[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-developers] Argh--nee help with two things--Argh
- Subject: [cobalt-developers] Argh--nee help with two things--Argh
- From: Jerry Pape <jpape@xxxxxxxx>
- Date: Fri Aug 18 17:29:50 2000
All,
Thing #1
---------------
When migrating clients from one ISP to another typically, I
1) Set up the site at the new host (usu FreeBSD w/ an actual username)
2) put a .forward into the old site to catch mail i.e.
someuser someuser@[xx.xx.xx.xx]
3) put a .htaccess redirect into the old site i.e.
Redirect www.FQDNoldsite.com xx.xx.xx.xx/~username
4) when everything looks hunki dori (after a test period of 2 days to
a week), I make the changes at NetSol and wait.
5) because the .forward and .htaccess are in place any straggling
requests or mail that occur due to DNS propagation come through
automatically.
*) If anything goes wrong in the test period, I just rename
the .forward and .htaccess files on the old host and everything is
back to normal.
How can I do this in the Cobalt/Apache environment?
Thing #2
-------------------
Lastly, I want to run my cgis from /home/sites/cgis and still possibly
still use cgiwrap. Cgiwrap aside for the moment, I have two sets
of cgis [mine | shopsite]. In the case of mine, early testing without
cgiwrap (using the regular cgi-script handler) allows them to execute, but
if they try to write files down the tree (log files,etc) within the
/home/sites/somesite/web/logdir the cgi fails. I cannot for the life of me
determine the right combination of httpd.conf, owner:group, and file privs
to make this concept work. Mind you everything works fine if I leave
the cgis in
/home/site/somesite/web/cgis/, but who wants to update 60+ copies of
the same file--automated or not.
As for the shopsite stuff somewhat similar problems on a larger scale.
NOTE: all this crap works in my old FreeBSD world at least in part
because I know how everything is compiled
---------------------
HELP HELP HELP I am going mad--this issue has sat in the hands of Cobalt Tech
Supp for more than a week and gone nowhere.
In return I offer this tidbit--
Out of the chute, Cobalt provides proftpd with less than optimal
configs. In particular the inclusion of the following directives
allow for some additional degree of security through obscurity. Here
are a couple of things I have thought about:
<VirtualHost xx.xx.xx.xx>
# Why make it easier?
MaxLoginAttempts 3
# They (blackhats) know by the port what type of service, why provide
# any unnecessary hints as to exploitability
# Security by obscurity -- reveal no server software type or version
ServerName "FTP"
ServerIdent on "FTP Server ready."
DeferWelcome on
#
# these settings allow the site admin to ftp directly
# into the a vsite web space /home/sites/somesite/web. This is
# necessary if you ever use html dev tools like GoLive with
built-in ftp
DefaultRoot / admin
DefaultRoot ~/../../web site-adm
AllowOverwrite on
# This lets you see ".hidden" files
# so that the dev tool can sync or manipulate .htaccess .htpasswd etc
LsDefaultOptions "-a"
</VirtualHost>
I welcome your proposed solutions and comments.
Thanks,
JP
--
--------------
| Jerry Pape
| jpape@xxxxxxxx
--------------