Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: Apache & Classic ASP |
|
Author |
|
Douglas26
Joined: 10 Dec 2009 Posts: 5
|
Posted: Fri 11 Dec '09 15:29 Post subject: Apache & Classic ASP |
|
|
Hi there,
I'm setting up a web server at home on Windows XP Home Edition. I'll emphasize that this setup is purely for a hobby site, since I can't afford to pay for a hosting company right now - if I wanted add ons like Coldfusion and JSP, it would cost a bomb - and I can easily do that myself!
I've installed Apache 2.2.8 (AppServ) successfully, and people have tested my URL and it's all working as it should. However, I'd like to run both Classic ASP and ASP.NET on Apache too - I've got ASP.NET installed successfully and it's all working. With Classic ASP, I was excited to see that you could download it from Sun One for free, since it appears to be retired now, but it doesn't appear to support Apache 2.2.8.
My question is, apart from the obvious security and vulnerability reasons, does it really matter whether I finally host my site with version 2.2 or 2.0? If the only option is to use 2.0 so I can get Classic ASP, I'm not too fussed about which version I'll finally use, I'd just prefer to keep up to date with all the latest software.
Thanks
Douglas |
|
Back to top |
|
Brian
Joined: 21 Oct 2005 Posts: 209 Location: Puyallup, WA USA
|
|
Back to top |
|
Douglas26
Joined: 10 Dec 2009 Posts: 5
|
Posted: Sat 12 Dec '09 3:19 Post subject: |
|
|
Ah, thanks for your reply, but I should emphasize that I have ASP.NET working, and I've rolled back the server to 2.0, and have Classic ASP working now too. I suppose I'm asking, if using a 2.0 server will affect any future software updates like PHP 6? |
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7355 Location: Germany, Next to Hamburg
|
Posted: Sat 12 Dec '09 11:21 Post subject: |
|
|
As far as I can see the future of PHP will be fcgi(d). In the last snapshot I downloaded from PHP6 there weren't module for apache (maybe yet). IIRC the future apache 2.4 will have more comfort with fcgi.
As Brian wrote there is always a chance of using a reverse proxy so you can combine older and newer technologies.
Apache 2.0 will have only security and bugfix releases. There is no real development. Also Apache 2.2 will be "finished" at some point. |
|
Back to top |
|
glsmith Moderator
Joined: 16 Oct 2007 Posts: 2268 Location: Sun Diego, USA
|
Posted: Sun 13 Dec '09 11:35 Post subject: |
|
|
I hope you come back, I wish I'd thought of it sooner.
My I ask how your getting classic ASP in 2.0.63. I am curious because one thing I lost when migrating from 1.3.39 to 2.x was mod_asp. It was old, wasn't much yet still could do some slick things and I know the pain of loosing it.
I assume ASP.Net is mod_aspdotnet ... but what about the Classic ASP?
TIA
Security of 2.0.63:
Coming up January 19 will be the two year anniversary of the release so let's see what is wrong with it.
*) SECURITY: CVE-2008-2364 (cve.mitre.org)
mod_proxy_http: Better handling of excessive interim responses
from origin server to prevent potential denial of service and high
memory usage.
*) SECURITY: CVE-2008-2939 (cve.mitre.org)
mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
the FTP URL.
*) SECURITY: CVE-2009-3555 (cve.mitre.org)
A partial fix for the TLS renegotiation prefix injection attack by
rejecting any client-initiated renegotiations. Any configuration
which requires renegotiation for per-directory/location access
control is still vulnerable, unless using OpenSSL >= 0.9.8l.
The release at apache.org includes OpenSSL 0.9.7m, I do not know if it is susceptible to the TLS MITM attack but I would expect it is. If a 2.0.64 is ever release, I would hope it came with the latest 0.9.8 release [currently 0.9.8l (L)]
That said, if your not a proxy or a secure server, I guess it's OK.
Gregg |
|
Back to top |
|
|
|
|
|
|