BobS

Fortunately, I believe this has been resolved as of Coral_8.4.0. Since there are two separate aspects to this hardening process, that can't be done completely within The Uniform Server. What should probably happen is to have a set of procedures and a checklist for the OS updates (accounts, permissions, etc.), and a plugin to modify the configuration files in The Uniform Server. Regards, BobS

You can extractg the PHP subdirectory from an earlier Coral version, like Coral_8.1.2. This has PHP 5.3.10, which was a security update. The MAIN problem will be matching all the paths in the php.ini files with what's in uni_con\config_tracker.ini of the 8.4.0 version. Unpack the two versions of The Uniform Server into two different directories. I suggest you use C:\Coral_8_4_0 and C:\Coral_8_1_2 as the names. Copy the usr\local\php directory of the older version to the newer one. Then edit each PHP*.ini file and change all "C:/Coral_8_1_2/UniServer" references to "C:/Coral_8_4_0/UniServer". Keep this updated directory as a template -- DON'T run it, as this will trigger the automatic path change mechanism. I suggest you change the containing directory to "C:\Coral_8_4_x" to differentiate it. you can 7zip it so it stays as a unit. Then you can create a COPY of it and run that instead. I believe that's all that's necessary to drop back. Be sure to update this thread with your results. Regards, BobS

I looked at your earlier posts, and I think your best bet is to get the latest version of The Uniform Server running. Since I have access to WS 2003 R2, for testing, I know that Coral_8.4.0 can run on your server. I was testing it even while writing this note. Since I used Remote Desktop, that should not be a problem. either. BE SURE to READ the DOCS, since Coral works quite differently from Apollo-3.5. Now, I don't know if PHP 5.4.0 is too advanced for your application, but if you can adjust the app, you'll be fully up-to-date with all the other components as well. In addition, it will be much more secure. Regards, BobS

Some notes of clarification: First off, be sure you're using Coral_8.4.0 (or higher), since there were too many other problems in prior Coral releases. Lines 569-570 of httpd.conf contains the following (I've UNcommented the line to activate it): # Server-pool management (MPM specific) Include conf/extra/httpd-mpm.conf The httpd-mpm.conf file contains several conditional segments, but all these should be inactive except for MPM_WinNT (the last one): <IfModule mpm_winnt_module> ThreadsPerChild 50 MaxRequestsPerChild 0 </IfModule>I changed my copy to have only 50 threads while verifying whether or not this section functions properly, which it does. When I ran Apache server-status, it showed only 50 threads. (Server configuration screen: Apache> Apache server-status). It also worked just file with 250 threads specified. bsenftner, I don't know what was wrong with your copy, but I'd suggest that it was somehow corrupted. Also, you're right, the default is 64 threads. Regards, BobS

See this post for links: http://forum.uniformserver.com/index.php?s...ost&p=10224 Regards, BobS

Sorry, Jeret, I'm having a bit of difficulty with this question, since ALL the paths are normally updated when the current for The Uniform Server is changed. Let's start at the beginning. You execute Orion_7_1_15.exe wherever you have it and in the "Extract to:" box you specify C:\ as the location. This creates C:\UniServer for you. Then you rename C:\UniServer to C:\Server and then run C:\Server\start.exe. End of story. No paths to update. No problems with "/C:/Orion_7_1_15...." Regards, BobS

Hmmm. If the Vhosts configurer is installing the log line as "common", it's an error not the best choice. IMHO, that should always be "combined". Regards, BobS

FYI, Attached is the current version of the QC checklist I have been developing and using to identify problems with releases of The Uniform Server. I am currently running the test series on Coral_8.4.0. I thought it would be beneficial to see what we have been checking. I'd be willing to entertain additional tests, but remember that I need to be able to do the tests easily and quickly. Regards, BobS QCchecklist.zip

Okay, the .zip is available. After a quick review of the files, I want to point out that we would want to change the footer so it is version-independent. We pick the version number out of the tracker file. See line 51 in the .hta file. Regards, BobS

So if I read this right: First off it's a PHP bug that makes Apache crash. The bug is related to files that are a multiple of 4096 bytes. Changing the file size with just a blank is sufficient to avoid the problem. This is obviously NOT a fix, which means we are looking for a new version of PHP. Coral_8.4.0 has a new PHP version, but I have not yet checked whether it includes a fix for this bug. Thank you Mozart! Regards, BobS

Okay, So there are two issues here. One is to put an IP-block in httpd.conf, which should avoid the .htaccess situation. I assume (for now) that you want a GUI interface rather than just editing the conf file directly. However, I'm having a problem with this statement: Since Windows has a god/peons approach to security, this can't be achieved in a default Windows environment. It goes against our "Don't change Windows" directive. That's why I suggest Wiki articless to describe hardening in detail. It's left as an exercise for the user. The other issue is the security aspect of IP vs name. If, however, I remove the ability to see the normal info in www by doing some hardening, then we have at least plugged an information leak, right? Your example shows that too much stuff is available in www. Sounds like yet another page for the Wiki to me. Regards, BobS

You won't be able to add the attachment directly yourself (anti-spam measures). Send a PM from your My Controls area directly to me. We can then get the info uploaded. We only need the changed files, not the entire server load. Regards, BobS

What specific files did you create/change? Perhaps we can set up a location for them to be downloaded as a zip. Obviously, we need to check them over just for security's sake. Send me a PM Regards, BobS

Good advice from traxxus. In addition, when you change to port 81, you need to use localhost:81 or 127.0.0.1:81 to access the server. Regards, BobS

After looking over the several different reports of Apache 2.4 crashing (8.2.0 and 8.3.x), I'm inclined to recommend that users stick to 8.1.2 unless they are willing to cobble the server a bit. Most people would NOT want to do that, since it's pretty complex and reduces the advantage gained from using a WAMP package. We're working to get this mess sorted out and come up with a new, stable release. Regards, BobS

NOTE!! The Apache httpd.conf and associated extra conf files need to be UPDATED to the new directives in Apache 2.4. Currently they are set for Apache 2.2, and there are SIGNIFICANT changes between the two versions. I suggest you WAIT for version 8.2.1 and use 8.1.2 in the meantime.... Regards, BobS

The Apache 2.4 authorization and vhosts config are DIFFERENT from Apache 2.2. We need to get this redesigned and fixed. Regards, BobS

Okay, I feel your pain! I'm trying to get the bus driver to run only one vehicle at a time. Meantime, check out this thread: http://forum.uniformserver.com/index.php?s...post&p=9862 It refers to Kris_fr's site, where he keeps difference sets for THe Uniform Server. Very useful. Regards, BobS PS. A LOT of people will have problems with Apache 2.4, since the authorization directives have been changed significantly. You might be better off NOT going to Apache 2.4.1.

HOT dog! A ray of hope! Okay, we'll need to look into getting these updated and aligned. Regards, BobS

The problem is that the Apache 2.2 config files must be changed for use with 2.4. In other words, 8.2.0 doesn't work properly as distributed. Sorry about that... BobS

NOTE!! The Apache httpd.conf and associated extra conf files need to be UPDATED to the new directives in Apache 2.4. Currently they are set for Apache 2.2, and there are SIGNIFICANT changes between the two versions. I suggest you WAIT for version 8.3.1.... Regards, BobS

I put them in for you. Hope it's correct now. Regards, BobS

Can you give me MORE information on what versions of uni_tray and The Uniform Server, what OS, etc. ? I'm assuming you're talking about Coral-8, but which one? Regards, BobS

We're having problems with a file that keeps disappearing. I have been checking the Wiki twice daily and I put back the file when it need it. Sort of like walking the dog I need a site-check that actually "sees" what's returned, so we can figure out when this file goes away. So far, there's been NO information of value in the server logs. Regards, BobS

HaHa. Sometime in the near future. Since we don't know what we're looking for, it's pretty hard to give any ETA. Sort of like looking for the Loch Ness Monster. Besides, we're all volunteers here... Regards, BobS