httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From (Ralf S. Engelschall)
Subject Re: src/support/ cleanup?
Date Thu, 19 Mar 1998 13:24:33 GMT

In article <Pine.LNX.3.96.980319105533.27064B-100000@ecstasy.localnet> you wrote:

>> phf_abuse_log.cgi
>>     This was for Apache 1.0 and 1.1 where the phf.cgi script was buggy
>>     and where one could take this script to show the bad guys.
>>     ==> Suggestion: REMOVE!

> Yeah, but there are still people connecting to sites to try to exploit
> this hack.  I'd vote to leave it there. 

Hmmmm.... are you sure someone still uses this script? Because when he still
runs Apache 1.0.x he already has the script and when it runs Apache 1.3 (why
else should he grabbed the 1.3 distribution) he has no real need for this.
But ok, I've no problem to keep it for the rest of Apache's live, _BUT_ only
when the script then is documented and a reference to it is added to some
security docs. Without this the script just confuses the people, I think.

>> log_server_status
>>     This uses raw Perl socket stuff which is not very portable and
>>     lacks parameters via argument lines, manual pages, etc. And
>>     its functionality is already superseeded by "apachectl status".
>>     ==> Suggestion: REMOVE!

> It was written for a different purpose to apachectl - to automatically
> capture and log interesting parts of the status display for graphing or
> the like, to be run from cron or whatever not manually.  I agree it needs
> a manual page though.

That's a good point. But then yes, we should make it a little bit more
portable (perhaps by using the IO package from Perl) _AND_ document it with a
manual page. Just to have the script stay around without mor information is a
little bit like a trashcan, isn't it? I find the script useful, but then:
Would you write a short manualpage for it and perhaps try to make it more

                                       Ralf S. Engelschall

View raw message