Popular Sites with Apache mod_status Enabled

Posted by: on Nov 2, 2012 in Blog | Tags: , | No Comments

Earlier this week, Sucuri Security researcher Daniel Cid revealed that a very large number of popular sites expose their /server-status page to the world.

I was pretty sure the sites I run for myself and my customers were OK, but since paranoia is a good trait of a security-conscious techie, I double checked. Imagine my surprise when I found that one of my sites did the very same thing, as did one of my customer’s.

Read More

Pow, IPv6 and localhost

Posted by: on Apr 21, 2011 in Blog | Tags: , , | One Comment

Pow is a new zero-configuration server for Rack web applications by 37Signals. It makes development, especially on multiple applications, painless: it adds a new .dev domain, with individual apps symlinked from ~/.pow. Pow manages application instances automatically and integrates seamlessly with RVM.

Read More

Announcing mod_proxy_content 1.0

Posted by: on Feb 4, 2011 in Blog, News | Tags: | One Comment

I’m pleased to announce the availability of mod_proxy_content, an Apache 2.x module that is essential for reverse proxying modern web content. It is a fork of mod_proxy_html 3.0.1, with bug fix patches through 3.1.2, enhanced to better handle CSS and Javascript content without the need to create messy regular expressions in the Apache configuration files. It does not depend on mod_xml2enc, and so has the same problems with non-ASCII/UTF-8 as mod_proxy_html without mod_xml2enc.

Read More

Generate wsesslog Workloads for httperf

Posted by: on Feb 5, 2009 in Blog | Tags: | 2 Comments

Over the last couple of days I’ve been bringing up an isolated test environment for a customer’s new site. (As an aside, one of the great things about moving to an Intel Mac is that I can run nearly any OS I want under VMware Fusion at near native speeds. You can’t beat testing in an identical environment, and I can throw pretty respectable virtual hardware at it, too: up to a 4-core with gigs of memory. If only Apple would let me virtualize OS X client.)

I’m using httperf to simulate client load on the test server and quickly decided that --wsesslog looked like the best choice for simulating an actual browser’s effect on the server.

A problem: how to generate those session workloads? I certainly don’t want to do this by hand for even one page. I want to generate a hit on every file referenced by the target page, but ignore anything hosted elsewhere.

A solution:

#!/usr/bin/env ruby
require 'rubygems'
require 'hpricot'
require 'open-uri'
if ARGV.length < 1
  $stderr.puts "usage: #{$0} url
  'url' must include the protocol prefix, e.g. http://"
  exit 1
url = ARGV.shift
if url =~ %r{^(https?://)([-a-z0-9.]+(:\d+)?)(.*/)([^/]*)$}i
  $protocol = $1
  $host = $2
  $document_dir = $4
  document_url = $5
  $stderr.puts 'Could not parse protocol and host from URL'
  exit 1
doc = Hpricot(open(url))
def puts_link(uri)
  return if uri.nil?
  if uri =~ %r{^#{$protocol}#{$host}(.*)$}
    puts "    #{$1}"
  elsif uri !~ %r{^https?://}
    if uri =~ %r{^/}
      puts "    #{uri}"
      puts "    #{$document_dir}#{uri}"
puts "# httperf wsesslog for #{url} generated #{Time.now}"
puts "#{$document_dir}#{document_url}"
(doc/"link[@rel='stylesheet']").each do |stylesheet|
  puts_link stylesheet.attributes['href']
(doc/"style").each do |style|
  style.inner_html.scan(/@import\s+(['"])([^\1]+)\1;/).each do |match|
    puts_link match[1]
(doc/"script").each do |script|
  puts_link script.attributes['src']
(doc/"img").each do |img|
  puts_link img.attributes['src']