
> {
>     return  ((httpbl_string_matches(the_method, "GET"    ) && (the_verb_bs
> & 0x0000001ul)) ||
>              (httpbl_string_matches(the_method, "POST"   ) && (the_verb_bs
> & 0x0000010ul)) ||
>              (httpbl_string_matches(the_method, "HEAD"   ) && (the_verb_bs
> & 0x0000100ul)) ||
>              (httpbl_string_matches(the_method, "PUT"    ) && (the_verb_bs
> & 0x0001000ul)) ||
>              (httpbl_string_matches(the_method, "DELETE" ) && (the_verb_bs
> & 0x0010000ul)) ||
>              (httpbl_string_matches(the_method, "OPTIONS") && (the_verb_bs
> & 0x0100000ul)) ||
>              (httpbl_string_matches(the_method, "TRACE"  ) && (the_verb_bs
> & 0x1000000ul)));
> }
>
> Answers on a postcard please as to why only GET and POST ever match
> when the_verb_bs has values from 0 to 255 ...
>
> This caused me much confusion while testing, as I typically make
> HEAD requests by hand (using nc etc) to view HTTP responses and they
> *never failed*.
>
> In similar vein to the category matching bitset problem, there's no way to
> have a catch-all for *all* methods not matched elsewhere. Apache 2.2 has
> a list of 26 different methods that are recognized - we'll not be fitting
> those into our 0-255 bitset!
>
> -jmb
> --
> James Beckett <jm...@ha...> <http://www.hackery.net/jmb/>
> F601 C085 1482 B92A C812  556C A985 1497 209B 4E65
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Httpbl-beta mailing list
> Htt...@li...
> https://lists.sourceforge.net/lists/listinfo/httpbl-beta
>

Re: [Httpbl-beta] Getting help

[David W. <djw...@gm...>]

James,
   Thanks for the analysis.

   I was too tired to address the problem which started this thread and
should not have replied.  You are right that the HTTPBLRBLReqHandler I
pointed out works only with Search Engines and should be there.  I probably
confused a lot of people with my erred response.

   I am probably still too tired to fix the issues you brought up in
tonight's revision of the code.  The intention of the HTTPBLRBLReqHandler
directives was to create a fine-grained ruleset for handling httpbl
responses.  In any case, I have almost finished a wizard/webpage to simplify
the creation of HTTPBLRBLReqHandler directives.  Whether the decision is to
keep the category bitsets working the way they do (ANDed bits) or to change
it to ORed bits, the wizard/webpage will create the correct directive code.
I will keep the mailing list updated if I make a large change like that.

Dave



On 5/30/07, James Beckett <jmb...@ha...> wrote:
>
> David Wortham wrote:
> >    You want to remove the line "HTTPBLRBLReqHandler 255:0-255:0-255:0
> > allow" from your configurations if you want to filter out any IPs.  This
> > line explicitly allows all IPs access to any page in this directory
> > before any other checks are done.
>
> David,
>
> This is the "allow search engines" line, isn't it?  Throughout the
> documentation this is given as an example to match addresses of
> known search engines and permit them, ahead of deny lines for
> other offender categories (with the catch-all "255" given as the
> category bitmask).
>
> The documentation isn't explicit about how bitset tests are
> performed, but the natural reading would seem to be that the
> category bitset in the config line is ANDed with the returned
> category value, and if anything remains, match the rule, with 0 as
> a special case to match 0 alone - thus the example
>
> HTTPBLRBLReqHandler 255:0-30:0-255:255 deny
>
> picks up responses with *any* category bit set. However, I've had
> a look at the tests in the code, and it seems the logic is quite
> different - *all* '1' bits given in the bitset must match the returned
> category value -
>
> static int does_bitset_accept_value(unsigned int bitset, unsigned int
> value)
> {
>    return ((bitset&value) == bitset);
> }
>
> which gives these corollaries:
>
> * a "0" in the rule always matches, giving the counterintuitive
> and counter-documentation behaviour you describe above
>
> * there is no way to match iff octet4==0 at all, so you *cannot*
> make a rule for matching search engines
>
> * a "255" (also as given in the examples) is unlikely to match,
> as it includes as-yet-reserved bits
>
> * there is no way to say "harvester OR spammer" in a single rule,
> as 2+4 means "this IP is flagged both as harvester AND spammer"
>
> * Thus you *cannot* make a rule with a catch-all on the category.
>
> I humbly submit that this logic is flawed, and doesn't make for
> sensible configurations. I think the special-case of "0" is a
> recipe for much confusion.
>
> At present I have this in my httpBL.conf, which seems to have the
> required effect (but can't handle search engines):
>
>    HTTPBLDefaultAction     allow
>    # ...
>    HTTPBLRBLReqHandler 255:0-255:0-255:1 deny
>    HTTPBLRBLReqHandler 255:0-255:0-255:2 deny
>    HTTPBLRBLReqHandler 255:0-255:0-255:4 deny
>    HTTPBLRBLReqHandler 255:0-255:0-255:8 deny
>
> (The HTTP method bitset test is performed with explicit and/or
> comparisons, so doesn't suffer this problem. Actually, it suffers
> an entirely different problem, which I'll leave for another mail)
>
> cheers,
> James
> --
> James Beckett <jm...@ha...> <http://www.hackery.net/jmb/>
> F601 C085 1482 B92A C812  556C A985 1497 209B 4E65
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Httpbl-beta mailing list
> Htt...@li...
> https://lists.sourceforge.net/lists/listinfo/httpbl-beta
>

Re: [Httpbl-beta] Error starting Apache2 with mod_httpbl

[Matti P. T. J. <mp...@ik...>]

Hi Christian,

> apache2: Syntax error on line 185 of /etc/apache2/apache2.conf: Syntax error
> on line 1 of /etc/apache2/mods-enabled/httpbl.load: Cannot load
> /usr/lib/apache2/modules/mod_httpbl.so into server:
> /usr/lib/apache2/modules/mod_httpbl.so: undefined symbol:
> apr_socket_create_ex

I ran into the same problem. It seems that the code does not support
some of the more recent versions of libapr -- my Debian etch system
comes with 1.2.7-8.2. Specifically, according to apr 0.9 documentation,
apr_socket_create_ex and apr_lstat are deprecated. Both are missing from
version 1.2.

I wrote a short patch to fix these issues, although I haven't really
tested it (so I may have missed something). It is available at
http://enneu.net/files/mod_httpbl_apr.patch

:mpj

Re: [Httpbl-beta] DNS lookups not corresponding to incoming http client addresses - fixed

[David W. <djw...@gm...>]

All mod_httpbl testers,
   It looks like I goofed on the newest version of the code.  I'm going to
be updating the CVS tonight with a version of code that _does_not_ look up
only a single hardcoded IP (as well as a few other minor changes that I've
made since the last update).  I stilldon't have the ability to test Apache
2.2.x so if you have any compile errors, please let me know and I will try
to fix them ASAP.

THanks,
Dave



On 5/30/07, James Beckett <jmb...@ha...> wrote:
>
> James Beckett wrote:
> > So far, I've only seen httpBL DNS lookups
> > for two IP addresses - one of them around 4200 times and the other only
> once,
> > since installation on 2007-05-02.
>
> (apache log)
>
> > 80.237.210.109 - - [15/May/2007:16:31:46 +0100] "GET / HTTP/1.0" 200
> 4154 "-"
> >     "Lynx/2.8.4rel.1 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.6c"
>
> > but the corresponding entry in named.querylog is
> >
> > 15-May-2007 16:31:46.757 client 127.0.0.1#50330: query:
> >     (my ID).235.1.194.62.dnsbl.httpbl.org IN A +
> >
> > The address 62.192.1.235 doesn't appear in any other apache log files,
> and
> > seems entirely spurious.
>
> More so for me mis-reversing it: 62.194.1.235 is the only address that
> gets
> looked up. Now that I've spotted my bozo error it's clear in the code - it
> looks as though a test setting has been left in place:
>
>
> http://httpbl.cvs.sourceforge.net/httpbl/mod_httpbl_for_apache_2.0/mod_httpbl_source/mod_httpbl.c?revision=1.1.1.1&view=markup#l_309
>
> #define IP_TO_LOOKUP                            "62.194.1.235"
>         // a known spammer's IP ; just for testing
>
> and later:
>
>     ha = r->connection->remote_ip; // get the requesting IP from the
> request_rec
> #ifdef IP_TO_LOOKUP     // if a macro is set to a hardcoded IP (for
> testing purposes)
>     ha = IP_TO_LOOKUP;
> #endif
>
> With this here, check_via() always looks up this address, not the remote
> IP
> address from the request - which presumably means that all current beta
> testers (unless they've quietly fixed this themselves locally, or have an
> earlier version without it) are unknowingly not actually testing anything
> useful! (This test IP returns 127.86.74.3 - 86 days since activity, pretty
> high threat, suspicious+harvester - the sample config should return "deny"
> for this, so I'd expect any typical beta tester setup to show 100% page
> denial)
>
> With the #define commented out, I'm finally seeing lookups of actual
> client
> addresses taking place:
>
> 30-May-2007 20:07:30.533 client 127.0.0.1#57023: view internal:
>         query: (my ID).109.210.237.80.dnsbl.httpbl.org IN A +
>
>
> I'd highly recommend anyone running http:BL to run and use their own local
> caching nameserver, both for reducing lookup overheads and for being able
> to check the logs and see what's going on.
>
> cheers,
> James
> --
> James Beckett <jm...@ha...> <http://www.hackery.net/jmb/>
> F601 C085 1482 B92A C812  556C A985 1497 209B 4E65
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Httpbl-beta mailing list
> Htt...@li...
> https://lists.sourceforge.net/lists/listinfo/httpbl-beta
>

[Httpbl-beta] http method matching

[James B. <jmb...@ha...>]

My last email to list grew longer than planned, so I'll keep this one short.

The first parameter in a HTTPBLRBLReqHandler rule is for matching the type
of the HTTP request - here's the code that makes that test:

static int is_method_accepted_by_rbl_handler(const char* the_method, const unsigned long the_verb_bs)
{
    return  ((httpbl_string_matches(the_method, "GET"    ) && (the_verb_bs & 0x0000001ul)) ||
             (httpbl_string_matches(the_method, "POST"   ) && (the_verb_bs & 0x0000010ul)) ||
             (httpbl_string_matches(the_method, "HEAD"   ) && (the_verb_bs & 0x0000100ul)) ||
             (httpbl_string_matches(the_method, "PUT"    ) && (the_verb_bs & 0x0001000ul)) ||
             (httpbl_string_matches(the_method, "DELETE" ) && (the_verb_bs & 0x0010000ul)) ||
             (httpbl_string_matches(the_method, "OPTIONS") && (the_verb_bs & 0x0100000ul)) ||
             (httpbl_string_matches(the_method, "TRACE"  ) && (the_verb_bs & 0x1000000ul)));
}

Answers on a postcard please as to why only GET and POST ever match
when the_verb_bs has values from 0 to 255 ...

This caused me much confusion while testing, as I typically make
HEAD requests by hand (using nc etc) to view HTTP responses and they
*never failed*.

In similar vein to the category matching bitset problem, there's no way to
have a catch-all for *all* methods not matched elsewhere. Apache 2.2 has
a list of 26 different methods that are recognized - we'll not be fitting
those into our 0-255 bitset!

-jmb
-- 
James Beckett <jm...@ha...> <http://www.hackery.net/jmb/>
F601 C085 1482 B92A C812  556C A985 1497 209B 4E65

Re: [Httpbl-beta] Getting help

[James B. <jmb...@ha...>]

David Wortham wrote:
>    You want to remove the line "HTTPBLRBLReqHandler 255:0-255:0-255:0 
> allow" from your configurations if you want to filter out any IPs.  This 
> line explicitly allows all IPs access to any page in this directory 
> before any other checks are done.

David,

This is the "allow search engines" line, isn't it?  Throughout the
documentation this is given as an example to match addresses of
known search engines and permit them, ahead of deny lines for
other offender categories (with the catch-all "255" given as the
category bitmask).

The documentation isn't explicit about how bitset tests are
performed, but the natural reading would seem to be that the
category bitset in the config line is ANDed with the returned
category value, and if anything remains, match the rule, with 0 as
a special case to match 0 alone - thus the example

 HTTPBLRBLReqHandler 255:0-30:0-255:255 deny

picks up responses with *any* category bit set. However, I've had
a look at the tests in the code, and it seems the logic is quite
different - *all* '1' bits given in the bitset must match the returned
category value -

 static int does_bitset_accept_value(unsigned int bitset, unsigned int value)
 {
   return ((bitset&value) == bitset);
 }

which gives these corollaries:

* a "0" in the rule always matches, giving the counterintuitive
 and counter-documentation behaviour you describe above

* there is no way to match iff octet4==0 at all, so you *cannot*
 make a rule for matching search engines

* a "255" (also as given in the examples) is unlikely to match,
 as it includes as-yet-reserved bits

* there is no way to say "harvester OR spammer" in a single rule,
 as 2+4 means "this IP is flagged both as harvester AND spammer"

 * Thus you *cannot* make a rule with a catch-all on the category.

I humbly submit that this logic is flawed, and doesn't make for
sensible configurations. I think the special-case of "0" is a
recipe for much confusion.

At present I have this in my httpBL.conf, which seems to have the
required effect (but can't handle search engines):

   HTTPBLDefaultAction     allow
   # ...
   HTTPBLRBLReqHandler 255:0-255:0-255:1 deny
   HTTPBLRBLReqHandler 255:0-255:0-255:2 deny
   HTTPBLRBLReqHandler 255:0-255:0-255:4 deny
   HTTPBLRBLReqHandler 255:0-255:0-255:8 deny

(The HTTP method bitset test is performed with explicit and/or
comparisons, so doesn't suffer this problem. Actually, it suffers
an entirely different problem, which I'll leave for another mail)

cheers,
James
-- 
James Beckett <jm...@ha...> <http://www.hackery.net/jmb/>
F601 C085 1482 B92A C812  556C A985 1497 209B 4E65

[Httpbl-beta] DNS lookups not corresponding to incoming http client addresses - fixed

[James B. <jmb...@ha...>]

James Beckett wrote:
> So far, I've only seen httpBL DNS lookups
> for two IP addresses - one of them around 4200 times and the other only once,
> since installation on 2007-05-02.

(apache log)

> 80.237.210.109 - - [15/May/2007:16:31:46 +0100] "GET / HTTP/1.0" 200 4154 "-"
>     "Lynx/2.8.4rel.1 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.6c"

> but the corresponding entry in named.querylog is
> 
> 15-May-2007 16:31:46.757 client 127.0.0.1#50330: query:
>     (my ID).235.1.194.62.dnsbl.httpbl.org IN A +
> 
> The address 62.192.1.235 doesn't appear in any other apache log files, and
> seems entirely spurious.

More so for me mis-reversing it: 62.194.1.235 is the only address that gets
looked up. Now that I've spotted my bozo error it's clear in the code - it
looks as though a test setting has been left in place:

http://httpbl.cvs.sourceforge.net/httpbl/mod_httpbl_for_apache_2.0/mod_httpbl_source/mod_httpbl.c?revision=1.1.1.1&view=markup#l_309

#define IP_TO_LOOKUP                            "62.194.1.235" 
	// a known spammer's IP ; just for testing

and later:

    ha = r->connection->remote_ip; // get the requesting IP from the request_rec
#ifdef IP_TO_LOOKUP     // if a macro is set to a hardcoded IP (for testing purposes)
    ha = IP_TO_LOOKUP;
#endif

With this here, check_via() always looks up this address, not the remote IP
address from the request - which presumably means that all current beta
testers (unless they've quietly fixed this themselves locally, or have an
earlier version without it) are unknowingly not actually testing anything
useful! (This test IP returns 127.86.74.3 - 86 days since activity, pretty
high threat, suspicious+harvester - the sample config should return "deny"
for this, so I'd expect any typical beta tester setup to show 100% page
denial)

With the #define commented out, I'm finally seeing lookups of actual client
addresses taking place:

30-May-2007 20:07:30.533 client 127.0.0.1#57023: view internal:
	query: (my ID).109.210.237.80.dnsbl.httpbl.org IN A +


I'd highly recommend anyone running http:BL to run and use their own local
caching nameserver, both for reducing lookup overheads and for being able
to check the logs and see what's going on.

cheers,
James
-- 
James Beckett <jm...@ha...> <http://www.hackery.net/jmb/>
F601 C085 1482 B92A C812  556C A985 1497 209B 4E65

[Httpbl-beta] Error starting Apache2 with mod_httpbl

[Christian G. <ge...@go...>]

Hello,

I just compiled the mod_httpbl, no errors.
But when I do a configtest I get the following error:

apache2: Syntax error on line 185 of /etc/apache2/apache2.conf: Syntax error
on line 1 of /etc/apache2/mods-enabled/httpbl.load: Cannot load
/usr/lib/apache2/modules/mod_httpbl.so into server:
/usr/lib/apache2/modules/mod_httpbl.so: undefined symbol:
apr_socket_create_ex

System is Debian with Apache/2.2.3 (Debian) PHP/5.2.0-8+etch1


Thanks for help,
Christian

Re: [Httpbl-beta] Getting help

[A. R. <ar...@et...>]

Ive changed my apache config, hard to determine if it helps but 
"luckely" enough Ive got plenty of comment spammers so Ill know by 
tomorrow :)

Will there be any information in the log when a comment spammer get 
"rejected" with httpbl?

The line was copy-pasted. In the initial mail "Welcome to the mod_httpbl 
Beta Program" I got an attachment with "Apache HTTP Server Version 2.2" 
which in the first page states

# To get you up and running quickly, here is an example block of directives
HTTPBLRBLEnabled On
HTTPBLAccessKey*** get this from your Project Honey Pot account (free to 
register) ***
HTTPBLDefaultAction Allow
# allow all search engines
HTTPBLRBLReqHandler 255:0-255:0-255:0 allow
# deny any other listed IPs with any "score" that have been active in 
the last 30 days
HTTPBLRBLReqHandler 255:0-30:0-255:255 deny


Thanks
/Anders


David Wortham wrote:
> Anders,
>   We are pleased that you have decided to help us test mod_httpbl.
> 
>   I believe your module is working well.  Your top 3 diagnostics tests look
> good and those are the only tests which are coded into the module right 
> now.
> 
>   You want to remove the line "HTTPBLRBLReqHandler 255:0-255:0-255:0 allow"
> from your configurations if you want to filter out any IPs.  This line
> explicitly allows all IPs access to any page in this directory before any
> other checks are done.
> 
> "HTTPBLRBLReqHandler 255:0-255:0-255:0 allow" sets permissions for any
> visitor's IP to visit any page in this directory block (of XML).
> Setting this as the first HTTPBLRBLReqHandler causes all requests to be
> _allowed_ (which is not what you want if you want to filter known threat 
> IPs
> from accessing these pages).
> Setting this as the last HTTPBLRBLReqHandler causes all requests to default
> (fall back) to _allowed_ (which would be the same thing
> as"HTTPBLDefaultAction allow").
> All HTTPBLRBLReqHandler are tested top-to-bottom from most specific (files
> and directories) to more general (Virtual Hosts and Servers) scope.
> 
> Am I correct in assuming you copy-pasted your HTTPBLRBLReqHandler from
> somewhere?  Could you tell me where you got your initial configuration 
> lines
> from?
> I think I should rewrite something to explain the definition of this line
> more clear to new users.
> 
> Hope this helps.
> 
> Regards,
> Dave
> 
> 
> 
> 
> 
> On 5/30/07, A. Runeson <ar...@et...> wrote:
>>
>> Hello
>> Ive got troubles with getting the mod_httbl working and don't really
>> know where to get help, if I'm of then please point me in the right
>> direction.
>>
>>
>> I got the module to compile and installed.
>> In my apache-vhost-conf I have:
>>
>>          <IfModule mod_httpbl.c>
>>             HTTPBLRBLEnabled    On
>>             HTTPBLLogDir            /var/log/apache2/httpbl/
>>             HTTPBLTestingURL        /httpbl_diagnostics/
>>             HTTPBLDefaultAction     allow
>>             HTTPBLAccessKey         theoneIgotfromprojecthoneypot
>>             HTTPBLReposDir          /tmp/
>>          </IfModule>
>>
>> and then
>>          <Directory /mnt/webserver/www/htdocs/gallery>
>>                  AllowOverride FileInfo Options
>>                  HTTPBLRBLEnabled On
>>                  HTTPBLDefaultAction allow
>>                  HTTPBLDefaultAction     allow
>>                  HTTPBLRBLReqHandler 255:0-255:0-255:0 allow
>>                  HTTPBLRBLReqHandler 255:0-100:0-255:255 deny
>>          </Directory>
>>
>> I got the diagnostics testing to show up in apache.
>> [ + ]   Write to the log directory (/var/log/apache2/httpbl/)
>> [ + ]   Write to the repos directory (/tmp/)
>> [ + ]   Resolve and reach the RBL domain (www.projecthoneypot.org)
>> [ * ]   Authenticate with the Project Honey Pot RBL (*.dave.httpbl.org)
>> [ * ]   Submit 404 data to the server
>> (http://192.168.3.100:11000/record_404.php)
>> [ * ]   Submit POST data to the server
>> (http://192.168.3.100:11000/record_post.php)
>> [ * ]   Query for honeypots 
>> (http://hpr1.projecthoneypot.org/cgi/serve.php
>> )
>>
>> Seems to me like all is well.
>>
>> The problem is that I still get gallery spam commenters, for example
>> today from ip 163.178.90.130 and when checking this ip in project
>> honeypot its tagged as evil.
>>
>> Should I try debugmode in the apache module? Or have I done something
>> obviously wrong?
>> My apache server tag is
>> Apache/2.0.55 (Ubuntu) DAV/2 SVN/1.3.1 PHP/5.1.2 mod_ssl/2.0.55
>> OpenSSL/0.9.8a
>>
>> The log-dir is empty except for an empty httpbl_diagnostics_test.txt
>>
>> Regards
>> Anders Runeson
>>

Re: [Httpbl-beta] Getting help

[David W. <djw...@gm...>]

Anders,
   We are pleased that you have decided to help us test mod_httpbl.

   I believe your module is working well.  Your top 3 diagnostics tests look
good and those are the only tests which are coded into the module right now.

   You want to remove the line "HTTPBLRBLReqHandler 255:0-255:0-255:0 allow"
from your configurations if you want to filter out any IPs.  This line
explicitly allows all IPs access to any page in this directory before any
other checks are done.

"HTTPBLRBLReqHandler 255:0-255:0-255:0 allow" sets permissions for any
visitor's IP to visit any page in this directory block (of XML).
Setting this as the first HTTPBLRBLReqHandler causes all requests to be
_allowed_ (which is not what you want if you want to filter known threat IPs
from accessing these pages).
Setting this as the last HTTPBLRBLReqHandler causes all requests to default
(fall back) to _allowed_ (which would be the same thing
as"HTTPBLDefaultAction allow").
All HTTPBLRBLReqHandler are tested top-to-bottom from most specific (files
and directories) to more general (Virtual Hosts and Servers) scope.

Am I correct in assuming you copy-pasted your HTTPBLRBLReqHandler from
somewhere?  Could you tell me where you got your initial configuration lines
from?
I think I should rewrite something to explain the definition of this line
more clear to new users.

Hope this helps.

Regards,
Dave





On 5/30/07, A. Runeson <ar...@et...> wrote:
>
> Hello
> Ive got troubles with getting the mod_httbl working and don't really
> know where to get help, if I'm of then please point me in the right
> direction.
>
>
> I got the module to compile and installed.
> In my apache-vhost-conf I have:
>
>          <IfModule mod_httpbl.c>
>             HTTPBLRBLEnabled    On
>             HTTPBLLogDir            /var/log/apache2/httpbl/
>             HTTPBLTestingURL        /httpbl_diagnostics/
>             HTTPBLDefaultAction     allow
>             HTTPBLAccessKey         theoneIgotfromprojecthoneypot
>             HTTPBLReposDir          /tmp/
>          </IfModule>
>
> and then
>          <Directory /mnt/webserver/www/htdocs/gallery>
>                  AllowOverride FileInfo Options
>                  HTTPBLRBLEnabled On
>                  HTTPBLDefaultAction allow
>                  HTTPBLDefaultAction     allow
>                  HTTPBLRBLReqHandler 255:0-255:0-255:0 allow
>                  HTTPBLRBLReqHandler 255:0-100:0-255:255 deny
>          </Directory>
>
> I got the diagnostics testing to show up in apache.
> [ + ]   Write to the log directory (/var/log/apache2/httpbl/)
> [ + ]   Write to the repos directory (/tmp/)
> [ + ]   Resolve and reach the RBL domain (www.projecthoneypot.org)
> [ * ]   Authenticate with the Project Honey Pot RBL (*.dave.httpbl.org)
> [ * ]   Submit 404 data to the server
> (http://192.168.3.100:11000/record_404.php)
> [ * ]   Submit POST data to the server
> (http://192.168.3.100:11000/record_post.php)
> [ * ]   Query for honeypots (http://hpr1.projecthoneypot.org/cgi/serve.php
> )
>
> Seems to me like all is well.
>
> The problem is that I still get gallery spam commenters, for example
> today from ip 163.178.90.130 and when checking this ip in project
> honeypot its tagged as evil.
>
> Should I try debugmode in the apache module? Or have I done something
> obviously wrong?
> My apache server tag is
> Apache/2.0.55 (Ubuntu) DAV/2 SVN/1.3.1 PHP/5.1.2 mod_ssl/2.0.55
> OpenSSL/0.9.8a
>
> The log-dir is empty except for an empty httpbl_diagnostics_test.txt
>
> Regards
> Anders Runeson
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Httpbl-beta mailing list
> Htt...@li...
> https://lists.sourceforge.net/lists/listinfo/httpbl-beta
>

[Httpbl-beta] Getting help

[A. R. <ar...@et...>]

Hello
Ive got troubles with getting the mod_httbl working and don't really 
know where to get help, if I'm of then please point me in the right 
direction.


I got the module to compile and installed.
In my apache-vhost-conf I have:

         <IfModule mod_httpbl.c>
            HTTPBLRBLEnabled    On
            HTTPBLLogDir            /var/log/apache2/httpbl/
            HTTPBLTestingURL        /httpbl_diagnostics/
            HTTPBLDefaultAction     allow
            HTTPBLAccessKey         theoneIgotfromprojecthoneypot
            HTTPBLReposDir          /tmp/
         </IfModule>

and then
         <Directory /mnt/webserver/www/htdocs/gallery>
                 AllowOverride FileInfo Options
                 HTTPBLRBLEnabled On
                 HTTPBLDefaultAction allow
                 HTTPBLDefaultAction     allow
                 HTTPBLRBLReqHandler 255:0-255:0-255:0 allow
                 HTTPBLRBLReqHandler 255:0-100:0-255:255 deny
         </Directory>

I got the diagnostics testing to show up in apache.
[ + ]	Write to the log directory (/var/log/apache2/httpbl/)
[ + ]	Write to the repos directory (/tmp/)
[ + ]	Resolve and reach the RBL domain (www.projecthoneypot.org)
[ * ]	Authenticate with the Project Honey Pot RBL (*.dave.httpbl.org)
[ * ]	Submit 404 data to the server 
(http://192.168.3.100:11000/record_404.php)
[ * ]	Submit POST data to the server 
(http://192.168.3.100:11000/record_post.php)
[ * ]	Query for honeypots (http://hpr1.projecthoneypot.org/cgi/serve.php)

Seems to me like all is well.

The problem is that I still get gallery spam commenters, for example 
today from ip 163.178.90.130 and when checking this ip in project 
honeypot its tagged as evil.

Should I try debugmode in the apache module? Or have I done something 
obviously wrong?
My apache server tag is
Apache/2.0.55 (Ubuntu) DAV/2 SVN/1.3.1 PHP/5.1.2 mod_ssl/2.0.55 
OpenSSL/0.9.8a

The log-dir is empty except for an empty httpbl_diagnostics_test.txt

Regards
Anders Runeson

Re: [Httpbl-beta] Update progress for the httpbl module

[David W. <djw...@gm...>]

Jasper,
  That would be my fault.  I've fallen behind and some other projects are
presently taking my time.

Also it seems that I should install at least one more version of Apache to
cut down on bugs before they are published to CVS.

I will do my best to get another revision updated this week.

Regards,
David



On 5/30/07, Jasper <ja...@ti...> wrote:
>
> Is there a way i can see progress on the module? i check the cvs on SF
> every now and then, but its still revision 1.1.1
>
> Last week i talked to Eric about additional tests, and was keen on
> testing it. But havent seen anything on the list since then.
>
>
> Regards Jasper Wonnink
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Httpbl-beta mailing list
> Htt...@li...
> https://lists.sourceforge.net/lists/listinfo/httpbl-beta
>