Quote:
Originally Posted by davel
HI,
I've noticed that I get this warning whenever Apache restarts:
"Running external rewrite maps without defining a RewriteLock is DANGEROUS!"
In httpd.conf the following is found:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteMap LeechProtect prg:/usr/local/cpanel/bin/leechprotect
</IfModule>
I don't have any password-protected directories (which is what I gather LeechProtect does) but I might do one day, so what is the best way to specify a RewriteLock?
From the comments at the top of httpd.conf it would seem best to alter the templates but I can't see which one sets the RewriteMap directive.
Can anyone advise the best way to update this?
Thanks,
Dave
|
Hi Dave,
If the Apache documentation & log messages say something as dangerous, it really is dangerous & shouldn't be ignored..
Leeching occurs when users publicly post their username & password to a restricted area of your site, allowing other visitors to use the login information. cPanel can be configured to handle leeching, redirecting & potentially suspending the user. The protection function works by setting the maximum number of logins that can occur within a 2-hour time limit. If the login limit is exceeded, the user is presumed to be allowing other visitors to use his or her login information.
The RewriteLock directive can be used to define a lockfile which mod_rewrite can use to synchronize communication with the mapping program as stated above in use with LeechProtect. By default no such synchronization takes place. But there must be a rewritelock file for each server instance if your RewriteMap is a script.
Here's the exact text from the mod_rewrite documentation:
Quote:
|
RewriteLock: This directive sets the filename for a synchronization lock-file which mod_rewrite needs to communicate with RewriteMap programs. Set this lockfile to a local path (not on a NFS-mounted device) when you want to use a rewriting map-program. It is not required for other types of rewriting maps.
|
Syntax:
Quote:
|
RewriteLock /some/file/path
|
In this case of yours:
Quote:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteMap LeechProtect prg:/usr/local/cpanel/bin/leechprotect
RewriteLock /usr/local/apache/logs/rewrite_lock
</IfModule>
|
The lock file is needed to keep the stdin-stdout streams used to communicate with the mapping script single-threaded, so that various RewriteMap requests initiated by asynchronously-arriving HTTP requests don't end up 'mixing their characters' in these I/O streams with disastrous results to your URL mappings. No harm will come if you define a RewriteLock file & don't end up using it; It's simply a way to use the OS flock function to ensure that only one HTTP request's mapping request is writing stdin or reading stdout to communicate with the mapping script at any given time.
Let us know if you need any more assistance with this..
Apache error warning about missing RewriteLock
Linear Mode
