#apache

Wiz, from yesterday: Soco404: Multiplatform Cryptomining Campaign Uses Fake Error Pages to Hide Payload https://www.wiz.io/blog/soco404-multiplatform-cryptomining-campaign-uses-fake-error-pages-to-hide-payload #cybersecurity #Infosec #Apache

修復 Apache HTTP Server 2.4.64 中 `rewritecond expr` 的回歸錯誤
➤ 升級至 2.4.65 解決安全漏洞
✤ https://github.com/apache/httpd/commit/8abb3d06b23975705ebcf4bf4476464fd0b9bd0b
Apache HTTP Server 2.4.64 存在一個安全漏洞 (CVE-2025-54090)，導致所有 `RewriteCond expr ...` 測試都評估為 `true`。此回歸錯誤已在 2.4.65 版本中修復，建議使用者升級至最新版本。此修復涵蓋對 `modules/mappers/mod_rewrite.c` 檔案的修改。
+ 這樣修正的時機點很剛好，避免了潛在的攻擊風險。
+ 感謝開發團隊迅速回應並提供解決方案，這顯示了他們對安全的重視。
#安全漏洞 #程式碼修復 #Apache HTTP Server

I'll probably move from #Apache to #caddy for my Server. I'm using Apache mostly as a reverse proxy anyway, and the few HTML and PHP pages I can just move into containers too.

The built-in TLS handling might be easier for letsencrypt and I could stop using a custom DNS authentication.

I guess I'll give it a go next time I wake up at 4am.

Today I learned, thanks to a comment on here, that the alphabetical order of your #Apache site config files is what determines the default site if somebody tries just punching your public IP address directly into a web browser. I always wondered why the default site config files were named "000-default.conf"; it's to make sure that one is always loaded first as the default if it's enabled.

#TIL #Linux

Jekyll-built static sites are public by default. However, have you ever wanted to create a private area where you can upload articles for review and keep them from the public eye until they’re ready? That was my use case recently. Here’s how I solved this particular puzzle.

https://peateasea.de/private-areas-in-jekyll-with-apache/

#jekyll #apache

¿Cómo configurar dos VirtualHost en Apache2 con diferentes versiones de PHP? #apache #lamp #php #servidores
https://malagaoriginal.blogspot.com/2025/07/como-configurar-dos-virtualhost-en.html

Server Admins:

There is an error with the latest #Plesk Obsidian update that is taking sites down.

https://support.plesk.com/hc/en-us/articles/33500191748887-Websites-hosted-in-Plesk-are-not-accessible-after-a-recent-Apache-update-421-Misdirected-Request

#Hosting #WebDev #DevOps #ServerAdmin #Apache

A recent apache update broke a bunch of nginx-based sites this morning. If you're getting a 421 error, you'll need to add some proxy_ssl config to nginx's setup quickly.

https://support.plesk.com/hc/en-us/articles/33500191748887-Websites-hosted-in-Plesk-are-not-accessible-after-a-recent-Apache-update-421-Misdirected-Request

#nginx #apache #linux #421

Webinar on data integration using Apache Hop: On August 26, Stefan Keller of FH OST will lead a free webinar focused on (geo)data manipulation and integration using #Apache #Hop, an open-source, low-code platform for building data workflows. The session will also touch on emerging trends in...
https://spatialists.ch/posts/2025/07/15-webinar-on-data-integration-using-apache-hop/ #GIS #GISchat #geospatial #SwissGIS

將使用者自定義索引嵌入 Apache Parquet 文件
➤ 突破 Parquet 限制：內嵌索引優化查詢效能
✤ https://datafusion.apache.org/blog/2025/07/14/user-defined-parquet-indexes/
本文探討了在 Apache Parquet 文件中嵌入使用者自定義索引的可能性，以提升查詢效能。傳統上，Parquet 僅支援基本的統計資訊和 Bloom 濾鏡，但透過利用文件底部的元數據和偏移量定位，無需更改文件格式或創建新格式，即可嵌入自定義索引。文章以一個實際例子說明，針對含有大量不同值的欄位，自定義索引能有效減少不必要的文件掃描，同時保持與標準 Parquet 讀取器的完全相容性。此外，文章還詳細介紹了 Parquet 文件的結構，以及如何使用 Apache DataFusion 讀寫這些自定義索引。
+ 我一直覺得 Parquet 的效能有進步空間，這篇文章提供了一個很棒的解決方案，直接在檔案裡加入索引，不需要額
#大數據 #Apache Parquet #Apache DataFusion #索引優化

Embedding user-defined indexes in Apache Parquet

https://datafusion.apache.org/blog/2025/07/14/user-defined-parquet-indexes/

#apache

A detailed description of CVE-2025-53020, a DoS vulnerability in the HTTP/2 implementation of Apache httpd. Fixed in 2.4.64.
#apache #httpd #http2

https://github.com/icing/blog/blob/main/hpack-bombing-apache.md

Heads-up, the latest Apache update might break your site. It did mine, but it's all sorted now.

#Apache #Web

Apache httpd 2.4.64 has just been released, fixing 8 vulnerabilities (5 moderate, 3 low).

Two HTTP/2 related CVEs also fixed in the latest mod_h2 release v2.0.33.

#apache #httpd

https://httpd.apache.org/security/vulnerabilities_24.html
https://github.com/icing/mod_h2/releases/tag/v2.0.33

#Apache 2.4.64 is released! It fixes some vulnerabilities, listed here:

https://httpd.apache.org/security/vulnerabilities_24.html

#httpd #server #WebServer

https://www.europesays.com/2230670/ South Korea backtracks over follow-on Apache helicopter buy #Apache #Boeing #CirculatedDefenseNews #DefenseNews #DefenseSpending #DnDnr #korea #SouthKorea

Mike Zaschka kicks off the #reCAP2025 talks in the blue room with his open source #SAPCAP plugin for #Apache #Kafka. Join the live stream via the links at https://recap-conf.dev/. #reCAP #CodeConnect

Apache Lucene 10.2.2

#apache #java #search #searchengine

https://lucene.apache.org/core/downloads.html

GeoParquet and Iceberg vs. OGC API-Features: Ingo Simonis, Chief Technology Innovation Officer at #OGC, has published an article asking the question “Does #GeoParquet Replace OGC API-Features?”. The article positions GeoParquet (and #Apache #Iceberg) vis-à-vis OGC API-Features, the successor...
https://spatialists.ch/posts/2025/07/06-geoparquet-and-iceberg-vs-ogc-api-features/ #GIS #GISchat #geospatial #SwissGIS

The people committed to DDoSing the #Apache #SpamAssassin RuleQA server seem to have substantial resources. I’ve blocked a lot of them, but they keep coming, asking about things like the May 7 2017 performance of a single rule in one contributor's stats. Not stuff real people want.

Of course, there's a resource they do not have. Our sysadmins, both those employed by #TheASF to watch all of our infra and the volunteer cadre focused on SA. We'll keep whacking the moles...

#Sysadminnery