How to update mod_ssl 2.2.14 for xampp 1.7.3

Problems with the Windows version of XAMPP, questions, comments, and anything related.

How to update mod_ssl 2.2.14 for xampp 1.7.3

Postby crashston3 » 05. June 2011 22:18

Hello guys,

Two doubts:

First:
I wonder how do I update the "mod_ssl" the "xampp 1.7.3 win32" to the latest version of "mod_ssl"? I tried to install the latest version of xampp, but then my web application does not work. Would any way to update the "mod_ssl" up to its latest version?

Second:
How do I disable the HTTP TRACE METHOD in apache the xampp 1.7.3?

I thank!
crashston3
 
Posts: 5
Joined: 05. June 2011 00:04

Re: How to update mod_ssl 2.2.14 for xampp 1.7.3

Postby crashston3 » 06. June 2011 12:26

BUMP
crashston3
 
Posts: 5
Joined: 05. June 2011 00:04

Re: How to update mod_ssl 2.2.14 for xampp 1.7.3

Postby crashston3 » 08. June 2011 22:45

Could someone help me?
crashston3
 
Posts: 5
Joined: 05. June 2011 00:04

Re: How to update mod_ssl 2.2.14 for xampp 1.7.3

Postby JonB » 09. June 2011 18:23

OK - I'll tackle this one for you -

A. you have not mentioned exactly WHICH version of mod_SSL you would like to install, or addressed "why" you need it (specific errors). (beyond saying your web application won't work) perhaps you really mean 'it doesn't work' there is a HUGE difference.

B. What version and 'from where' to you plan to source your 'new' mod_SSL???

C. Now I'll go on a bit about 'mods' and Apache on Windows. Generally speaking, ON WINDOWS you can't 'mix and match' mod versions. Why is that? Because FOR WINDOWS mods have to be compiled. and there's more than one compiler. XAMPP is built with the 'VC6' compiler, so therefore you would need a 'VC6' (Microsoft Visual C version 6) compilation. Additionally, there is the matter of knowing what parameters were used when compiling. Many of the Apache recompiles are VC9 (which pretty much really only runs on IIS) You would most likely need a complete Apache re-compile.

http://stackoverflow.com/questions/3126 ... ux-distros

http://httpd.apache.org/docs/2.0/mod/mo ... l#creating

http://www.websiteadministrator.com.au/ ... e2217.html

On *nix stacks, the OS comes with a c compiler, and the objects and a framework (build/make) are already in place for 're-compiles'. Also not a beginners project 'over there' either.

http://httpd.apache.org/docs/2.0/install.html

The short answer is likely 'you can't do what you want to do at the moment' (at least with XAMMP)

:shock:
User avatar
JonB
AF Moderator
 
Posts: 3210
Joined: 12. April 2010 16:41
Location: Land of the Blazing Sun
Operating System: Windows XP/7 - Fedora 15 1.7.7

Re: How to update mod_ssl 2.2.14 for xampp 1.7.3

Postby crashston3 » 10. June 2011 05:03

Hello JonB, thanks for answering my question! :D

I'll explain my problem.

I have a game server. I also have the website of the game where the User may create your account and check everything for him. But the website only works with xampp 1.7.3. Until I tried using the latest version of xampp, but could not make it work.

So I did some tests with the program "Acunetix Web Vulnerability Scanner" and I found these vulnerabilities in the first post I mentioned.

If I can, I plan to update the mod_ssl to its latest version if the "xampp 1.7.3" support.

One more quick question.

How do I disable the http trace method on xampp 1.7.3?

I thank!
crashston3
 
Posts: 5
Joined: 05. June 2011 00:04

Re: How to update mod_ssl 2.2.14 for xampp 1.7.3

Postby Altrea » 10. June 2011 05:34

crashston3 wrote:How do I disable the http trace method on xampp 1.7.3?

Code: Select all
TraceEnable off

http://httpd.apache.org/docs/current/mo ... raceenable
We don't provide any support via personal channels like PM, email, Skype, TeamViewer!

It's like porn for programmers 8)
User avatar
Altrea
AF Moderator
 
Posts: 8286
Joined: 17. August 2009 13:05
XAMPP version: several
Operating System: Windows 10 Pro x64

Re: How to update mod_ssl 2.2.14 for xampp 1.7.3

Postby Sharley » 10. June 2011 07:14

COMMENT ONLY

Jon in this topic how to disable the HTTP TRACE METHOD
viewtopic.php?f=16&t=47241
now just 2 topics down in the list from this one, which also contained a more detailed answer to the OP's second question, quite rightly wrote:
JonB wrote:AND

C. only ask for help with a single problem in each thread/topic - it makes it difficult for those actually using search to locate answers
A very good point for all posters (not only in these forums) to remember and shows Jon has the best interest of forum searchers at heart - well done Jon and thanks for pointing this out for all to read - good to see such an experienced troubleshooter has returned to this forum.


So I wonder why this post:
perhaps he missed the above referenced topic in his exuberance to provide a much less detailed answer.

Also the OP, after much bumping, did not read other related very near topics including providing all the requested details from Jon to his first question, which is important when someone volunteers their free time to help find an accurate solution to what can be obscure XAMPP issues.
User avatar
Sharley
AF Moderator
 
Posts: 3316
Joined: 03. October 2008 05:10
Location: Yeppoon, Australia Time Zone: GMT/UTC+10
Operating System: Win 7 Pro 32bit/XP Pro SP3

Re: How to update mod_ssl 2.2.14 for xampp 1.7.3

Postby crashston3 » 10. June 2011 14:15

This method TraceEnable off I had tried the way the JonB posted, but still not disabled.

How do I know? After making this change in httpd.conf I restarted the service apache and again did the scan with Acunetix Web Vulnerability Scanner and he pointed out that my website still had the security failure.

For this reason I posted here in the forum asking how to disable HTTP TRACE METHOD, because I thought it might be different configuration. Always realize the search google before posting in forums on issues that have doubts.

Thank you all for answering my question!
crashston3
 
Posts: 5
Joined: 05. June 2011 00:04

Re: How to update mod_ssl 2.2.14 for xampp 1.7.3

Postby JonB » 10. June 2011 16:24

Although I have not had reason to turn off the HTTP trace method, I do know it is closely associated with mod_rewrite. If you are using mod_rewrite, you may not be able to disable HTTP trace. This kind of question really should be posted on the Apache Project for a truly definitive answer.

How to get Apache Support
http://httpd.apache.org/docs/2.0/faq/al ... er-support

Apache Lounge (True Apache Geeks)
http://www.apachelounge.com/viewforum.php?f=5

I'll also say that if you are planning/architecting web services, XAMPP for Windows (although I love it) is not a good prototyping platform, too many quirks (not particularly with Apache) that will lead to 'it works one place and does not work in the other place' and things that WILL NOT work at all. I run a Fedora workstation and server for critical testing (JMHO). XAMMP is best for designing and testing PHP, Java and Perl driven web scripts that are non-critical (and that covers a lot of gorund)

Although these Forums often have PHP, Perl, phpMyAdmin and MySQL questions answered, the real purpose of the forum is to support the XAMPP distribution, not its components. No one here developed any of that software - the XAMPP team debugs, configures, bundles (make/build) and compiles it and then creates the installers/scripts only. THAT is a LOT of work and keeps the bosses busy.

Good Luck with your project.
8)
User avatar
JonB
AF Moderator
 
Posts: 3210
Joined: 12. April 2010 16:41
Location: Land of the Blazing Sun
Operating System: Windows XP/7 - Fedora 15 1.7.7

Re: How to update mod_ssl 2.2.14 for xampp 1.7.3

Postby JonB » 10. June 2011 16:40

About using analytic tools for server security appraisals:

I don't know the context you wish to run XAMPP in -- BUT -- XAMMP is SPECIFICALLY not recommended for production use. You would also have to examine the practical implications and potential impact of each vulnerability. In almost all cases, using XAMPP as recommended (after doing the Basic XAMPP security fixes, and securing WebDAV) you will find its quite secure. As for things like HTTPS, Open SSL, Server Certificates and so forth - again XAMPP was not intended for production use.

If you would like to, you could send me a PM describing what you are trrying to do, and I would give you a quick assessment. (this is what I do professionally). I have a basic guide fior securing XAMMP and Ms. Sharley has a WebDAV fixup to follow.

Good Luck
:)
User avatar
JonB
AF Moderator
 
Posts: 3210
Joined: 12. April 2010 16:41
Location: Land of the Blazing Sun
Operating System: Windows XP/7 - Fedora 15 1.7.7


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 55 guests