Tool causes Apache to freeze

When I read the headline, I thought they were talking about me……

A previously unknown flaw in the code for processing byte range headers allows version 2.2.x of the Apache Web Server to be crippled from a single PC. A suitable “Apache Killer” Perl script that impressively demonstrates the problem has already been published on the Full Disclosure mailing list.

The tool sends GET requests with multiple “byte ranges” that will claim large portions of the system’s memory space. A “byte range” statement allows a browser to only load certain parts of a document, for example bytes 500 to 1000. This method is used by programs such as download clients to resume downloads that have been interrupted; it is designed to reduce bandwidth requirements. However, it appears that stating multiple unsorted components in the header can cause an Apache server to malfunction.

No official patch has been released, but a functional workaround is to use rewrite rules that only allow a single range request in GET and HEAD headers. This should not present a problem for most applications. To enable the rules, administrators must load the Apache Web Server’s mod_rewrite module.

Another suggested workaround is to use the mod_header module with the RequestHeader unset Range configuration to completely delete any range requests that may be contained in a header. However, this approach is likely to cause more problems than restricting the number of ranges. Admins should use the tool to test the effectiveness of their measures before others do it for them.

[OS X] Set up DiffMerge for Dreamweaver file comparison

I’ve just started in a new office and we are all Mac’ed up, which changes the development process a bit. For one thing, I have SO much pixelated real estate I have had to put ghosts of standard window sizes on my desktop background, as it’s easy to lose touch with real users’ screen resolution. 1024×768 just gets lost in the corner!

One of my first productivity priorities was getting a decent visual diff tool hooked up to Dreamweaver – a colleague recommended TextWrangler but it doesn’t highlight differences in clearly, so after a little research I settled on DiffMerge, a utility available for Mac, PC and *nix.

It takes a tiny bit of setting up however, a little knowledge of OS X file system, and the instructions contained a slight discrepancy in my version, so here’s how if you find yourself in the same situation:

First download the DiffMerge DMG, mount the DMG (simply by double clicking the downloaded DMG) and drag to your applications.

All standard stuff so far, and any Mac user should be able to do that.

Now, launch Terminal (search for it with Finder if you need it).

Log in with your system password.

change into the mounted DMG:
$ cd /Volumes/DiffMerge {version number}/
For n00bs, once you have got as far as typing ‘Diff’ you can press [TAB] to autocomplete.

sudo copy (copy as a superuser) the shell script to /usr/bin:
$ sudo cp Extras/ /usr/bin/diffmerge 
You will be prompted for your system password

Set the permissions on the script:
$ sudo chmod 755 /usr/bin/diffmerge

Copy the man (manual file) to your system. This is where the instructions were in error as they listed the file as diffmerge.1, and my copy was diffmerge.man1:
$ sudo cp Extras/diffmerge.man1 /usr/share/man/man1/diffmerge.man1 

Set permissions for the man file:
$ sudo chmod 644 /usr/share/man/man1/diffmerge.man1

Open Dreamweaver, and go to preferences (⌘ + U), select the ‘File Compare’ category and enter ‘{your drive}:usr:bin:diffmerge’ where {your drive} is the name of your… drive… Yeh. For example: ‘Macintosh HD:usr:bin:diffmerge’ and click [OK]

Now you can start diffing files – when uploading and DW asks if you want to compare, click the button and DiffMerge will open automatically.

Alternatively [Ctrl] + Click on any file in choose ‘Compare with {Remote Server} / {Local Server}’ from the context menu as appropriate.