[CentOS] Apache warns Web server admins of DoS attack tool

Thu Aug 25 23:05:26 UTC 2011
Always Learning <centos at u61.u22.net>

On Thu, 2011-08-25 at 14:36 -0700, John R Pierce wrote:

> On 08/25/11 1:45 PM, Always Learning wrote:
> > I have broken-up the very large conf file (/etc/httpd/conf/httpd.conf)
> > into 3 main parts. Part 1 is left in situ. Parts 2 and 3 are located
> > elsewhere.

> the existing EL httpd.conf includes /etc/httpd/conf.d/*.conf  and any 
> changes are expected to be made there rather than editing the stock file.

Hi John,

No Centos updates are likely to interfere with my Apache server options
and virtual hosts. The existing /etc/httpd/conf/httpd.conf is large and
laborious to read and fully understand especially with so many useful
comments.

'including' the parts that do change and are not operating system
dependant, meaning putting them somewhere which has no connection to the
operating system, for example

	/data/config/apache/server.conf
	/data/config/apache/domain.*

means, I believe, that if a change to one small file goes wrong then
there is absolutely no danger to 'damaging' any of the other files and
the source of the problem is quick and easy to identify. Thus 'change
damage' is strictly limited to one small self-contained file and can not
affect any of the other files.

I have too much experience of so-called collateral damage inadvertently
caused to other parts of a file being changed. It costs time and money
to trace and diagnose problems, so economically it is a good idea to
eliminate as much as possible non-involved configuration parameters.

As you will have noticed Apache actually offers the ability to fragment
configuration parameters to other files by supplying - for the benefit
of people like me - the 'include' facility.  If Apache never wanted
folks to use this useful facility, it would never have offered the
'include' ability.

Anyone who has ever worked on the nightmare called Windoze will know
that one tiny fault in the Registry can cause the entire operating
system to malfunction. Spreading the risk with Apache configuration
files is my chosen method to minimise potential disruption and it works
very successfully for me on Centos 5.3, 5.4, 5.5, 5.6 and hopefully on
5.7 and 6.1 et al.

However you are entirely free to configure your servers as you wish.
That same freedom extends to me too.


Best regards,

Paul.