2011-11

2011-11-28 23:38:51 Unsubscibe / Nelson Pereira <kitkat0981(at)gmail.com>
Sent from my iPhone4 on IOS4 ...
2011-11-28 19:13:14 RE: [Pound Mailing List] Disabling SSLv2 / Joe Gooch <mrwizard(at)k12system.com>
You probably want to do something more like: Ciphers “HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL” But that should pretty much do it. Maybe try the tester at https://www.ssllabs.com/ssldb/index.html and s...

2011-11-28 17:56:32 Disabling SSLv2 / Robert Hicks <rob(at)hixfamily.org>
All, I'm new the list but have been using Pound for several years. I'm trying to get Pound to pass PCI/DSS. My scanning vendor is failing it, indicating that SSLv2 is enabled. My Ciphers parameter ...
2011-11-23 20:32:43 Unsubsribe / Hall Barricklow <hallbarricklow(at)gmail.com>
...
2011-11-23 19:26:55 Directory with headrequire / Adrian Padilla <adrianp918(at)compumedik.com>
this is what i have in my config file. my question is do i need to have the asterisk before the sub domain like this ListenHTTP Address 192.168.4.6 Port 80 ## allow PUT and DELETE...

2011-11-22 12:27:58 TimeOut apparently not working in 2.5 and 2.6f / Dominik Klein <dominik.klein(at)googlemail.com>
Hi I am evaluating pound for a project and while playing with the TimeOut option, I found that it does not seem to work. No matter what I set it to and no matter whether I set it globally or speci...

2011-11-21 22:48:32 we have a strange loop / Pat Erler <perler(at)gmail.com>
hi, we use pound for some weeks now. suddenly we have this problem and just don't know what is happening. maybe someone can help: - pound's URL is www.photocase.com, the IP is 176.9.216.74, whic...

2011-11-18 01:07:06 Pound CSRF vulnerability in redirects / Kevin Bowling <kevin.bowling(at)kev009.com>
Hi, This is very low risk because any browser that doesn't obey the HTTP 301 code is likely ancient and vulnerable. One place this matters is automated scanning tools. I have a system that is being...

2011-11-18 00:36:55 Just started using pound (and sending patches) / alex(at)purificator.net
I've just finished testing pound and will probably have it in production in a couple weeks. I'm happy with it so far. For it to work in our environment I had to patch it to do two things * send th...

2011-11-17 17:04:17 Pound in conjunction with normal Routing/NAT / Martin Seener <martin(at)seener.de>
Hello everyone. we want to use pound on two of our load-balancers (active/passive w. keepalived) but we also have normal monitor server behind which is not part of the LB-Cluster. is it possible to...

2011-11-15 22:41:48 AddHeader directive honored / Francisco Ruiz <francisco.ruiz(at)juntaextremadura.es>
Hi, I send a patch to the list so that it can be considered and merged to the main code if accepted. We need to add several headers to the request but it seems that AddHeader just honors the last ...
2011-11-11 17:42:19 modify/add headers ? / Robin Sinclair <rsinklair(at)gmail.com>
Hello, Am new to pound and very impressed with it- looking forward to replacing my elderly apache reverse-proxy setup with pound.! One small problem I have is that my back-end weblogic servers expec...

2011-11-10 12:39:42 wget with authenticate digest over Pound / Niko Fakitsas <nf(at)mesos.de>
Hi! We are using Pound 2.5 with many apache-backends, both running on the same server. Trying to connect to a backend (secured with AuthType Digest in the htaccess) with the browser over Pound works...
2011-11-08 11:09:01 Re: [Pound Mailing List] Behaviour on BackEnd failure with session persistance / "Erik Hensema / HostingXS" <hensema(at)hostingxs.nl>
Retrying my question: What happens to sessions bound to a backend when that backend is marked dead? Will all active sessions be redirected to another live backend or will users receive a http 5xx e...

2011-11-02 02:17:49 Re: [Pound Mailing List] SSL renegotiation DDoS and Pound / =?windows-1252?Q?Jorge_F=E1bregas?= <jorge.fabregas(at)gmail.com>
On 10/26/2011 12:56 PM, Joe Gooch wrote: > Did you try compiling with Openssl 0.9.8l? Is it worth going back to OpenSSL 0.9.8l (from 1.0.x) and therefore ignore all bug & security fixes that went aft...