RE: [cobalt-developers] Mod_throttle question

[Michele Neylon -Blacknight Solutions <info@xxxxxxxxxxxxxxxxxxxxxxxx>]

At 15.55 09/08/2002 +0600, you wrote:
> Hi,
>
> Seems I don't include to your httpd.conf next lines:
> <Location /throttle-status>
> SetHandler throttle-status
> </Location>
> to your main virtual host and
>
> <Location /throttle-me>
> SetHandler throttle-me
> </Location>
> in your clients virtual hosts.
>
> My suggestion: don't use <Location /throttle-status> due to security
> reason: anyone who know you use Throttle module and who looks into
> documentation, for example - your hosting clients, will try default
> throttle-status  and may open throttle-status page and reset theirs
> statistics. For example, if you use Throttle module for bandwidth
> control on clients web sites, they able to reset theirs data. Use more
> complex Location, for example:
> <Location /admin/.my-server_statistic>
> SetHandler throttle-status
> </Location>
> and your server status page will be available with
> http://www.yourdomain.com/admin/.my-server_statistic

It's password protected, so the clients cannot access the 'throttle-status' 
page... problem is that both 'throttle-status' and 'throttle-me' just give 404s


Mr. Michele Neylon
Blacknight Solutions - affordable linux hosting
http://www.blacknightsolutions.com/


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.