AltME groups homeHelpJoin REBOL3 world
  Find AltME posts   Help

Recent posts

Worlds:r4wpr3wp
AccessibilityAbout / FAQ
Member's loungeContact/FeedbackOther REBOL links
Membership:
member name

password

Remember?

Not a member? Please join
16-Nov 11:55 UTC
[0.046] 17.765k
r3wp [groups: 83 posts: 189283]
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

World: r3wp

Join the discussions in the REBOL3 world...

[!Cheyenne] Discussions about the Cheyenne Web Server

older
newer		first
last
Graham
18-Oct-2009
[6340]
and if you run php from the command line?
amacleod
18-Oct-2009
[6341x5]
same dialog error

I tried a differnent version...teh "thread safe" The previos was 
"Non thread safe". Neither worked...

Some security thing going on?

Got it...I guess 5.3 does not run on win server 2003...Had to use 
5.2.11

Thanks Graham..
Janko
20-Oct-2009
[6346x2]
Has anyone made any tool yet that would process cheyennes logs and 
create some usage statistics? even if very simple ones (I removed 
statcounter because I have full https now, but now after I released 
it I would want to see more detailed and realtime stats (basically 
to just see who came in and visited what pages) than google analytics

hm.. maybe I will need to solve that on nginx level because cheyenne 
will show me localhost as IP for each request
Dockimbel
20-Oct-2009
[6348]
Right, in your case nginx logs are more appropriate if you need IP 
stats. Cheyenne logs are in Common Log Format, so you can use any 
tool that works with Apache's logs.
Janko
20-Oct-2009
[6349x4]
I am making tool to parse them .. I need just some realtime overview 
, nothing fancy ...

would it be possible to log POST data (truncated if too long) on 
cheyenne maybe .. I would like to make a parser that would warn me 
of common hacking attempts by looking at log

like xss, sql, command line ..

( I need this for cebelca.bit where security is extra important )
Dockimbel
20-Oct-2009
[6353x2]
It's possible, but you need to add code for that in mod-static/logging 
handler. Also note that writting data on disk is a performance killer, 
so you need to implement some form of memory buffering to keep good 
server performances.

If security is a big concern, I would rather use a C-based filter 
proxy or an IDS tool like Snort (requires careful configuration to 
avoid too much false alarms).
Janko
20-Oct-2009
[6355x7]
I know for snort but I don't know exactly what it does, I imagined 
it's detects intrusion on many ports (or is it http specific??) so 
it seemed like an owerkill and too complex for what I need ... the 
only port open is 433 , and which only 80 redirects to 433 . Everything 
else is closed by iptables, (on both, 80 and 443 is nginx and behind 
it cehyenne)

(I am using AIDE for detecting file changes btw)

It's more that I want to observer the http traffic for things I set-up 
.. but a lot of data is in the POST-s ... could I use your regular 
logging and just add the post string ... if it would be longer than 
X chars I would truncate it.

but I don't want to nag you too much , because again I am not sure 
if I shouldn't try to do this on nginx side for this specific website

ha basically format is the same between nginx and cheyenne so the 
same parser parses cheyenne too (only cheyenne doesn't have referrer)

this is good then I can really make it a little more usefull and 
use it on all my projects .. if you need something like it tell me, 
(it's still very simple)

It produces this for now (but I will turn it to JSON and then I can 
render it with javascript/html in many ways) days / ip / requests

DAY: 19-Oct-2009
 ....
 VISITOR: 90.157.177.123
   20:22:37 ; GET ; /manage/invoices-sent.rsp ; -
   20:22:37 ; GET ; /manage/sign-in.rsp ; -

   20:22:39 ; POST ; /manage/sign-in.rsp ; https://www.cebelca.biz/manage/sign-in.rsp

   20:22:39 ; GET ; /manage/invoices-sent.rsp ; https://www.cebelca.biz/manage/sign-in.rsp
 VISITOR: 64.233.172.17
   22:11:19 ; GET ; / ; -
 VISITOR: 216.239.50.136
   22:11:21 ; GET ; / ; -
 VISITOR: 74.6.22.173
   23:21:23 ; GET ; /contact.rsp ; -
   23:21:25 ; GET ; /contact.rsp ; -
DAY: 20-Oct-2009
 VISITOR: 93.186.20.135
   00:20:52 ; GET ; / ; -
   00:20:54 ; GET ; / ; -
   ....
Dockimbel
20-Oct-2009
[6362]
Btw, you can also set an iptable rule to log those POST requests.
Janko
20-Oct-2009
[6363]
I didn't know that, but I was thinking if I could set loging at firewall 
level, thanks!
Janko
22-Oct-2009
[6364x3]
is there any way I could get pretty url-s with cheyenne?

like with rewrite module in apache .. I would need to map www.url.com/country/city/place 
to get params for example, or somehow get that directly so that some 
rsp would be called for all such folders and I could parse the url 
to get the data

if this is not possible (or complicated) I will place nginx infront 
of cheyenne
Dockimbel
22-Oct-2009
[6367]
Try with ALIAS keyword. See ChangeLog file for more info (search 
for ALIAS).
Janko
22-Oct-2009
[6368x2]
thanks

alias "/path/to/target" %script  -- I found this  .. can I use regex 
or something else to do 

AliasMatch ^/some-(.*) /script.rsp?a=$1
Dockimbel
22-Oct-2009
[6370x2]
No, only basic mapping is possible currently.

Btw, alias "/path" %script, should work for whole /path/*.
Janko
22-Oct-2009
[6372x6]
hm... then I would just need to parse url in the script instead of 
using request/content

much less mess than using another server infront and whole that mess

I will try it this way

could I do something like alias all except some pattern: for example 
all except /static/

will the script that get's called see the original url in request/parsed 
or will that be changed too? (I couldn't make it work yet otherwise)

alias "/show/" %www/mobispots.net/show.rsp -- gives me normal 404 
of cheyenne  (or any nonexistent file) 
<html><body><h1>404 Page not found</h1></body></html>

alias "/show/" %show.rsp -- gives me 
#[object! [
    code: 502
    type: access
    id: cannot-open

    arg1: %/D/devel/cheyenne0919/www/mobispots.net/www/mobispots.net/
    arg2: #[none]
    arg3: #[none]
    near: [change-dir first splitted: split-path file]
    where: #[none]
]]
Dockimbel
22-Oct-2009
[6378]
There no exceptions support in Alias. The rewrited url should be 
available in request/headers/location.
Janko
22-Oct-2009
[6379x2]
I suspect %show.rsp is the correct one (which gives that error) , 
because for any nonexistent file likse %show.rspaaa I get 404 so 
I suspect %www/mobispots.net/show.rsp is also not correct to use

do you have any idea why this error? %/D/devel/cheyenne0919/www/mobispots.net/www/mobispots.net/ 
doesn't exist, webapp is in %/D/devel/cheyenne0919/www/mobispots.net/
Dockimbel
22-Oct-2009
[6381]
Erratum: request/headers/location has nothing to do with aliases.
Janko
22-Oct-2009
[6382x2]
this is my config that makes error when I go on localhost/show/
default [	
	root-dir %www/mobispots.net/	
	default [%index.html %index.rsp %index.php]	
	on-status-code [ 404 "/custom404.html" ]	
	alias "/show/" %show.rsp
]

what do you mean with has nothing to do?
Dockimbel
22-Oct-2009
[6384x3]
It's not related to ALIAS but to another config option (REDIRECT).

Testing locally with latest SVN revision raises an error. Seems broken 
in the current version.

I don't have time now to investiguate much further this issue, I'll 
have a look tonight.
Janko
22-Oct-2009
[6387]
ok, thanks for your time!
Will
22-Oct-2009
[6388x2]
Janko, I use:
on-status-code [
	404 "/index.t"
]

that way you intercept all non existent urls and can do what you 
want

in mod-static/filter-output I patched this line:
req/loops < 4
with
req/loops < 1
so after intercepting an urs I can still set a 404
older
newer		first
last