httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Grant <>
Subject Re: [users@httpd] Stripping white space from HTML
Date Mon, 12 Mar 2007 16:21:36 GMT
> > Have you used mod_security yourself?
> yes I can say that the code is extremely well written, and that the
> project as a whole has gained critical acclaim. If you are _not_ using
> it, do - it's very useful. The idea is to gain control over a
> problematic and complex application/codebase by modifying the IO stream
> to prevent many threats such as XSS, code release, SQL injection etc..
> Well worth a look, it is as complex as the collective understanding of
> threats is, and allows you to react "intelligently" to new threats you
> (or it) sees in your logs. The "Cool Rules" project which has a
> recording out at the moment.

Sounds really good.  It is tough to set up?  Do you think it's
removewhitespace would solve my problem?

> >> AddOutputFilter DEFLATE pl
> >
> > I did add this to httpd.conf.  How can I tell if it's working and are
> > there any drawbacks to using it?
> Well this just adds the additional step of allowing Apache to implement
> compression. Often resulting in as much as 90% drop in markup bytes, so
> include file extensions that contain markup, such as css and js. I have
> also used compression by default for 4 years with not issues. If the
> browser sends
> Accept-Encoding: gzip,deflate
> header then Apache will respond in kind. Your browser will uncompress
> the output so you won't notice anything different about your source code
> but if you run a proxy, this will report the stream a gzip or whatever,
> so you will only be able to read the markup in the proxy logs/packet
> sniffer if it has been decompressed. As for telling it is working the
> response headers will contain
> Vary: User-Agent,Accept-Encoding
> Content-Encoding: gzip
> most likely, and the bytes served will be much smaller than you are used to.

OK I have:

AddOutputFilter DEFLATE html css

- Grant

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message