[us...@httpd] Problem with enable-layout and APR while trying to compile 2.2.12

[Richard]

Hi,

I have  a small problem compiling 2.2.12, I might be doing somthing
wrong but I can't find an answer that explains this.

I'm trying to compile Apache using
http://diymacserver.com/installing-apache/compiling-apache-in-64-bits-mode-on-leopard/

When I add the DIYMacServer layout to the config.layout file the
configuration process just stops with:

checking for chosen layout... DIYMacServer
checking for working mkdir -p... yes
checking build system type... i386-apple-darwin9.7.0
checking host system type... i386-apple-darwin9.7.0
checking target system type... i386-apple-darwin9.7.0

Configuring Apache Portable Runtime library ...

configuring package in srclib/apr now
checking build system type... i386-apple-darwin9.7.0
checking host system type... i386-apple-darwin9.7.0
checking target system type... i386-apple-darwin9.7.0
Configuring APR library
Platform: i386-apple-darwin9.7.0
checking for working mkdir -p... yes
APR Version: 1.3.7
** Error: unable to find layout DIYMacServer
configure failed for srclib/apr

I need to copy the config.layout to scrlib/apr and srclib/apr-util to
get it to work but this should not be the case I would think.

This procedure worked with previous versions of Apache 2.2.x

I can't find anything in the release notes that might indicate this change?

The only thing I could find about it is this old bug which is still unsolved?

Thanks,

Richard

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] apache redirect q

[Richard]

 Original Message 
> Date: Thursday, June 04, 2015 08:35:34 AM -0700
> From: K R 
>
> Hi,
> 
> need to setup a  rule for   below
> 
> source - >  https://website1.com/prt/sell?yr=73
> target ->   https://website2.com/chn/hk/dg?yr=73
> 


Start with the documentation, by looking at the
redirect/redirectmatch directives:

  

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache 2.4.12 installation issue

[Richard]

> Date: Thursday, June 04, 2015 07:40:58 PM +
> From: "Narne, Balakrishna (IT Consultant)"

>
> I am trying to install Apache 2.4.12 on Red hat Linux 6.5
> server.but I am getting the below error while configuring apache
> using "./configure
> --prefix=/home/NarneB/mw/apache-httpd-2.4.4/pcre". Can you please
> help me?
> 

If you have an RH license I think you should have access to their
RHSCL repository, which includes apache 2.4 for RHEL-6. An update of
that repository was announced earlier today. 

If you want to continue to try to compile apache outside your OS's
package management offerings you may want to start by looking at the
config.log, as suggested in last line your included output:

  > configure: error: C preprocessor "/lib/cpp" fails sanity check
  > See `config.log' for more details
 
as it will likely contain hints as to what went wrong.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache24 restrict director access by IP

[Richard]

> Date: Tuesday, June 09, 2015 02:11:55 PM -0700
> From: Motty Cruz 
>
> Hello,
> I am trying to restrict access to joomla Administrator directory
> by IP:
># defese agains brute force attacks
> 
>  order deny,allow
>  Deny from all
>  Require ip 192.168.1.65
> 
> 
> this code on httpd.conf is not stopping me from logging onto
> www.site.com/administrator
> any ideas?
> I used this
> http://httpd.apache.org/docs/2.4/en/mod/mod_authz_host.html
> 
> Thanks
> Motty
>

What you are showing are apache 2.2 access control directives. These
changed with 2.4, so if you are using 2.4, as implied by your
subject line, see the "Run-Time Configuration Changes" section of:

  



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache24 restrict director access by IP

[Richard]

 Original Message 
> Date: Tuesday, June 09, 2015 09:18:02 PM +
> From: Richard 
>
> 
> 
>> Date: Tuesday, June 09, 2015 02:11:55 PM -0700
>> From: Motty Cruz 
>> 
>> Hello,
>> I am trying to restrict access to joomla Administrator directory
>> by IP:
>># defese agains brute force attacks
>> 
>>  order deny,allow
>>  Deny from all
>>  Require ip 192.168.1.65
>> 
>> 
>> this code on httpd.conf is not stopping me from logging onto
>> www.site.com/administrator
>> any ideas?
>> I used this
>> http://httpd.apache.org/docs/2.4/en/mod/mod_authz_host.html
>> 
>> Thanks
>> Motty
>> 
> 
> What you are showing are apache 2.2 access control directives.
> These changed with 2.4, so if you are using 2.4, as implied by your
> subject line, see the "Run-Time Configuration Changes" section of:
> 
>   <http://httpd.apache.org/docs/2.4/upgrading.html>
> 
> 

Apologies (overlooked part of your directives) -- You have a mix of
2.2 and 2.4 directives. The "order" directives are 2.2, while
"require" are 2.4, so I suspect your directives aren't being parsed
correctly by your 2.4 environment. I think things are clearer in the
"upgrading" document than the one you referenced.





-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] mime.types

[Richard]

> Date: Wednesday, July 08, 2015 04:13:04 PM -0400
> From: "Cohen, Laurence" 
>
> I am using the CentOS6 RPM for my Apache Web Server.  When
> starting up, Apache complains that it could not open the
> mime.types file.  It's looking for it in /etc and sure enough it
> isn't there.
> 
> Could someone please tell me what I can do to install a mime.types
> file? I've tried looking for another rpm that would contain it,
> but I haven't found one.  We have to do a minimal install when
> setting up our servers to minimize security issues.  Could it be
> that by doing this, the rpm that contains the mime.types file
> didn't get installed?
> 
> Thanks,
> 
> Larry

You can use the yum "whatprovides" facility to find the rpm that has
what you are after. In this case, /etc/mime.types seems to be
provided by "mailcap-2.1.31-2.el6.noarch", which looks to be in the
base repo.




-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] 403 and I don't understand why

[Richard]

 Original Message 
> Date: Monday, July 13, 2015 03:52:24 PM -0700
> From: James Moe 
>
> httpd v2.4.10
> linux v3.16.7-21-desktop x86_64
> 
>   Access to this site used to work oh-so-long ago. I have had no
> need to access the (local) site for many months (at least). The
> Apache server has been updated regularly since then.
>   The directories and files are not read-protected (See below).
> 
>   What other mis-configurations could cause the error?
> 
>   Opening  yields:
> [ error message ]
> Access forbidden!
> You don't have permission to access the requested directory. There
> is either no index document or the directory is read-protected.
> Error 403
> courses.sma.com
> Apache/2.4.10 (Linux/SUSE)
> [ end ]
> 
> [ error log ]
> [Mon Jul 13 14:50:47.209712 2015] [authz_core:error] [pid 25337]
> [client 192.168.69.115:53650] AH01630: client denied by server
> configuration: /d500g/www/courses/moodle1xx/, referer:
> http://www.sma.com/ [ end ]
> 
>   User "wwwrun" is a member of the "users" group.
>   The index file exists:
> $ ll /d500g/www/courses/moodle1xx/index.php
> -rw-rw-r--  1 jmoe users 12032 Jul 26  2010
> /d500g/www/courses/moodle1xx/index.php
> drwxr-xr-x 15 root  root  4096 Nov 19  2013 d500g/
> drwxrwxrwx  7 jmoe  users 4096 Jan 20  2012 www/
> drwxrwxr-x  9 jmoe  users 4096 Jan 20  2012 courses/
> drwxrwxr-x 35 jmoe  users 4096 Apr  4  2014 moodle1xx/
> 
> [ vhost ]
> 
> ServerAdmin ji...@sohnen-moe.com
> ServerName courses.sma.com
> 
> DocumentRoot /d500g/www/courses
> 
> ErrorLog /d500g/www/log/courses.sma.com-error_log
> CustomLog /d500g/www/log/courses.sma.com-access_log combined
> 
> HostnameLookups Off
> UseCanonicalName Off
> ServerSignature Off
> 
> Include /etc/apache2/conf.d/*.conf
> 
> ScriptAlias /cgi-bin/ "/d500g/www/courses/cgi-bin/"
> 
>   AllowOverride None
>   Options +ExecCGI -Includes
>   Order allow,deny
>   Allow from all
> 
> 
>   Options Indexes FollowSymLinks
> 
>   AllowOverride all
> 
>   Order allow,deny
>   Allow from all
> 
> [ end ]

Your apache access control directives are from pre-2.4, and likely
causing your problems now that your apache is 2.4.x. See:

  

for 2.2->2.4 changes.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Help with rewrite rules

[Richard]

> Date: Wednesday, August 05, 2015 20:55:49 +0530
> From: aparna Puram 
>
> Hello All,
> 
> I have specific requirement for a rewirte rule.
> 
> 
> http://localhost/inservice has to be rewrited to
> http://localhost/InSerivce.
> 
> Only the first and 3rd letter has to be caps..and rest all have to
> be lower case. Even if user gives Inservice, it will still have to
> rewite it to InService.
> 
> Request you to help me with this.

You may want to look at the redirect and redirectmatch directives:

  

  

as they are better for the simple redirection that you are,
seemingly, asking for.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Re: Apache Upgrade on Red Hat question

[Richard]

> 
> On 8/10/15 12:44 PM, "Good Guy"  wrote:
> 
>> On 10/08/2015 15:35, Harold Sebastin wrote:
>>> Hi,
>>> I have Apache 2.2.3 on RHEL 5.8. What procedures or steps I need
>>> to take to upgrade to the latest version 2.4.16?
>>> Thanks.
>>> Harold
>> 
>> I recently upgraded version 2.2.29 to 2.4.16 on Windows and the
>> procedure was pretty simple.  In my case htdocs was completely
>> separate from the core so the upgrade was just as normal as you
>> would install a fresh server.
>> 
>> In my case, I first made the list of which modules are to be
>> loaded; I also made a print out of the old config file just in
>> case I get the folders wrong.  After this you can go ahead and
>> the configuration you may need to do are as follows:
>> 
>> ServerName & port number
>> ServerAdmin
>> Config for server side includes
>> DirectoryIndex
>> Config for php and perl  - for php to decide whether to run as
>> fastCGI or as a module
>> LoadModules
>> DocumentRoot
>> 
>> That is all I had to do;  The php was upgraded before apache was
>> so the security features were already in place.
>> 
>> I guess in Linux environment it must be different but you get the
>> idea. Be organized and document everything first before starting
>> anything.
>> 
>> Good luck.
>> 
> From: "Rose, John B" 
> Date: Monday, August 10, 2015 16:50:55 +
>
> We went from 2.2 to 2.4 and used these documents, among others ?.
> 
> http://httpd.apache.org/docs/2.4/upgrading.html
> http://httpd.apache.org/docs/2.4/misc/perf-tuning.html
> 
> We also went from prefork/mod_php to Event MPM and php-fpm
> 
> http://httpd.apache.org/docs/2.4/new_features_2_4.html
> https://wiki.apache.org/httpd/PHP-FPM
> 

One of the better places for newer releases of things like
php/mysql/httpd that are packaged for RHEL (and re-spins) is the IUS
repository, . While I'm seeing newer
releases of httpd for RHEL-6, I don't see any for RHEL-5, but you
might want to ask. Of course, you could build an RPM from the httpd
source, (or build/install from source outside of the rpm manager).

Note, RHEL-5 is in the last ~1.5 years of its 10 year life, so you
may want to consider moving to -6 or -7.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] How to Configure SPDY in Apache 2.4.6 with CentOS 7

[Richard]

 Original Message 
> Date: Tuesday, August 11, 2015 14:56:19 +0530
> From: Mahendiran Vel 
>
> Dear All,
> 
> I have done the setup as per forums like
> 
> https://www.howtoforge.com/using-mod_spdy-with-apache2-on-centos-6
> .4.
> 
> After restating apache server i'm getting below error message
> 
> Aug 11 14:43:35 lrp-migration httpd[27799]: httpd: Syntax error on
> line 353 of /etc/httpd/conf/httpd.conf: Syntax error on line 1 of
> /etc/httpd/conf.d/spdy.conf: Cannot load
> /usr/lib64/httpd/modules/mod_spdy.so into server:
> /usr/lib64/httpd/modules/mod_spdy.so: undefined symbol:
> ap_log_cerror.
> 
> please provide a solution to solve this issue.

>From the little that you have provided, I believe that you are
trying to use the [google developed] release of mod_spdy that works
with httpd-2.2 (which is the httpd release that's supported with
centos-6), with httpd-2.4. I think you need to look for a newer
release (which should come from ASF) that supports httpd-2.4, which
is what you're using on centos-7.

This link (see the [link in the] second paragraph):



might get you started in that direction.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Failed to connect to port 443: Connection refused

[Richard]

> Date: Tuesday, September 01, 2015 16:48:45 +0200
> From: kof...@laposte.net
>
> Hello, 
> 
> Yesterday I had a working apache which correctly served my website
> via SSL. Today the only thing I did was install OpenVPN client,
> reboot the server, and now I get "Failed to connect to
> www.mysite.com port 443: Connection refused" when asking for any
> page (from curl). The same site, without SSL, is correctly served.
> Nothing shows up in error.log. Does anyone know where I could have
> a look to identify the problem? 
> 
> Thanks in advance 
> 
> Marc 

Check your "ssl_error_log" (or equiv). Did the ssl server start?
There should be lines there that indicate that it did (or that it
failed). Also, use netstat to see if/what is listening on 443.


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Errors when installing apache 2.4.16 on Linux

[Richard]

> Date: Saturday, September 05, 2015 02:37:45 +0200
> From: Yann Ylavic 
>
> Hi,
> 
> On Fri, Sep 4, 2015 at 11:46 PM, Yimin Huang
>  wrote:
>> 
>> When I did "make", I got the following
>> error in exports.c.
> 
> Did you try "make clean && make"?
> 
> Regards,
> Yann.
> 

You also may want to look at the ius repository:

  

they have an rpm for 2.4.16-2. 

This repository is intended for rhel/centos releases, but I believe
that oracle tries to be compatible with rhel so this might work.

By the way, based on rhel/centos releases, I suspect that there
should be a .7 release of oracle's linux-6 that you might want to
upgrade to.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Localhost cannot be accessed when Apache is started

[Richard]

> Date: Friday, January 15, 2016 16:11:58 -0600
> From: Josiah Asbill 

>> On Jan 15, 2016, at 11:40 AM, Lester Caine 
>> wrote:
>> 
>> On 15/01/16 17:27, Josiah Asbill wrote:
>>> Okay, so I did that. Reran “httpd” to troubleshoot it. 
>>> Got back, "Syntax error on line 20 of
>>> /private/etc/apache2/extra/httpd-mpm.conf:
>>> Invalid command 'LockFile', perhaps misspelled or defined by a
>>> module not included in the server configuration" 
>>> This is what is on line 20, "LockFile
>>> '/private/var/log/apache2/accept.lock'"

>> 
>> OK This begs the question Apache2.2 or 2.4?
>> I'm not a Mac user, so I'm not sure exactly which version the
>> package manager will supply if that is where you installed from?
>> 
>> Simply removing line 20 should allow httpd to run and let you at
>> least get the 'It works' message.
>> 
>> -- 
>> Lester Caine - G8HFL

> The version is 2.4.16.
> I tried to comment out line 20, but my text editor says, "This
> operation couldn't be completed because an error occurred. The
> authenticated save for this file failed."

That error has nothing to do with apache. Make certain that you have
the necessary permissions to write to that file/location.

I would suggest that you start with a minimal/basic install, get
that working and then move on from there. 

Please do not top post.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache Tomcat 2.4 forbidden on root when Indexes are disabled.

[Richard]

> Date: Tuesday, January 26, 2016 16:40:23 +0100
> From: Weare Borg 
>
> Hi Eric,
> 
> Error log :
> 
> [Tue Jan 26 16:25:04.015356 2016] [core:notice] [pid 30823]
> AH00094:
>> Command line: '/usr/sbin/apache2'
>> [Tue Jan 26 16:32:14.613618 2016] [autoindex:error] [pid 30827]
>> [client 127.0.0.1:47452] AH01276: Cannot serve directory
>> /var/www/html/: No matching DirectoryIndex
>> (index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm)
>> found, and server-generated directory index forbidden by Options
>> directive, referer:
>> http://localhost/recovery/install/index.php/finish/ [Tue Jan 26
>> 16:38:02.326241 2016] [autoindex:error] [pid 30828] [client
>> 127.0.0.1:47716] AH01276: Cannot serve directory /var/www/html/:
>> No matching DirectoryIndex
>> (index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm)
>> found, and server-generated directory index forbidden by Options
>> directive
>> 
> 
> These are the same name of files on remote-server where we have
> Apache 2.2, and it's working fine there.
> 
> 
> On Tue, Jan 26, 2016 at 4:21 PM, Eric Covener 
> wrote:
> 
>> On Tue, Jan 26, 2016 at 10:14 AM, Weare Borg
>>  wrote:
>> > Kindly let me know what I can do to get rid of this forbidden
>> > message.
>> 
>> What does your error log say?
>> 

Do you have a file with the name of one of:

 index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm

at "/var/www/html/", that is readable by the user that your server
is running as?

Note, filenames are case sensitive.




-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache Tomcat 2.4 forbidden on root when Indexes are disabled.

[Richard]

> Date: Tuesday, January 26, 2016 16:51:01 +0100
> From: Weare Borg 
> 
> On Tue, Jan 26, 2016 at 4:47 PM, Richard wrote:
> 
>> 
>> > Date: Tuesday, January 26, 2016 16:40:23 +0100
>> > From: Weare Borg 
>> > 
>> > Hi Eric,
>> > 
>> > Error log :
>> > 
>> > [Tue Jan 26 16:25:04.015356 2016] [core:notice] [pid 30823]
>> > AH00094:
>> >> Command line: '/usr/sbin/apache2'
>> >> [Tue Jan 26 16:32:14.613618 2016] [autoindex:error] [pid 30827]
>> >> [client 127.0.0.1:47452] AH01276: Cannot serve directory
>> >> /var/www/html/: No matching DirectoryIndex
>> >> (index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm)
>> >> found, and server-generated directory index forbidden by
>> >> Options directive, referer:
>> >> http://localhost/recovery/install/index.php/finish/ [Tue Jan 26
>> >> 16:38:02.326241 2016] [autoindex:error] [pid 30828] [client
>> >> 127.0.0.1:47716] AH01276: Cannot serve directory
>> >> /var/www/html/: No matching DirectoryIndex
>> >> (index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm)
>> >> found, and server-generated directory index forbidden by
>> >> Options directive
>> >> 
>> > 
>> > These are the same name of files on remote-server where we have
>> > Apache 2.2, and it's working fine there.
>> > 
>> > 
>> > On Tue, Jan 26, 2016 at 4:21 PM, Eric Covener
>> >  wrote:
>> > 
>> >> On Tue, Jan 26, 2016 at 10:14 AM, Weare Borg
>> >>  wrote:
>> >> > Kindly let me know what I can do to get rid of this forbidden
>> >> > message.
>> >> 
>> >> What does your error log say?
>> >> 
>> 
>> Do you have a file with the name of one of:
>> 
>>  index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm
>> 
>> at "/var/www/html/", that is readable by the user that your server
>> is running as?
>> 
>> Note, filenames are case sensitive.
>> 
>
> No, I don't have the any of the similar files you named. I don't
> think so that is needed as other configuration also doesn't have
> it, but it runs fine. Here are the files :
> 
>  binconfig.php   eula_en.txt  .htaccess
> media  shopware.php  themesvar
> ..composer.json  CONTRIBUTING.md  eula.txt
> license.txt   README.md  style.css  vendor
> autoload.php  composer.lock  engine   files
> maintenance.html  recovery   templates UPGRADE.mdweb

Read the error message in your log:

  > AH01276: Cannot serve directory
  > /var/www/html/: No matching DirectoryIndex
  > (index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm)

It's looking for a file with one of those names.

I suspect that some aspect of the configurations of your two systems
differ.

[please do not top post.]



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache Tomcat 2.4 forbidden on root when Indexes are disabled.

[Richard]

> Date: Tuesday, January 26, 2016 17:24:31 +0100
> From: Weare Borg 
>
> On Tue, Jan 26, 2016 at 4:57 PM, Richard wrote:
>> 
>> > Date: Tuesday, January 26, 2016 16:51:01 +0100
>> > From: Weare Borg 
>> > 
>> > On Tue, Jan 26, 2016 at 4:47 PM, Richard wrote:
>> > 
>> >> 
>> >> > Date: Tuesday, January 26, 2016 16:40:23 +0100
>> >> > From: Weare Borg 
>> >> > 
>> >> > Hi Eric,
>> >> > 
>> >> > Error log :
>> >> > 
>> >> > [Tue Jan 26 16:25:04.015356 2016] [core:notice] [pid 30823]
>> >> > AH00094:
>> >> >> Command line: '/usr/sbin/apache2'
>> >> >> [Tue Jan 26 16:32:14.613618 2016] [autoindex:error] [pid
>> >> >> 30827] [client 127.0.0.1:47452] AH01276: Cannot serve
>> >> >> directory /var/www/html/: No matching DirectoryIndex
>> >> >> (index.html,index.cgi,index.pl,index.php,index.xhtml,index.
>> >> >> htm) found, and server-generated directory index forbidden
>> >> >> by Options directive, referer:
>> >> >> http://localhost/recovery/install/index.php/finish/ [Tue
>> >> >> Jan 26 16:38:02.326241 2016] [autoindex:error] [pid 30828]
>> >> >> [client 127.0.0.1:47716] AH01276: Cannot serve directory
>> >> >> /var/www/html/: No matching DirectoryIndex
>> >> >> (index.html,index.cgi,index.pl,index.php,index.xhtml,index.
>> >> >> htm) found, and server-generated directory index forbidden
>> >> >> by Options directive
>> >> >> 
>> >> > 
>> >> > These are the same name of files on remote-server where we
>> >> > have Apache 2.2, and it's working fine there.
>> >> > 
>> >> > 
>> >> > On Tue, Jan 26, 2016 at 4:21 PM, Eric Covener
>> >> >  wrote:
>> >> > 
>> >> >> On Tue, Jan 26, 2016 at 10:14 AM, Weare Borg
>> >> >>  wrote:
>> >> >> > Kindly let me know what I can do to get rid of this
>> >> >> > forbidden message.
>> >> >> 
>> >> >> What does your error log say?
>> >> >> 
>> >> 
>> >> Do you have a file with the name of one of:
>> >> 
>> >>  index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm
>> >> 
>> >> at "/var/www/html/", that is readable by the user that your
>> >> server is running as?
>> >> 
>> >> Note, filenames are case sensitive.
>> >> 
>> > 
>> > No, I don't have the any of the similar files you named. I don't
>> > think so that is needed as other configuration also doesn't have
>> > it, but it runs fine. Here are the files :
>> > 
>> >  binconfig.php   eula_en.txt
>> >  .htaccess media  shopware.php  themes
>> > var
>> > ..composer.json  CONTRIBUTING.md  eula.txt
>> > license.txt   README.md  style.css  vendor
>> > autoload.php  composer.lock  engine   files
>> > maintenance.html  recovery   templates UPGRADE.mdweb
>> 
>> Read the error message in your log:
>> 
>>  > AH01276: Cannot serve directory
>>  > /var/www/html/: No matching DirectoryIndex
>>  > (index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm)
>> 
>> It's looking for a file with one of those names.
>> 
>> I suspect that some aspect of the configurations of your two
>> systems differ.
>> 
>
> I don't think so, because it is not very complicated to setup, but
> I don't know why I keep getting this error. And as I had pasted
>

The cause of the error is fairly clear. You have a DirectoryIndex
directive that enumerates six "index" filename (extension) options.
If none of those exist, and you have "indexing" turned off, there's
nothing that the server is authorized to serve when you try to enter
a directory without otherwise specifying an existing file.

You might want to go through the same steps/links on both servers
and watch what shows up in the access and error logs. Specifically,
look at the access log on the server where the same action on the
other server gets the forbidden error. Note what the logs indicate
gets served -- that should help you pinpoint what's going on with
your setups.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache logging format

[Richard]

> Date: Thursday, January 28, 2016 09:38:47 -0800
> From: K R 
>
> Is there a way to capture  user login   user login failure  in
> Apache logs.
> 
> TIA


What are you using for your authentication method/access control -
http-basic, application-specific, something else?



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Re: throttling IP addresses

[Richard]

> Date: Monday, February 01, 2016 19:52:51 +
> From: George Genovezos 
> 
> Hi,
> 
> I’m hoping someone can help with a problem I’m having. I need
> a basic Ddos  mitigation tool. Basically, either throttling back
> certain IP addresses or blocking access after too many connections
> per second.
> 
> I know mod_evasive did this but the project, to my knowledge is
> deprecated.
> 
> So to draw this out, I want a web server to count the number of
> connection per seconds, and if an IP breaches this limit to either
> throttle or block the connection. Then I want to use mod_proxy to
> reverse proxy that clean connection to my web servers.
> 
> Any feedback would be greatly appreciated.
> 
> George Genovezos
> Application Security Architect
> CISSP, ISSAP, CIFI
> 
> Copart

In my view, doing this at the web server is rather late in the game.
If I'm reading the mod_evasive documentation correctly, all it (or
something similar) does is stops serving content and returns 403s.
If your content is resource expensive to deliver that will help
some, but you're still going to get all the requests hitting the web
server and you're still going to be responding to them.

The better place to address this is at your system's firewall.
Depending on your system, you likely have firewall tools that can
provide a more robust solution.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Re: throttling IP addresses

[Richard]

Are you referring to a 3rd-party firewall in front of the machine or
the OS's firewall. Most *nix system (built-in) firewalls that I've
dealt with have a lot of granularity and capabilities. They can
certainly do an IP-specific (or range) blocks on one (or all) ports
and some can do the throttling for you. That's what I've used when
I've needed to deal with issues like yours. Changing a web server
response to a 403 doesn't have all that much effect if you're
dealing with high-volume traffic.


> Date: Monday, February 01, 2016 22:07:45 +0100
> From: Luca Toscano 
>
> Hi George,
> 
> I would also check mod_qos for your use case!
> 
> Luca
> Il 01 feb 2016 22:00, "George Genovezos"
>  ha scritto:
> 
>> Richard,
>> 
>> I would agree with you that a more elegant solution is required.
>> Unfortunately the firewall will only block or allow a particular
>> port.
>> 
>> The correct solution would be to implement an IPS solution in
>> front of a firewall, but where in the do more with less phase.
>> 
>> 
>> George Genovezos
>> Application Security Architect
>> CISSP, ISSAP, CIFI
>> 
>> Copart
>> I--
>> 
>> On 2/1/16, 2:27 PM, "Richard"
>>  wrote:
>> 
>> > 
>> > 
>> >> Date: Monday, February 01, 2016 19:52:51 +
>> >> From: George Genovezos 
>> >> 
>> >> Hi,
>> >> 
>> >> I’m hoping someone can help with a problem I’m having. I
>> >> need a basic Ddos  mitigation tool. Basically, either
>> >> throttling back certain IP addresses or blocking access after
>> >> too many connections per second.
>> >> 
>> >> I know mod_evasive did this but the project, to my knowledge is
>> >> deprecated.
>> >> 
>> >> So to draw this out, I want a web server to count the number of
>> >> connection per seconds, and if an IP breaches this limit to
>> >> either throttle or block the connection. Then I want to use
>> >> mod_proxy to reverse proxy that clean connection to my web
>> >> servers.
>> >> 
>> >> Any feedback would be greatly appreciated.
>> >> 
>> >> George Genovezos
>> >> Application Security Architect
>> >> CISSP, ISSAP, CIFI
>> >> 
>> >> Copart
>> > 
>> > In my view, doing this at the web server is rather late in the
>> > game. If I'm reading the mod_evasive documentation correctly,
>> > all it (or something similar) does is stops serving content and
>> > returns 403s. If your content is resource expensive to deliver
>> > that will help some, but you're still going to get all the
>> > requests hitting the web server and you're still going to be
>> > responding to them.
>> > 
>> > The better place to address this is at your system's firewall.
>> > Depending on your system, you likely have firewall tools that
>> > can provide a more robust solution.
>> > 
>> > 
>> > 
>> > ---
>> > -- To unsubscribe, e-mail:
>> > users-unsubscr...@httpd.apache.org For additional commands,
>> > e-mail: users-h...@httpd.apache.org
>> > 
>> 

 End Original Message 



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Re: throttling IP addresses

[Richard]

What works will depend on your OS, but you may want to look at
fail2ban:

  <http://www.fail2ban.org/wiki/index.php/Main_Page>


I think it should be able to do the OS-level firewall management
that you need.

[your external firewall sounds fairly lame.]


> Date: Tuesday, February 02, 2016 16:47:49 +
> From: George Genovezos 
>
> Yes,
> 
> I am referring to an external firewall.
> 
> So the idea is to use the web server to proxy external traffic and
> place an IP hit counter, that would throttle a DDOS attack. Even
> with a unix firewall, we still need a way to identify the threat
> and update the firewall. Do you have any thoughts on that?
> 
> Thanks
> 
> 
> George Genovezos
> Application Security Architect
> CISSP, ISSAP, CIFI
> 
> Copart
> I-- 
> 
> 
> 
> 
> 
> 
> 
> On 2/1/16, 6:04 PM, "Richard" 
> wrote:
> 
>> Are you referring to a 3rd-party firewall in front of the machine
>> or the OS's firewall. Most *nix system (built-in) firewalls that
>> I've dealt with have a lot of granularity and capabilities. They
>> can certainly do an IP-specific (or range) blocks on one (or all)
>> ports and some can do the throttling for you. That's what I've
>> used when I've needed to deal with issues like yours. Changing a
>> web server response to a 403 doesn't have all that much effect if
>> you're dealing with high-volume traffic.
>> 
>> 
>>> Date: Monday, February 01, 2016 22:07:45 +0100
>>> From: Luca Toscano 
>>> 
>>> Hi George,
>>> 
>>> I would also check mod_qos for your use case!
>>> 
>>> Luca
>>> Il 01 feb 2016 22:00, "George Genovezos"
>>>  ha scritto:
>>> 
>>>> Richard,
>>>> 
>>>> I would agree with you that a more elegant solution is required.
>>>> Unfortunately the firewall will only block or allow a particular
>>>> port.
>>>> 
>>>> The correct solution would be to implement an IPS solution in
>>>> front of a firewall, but where in the do more with less phase.
>>>> 
>>>> 
>>>> George Genovezos
>>>> Application Security Architect
>>>> CISSP, ISSAP, CIFI
>>>> 
>>>> Copart
>>>> I--
>>>> 
>>>> On 2/1/16, 2:27 PM, "Richard"
>>>>  wrote:
>>>> 
>>>> > 
>>>> > 
>>>> >> Date: Monday, February 01, 2016 19:52:51 +
>>>> >> From: George Genovezos 
>>>> >> 
>>>> >> Hi,
>>>> >> 
>>>> >> I’m hoping someone can help with a problem I’m having. I
>>>> >> need a basic Ddos  mitigation tool. Basically, either
>>>> >> throttling back certain IP addresses or blocking access after
>>>> >> too many connections per second.
>>>> >> 
>>>> >> I know mod_evasive did this but the project, to my knowledge
>>>> >> is deprecated.
>>>> >> 
>>>> >> So to draw this out, I want a web server to count the number
>>>> >> of connection per seconds, and if an IP breaches this limit
>>>> >> to either throttle or block the connection. Then I want to
>>>> >> use mod_proxy to reverse proxy that clean connection to my
>>>> >> web servers.
>>>> >> 
>>>> >> Any feedback would be greatly appreciated.
>>>> >> 
>>>> >> George Genovezos
>>>> >> Application Security Architect
>>>> >> CISSP, ISSAP, CIFI
>>>> >> 
>>>> >> Copart
>>>> > 
>>>> > In my view, doing this at the web server is rather late in the
>>>> > game. If I'm reading the mod_evasive documentation correctly,
>>>> > all it (or something similar) does is stops serving content
>>>> > and returns 403s. If your content is resource expensive to
>>>> > deliver that will help some, but you're still going to get
>>>> > all the requests hitting the web server and you're still
>>>> > going to be responding to them.
>>>> > 
>>>> > The better place to address this is at your system's firewall.
>>>> > Depending on your system, you likely have firewall tools that
>>>> > can provide a more robust solution.
>>>> > 
>>>> > 
>>>> > 
>>>> > -
>>>> > -- -- To unsubscribe, e-mail:
>>>> > users-unsubscr...@httpd.apache.org For additional commands,
>>>> > e-mail: users-h...@httpd.apache.org
>>>> > 
>>>> 
>> 
>>  End Original Message 
>> 
>> 
>> 
>> -
>>  To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>> 
> 
> --
> --- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For
> additional commands, e-mail: users-h...@httpd.apache.org

 End Original Message 



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Howto accept only one connection

[Richard]

> Date: Friday, February 19, 2016 13:32:02 +0100
> From: Oliver Graute 
>
> On 19/02/16, Jim Jagielski wrote:
>> Just one connection? By that do you mean one concurrent user or
>> actually one request or actually one connection?
>> 
>> A connection is a socket opened between the client and the server.
>> A request is a HTTP request on that connection.
> 
> my requirement is:
> 
>  "The Apache server listens on port 443i (https). It must accept
> only one connection at a time on this port"
> 
> so its one socket opened between the client and the server.
> 
> Best Regards,
> 
> Oliver
> 

Other than humoring a customer, who may not understand what they are
asking for, what is the goal of trying to do this? 

I don't think the server will be very usable -- basically you want
to set "startservers" to 1, "spareservers" to 0 and "maxclients" to
1.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache permissions stabs new Linux user in face with icepick. Suggestions?

[Richard]

> Date: Thursday, March 10, 2016 12:24:23 +
> From: Lester Caine 
>
> On 10/03/16 01:40, Francis Roy wrote:
>> This is a new install of Linux Mint 17.x with the default
>> Apache/2.4.7 (Ubuntu) install at /etc/apache2
>> My websites, plain html and PHP are kept on a different hard-drive.
>> /media/username/Terrabyte/00_Server/htdocs
> 
> Francis ...
> Since security on Linux is a high priority, many of the default
> actions are set up with that in mind.
> When Apache is installed it uses it's own user and group and if the
> demo site is also created this is owned by that. I think Ubuntu uses
> 'www-data' and 'www' so the tidy way of changing your setup is to
> 
> chown -R www-data:www /media/username/Terrabyte/00_Server/htdocs

For security reasons, the documentroot directory and files, and other
server related directories/files (configuration, etc.) should never
be owned or writable by the user or group that the web server runs
under. As appropriate they need to be readable by the web server, but
never owned/writable by its user/group (www-data:www in this context).

The issue is that if the web server's user/group own/can write to the
those directories/files, if someone is able to break through the
server - either an issue with the server or more likely some poorly
written script - they will control those directories/files and be
able to deface the served content and perhaps more with ease, i.e.,
"own" what is served by your web server.

In general, the documentroot directories/files should be owned by
some unprivileged user and (only) readable by "other".

There may be times when it seems necessary to have the web server
have write access to the directories/files, e.g., for content
updates. In such cases, care needs to be given to how this is done to
ensure that security is maintained.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] security reports page blank ???

[Richard]

> Date: Monday, March 14, 2016 15:57:21 -0700
> From: "Michael A. Peters" 
>
> http://httpd.apache.org/security_report.html
> 
> Currently I am getting nothing from that page, not even historic
> stuff. Is this temporary or has it moved?
> 

It works fine for me, using (firefox) browser with and without js on
and with and without cookies being accepted.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Unable to set up virtual hosts on Mac

[Richard]

 Original Message 
> Date: Monday, March 21, 2016 08:50:05 +0100
> From: Roparzh Hemon 
>
> I've tried to set up a virtual host on my Mac, following all the
> instructions at
> https://coolestguidesontheplanet.com/how-to-set-up-virtual-hosts-in
> -apache-on-mac-osx-10-11-el-capitan/.
> 
> But when I type localhost/~myusernamehere/www.strawberry.com in my
> browser, I get a "404 Not Found : The requested URL
> /~myusernamehere/www.strawberry.com was not found on
> this server." message
> 
> The output of "/usr/sbin/apachectl configtest" is "AH00112: Warning:
> DocumentRoot [/Users/ewandelanoy/Sites/strawberry] does not exist
> Syntax OK"
> 
> In my ~/Documents/Sites I have a directory called
> www.strawberry.com. Should I rename it to just "strawberry" ?


You need to "show your work", i.e., at least the relevant parts of
your virtualhost configuration and the directory list showing the
documentroot for this virtualhost.

I suspect you are mixing concepts (servername vs. documentroot), and
likely not fully understanding what a virtualhost is and how one
would access it via a web server.

Do you control the domain "strawberry.com", or is this just an
obscured reference to the real domain you are using?



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Unable to set up virtual hosts on Mac

[Richard]

> Date: Monday, March 21, 2016 13:31:27 +0100
> From: Roparzh Hemon 
>
> "I suspect you are mixing concepts (servername vs. documentroot),
> and likely not fully understanding what a virtualhost is and how one
> would access it via a web server. Do you control the domain
> "strawberry.com", or is this just an obscured reference to the real
> domain you are using?"
> 
> That's what I'm suspecting too, I must admit. So correct me if
> I am wrong : isn't the whole point of virtual hosts to emulate the
> behavior of websites on faraway servers while actually residing
> wholly on your personal computer ? I do not own any public domain
> called "strawberry.com", but I don't need to during the development
> phase of my site, correct ? Only when I wish to make the site
> public will I need to get a domain.
> 


The/an intent of the virtual host capability in a web server is to
allow one to run multiple sites on the same machine and under the
same [in this case apache] web server instance (with or without their
own IPnumbers). What you do with this capability is up to you. Using
it for development is a case - that way you can do a setup that
matches a production site, but it is also heavily used in various
forms of shared hosting environments.

Generally you should avoid using existing domain names, especially
ones you don't control, (e.g., strawberry.com) since that can have
confusing repercussions. 


> "You need to "show your work", i.e., at least the relevant parts of
> your virtualhost configuration and the directory list showing the
> documentroot for this virtualhost."
> 
>  To answer the directory list question :
> 
> :Documents/Sites$ ls -R www.strawberry.com/
> index.htmlpublic_html
> 
> www.strawberry.com//public_html:
> index.html
> 
> To answer the configuration question : I edited three files, whoses
> contents follow below.
> 
> Contents of /private/etc/hosts file :
> 
> 127.0.0.1 localhost
> 127.0.0.1 strawberry.com www.strawberry.com
> 255.255.255.255broadcasthost
> ::1 localhost
> 
> 
> 
> ServerName strawberry.com
> ServerAlias www.strawberry.com
> DocumentRoot "/Users/myusernamehere/Sites/strawberry"
> 
> 
> 
> 
> On Mon, Mar 21, 2016 at 1:07 PM, Richard wrote:
>> 
>> 
>>  Original Message 
>>> Date: Monday, March 21, 2016 08:50:05 +0100
>>> From: Roparzh Hemon 
>>> 
>>> I've tried to set up a virtual host on my Mac, following all the
>>> instructions at
>>> https://coolestguidesontheplanet.com/how-to-set-up-virtual-hosts-
>>> in -apache-on-mac-osx-10-11-el-capitan/.
>>> 
>>> But when I type localhost/~myusernamehere/www.strawberry.com in my
>>> browser, I get a "404 Not Found : The requested URL
>>> /~myusernamehere/www.strawberry.com was not found on
>>> this server." message
>>> 
>>> The output of "/usr/sbin/apachectl configtest" is "AH00112:
>>> Warning: DocumentRoot [/Users/ewandelanoy/Sites/strawberry] does
>>> not exist Syntax OK"
>>> 
>>> In my ~/Documents/Sites I have a directory called
>>> www.strawberry.com. Should I rename it to just "strawberry" ?
>> 
>> 
>> You need to "show your work", i.e., at least the relevant parts of
>> your virtualhost configuration and the directory list showing the
>> documentroot for this virtualhost.
>> 
>> I suspect you are mixing concepts (servername vs. documentroot),
>> and likely not fully understanding what a virtualhost is and how
>> one would access it via a web server.
>> 
>> Do you control the domain "strawberry.com", or is this just an
>> obscured reference to the real domain you are using?
>> 
>> 

If you've set your DocumentRoot to:

  DocumentRoot "/Users/myusernamehere/Sites/strawberry"

then that's where the server is going to delivery the content from.
It's not going to look in .../www.strawberry.com/... I'm assuming
that you have a real username in the "myusernamehere" slot.

Given what you've done with/to your /etc/hosts file, you should be
able to get to your content with:

   http://www.strawberry.com/

when you have the apache side set up correctly. I.e., you don't need
the "localhost/~username/www.strawberry.com" pathing.


[please don't top post.]



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Unable to set up virtual hosts on Mac

[Richard]

> Date: Monday, March 21, 2016 17:36:59 +0100
> From: Roparzh Hemon 
>
>   As of now, when I put http://www.hhhstrawhhhberry.com/ into my
> browser, I get the famous "It works!" message. But I don't get the
> index.html file I put in
> Documents/Sites/www.hhhstrawhhhberry.com.
> 
> Even if I type http://www.hhhstrawhhhberry.com/index.html instead.
> What should I do to fix this ?
> 

You should look at your access and error logs to see what is being
served, and from where. Compare that against what you have as the
DocumentRoot value you set for your "hhhstrawhhhberry.com" virtual
host, which should be a filesystem path to your desired content.


> 
>> [please don't top post.]
> 
>   Not sure what "top posting" is, but I noticed I had inadvertently
> included copies of the whole preceding discussion in my posts. Sorry
> for the inconvenience, won't happen again
> 

It is generally desirable to put your responses either interlined or
at the bottom (bottom, rather than top, post). Or at least, put your
responses consistent with the way the previous responder(s) put their
posts. Just don't mix the response directions. By the way, it's good
to maintain the identity of responders so that people can see who
said what.


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] My webmail is not working

[Richard]

> Date: Friday, April 01, 2016 20:04:40 +0800
> From: Chandran Manikandan 
>
> Dear Lists,
> 
> I have running Centos 6.6 64 bit system,
> I have updated the packages today through webmin.
> After updated the packages my webmail is not working it say like
> below error in my system log.
> 
> Options FollowSymLinks or SymLinksIfOwnerMatch is off which implies
> that RewriteRule directive is forbidden:
> /usr/share/squirrelmail/favico
> 
> Below error show when i start the http service.
> 
> Starting httpd: [Fri Apr 01 19:55:47 2016] [warn] The Alias
> directive in /etc/httpd/conf/squirrelmail.conf at line 3 will
> probably never match because it overlaps an earlier Alias.
> 
> Browser shown below error.
> Forbidden
> 
> You don't have permission to access /webmail/ on this server.

You don't appear to show the error log entry for the above
permissions issue. But given other issues that you do show, I'd
probably start by  looking at the ownership of the symbolic link for
"webmail" -- unless of course the relevant error log entry points
elsewhere.

Note, Centos released 6.7 last fall, so it's not clear what exactly
you updated recently. Selective updates are not advised, and a fully
updated system would have you at 6.7. Also note, squirrelmail comes
from the EPEL repo, not Centos. You might want to review your yum.log
to see what packages were just updated.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Squirrelmail is not working

[Richard]

> Date: Sunday, April 03, 2016 13:39:46 +0800
> From: Chandran Manikandan 
>
> Hi All,
> I have running cenots 6.6 64 bit machine.
> I have updated all packages through webmin.
> Am running qmailtoaster in the same machine.
> Squirrelmail is not working after updated the packages.
> It's shows welcome screen.
> virtual host config and squirrelmail config files are not change
> anything.
> 

You posted this same question, though with slightly more details, two
days ago and I responded at that time with questions and suggestions.
Please followup on that reply, rather than posting again.

 

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] My webmail is not working

[Richard]

> Date: Sunday, April 03, 2016 21:10:26 +0800
> From: Chandran Manikandan 
>
>> On Sat, Apr 2, 2016 at 1:47 AM, Richard wrote:
>> 
>> > Date: Friday, April 01, 2016 20:04:40 +0800
>> > From: Chandran Manikandan 
>> > 
>> > Dear Lists,
>> > 
>> > I have running Centos 6.6 64 bit system,
>> > I have updated the packages today through webmin.
>> > After updated the packages my webmail is not working it say like
>> > below error in my system log.
>> > 
>> > Options FollowSymLinks or SymLinksIfOwnerMatch is off which
>> > implies that RewriteRule directive is forbidden:
>> > /usr/share/squirrelmail/favico
>> > 
>> > Below error show when i start the http service.
>> > 
>> > Starting httpd: [Fri Apr 01 19:55:47 2016] [warn] The Alias
>> > directive in /etc/httpd/conf/squirrelmail.conf at line 3 will
>> > probably never match because it overlaps an earlier Alias.
>> > 
>> > Browser shown below error.
>> > Forbidden
>> > 
>> > You don't have permission to access /webmail/ on this server.
>> 
>> You don't appear to show the error log entry for the above
>> permissions issue. But given other issues that you do show, I'd
>> probably start by  looking at the ownership of the symbolic link
>> for "webmail" -- unless of course the relevant error log entry
>> points elsewhere.
>> 
>> Note, Centos released 6.7 last fall, so it's not clear what exactly
>> you updated recently. Selective updates are not advised, and a
>> fully updated system would have you at 6.7. Also note,
>> squirrelmail comes from the EPEL repo, not Centos. You might want
>> to review your yum.log to see what packages were just updated.
>> 
>
> Thank you for your suggestion, Let me go through my yum.log and
> update you. I have select all packages and updated via webmin.
> I will check and come back to you.
> how to fix the permission and symbolic issues.
> Could you help me.

You should start by looking at the apache error log lines when you
get the "forbidden" when trying to access "/webmail/" as that should
give hints to the source of the problem. It may be the symbolic link
ownership, but may not be. 

If your centos system isn't showing 6.7 it isn't fully updated.
Depending on what you have installed, the update from .6 to .7 is
2-300 packages.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] My webmail is not working

[Richard]

> Date: Monday, April 04, 2016 12:21:59 +0800
> From: Chandran Manikandan 
> 
> On Sun, Apr 3, 2016 at 9:27 PM, Richard wrote:
>> 
>> > Date: Sunday, April 03, 2016 21:10:26 +0800
>> > From: Chandran Manikandan 
>> > 
>> >> On Sat, Apr 2, 2016 at 1:47 AM, Richard wrote:
>> >> 
>> >> > Date: Friday, April 01, 2016 20:04:40 +0800
>> >> > From: Chandran Manikandan 
>> >> > 
>> >> > Dear Lists,
>> >> > 
>> >> > I have running Centos 6.6 64 bit system,
>> >> > I have updated the packages today through webmin.
>> >> > After updated the packages my webmail is not working it say
>> >> > like below error in my system log.
>> >> > 
>> >> > Options FollowSymLinks or SymLinksIfOwnerMatch is off which
>> >> > implies that RewriteRule directive is forbidden:
>> >> > /usr/share/squirrelmail/favico
>> >> > 
>> >> > Below error show when i start the http service.
>> >> > 
>> >> > Starting httpd: [Fri Apr 01 19:55:47 2016] [warn] The Alias
>> >> > directive in /etc/httpd/conf/squirrelmail.conf at line 3 will
>> >> > probably never match because it overlaps an earlier Alias.
>> >> > 
>> >> > Browser shown below error.
>> >> > Forbidden
>> >> > 
>> >> > You don't have permission to access /webmail/ on this server.
>> >> 
>> >> You don't appear to show the error log entry for the above
>> >> permissions issue. But given other issues that you do show, I'd
>> >> probably start by  looking at the ownership of the symbolic link
>> >> for "webmail" -- unless of course the relevant error log entry
>> >> points elsewhere.
>> >> 
>> >> Note, Centos released 6.7 last fall, so it's not clear what
>> >> exactly you updated recently. Selective updates are not
>> >> advised, and a fully updated system would have you at 6.7. Also
>> >> note, squirrelmail comes from the EPEL repo, not Centos. You
>> >> might want to review your yum.log to see what packages were
>> >> just updated.
>> >> 
>> > 
>> > Thank you for your suggestion, Let me go through my yum.log and
>> > update you. I have select all packages and updated via webmin.
>> > I will check and come back to you.
>> > how to fix the permission and symbolic issues.
>> > Could you help me.
>> 
>> You should start by looking at the apache error log lines when you
>> get the "forbidden" when trying to access "/webmail/" as that
>> should give hints to the source of the problem. It may be the
>> symbolic link ownership, but may not be.
>> 
>> If your centos system isn't showing 6.7 it isn't fully updated.
>> Depending on what you have installed, the update from .6 to .7 is
>> 2-300 packages.
>> 
>
> I have gone through my yum.log it show below for squirrelmail.
> 
> Mar 31 12:59:54 Updated: squirrelmail-1.4.22-4.el6.noarch
> 
> But squirrelmail was running with qmailtoaster package earlier.
> 
> It's always shown below message when i restart the server.
> [warn] The Alias directive in /etc/httpd/conf/squirrelmail.conf at
> line 2 will probably never match because it overlaps an earlier
> Alias.
> 
> http error log below.
> 
> [Mon Apr 04 12:07:47 2016] [notice] Apache/2.2.15 (Unix) DAV/2
> PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.1e-fips mod_wsgi/3.2
> Python/2.6.6 mod_perl/2.0.4 Perl/v5.10.1 configured -- resuming
> normal oper
> [Mon Apr 04 12:17:41 2016] [notice] caught SIGTERM, shutting down
> [Mon Apr 04 12:17:42 2016] [notice] suEXEC mechanism enabled
> (wrapper: /usr/sbin/suexec)
> [Mon Apr 04 12:17:42 2016] [notice] Digest: generating secret for
> digest authentication ...
> [Mon Apr 04 12:17:42 2016] [notice] Digest: done
> 
> squirrelmail error log
> 
> Mon Apr 04 12:08:00 2016] [error] [client xxx.xxx.xxx.xx] Options
> FollowSymLinks or SymLinksIfOwnerMatch is off which implies that
> RewriteRule directive is forbidden: /usr/share/squirrelmail/favico
> 
> Is it any file overwrited in my existing configuration of
> squirrelmail. or do i need to reinstall squirrelmail qmailtoaster
> package.
> 

You appear to be looking at the top-level apache error log. You need
to look at the error log for your webmail virtual host (ErrorLog
logs/mail.-error_log) to see the errors that result when you get
the /webmail/ Forbidden.

The issue that you have presented so far is (browser) access to
webmail. This is unrelated to qmailtoaster.

[please don't top post.]




-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Re: Logs: How to find 403 forbidden error.

[Richard]

> Date: Friday, April 08, 2016 21:40:57 -0400
> From: Francis Roy 
>
> On 16-04-08 08:06 PM, Jonesy wrote:
>
>> Could it be possible that the plugin is getting a 403 from
>> an_external_  fetch attempt?  I.e., the 403 is in the logs
>> of a server somewhere else on the planet.
> 
> Yes, in fact, this is very possible. It is a third-party program
> making a direct request. Would a plugin not have to be served up
> via apache, if the request is on the http/s protocol?
> 

Do you have a virtual host configured for the WP instance? If so,
make certain you are looking at its logs, not the main apache server
ones.

A test would be to make requests (valid and otherwise) to the WP
instance yourself and see if you see your requests logged to the
access and error logs you are looking at.




-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Trouble connecting virtual host to MySQL

[Richard]

> Date: Saturday, April 09, 2016 15:18:04 +0200
> From: Roparzh Hemon 
>
>   Some time ago, some people on this list helped  me setting
> up virtual hosts on my Mac.
>   Everything worked fine until I started adding MySQL stuff to
> my website ; then something strange started to happen : the MySQL
> is correctly found and displayed if I apply some curious workaround,
> but not if I do things the normal way.
> 
>   Here are the relevant details : My /private/etc/hosts file
> contains the following lines :
> 
> 127.0.0.1 localhost
> 127.0.0.1 localmicael.com www.localmicael.com
> ::1 localhost
> 
> My /private/etc/apache2/extra/httpd-vhosts.conf contains the
> following lines :
> 
> 
> ServerName localmicael.com
> ServerAlias www.localmicael.com
> DocumentRoot
> "/Users/myusernamehere/Documents/Sites/Mikeal/public_html"
> ErrorLog "/private/var/log/apache2/localmicael.com-error_log"
> CustomLog "/private/var/log/apache2/localmicael.com-access_log"
> common ServerAdmin w...@coolestguidesontheplanet.com
> LoadModule php5_module /usr/libexec/apache2/libphp5.so
> 
> Require all granted
> DirectoryIndex index.php
> 
> 
> 
> If I type localhost:/Mikeal in my browser, the index page is
> displayed correctly.
> If I type http://www.localmicael.com, however, I get an error
> message telling me the MySQL database could not be found.
> 
> How can I fix this ? Any help appreciated.
>

You are (likely) getting to two different places with these requests.

The url:  is getting you to
"Mikeal/public_html", while [ is
probably getting you to the level above. Exactly what is going on is
somewhat obscured because you don't show the configuration for your
server at ":". Also is "Mikeal/public_html" a directory or a
file? It should be a directory.

In short, you should look at what you have in your "index.php"
file(s) that you are reaching. This isn't really an apache issue,
rather you seem to have two virtual hosts configured (one at :80 and
one at :) and the php files have different references for mysql.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Trouble connecting virtual host to MySQL

[Richard]

 Original Message 
> Date: Saturday, April 09, 2016 16:22:51 +0200
> From: Roparzh Hemon 
>
> On Sat, Apr 9, 2016 at 3:50 PM, Richard wrote:
>> 
>> 
>> You are (likely) getting to two different places with these
>> requests.
>> 
> 
>   That's not what is happening IMHO, see below. Let me repeat
> that the problem only appears when I use MySQL.
> 
>> The url: <http://www.localmicael.com> is getting you to
>> "Mikeal/public_html", while [<http://]localhost:/Mikeal> is
>> probably getting you to the level above.
> 
>  I can type any of
> [http://]localhost:/Mikeal[/public_html][/index.php], all those
> will make my browser correctly serve the index.php file located
> precisely at
> /Users/myusernamehere/Documents/Sites/Mikeal/public_html/index.php
> 
>   Also, shouldn't <http://www.localmicael.com> lead to
> this very same file, according to what I specified in
> /private/etc/apache2/extra/httpd-vhosts.conf (see first post) ?
> 
>> Exactly what is going on is
>> somewhat obscured because you don't show the configuration for your
>> server at ":".
> 
>This  port is used by the MAMP application on my Mac, and is
> nowhere mentioned in the Apache conf files I edited. Do you advise
> me to post here the lengthy output of MAMP's start page or its even
> lengthier phpinfo output ? Are there specific parameters you think
> might be revelant ?
> 
>> is "Mikeal/public_html" a directory or a
>> file? It should be a directory.
> 
> It is a  directory indeed.
> 
> 
>> you seem to have two virtual hosts configured (one at :80 and
>> one at :) and the php files have different references for
>> mysql.
> 
>  I naturally thought of modifying a $db_port parameter in my PHP
> code, setting it to 80 or  or some other random value, but the
> problem stayed exactly the same : the page displays correctly if I
> use that  port (i.e. using my MAMP server), but fails if I try
> to use Apache directly.
> 

Ok, lets go with your more complete information.

The "$db_port" that you have in your php code is the mysql port, and
is unrelated to the httpd port. By default, mysql listens on 3306
(and  80 and  are already being used by httpd instances). 

I would suggest carefully comparing the output from phpinfo() from
both your :80 and :888 instances and see if/where the differences
are. I'd start with the php.ini that is being read - make certain the
same one is being used. Then look closely at the mysql section(s) --
e.g., the socket location as well as the port. You should also,
likely, be able to get additional information from the apache error
log for your virtual host.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

RE: [users@httpd] How to debug the PHP component of Apache2

[Richard]

You can turn on php error reporting and control the level in your
php.ini (once you've identified the correct one with the information
provided below).

Also, one of the php-specific lists may be a better focus for your
php questions.


> Date: Sunday, April 10, 2016 21:24:21 +0300
> From: Alexandru Duzsardi 
>
> Hi ,
> I don't think you understand exactly how php works
> First of all , it doesn't compile anything , it's interpreting
> your script and outputs HTML.
> 
> Second , from your description of the problem it looks like you
> misconfigured something or your scripts are badly written , in any
> case you need to read the installation and configuration of  php
> and php module for apache , if you need to check that you php
> module is installed correctly you cand put a file in the
> DocumentRoot of your website with the content of   ?> , for example info.php and load it in your browser. If you see
> the php info page then at least you know that the php module for
> apache is installed correctly. And go from there , You'll also see
> the location of the php.ini you need to edit in order to make
> changes to your php environment.
> 
> Anyway , every OS does things differently so i can't say for OS X
> how to configure the php module for apache but you should have
> found that information on the site where you got the packages that
> you installed.
> 
> http://php.net/manual/en/install.macosx.php
> 
> 
> -Original Message-
> From: Roparzh Hemon [mailto:roparzhhe...@gmail.com] 
> Sent: Sunday, April 10, 2016 20:33
> 
>   My index.php file is compiled correctly when I use one of my PHP
> executables outside Apache, but fails when I ask Apache to serve it
> (and fails leaving a blank error log unfortunately). So I'm trying
> to understand how and where the two PHP compilations start behaving
> differently.
> 
>   With my outside-Apache PHP executable, I only need to edit the
> php.ini file to use xdebug and get first-class debugging.  I have
> no idea how to do the parallel analysis with Apache however. AFAIK,
> there is no PHP executable inside Apache, just a shared library
> likeat /libexec/apache2/libphp5.so, and I do not know how to debug
> that. Does Apache have a php.ini file also? My current system is
> Mac El Capitan by the way.
> 

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Using an older version of PHP with Apach2

[Richard]

> Date: Thursday, April 21, 2016 01:01:25 -0400
> From: "Brandon L. Wisenburg" 
>
> All, 
> Is it possible to use PHP 5.2.5 with Apache/2.4.6 
> 
> I have an application that was written in WAMP5 using PHP 5.2.5,
> and I am trying to get the application onto a CentOS server and I
> can't get it to work with 5.4.16 
> 
> Are there any good tutorials on using an older version of PHP with
> Apache? 


Leaving aside what it would take to do this, I think that attempting
that route is dangerous. 

Based on your PHP release, I suspect that you are running Centos-7.
While RHEL (therefore included in Centos) backports security fixes,
keeping the base release number stable, I doubt that you will find a
release of php 5.2.5 that will work on Centos-7 that is current on
all the security fixes since 5.2.5 was released in 2007.

A much better approach would be to do the necessary one-time fixes to
your php code and stick with distribution-supported apache/php
releases (or do your own installs, of *newer* releases). 



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Possible DOS Attack

[Richard]

> Date: Friday, May 20, 2016 16:09:58 -0700
> From: Kurtis Rader 
>
> On Fri, May 20, 2016 at 4:00 PM, Roman Gelfand
>  wrote:
> 
>> In the last 2 days we have received roughly 1milion of the
>> following requests.  Just to confirm, is this a DOS attack?
>> 
>> 191.96.249.52 - - [20/May/2016:18:19:22 -0400] "POST /xmlrpc.php
>> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows
>> NT 6.0)"
>> 
> 
> Probably just broken malware trying to guess WordPress account
> credentials. It's probably been handed just your host name or IP
> address and, not having any other victims to target, keeps
> repeatedly hitting your site. I occasionally see this type of
> behavior. I have my firewall configured to blackhole the source
> when there are an unreasonable number of POST requests in a short
> interval.
> 
> 
>> Also, what does this mean?
>> 
>> ::1 - - [20/May/2016:18:26:09 -0400] "OPTIONS * HTTP/1.0" 200 - "-"
>> "Apache/2.4.6 (Red Hat Enterprise Linux) PHP/5.4.16 (internal dummy
>> connection)"
>> 
> 
> It's checking whether your web server allows the OPTIONS command
> which might allow other forms of attacks to succeed. I strongly
> recommend disallowing that HTTP command. Easiest way is via
> mod_allowmethods:
> https://httpd.apache.org/docs/2.4/mod/mod_allowmethods.html

This:

  > ::1 - - [20/May/2016:18:26:09 -0400] ...

is coming from your localhost-ipv6 -- i.e., these are being generated
by something on the server itself.

In the case of the connections from "191.96.249.52" ... I would just
firewall off that ip (and associated range as necessary) with
iptables.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Possible DOS Attack

[Richard]

> Date: Friday, May 20, 2016 23:36:14 +
> From: Richard
> 
>> Date: Friday, May 20, 2016 16:09:58 -0700
>> From: Kurtis Rader 
>> 
>> On Fri, May 20, 2016 at 4:00 PM, Roman Gelfand
>>  wrote:
>> 
>>> In the last 2 days we have received roughly 1milion of the
>>> following requests.  Just to confirm, is this a DOS attack?
>>> 
>>> 191.96.249.52 - - [20/May/2016:18:19:22 -0400] "POST /xmlrpc.php
>>> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows
>>> NT 6.0)"
>>> 
>> 
>> Probably just broken malware trying to guess WordPress account
>> credentials. It's probably been handed just your host name or IP
>> address and, not having any other victims to target, keeps
>> repeatedly hitting your site. I occasionally see this type of
>> behavior. I have my firewall configured to blackhole the source
>> when there are an unreasonable number of POST requests in a short
>> interval.
>> 
>> 
>>> Also, what does this mean?
>>> 
>>> ::1 - - [20/May/2016:18:26:09 -0400] "OPTIONS * HTTP/1.0" 200 -
>>> "-" "Apache/2.4.6 (Red Hat Enterprise Linux) PHP/5.4.16 (internal
>>> dummy connection)"
>>> 
>> 
>> It's checking whether your web server allows the OPTIONS command
>> which might allow other forms of attacks to succeed. I strongly
>> recommend disallowing that HTTP command. Easiest way is via
>> mod_allowmethods:
>> https://httpd.apache.org/docs/2.4/mod/mod_allowmethods.html
> 
> This:
> 
>   > ::1 - - [20/May/2016:18:26:09 -0400] ...
> 
> is coming from your localhost-ipv6 -- i.e., these are being
> generated by something on the server itself.
> 
> In the case of the connections from "191.96.249.52" ... I would just
> firewall off that ip (and associated range as necessary) with
> iptables.
> 

By the way, a quick search shows that posts to /xmlrpc.php is a
wordpress attack vector, with a range of potential ramifications. If
you aren't running wordpress, then I'd just block the IPnumber(s) in
question with iptables. If you are, then you should read up on what
this attack can accomplish and take the necessary actions.

Your log is showing a 500 return code, not a 404, so the implication
is that you have a /xmlrpc.php file (and wp is likely installed),
just not configured correctly so it's getting an "internal server
error" rather than "file not found".



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Possible DOS Attack

[Richard]

> Date: Saturday, May 21, 2016 09:22:24 -0400
> From: "D'Arcy J.M. Cain" 
>
> On 5/20/16 4:00 PM, Roman Gelfand wrote:
>> In the last 2 days we have received roughly 1milion of the
>> following requests.  Just to confirm, is this a DOS attack?
>> 
>> 191.96.249.52 - - [20/May/2016:18:19:22 -0400] "POST /xmlrpc.php
>> HTTP/1.0" 500 251 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows
>> NT 6.0)"
> 
> That looks like a break-in attempt.  The effect may be a DOS but I
> believe that the intent is more sinister.  They want to break into
> your system and take it over.  You would think that once they got
> the first 251 response their code would be smart enough to move on
> to the next victim but if the coders of these things were smart
> they would be making real money with legitimate work.
> 
> Wouldn't life as an ISP be so much better if we could wipe PHP off
> our servers?  I know mine would.

One note -- the values listed after the "HTTP/1.0" are return/status
code and then the number of bytes returned. So, the response:

   ... HTTP/1.0" 500 251 

indicates a "500" status code, with 251 bytes returned. A "500"
status code is an "internal server error", generally an indication of
some type of mal-configuration. There isn't (officially) a 251 status
code, rather the "251" is the error message byte count, not an
indication of success.

Because that wasn't a "404" (not found) error I suspect that WP, and
hence /xmlrpc.php, is installed but that that explicit exploit
attempt failed -- not to say that other aspects of that WP site
aren't vulnerable. If WP isn't being actively maintained it should be
removed.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] find IP and PORT in use by Apache

[Richard]

> Date: Tuesday, June 21, 2016 22:20:20 +
> From: Mahmood N 
>
> The folder permission is root:root with 755.
> Regarding the symlink option in httpd.conf, I see
>     Options FollowSymLinks
>     AllowOverride None
> 
> 
> I looked at the logs, but didn't find any useful error! to follow.
> Do you have any idea?
> 
> Jun 21 11:47:34 cluster dhcpd: DHCPDISCOVER from 00:e0:81:c6:31:77
> via eth0 
> Jun 21 11:47:34 cluster dhcpd: DHCPOFFER on 10.10.10.251
> to 00:e0:81:c6:31:77 via eth0 
> ...

You appear to be showing your system "messages" log, rather than
anything specific to the apache server that isn't delivering the
requested resource.

I think I would start by looking at the apache error (and access)
logs for the apache server that you are hitting for:

   http://10.10.10.1/install/rocks-dist/x86_64/images/install.imgﾠ

See first if the issue is that the resource isn't there, an access or
permissions problem, etc., then move deeper if that doesn't give
enough information to resolve this.

Your "the compute node, says 'Unable to retrieve'" description of the
problem is rather non-specific.




-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Change user for Apache web server to a non-privileged user?

[Richard]

> Date: Wednesday, September 14, 2016 08:16:32 -0400
> From: Tom Hammond 
>
> I have an Apache 2.2x server and would like to harden security so
> that hackers can't get in easily to the Apache webserver.  One
> suggestion is to change the user/group for Apache to a
> non-privileged account.
> 
> Currently the user "fpp" is the default user for Apache which has
> access to the operating system via sudo commands.
> 
> I entered these commands to create a non-privileged account:
> sudo groupadd http-web
> sudo useradd -d /opt/fpp/www/ -g http-web http-web
> 
> I then edited /etc/apache2/envvars to change these lines:
> export APACHE_RUN_USER=http-web
> 
> export APACHE_RUN_GROUP=http-web
> 
> I also ran this command to change user/group permissions on this
> folder: sudo chown -R http-web:http-web /var/lock/apache2/
> sudo chown -R http-web:http-web /opt/fpp/www
> 
> Finally, I restarted the Apache service with this command:
> sudo service apache2 restart
> 
> When I try to access the website on this server, I receive the
> following message:
> 
> Forbidden: You don't have permission to access / on this server.
> 
> I've been scouring the Internet trying to figure out how to switch
> the default "fpp" Apache user to a non-privileged account and can't
> figure it out. Can someone shed some light on this?

There's nothing about the "apache" user/group that inherently makes
it privileged. It's just a standard user/group that the apache server
(generally) runs as.

What you do want to make certain of is that your DocumentRoot is not
owned by the user/group that the webserver is running as, and that it
is not writable by that user/group.

The webserver does need read access to the files (and execute to
directories) under the DocumentRoot.





-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

RE: [users@httpd] Change user for Apache web server to a non-privileged user?

[Richard]

> Date: Wednesday, September 14, 2016 17:37:36 -0400
> From: Tom Hammond 
> 
>> From: Richard  
>> Sent: Wednesday, September 14, 2016 5:06 PM
>> 
>>> Date: Wednesday, September 14, 2016 08:16:32 -0400
>>> From: Tom Hammond 
>>> 
>>> I have an Apache 2.2x server and would like to harden security so
>>> that  hackers can't get in easily to the Apache webserver.  One
>>> suggestion  is to change the user/group for Apache to a
>>> non-privileged account.
>>> 
>>> Currently the user "fpp" is the default user for Apache which has 
>>> access to the operating system via sudo commands.
>>> 
>>> I entered these commands to create a non-privileged account:
>>> sudo groupadd http-web
>>> sudo useradd -d /opt/fpp/www/ -g http-web http-web
>>> 
>>> I then edited /etc/apache2/envvars to change these lines:
>>> export APACHE_RUN_USER=http-web
>>> 
>>> export APACHE_RUN_GROUP=http-web
>>> 
>>> I also ran this command to change user/group permissions on this
>>> folder: sudo chown -R http-web:http-web /var/lock/apache2/ sudo
>>> chown  -R http-web:http-web /opt/fpp/www
>>> 
>>> Finally, I restarted the Apache service with this command:
>>> sudo service apache2 restart
>>> 
>>> When I try to access the website on this server, I receive the 
>>> following message:
>>> 
>>> Forbidden: You don't have permission to access / on this server.
>>> 
>>> I've been scouring the Internet trying to figure out how to switch
>>> the  default "fpp" Apache user to a non-privileged account and
>>> can't figure  it out. Can someone shed some light on this?
>> 
>>
>>
>> There's nothing about the "apache" user/group that inherently makes
>> it privileged. It's just a standard user/group that the apache
>> server (generally) runs as.
>> 
>> What you do want to make certain of is that your DocumentRoot is
>> not owned by the user/group that the webserver is running as, and
>> that it is not writable by that user/group.
>> 
>> The webserver does need read access to the files (and execute to
>> directories) under the DocumentRoot.
>> 
> 
> 
> Thanks for the advice!  If I understand you, the user/group that the
> webserver is running as needs to have read access on files and
> execute on directories, but at the same time not be an "owner" of
> these files & directories.  Is that correct?
> 


Correct. And, as well, that user/group should not have write access
to the files/directories under the DocumentRoot.




-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] How to restrict Directory access in httpd

[Richard]

> Date: Friday, December 09, 2016 05:58:31 +
> From: Ishan Thakur 
>
> Hi , 
>     I am running apache(2.2.29) static libraries into my
> application . I want to restrict access to particular directories
> from where my application is running. So for example: My
> application is  at D:\new_user\  and i
> have some private files at D:\private_fileThen user if provides
> path like ../../private_file via web interface to my web-app , then
> he is able to access this "private_file" in my server. How can I
> restrict it ?? How to restict in a way only
> D:\new_user\\* is accessible to
> web-interface?
> 
> Thanks ,Ishan
> 

It sounds like you have your "DocumentRoot" set to "D:", rather than
a lower directory level. However, without seeing your configuration
that's only a guess.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Re: Compile php5 for apache2.4 error APXS

[Richard]

> Date: Friday, December 30, 2016 11:00:13 -0200
> From: Rodrigo Cunha 
> 
>> Dears, help me please.
>> I have httpd.2.4 compiled in my enviroment and i want compile too
>> php5.6 for test.
>> but my ./configure strout displeyed error to apxs version, in
>> stdout i see  error before my
>> php search for apache1 apx and my apx is apache2
>> below my commands in terminal and stdout:
>> 
>> ./configure --with-apache=/usr/local/httpd-2.4.23.php5/
>> --with-apxs2=/usr/local/httpd-2.4.23.php5/bin/apxs --with-mysql
>> 
>> Configuring SAPI modules
>> checking for AOLserver support... no
>> checking for Apache 1.x module support via DSO through APXS... no
>> checking for Apache 1.x module support... no
>> configure: error: Invalid Apache directory - unable to find
>> httpd.h under /usr/local/httpd-2.4.23.php5/
>> 
>> root@nginx:/usr/local/src/php-5.6.29# apachectl -v
>> Server version: Apache/2.4.23 (Unix)
>> Server built:   Dec 22 2016 13:02:12
>> root@nginx:/usr/local/src/php-5.6.29#
>> 
>> PS: I compiled the php7 for this apache and i not have error in
>> this step. --
>> Atenciosamente,
>> Rodrigo da Silva Cunha
>> São Gonçalo, RJ - Brasil
>> 

Given that it couldn't find "httpd.h" in the location you gave:

   configure: error: Invalid Apache directory - unable to 
   find httpd.h under /usr/local/httpd-2.4.23.php5/

I'd start by looking for that file on your system and go from there.





-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] redirect port from 80 to 443

[Richard]

> Date: Saturday, February 18, 2017 11:04:34 -0700
> From: James Moe 
>
> On 02/18/2017 05:08 AM, Rodrigo Cunha wrote:
>> i want redirect all request from port 80 to 443.
>> what is better setting for fix this?
>> 
>   Better than what?
>   Fix? Is it broken?
> 
> RewriteCond %{HTTP_HOST} =www.example.com
> RewriteCond %{SERVER_PORT} =80
> RewriteRule ^(.*)$ https://www.example.com/$1 [R]

Perhaps, better than using a "rewrite"? See the documentation
reference, given in an earlier post:

  

that has this as a specific example of when/why to use a "redirect"
rather than a "rewrite".



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache default page not displayed [wd-vc]

[Richard]

You might want to use the "find" command to locate your apache
httpd.conf. I don't know about Ubuntu, but on many OS distributions,
the apache configuration files are in /etc/httpd .

Try putting your "index.html" file down a level, in /var/www/html,
that's generally the default document root. [but you still need to
figure out where your apache configuration files are so that you can
properly manage your server.]

- Richard



 Original Message 
> Date: Monday, March 30, 2015 09:33:16 +
> From: Stephen Liu 
> To: "Bremser, Kurt (AMOS Austria GmbH)" ,
users@httpd.apache.org
> Cc: 
> Subject: [users@httpd] AW: [users@httpd] Apache default page not
displayed [wd-vc]
>
> Hi,
> 
> $ locate httpd.conf
> /etc/phpmyadmin/lighttpd.conf
> 
> no such file?
> 
> $ cat /etc/phpmyadmin/lighttpd.conf | grep DocumentRoot
> No printout
> 
> Thanks
> 
> Regards
> Stephen L 
> 
> 
> 
>  "Bremser, Kurt (AMOS Austria GmbH)" 
> 於 2015年03月30日 (週一) 5:08 PM 寫道﹕
>  
> 
>  #yiv9938440916 #yiv9938440916 --P
> {MARGIN-BOTTOM:0px;MARGIN-TOP:0px;}#yiv9938440916 Where does
> DocumentRoot in your httpd.conf point to? Kurt BremserAMOS
> Austria Newton was wrong. There is no gravity. The Earth
> sucks.Von: Stephen Liu [sati...@yahoo.com.INVALID] Gesendet:
> Montag, 30. März 2015 11:01
> An: users@httpd.apache.org
> Betreff: [users@httpd] Apache default page not displayed [wd-vc]
> 
> Hi all,
> 
> OS - LinuxMint 17
> 
> Not displaying Apache2 default page - "It Works"
> 
> Apache2 is running
># /etc/init.d/apache2 start* Starting web server apache2 
> 
> ls /var/www/
> ballet  classic  hymn    info.php  string
> bible   html index.html  opera wordpress
> 
> html is a
>
directoryŠ>
   
> 
> On browser run - localhost/index.html
> Not Found
> The requested URL /index.html was not found on this server.
> Apache/2.4.7 (Ubuntu) Server at localhost Port 80
> 
> Please help.  TIA
> 
> Regards
> Stephen L
> 
>

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache is Slow

[Richard]

 Original Message 
> Date: Tuesday, March 31, 2015 02:18:13 -0400
> From: "Ethan Rosenberg, PhD" 
> Subject: Re: [users@httpd] Apache is Slow
>
> Some more info
> 
> Changed the host in the connect
> 
> $cxn = mysqli_connect($host,$user,$password);
> 
> $host="127.0.1.1";
> 
> Now get an error...
> 
> Warning: mysqli_connect(): (HY000/2003): Can't connect to MySQL
> server on '127.0.1.1' (111) in /var/www/HandleWeight.php on line 56
> Connect Error (2003) Can't connect to MySQL server on '127.0.1.1'
> (111)
> 
> Also ...
> 
> root@meow:/home/ethan/BluBev# netstat -ln | grep mysql
> unix  2  [ ACC ] STREAM LISTENING 10347
> /var/run/mysqld/mysqld.sock
> 
> 
> I hope this clears the waters and does not muddy them more.


The correct IPnumber for "localhost" is "127.0.0.1". I wouldn't
generally expect anything to answer on "127.0.1.1".

Separately, I think that this likely proves that this isn't an
apache issue. You're getting to the mysql reference in the php
script that  you're calling (from the js reference) and it's failing
there because of the incorrect IPnumber. So, apache is responding
fine and it's seemingly your script that has problems.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Missing log entries?

[Richard]

If the log entry for the image has a "referer" for a site page, then
it is unlikely that the image is being served from another page/site
(unless there is referer-based access control and someone *really*
wants the image(s), so is mucking the referer).

Apache doesn't write the log entry until the page has been delivered
(otherwise it wouldn't be able to give you the number of bytes
served). If your page(s) have something that keeps them from being
fully served (js, and ad, etc.) then the user may click off the page
before everything closes out and the entry is logged. I.e., this
wouldn't require the user to explicitly abort the page delivery,
they may just be doing it implicitly if the page has delivery issues.

You should be able to check this fairly easily yourself. 



 Original Message 
> Date: Thursday, April 02, 2015 20:00:00 -0400
> From: 5k Kate <5k.kate.1...@gmail.com>
>
> Is it possible that the image links are being shared separately
> from the page? Theoretically someone could go and post your image
> into another page.
> 
> -Kate
> 
> On Wed, Apr 1, 2015 at 1:09 PM, Andrew Moise
>  wrote:
> 
>>   Hello all.
>>   I'm trying to analyze the behavior of visitors to my web site by
>> parsing my Apache access log, and it seems that the log is missing
>> some entries. For example, it's happened before that there's an
>> entry in the log for serving an image, with a referrer set to one
>> of my HTML pages, but there is no entry in the log for that HTML
>> page (either before or after the entry for the image loading)
>> from any similar IP address. I don't think that the headers I'm
>> emitting would cause the browser to cache that particular HTML
>> page.
>>   Furthermore (and more to the point of why I'm concerned about
>>   this), parsing the apache log indicates a small fraction (maybe
>> 25%) of the number of visitors indicated by a third party logging
>> tool (in this case clicky.com).
>>   Is there anything that could cause this? For example, does
>>   apache not put an entry in the log if the connection is
>> interrupted before the entire HTML file is emitted?
>>   Thanks in advance for your help.
>>   -Andrew
>> 
>> -
>>  To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>> 
>> 

 End Original Message 



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache 2.4 SSI

[Richard]

 Original Message 
> Date: Sunday, April 05, 2015 19:39:06 -0400
> From: Stormy 
>
> Looking for help with SSI. We have a production boxes using
> Apache/2.2.22 on Ubuntu 12.04 LTS that renders (thousands of)
> pages like:
> 
> 
> 
> 
> which I'm trying to migrate to Apache/2.4.7 on Ubuntu 14.04 LTS.
> 
> After several hours of googling/reading/trying, these pages only
> render (perfectly) by using:
> 
> 
> 
> yet other  work
> flawlessly.
> 
> There's got to be something simple that I haven't cottoned onto...
> (logs show no errors)
> 
> Using (per virtual host) a directory:
> 
>  XBitHack on
>  Options Indexes FollowSymLinks MultiViews Includes
>  AllowOverride None
>  Require all granted
>  AddType text/html .inc .html
>  AddOutputFilter INCLUDES .inc .html
> 
> 
> Relevant(?) mods include cgid, fcgid, include, mpm-prefork and php5
> 
> Thanks for any thoughts, pointers, etc
> 
> Best - Paul
> 
> 

This looks much more like a php, than apache, configuration issue.
I'm going to guess that your php was updated when you did the OS and
apache update. If so, compare the old production php.ini with the
new one, including for things like the "include_path".




-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache Installation

[Richard]

 Original Message 
> Date: Tuesday, April 14, 2015 00:53:08 -0400
> From: Ethan Rosenberg 
> To: Apache Mailing List 
> Cc: 
> Subject: [users@httpd] Apache Installation
>
> Dear List -
> 
> After trying everything I could think of, and hitting a brick
> wall, I did a clean installation of Apache2.
> 
> Rebooted.
> 
> PING localhost (127.0.0.1) 56(84) bytes of data.
> 64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.024
> ms
> 64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.029
> ms
> ^C
> --- localhost ping statistics ---
> 2 packets transmitted, 2 received, 0% packet loss, time 999ms
> rtt min/avg/max/mdev = 0.024/0.026/0.029/0.005 ms
> 
> http://127.0.0.1/start.php
> 
> The requested URL /start.php was not found on this server.
> 
> What am I doing wrong??
> 
> TIA
> 
> Ethan

 - your ping indicates the reachability/responsiveness of the
 host, it says nothing about a specific service.

 - that you got a "404" indicates that the httpd service is
 running/responding.

 - the "404" is indicating that the file "start.php" is not
 in the directory at the top of the document root of
 the "primary host" in your apache setup, or otherwise
 not accessible [if it's there and accessible, but php isn't
 properly configured you'll get the php source, rather than
 server-parsed output]:

 -- have you reviewed your apache configuration to be certain
of where the "document root" of your "primary host" is?

 -- have you checked to see if the file (start.php) is there
(and readable by user that apache runs as on your system)?

 -- have you checked your server logs (specifically the
error log in this case)?

you need to do basic troubleshooting -- we can't do it for you.




-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Deny didn't work

[Richard]

Also "allow/deny" (or the 2.4 equiv) directives only control whether
the server delivers the content, not whether the client can request
an item from the server. I.e., the indication of successful blocking
will be the response code changing from 200 to 403, but you'll still
likely see hits. If you want to block the client from hitting the
server you'd probably need to use firewall settings.

With your rewrite attempt, did you include a statement turning the
rewrite engine on? 


 Original Message 
> Date: Monday, May 04, 2015 09:36:50 PM -0400
> From: Yehuda Katz 
>
> What version of Apache are you using?
> Apache 2.4 changed the access control directives unless you
> specifically enable the old style:
> http://httpd.apache.org/docs/2.4/upgrading.html#access
> 
> Also, make sure you have the correct AllowOverride statements.
> 
> - Y
> 
> On Mon, May 4, 2015 at 7:33 PM, Joshua Smith
>  wrote:
> 
>> Hi,
>> 
>> I tried both of the following methods to block an ip address, but
>> neither worked.  In .htaccess, I put:
>> 
>> Order Deny,Allow
>> Deny from 123.123.123.123
>>  
>> and
>>
>> RewriteCond %{REMOTE_ADDR} ^123.123.123.123
>> RewriteRule .* /maintenance.html [R=503,L]
>> 
>> (I do have the mod_rewrite module installed)
>> 
>> In both cases, I put the rules at the top of the file so that it
>> would be the first rules executed.
>> 
>> After each one, i did an apachectl stop, then apachectl start.
>> 
>> In both cases, when i monitored my site with the 'server-status'
>> module, the ip address was still there, with sometimes more than
>> 30 requests, and all for the same page, which was /login.php.
>> And it continued to be there for the next 30 minutes until it
>> just dropped off, but i was doing nothing to stop it at that
>> point.
>> 
>> This method of blocking has worked for me in the past.
>> 
>> Is it possible for someone (ie a hacker…) to bypass my blocking
>> method(s)?  Or is there something more I need to do?
>> 
>> Thank you,
>> Josh
>> 
 End Original Message 



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

RE: [users@httpd] Is httpd 2.4.x is supported on CentOs6?

[Richard]

> Date: Tuesday, November 28, 2017 13:47:51 +
> From: "Houser, Rick" 
>
>> From: Eric Covener [mailto:cove...@gmail.com]
>> Sent: Tuesday, November 28, 2017 07:51
>> 
>> On Tue, Nov 28, 2017 at 7:47 AM, chetan jain 
>> wrote:
>> > Hi All,
>> > 
>> > As apache 2.2.x is EOL, I need to upgrade to httpd 2.4.x version
>> > but I am not able to verify anywhere if it is supported/tested
>> > configuration with Centos 6 OS?
>> 
>> It's not a commercial product with supported/tested configurations.
>> It works on Linux and centos 6 isn't very old, so I wouldn't expect
>> any problems.
>> 
>> --
>> Eric Covener
>> cove...@gmail.com

> RedHat supports 2.2 on RHEL6, and 2.4 on RHEL7, so Centos
> distributed packages should match.  A self-compiled/maintained
> version of 2.4 works fine starting with RHEL6 (dependency issues
> with common modules under RHEL5), but I'm guessing  from the
> original question that's not the desired scenario.
> 
> Rick Houser
> Web Engineer

There are releases of 2.4 for centos-6 in the scl collection - a
semi-official release channel for newer versions of some packages:

  




-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] [autoindex:error] [pid 16794]

[Richard]

> Date: Thursday, December 14, 2017 16:38:49 +0100
> From: Wolfgang Paul Rauchholz 
>
>
> On Thu, Dec 14, 2017 at 3:35 PM, Eric Covener 
> wrote:
> 
>> On Thu, Dec 14, 2017 at 8:36 AM, Wolfgang Paul Rauchholz
>>  wrote:
>> >
>> > I get error message underneath. I googled and tried to make some
>> > changes but no luck.
>> > 
>> > [Thu Dec 14 13:49:10.312713 2017] [autoindex:error] [pid 16794]
>> > [client 10.5.2.185:63041] AH01276: Cannot serve directory
>> > /var/www//html/seeddms/: No matching DirectoryIndex
>> > (index.html,index.php,index.php) found, and server-generated
>> > directory index forbidden by Options directive
>> 
>> What do you expect to be served when /html/seeddms/ is accessed?
>> 

> At this point the installation procedure.
> I installed all in ../html/seeddms and whenentering in my web
> browser /seeddms I get this error message.
> 

Well, do you have at least one of the following files:

  - index.html 
  = index.php 
  - index.php

in that directory? That's what you've configured it to look for as a
directoryindex.




  

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] SSI/website rendering errors

[Richard]

> Date: Thursday, December 14, 2017 23:07:37 +
> From: jm07...@lycos.com
>
> Although my website was functioning properly on Monday, 12/11/17, it
> exhibited several errors the following day (12/12/17). No changes
> were made to any of the files after 12/6 (the last being an SSI
> text file on 12/6). Several of the base html files are nearly nine
> years old (I modify the SSI include files as needed, and rarely
> touch the others).
> 
> The site is coded in XHTML 1.0 Strict and until 12/12 the code has
> been fully compliant (per W3C HTML and CSS validators). I suspect
> it may have something to do with SSI, which is used extensively on
> the site, but I have seen only one possibly-related post concerning
> a recent Apache release (Critical Changes In Apache 2.4 -
> https://documentation.cpanel.net/display/EA/Critical+Changes+In+Apa
> che+2.4#CriticalChangesInApache2.4-Server-SideInclude(SSI)Expressio
> nParser).
> 
> The server OS is LiteSpeed (Apache Version 2.4.29). The hosting
> company stated that no patches were applied to the system after the
> 11th, but I note that LiteSpeed released LSWS v. 5.2.3 on 12/11/17,
> the last day on which the website was working correctly.  (This
> query is also posted on a LiteSpeed forum.)
> 
> All suggestions are welcome.

And the errors you are seeing - on the pages with rendering problems
and in the logs? Without even that basic detail all anyone can do is
guess.






-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] .htaccess mobil client

[Richard]

> Date: Saturday, January 13, 2018 22:43:38 +0300
> From: Gokan Atmaca 
> 
> The structure of our site is as follows. Connections default to
> "desk.site" folder. If the incoming connection requests come from
> mobile phones, "msite" goes to the folder. But CSS, JS files
> are not coming. I made a symbolic link to the mobile site folder.
> 
> Desktop /home/desk.site/public
> Mobil /home/msite/public
> 
> ln -s /home/msite/public /home/desk.site/msite
> 
> 
> On Sat, Jan 13, 2018 at 6:24 PM, Walter H.
>  wrote:
>> 
>> On 12.01.2018 22:23, Gokan Atmaca wrote:
>> 
>> Hello
>> 
>> I am redirecting Apache mobile clients to the mobile site. But the
>> files like cs,js,font,img are not working.
>> 
>> Can you help with this ?
>> 
>> config:
>> 
>> RewriteCond %{HTTP_USER_AGENT} ^.*(android|iPhone).*$ [NC]
>> RewriteRule ^ /msite/$1 [R=301,L]
>> 
>> what is $1?
>> 
>> this should be something like
>> 
>> RewriteRule ^(.*)$ /msite$1 [L,R=301]


What do your access and error logs show?



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] .htaccess mobil client

[Richard]

> Date: Sunday, January 14, 2018 00:03:27 +0300
> From: Gokan Atmaca 
>
> On Sat, Jan 13, 2018 at 10:52 PM, Richard wrote:
>> 
>>> Date: Saturday, January 13, 2018 22:43:38 +0300
>>> From: Gokan Atmaca 
>>> 
>>> The structure of our site is as follows. Connections default to
>>> "desk.site" folder. If the incoming connection requests come from
>>> mobile phones, "msite" goes to the folder. But CSS, JS files
>>> are not coming. I made a symbolic link to the mobile site folder.
>>> 
>>> Desktop /home/desk.site/public
>>> Mobil /home/msite/public
>>> 
>>> ln -s /home/msite/public /home/desk.site/msite
>>> 
>>> On Sat, Jan 13, 2018 at 6:24 PM, Walter H.
>>>  wrote:
>>>> 
>>>> On 12.01.2018 22:23, Gokan Atmaca wrote:
>>>> 
>>>> Hello
>>>> 
>>>> I am redirecting Apache mobile clients to the mobile site. But
>>>> the files like cs,js,font,img are not working.
>>>> 
>>>> Can you help with this ?
>>>> 
>>>> config:
>>>> 
>>>> RewriteCond %{HTTP_USER_AGENT} ^.*(android|iPhone).*$ [NC]
>>>> RewriteRule ^ /msite/$1 [R=301,L]
>>>> 
>>>> what is $1?
>>>> 
>>>> this should be something like
>>>> 
>>>> RewriteRule ^(.*)$ /msite$1 [L,R=301]
>> 
>> 
>> What do your access and error logs show?
>> 

> There is no error. The access logs are as follows.
> x.x.x.x.x- [13/Jan/2018:15:52:04 +0300] "GET
> /e/home-ajax-get-prepared-orders HTTP/1.1" 200 1062
> "http://a.desk.com/e"; "Mozilla/5.0 (Windows NT 10.0)
> AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79
> Safari/537.36 Edge/14.14393"
> 

That log entry is for a desktop browser (or at least not specifically
an android or iphone that you are redirecting), so not really
relevant for debugging your mobile-device browser problem. 

An android/iphone identified device should result in something in
your error log if the various pieces aren't loading. If nothing is
showing up there check that your logging is configured correctly.

My sense from the little that you have provided is that you are
simply  redirecting identified mobile devices down a separate branch
of your documentroot, not to a different [virtual] host, so all your
entries will be mixed in the same log.


[please do not top post.]




-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] E-commerce Rewrite Rule

[Richard]

You seem to be making the "urls" that the client gets unnecessarily
complex which results in rewrite rules that are wasteful and ripe for
errors. You might want to reconsider the urls that you are presenting
to the client, making them more precise so that the rewrite rules can
be cleaner, or in many cases unneeded.

Needing a rewrite for a basic "contact-us" seems to be a bit of
overkill (aka, perpetual employment coding).



> Date: Wednesday, February 14, 2018 07:46:14 -0500
> From: Frank Gingras 
>
> Be wary of such blanket answers. When used in the per directory
> context (Directory block or .htaccess file), the leading slash is
> stripped before the rewrite rule is evaluated.
> 
> Consider using the rewrite log to see what is happening.
> 
> On Wed, Feb 14, 2018 at 4:38 AM,  wrote:
> 
>> The regex groups count from left to right,
>> Also the paths start with a /
>> So the rule should be something like:
>> 
>> RewriteRule
>> ^/([A-Za-z0-9-]+)/([A-Za-z0-9-]+)/([A-Za-z0-9-]+)/([A-Za-z0-9-]+)/
>> ?$ php-page-name.php?dept=$1&maincat=$2&subcat=$3&product=$4 [L]
>> -
>> Van: Rajib Karmakar [mailto:creativewebl...@gmail.com]
>> Verzonden: woensdag 14 februari 2018 9:59
>> Aan: users@httpd.apache.org
>> Onderwerp: Re: [users@httpd] E-commerce Rewrite Rule
>> 
>> Hello,
>> 
>> I build is it right?
>> 
>> 3. domain.com / Clothing[Department] / Mens[Main Catagory] /
>> Shirts[Sub Catagory] / White Shirt [product_id=15] => RewriteRule
>> ^([A-Za-z0-9-]+)/([A-Za-z0-9-]+)/([A-Za-z0-9-]+)/([A-Za-z0-9-]+)/?$
>> php-page-name.php?dept=$4&maincat=$3&subcat=$2&product=$1 [L]
>> 
>> 4. domain.com / contact-us => RewriteRule ^contact/?$
>> contact-us.php [L]
>> 
>> 
>> 
>> Sincerely
>> -
>> Rajib Karmakar
>> 
>> Creative Web Logo Technologies
>> Website: http://www.creativeweblogo.com
>> Mobile: +919874704940
>> Skype: creative.web.logo
>> © 2008-2018 Creative Web Logo Technologies.
>> 
>> On Tue, Feb 13, 2018 at 8:53 PM, Rajib Karmakar
>>  wrote:
>> Hello,
>> 
>> Yes, I need  4 URL to mod_rewrite.
>> 
>> 
>> Sincerely
>> -
>> Rajib Karmakar
>> 
>> Creative Web Logo Technologies
>> Website: http://www.creativeweblogo.com
>> Mobile: +919874704940
>> Skype: creative.web.logo
>> © 2008-2018 Creative Web Logo Technologies.
>> 
>> On Tue, Feb 13, 2018 at 7:51 PM, Eric Covener 
>> wrote: On Tue, Feb 13, 2018 at 8:57 AM, Rajib Karmakar
>>  wrote:
>> > Good morning Team,
>> > 
>> > 
>> > Below 4 URL in my e-commerce, please guide me right rewriterule
>> > for it.
>> > 
>> > 
>> > 
>> > 1. domain.com / Clothing[Department] / Mens[Main Catagory] /
>> > Shirts[Sub Catagory] / T-Shirts [Sub Sub Catagory] / White Shirt
>> > [product_id=15]
>> > 
>> > 
>> > 2. domain.com / Mens[Main Catagory] / Shirts[Sub Catagory] /
>> > T-Shirts
>> [Sub
>> > Sub Catagory] / White Shirt [product_id=15]
>> > 
>> > 
>> > 3. domain.com / Clothing[Department] / Mens[Main Catagory] /
>> > Shirts[Sub Catagory] / White Shirt [product_id=15]
>> > 
>> > 
>> > 4. domain.com / contact-us
>> > 
>> 
>> What's the question? What have you tried?  Normally a question
>> about mod_rewrite would involve a "to" and "from" URL.
>> 
>> --
>> --- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For
>> additional commands, e-mail: users-h...@httpd.apache.org
>> 
>> 
>> 

 End Original Message 



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Some questions regarding Apache HTTP Server ServerLimit (Too Many Child Processes)

[Richard]

> Date: Friday, May 18, 2018 14:59:21 +0900
> From: 

> Hello,
> 
> I'm using Apache HTTP Server 2.2.32 on Linux.
> 
> I see that too many child processes are being made on Apache HTTP
> Server.
> 
> Child processes are being made up to 256 on Apache HTTP Server.
> 
> Apache HTTP Server is using ServerLimit default value(256).
> 
> Q. Could you please provide me how to set ServerLimit value greater
> than ServerLimit default value(256) on Apache HTTP Server?
> 
> Q. Could you please give me any advice for reducing be being made
> too many child processes on Apache HTTP Server?
> 
> Q. Is tcpdump helpful for analyzing why the issue has been
> happening? I thought tcpdump wouldn't be helpful to analyze why the
> issue has been happening.
> 
> Please refer the following information.
> 
> 
> ServerLimit 256
> Timeout 1800
> 
> 
> StartServers 32
> MinSpareServers  25
> MaxSpareServers  75
> MaxClients 1024
> MaxRequestsPerChild   0
> 
> 
> 
> Mohammed G.

You can increase your server limit above the 256 default by changing
the value on that line in your config file (and restarting your
server). Increasing your server limit value is just addressing the
symptom not the underlying problem. That you have your Timeout set
abnormally high is not helping the issue.

While it could be that your server is just under resourced for the
amount of use it is getting, generally you hit server/maxclient
limits when some content/resource on your site takes a long time to
process and/or be sent to the client. Do an analysis of your server
logs, checking for slow serving times.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Web page works with "php -S" but not with apache

[Richard]

I've summarized your posting details -- see my comments at the end.


> Date: Sunday, June 03, 2018 11:42:39 +
> From: Mahmood Naderan 
>   
> root@webshub:/var/www/html# php -S localhost:8080
> PHP 7.2.5-0ubuntu0.18.04.1 Development Server started at Tue May 29
22:56:54 2018
> 
> Listening on http://localhost:8080
> Document root is /var/www/html
>
> [Tue May 29 23:02:57 2018] 127.0.0.1:41380 [301]: /
> [Tue May 29 23:02:57 2018] 127.0.0.1:41382 [301]: /install
> [Tue May 29 23:02:57 2018] 127.0.0.1:41384 [200]: /install/rules
>
> And that correctly shows the install page. So the question is, why
> I am not able to access the install page remotely? 
>
>
> Consider the following apach2 config file on an Ubuntu 18.04 as 
> below 
> root@web1:/var/www/html#
> cat /etc/apache2/sites-available/000-default.conf 
>
> 
> ServerAdmin webmaster@localhost
> DocumentRoot /var/www/html/
>   
> And the files are in /var as below 
> root@web1:/var/www/html# ls -lah
>
> drwxr-xr-x 19 root root 4.0K 29 15:12 .
> drwxr-xr-x  3 root root 4.0K 27 14:37 ..
> -rw-r--r--  1 www-data www-data 3.1K 14  2017 captcha.php
> -rw-rw-r--  1 www-data www-data  38K 10  2016 CHANGELOG.txt
> -rw-r--r--  1 www-data www-data 5.0K 28  2017 e500.php
> -rw-r--r--  1 www-data www-data 3.2K 27 23:38 index.php
> -rw-r--r--  1 www-data www-data 4.3K 16 19:21 install_info.txt
> drwxrwxr-x  2 www-data www-data 4.0K 27 16:52 ow_core
> 
> Form a remote machine when I enter http://w.x.y.z in firefox, I
> get the following error 
> The requested URL /install was not found on this server.



The information that you are presenting to make your case appears to
be inconsistent.

In the first example you are using:

   php -S localhost:8080

you are showing "webshub" as the machine name:

   root@webshub

and there is indeed an "install" file in the "/var/www/html"
directory listing:

   [Tue May 29 23:02:57 2018] 127.0.0.1:41382 [301]: /install


In your second (remote connection) case you are using

   http://w.x.y.z

which based on the configuration you show:

   

will connect to port 80, not 8080 as you do in your first test.

Additionally, the hostname on the filelist is "web1", not "webshub"

   root@web1

and the output does *not* include an "install" file or directory in
its "root@web1:/var/www/html" listing (and the file listings don't
match up at all).

In short, your http ports, machine names and "/var/www/html" listings
don't match. The "install" file that you are after is indeed in the
first listing, but it is not in the second, which is what appears to
be available to the "remote" apache instance. 

Are you certain that you are referencing the same filesystem
instances, or even the same machines?

To further debug, you need to provide the relevant server log lines.




-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Virtualhosts

[Richard]

> Date: Tuesday, June 19, 2018 20:01:07 -0400
> From: Louis 
>
> Apache 2.4 on Ubuntu 16.04LTS . We have multiple VirtualHosts
> running on port 80, one on port 8080. They are all fully
> functional...
> 
> BUT for the one on port 8080 I have to explicitly append the port
> number to the URL in a browser to access it (or the browser gets
> the 000-default.) No diff between .conf files except Listen 80 |
> 8080 and  | 
> 
> How to avoid appending the port number to the browser URL? (I'm
> sure it's simple, but I just can't find it.)
> 
 
You can't.

Defined services/protocols are assigned certain ports -- http 80 (see
the /etc/services file on your machine). When the client (browser in
this case) sees the protocol name "http" it will attempt to connect
to the assigned port. If you want to connect to an http service
running on some port other than :80 you have to tell the *client*
what port to connect to on the server. There's nothing that you can
do on the server side to change this. 

[no, changing the port number assigned to http in the /etc/services
file on your server will not change how the web browser tries to
connect to your server.]



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

RE: [users@httpd] https not working

[Richard]

If "the request never reaches the server" then it's most likely a
firewall issue.

You should try to telnet to port 443 from a) the localhost, b) a
machine on the same network, c) a machine on a different (ideally
external) network. If you get a "hang", as opposed to "connection
refused", then it's very likely a firewall. Which of the above you
are (or aren't) able to connect from will give you a hint of whether
it's local to the machine or at the network level. If you get a
"connection refused" response, then the issue is that httpd isn't
listening on that port. 

Note, from your output it looks like you only have this (only)
configured for ipv6, which constrains what is and isn't going to
work. You're going to need to understand whether the telnet test
above is being done from ipv4 or v6 in order to interpret the results.


   - Richard


> Date: Friday, June 22, 2018 19:45:26 +0430
> From: Mahmood Naderan 
>
> No Idea?
> I have stuck at that….
> 
> 
> Regards,
> Mahmood
> 
> 
> From: Mahmood Naderan
> Sent: Thursday, June 21, 2018 12:59 PM
> To: Alex K; users@httpd.apache.org
> Subject: RE: [users@httpd] https not working
> 
> 
> Have you enabled ssl and rewrite modules? I would verify also that
> there is no firewall blocking 443.
> 
> It seems that everything is fine
> 
> root@ce:~# apachectl -M | grep ssl
> ssl_module (shared)
> root@ce:~# apachectl -M | grep rewrite
> rewrite_module (shared)
> root@ce:~# netstat -tulpn | grep 443
> tcp6   0  0
> :::443 
> :::*    LISTEN 
> 5563/apache2 root@ce:~#
> 
> 
> Unfortunately, the log files show nothing since the request never
> reaches the server. Any idea?
> 
> Regards,
> Mahmood
> 
> 
> From: Alex K
> Sent: Thursday, June 21, 2018 9:44 AM
> To: users@httpd.apache.org; Mahmood Naderan
> Subject: Re: [users@httpd] https not working
> 
> Hi,
> 
> Have you enabled ssl and rewrite modules? I would verify also that
> there is no firewall blocking 443.
> 
> Alex
> 
 End Original Message 



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Slow Apache 2.4 server

[Richard]

> Date: Thursday, June 21, 2018 20:06:16 +0200
> From: Jørn 
>
> On Thursday, June 21, 2018 08:11:02 Gryzli Bugbear wrote:
>> Hi,
>> 
>> Maybe you should first find where the slowness come from (most
>> probably it is php, rather than Apache).
> 
> That was in my mind, but tests show that PHP is much faster on the
> new server than on the  old one. PHP 7 is by nature faster than PHP
> 5.x and the since the new server is much more  powerfull (8 cores
> vs 2 and higher cpu and memory frequency).
> 
> There is not much to do for the PHP code to render the thumbnails.
> It just get the image  identifier from the URL, looks up in the
> database and based on the answer from the  database, it read a
> small file from the disk and return it to the client.
> 
> But to be sure, I added timers to check the speed of the code. It
> confirm that the PHP  code itself IS much faster on the new server.
> 
> The old server is a dual core AMD @ 800 Mhz CPU speed.
> The new server is a 8 core AMD @ 4 Ghz CPU speed.
> 

What are the rated data transfer rates of the disks on the two
machines? While the new machine's disks *should* be at least as fast,
there are a range of variables and so no guarantee. As a basic test,
try simple file transfers (e.g., using scp) between these two
machines and a third one. Do both large files, and groups of small
ones. You need to keep as many variables as possible constant in the
test - e.g., same network connectivity from these servers to testing
machine, etc.




-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: RE: [users@httpd] https not working

[Richard]

> Date: Saturday, June 23, 2018 17:09:41 +
> From: Mahmood Naderan 
>
>> Try "openssl s_client -debug -connect host:port" to see if your
>> machine can contact the server at all.
> Should I run that on my laptop (the remote machine) or the server?
> 
> 
>> You should try to telnet to port 443 from a) the localhost
> 
> The output seems to be fine
> mahmood@ce:~$ telnet localhost 443
> Trying ::1...
> Connected to localhost.
> Escape character is '^]'.
> ^]
> telnet> 
> 
>> Note, from your output it looks like you only have this (only)
>> configured for ipv6, which constrains what is and isn't going to
>> work. You're going to need to understand whether the telnet test
>> above is being done from ipv4 or v6 in order to interpret the
>> results.
> 
> Where do you mean? I have no problem with removing ipv6.
> 
> What I have done already is to test one of the websites (and not a
> subdomain) with https. I mean if you consider the main url as
> http://myuni.com then http://myuni.com/shb works fine. What I have
> done is that I have created an entry in default-ssl.conf for
> /var/www/html/shb. Therefore, I want to test https://myuni.com/shb
> Does that matter? 
> 

To get this to work:

  > Therefore, I want to test https://myuni.com/shb
  > Does that matter? 

you need to have https/port 443 configured correctly and open
(including through firewalls) to whatever networks you want to give
it access from (localhost, internal, external).

Your telnet test shows you successfully connecting -- via ipv6
(Trying ::1...) -- to port 443 on the local machine. You need to
continue testing the "b" and "c" options from my earlier message:

  > b) a machine on the same network, c) a machine on a different 
  > (ideally external) network

if you want clients to be able to connect from "b" internal networks
and/or "c" external networks.

As noted earlier, your netstat output is only showing ipv6 for port
443. That may be what you want, but generally isn't sufficient for
full external client access. If you need ipv4 too you'll need to
configure things appropriately -- that's a host networking, not
apache/httpd, issue.

By the way, the "s_client" test that was suggested is useful, but I
think is harder to get the different types of server side responses
from than a simple telnet. If the port is open but it's potentially a
security protocol/certificate issue, then s_client is the right tool.
Trying to debug your current issue with a browser is almost useless.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: RE: [users@httpd] https not working

[Richard]

> Date: Sunday, June 24, 2018 14:22:10 +
> From: Richard 
> 
>> Date: Saturday, June 23, 2018 17:09:41 +
>> From: Mahmood Naderan 
>> 
>>> Try "openssl s_client -debug -connect host:port" to see if your
>>> machine can contact the server at all.
>> Should I run that on my laptop (the remote machine) or the server?
>> 
>> 
>>> You should try to telnet to port 443 from a) the localhost
>> 
>> The output seems to be fine
>> mahmood@ce:~$ telnet localhost 443
>> Trying ::1...
>> Connected to localhost.
>> Escape character is '^]'.
>> ^]
>> telnet> 
>> 
>>> Note, from your output it looks like you only have this (only)
>>> configured for ipv6, which constrains what is and isn't going to
>>> work. You're going to need to understand whether the telnet test
>>> above is being done from ipv4 or v6 in order to interpret the
>>> results.
>> 
>> Where do you mean? I have no problem with removing ipv6.
>> 
>> What I have done already is to test one of the websites (and not a
>> subdomain) with https. I mean if you consider the main url as
>> http://myuni.com then http://myuni.com/shb works fine. What I have
>> done is that I have created an entry in default-ssl.conf for
>> /var/www/html/shb. Therefore, I want to test https://myuni.com/shb
>> Does that matter? 
>> 
> 
> To get this to work:
> 
>   > Therefore, I want to test https://myuni.com/shb
>   > Does that matter? 
> 
> you need to have https/port 443 configured correctly and open
> (including through firewalls) to whatever networks you want to give
> it access from (localhost, internal, external).
> 
> Your telnet test shows you successfully connecting -- via ipv6
> (Trying ::1...) -- to port 443 on the local machine. You need to
> continue testing the "b" and "c" options from my earlier message:
> 
>   > b) a machine on the same network, c) a machine on a different 
>   > (ideally external) network
> 
> if you want clients to be able to connect from "b" internal networks
> and/or "c" external networks.
> 
> As noted earlier, your netstat output is only showing ipv6 for port
> 443. That may be what you want, but generally isn't sufficient for
> full external client access. If you need ipv4 too you'll need to
> configure things appropriately -- that's a host networking, not
> apache/httpd, issue.
> 
> By the way, the "s_client" test that was suggested is useful, but I
> think is harder to get the different types of server side responses
> from than a simple telnet. If the port is open but it's potentially
> a security protocol/certificate issue, then s_client is the right
> tool. Trying to debug your current issue with a browser is almost
> useless.
> 

A clarification, the last part of this line:

  > If you need ipv4 too you'll need to configure things
  > appropriately -- that's a host networking, not
  > apache/httpd, issue.

is imprecise. See:

<https://httpd.apache.org/docs/2.4/bind.html>

for more detail on ipv4/ipv6 bindings.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] download

[Richard]

> Date: Wednesday, July 11, 2018 23:33:32 +0200
> From: georg.chamb...@telia.com
>
> Hi Im an oldie, who once installed an Apache server, now I was on
> to make a new installation BUT O, things have become so
> complexity, so inflated, I can make no sense of what to download,
> or from where

That, of course, depends on the operating system in question. If you
are using a *nix type system I would suggest you start by using its
package management application to download and install things. That
will/should resolve dependencies and the like and make everything
much easier.

As the versions available from the repos aren't always the most
bleeding edge, if you find that you need capabilities that are only
found in newer releases you can then proceed on and get the
binaries/source directly - but you're more on your own in terms of
making all the parts work.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] 403 error upon upgrade

[Richard]

> Date: Sunday, September 30, 2018 10:44:28 -0700
> From: "Jack M. Nilles" 
>
> Basically the same as before:
> 
> [Sun Sep 30 10:29:05.708882 2018] [autoindex:error] [pid 3663]
> [client 220.181.51.119:50416] AH01276: Cannot serve directory
> /home/data/site1/htdocs/: No matching DirectoryIndex
> (index.html,index.html.var) found, and server-generated directory
> index forbidden by Options directive

The "index.html.var" directoryindex option is part of the (default)
global setting. I would suggest searching your config file(s) for
"DirectoryIndex" to locate all the instance(s) of "index.html.var".
That will help you get a sense of context and what is and isn't being
read as you would expect. 



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Configuring redirects from http to https

[Richard]

Do you have logging on the port 80 "redirect" virtualhost, and is
that what you are looking at? If you are seeing entries from use of
the https instance it sounds like you are reviewing the port 443
virtualhost logging, not the logs for port 80.


> Date: Friday, November 30, 2018 16:37:02 -0800
> From: "Jack M. Nilles" 
>
> I got nothing out of that filter. I note that response to my
> queries  produced: [30/Nov/2018:14:57:10 -0800] "-" 408 - "-" "-"
> on a few occasions.
> 
> 
>> On 30 Nov 2018, at 15:48, Filipe Cifali 
>> wrote:
>> 
>> grep -i “mismatch” on it may provide something, your config
>> seems correct, which is weird
>> 
>> On Fri, 30 Nov 2018 at 21:17 Jack M. Nilles 
>> wrote: I have an access log and an error log. The error log
>> doesn't show much for today. The access log is full of
>> entries from those who have used the https address.
>> What should I be looking for to detect the http failures?
>> 


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache HTTP Server Prior to 2.4.12 Multiple Vulnerabilities

[Richard]

> Date: Tuesday, June 18, 2019 05:38:50 +
> From: Satish Chhatpar 02 
>
> How to patch Apache 2.4.6 to latest release on RHEL 7.4?
> 

RedHat backports patches to the base version, keeping the version
number stable within an OS release. I.e., RH-7 will maintain the
2.4.6 httpd version number. You need to look at the number after that
(currently 2.4.6-89) to see the incremental change numbering. You can
look up the CVEs against RH's change log and/or update announcements
for a package to see that an issue has been addressed. From what I
have seen, RH tends to have updated httpd packages out very quickly
following a vulnerability announcement.

By the way, RH-7 is currently at .6, which came out late last year. A
.4 system is missing about 18 months of updates.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Need Apache to return multiple error doc

[Richard]

> Date: Thursday, July 11, 2019 11:48:38 +0530
> From: alchemist vk 
>
> Hi all,
>   I have a requirement where I need send different error docs for
> same error code depending upon specific error returned by
> application.. For example, if application returns 400,it means
> error may be due to non availability of query param or url doesn't
> have mandatory fields etc,and depending upon this exact error, I
> need to send proper error doc with exact error.. pls let me know
> how to achieve this..
> 
> PS: I have one error doc which says query param not available and
> another error doc which says non availability of the mandatory
> fields in URL, so how to differentiate and send specific error
> depending upon single error return code 400..
> 

You can point the ErrorDocument reference for a return code to a
script, rather than a static page. You can then use the script to
gather other available information (e.g., the referrer) to determine
the cause of the error and generate/serve an appropriate error
message.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Need Apache to return multiple error doc

[Richard]

> Date: Saturday, July 13, 2019 16:11:12 +0530
> From: alchemist vk 
>
> Richard/All,
>   I am trying to implement what you suggested.. But somehow its not
> working and unable to restart apache after making my changes.
>   If possible, can you provide one short example code snippet .
> 

Changing what an error return code points to should not effect your
server's ability to restart (even if there are errors in the
ErrorDocument itself). Please provide the ErrorDocument lines from
your apache config as well as the message you get when you try to
restart the server.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Fwd: Warning from users@httpd.apache.org

[Richard]

> Date: Friday, October 25, 2019 20:37:49 +0530
> From: Tapas Mishra 
>
> Hello,
> I am getting bounce message , what should I do?.
> 
> Thanks
> 
> 
> -- Forwarded message -
> From: 
> Date: Wed, Sep 25, 2019 at 11:24 AM
> Subject: Warning from users@httpd.apache.org
> To: 
> 
> Hi! This is the ezmlm program. I'm managing the
> users@httpd.apache.org mailing list.
> 
> Messages to you from the users mailing list seem to
> have been bouncing. I've attached a copy of the first bounce
> message I received.


This is a list configuration issue over which you have no control. 

This list needs to be configured to handle DMARC properly.

Because the list doesn't do DMARC rewriting you may miss list
messages from people sending from p=reject domains, but won't
actually get kicked off the list because these bounce-check messages
will get delivered to you.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Fwd: Warning from users@httpd.apache.org

[Richard]

> Date: Saturday, October 26, 2019 13:16:36 +0100
> From: sebb 
>
> On Fri, 25 Oct 2019 at 16:20, Richard
>  wrote:
>> 
>> > Date: Friday, October 25, 2019 20:37:49 +0530
>> > From: Tapas Mishra 
>> > 
>> > Hello,
>> > I am getting bounce message , what should I do?.
>> > 
>> > Thanks
>> > 
>> > 
>> > -- Forwarded message -
>> > From: 
>> > Date: Wed, Sep 25, 2019 at 11:24 AM
>> > Subject: Warning from users@httpd.apache.org
>> > To: 
>> > 
>> > Hi! This is the ezmlm program. I'm managing the
>> > users@httpd.apache.org mailing list.
>> > 
>> > Messages to you from the users mailing list seem to
>> > have been bouncing. I've attached a copy of the first bounce
>> > message I received.
>> 
>> 
>> This is a list configuration issue over which you have no control.
>> 
>> This list needs to be configured to handle DMARC properly.
>> 
>> Because the list doesn't do DMARC rewriting you may miss list
>> messages from people sending from p=reject domains, but won't
>> actually get kicked off the list because these bounce-check
>> messages will get delivered to you.
> 
> Not all bounces are due to DMARC issues.
> 
> The receiving mail system may detect another issue, such as SPAM,
> and reject the mail.
>
> There are bound to be differences in the rules that different
> systems apply, so there will be occasions when the ASF system
> forwards a mail which is later rejected by one or more receivers.
> 
> There are lots of other reasons why the receiver may bounce the
> email.
> 
> In this case, the email does not appear to have any DMARC headers:
> http://mail-archives.apache.org/mod_mbox/httpd-users/201909.mbox/ra
> w/%3cd09ee182-8902-90b8-1081-a8a956ff4...@helios.jpl.nasa.gov%3e
> 
> You can ask for a copy of the email to be sent to you by emailing:
> 
> users-get.118...@httpd.apache.org
> 
> Of course this may fail if the receiver detects a problem again.
> 

I agree, there are a range of reasons that a receiving host might
reject a message. When you add in DMARC - because the headers aren't
rewritten - the chances of rejects, and because of that that someone
will get kicked off a list, increase dramatically (at least for those
of us whose ESPs enforce DMARC).

Indeed, the headers on that message don't include any DMARC
references, and that's the problem. The sender's host/domain
(helios.jpl.nasa.gov) has DMARC set to "p=reject":

  dig txt _dmarc.helios.jpl.nasa.gov

  ;; ANSWER SECTION:
  _dmarc.helios.jpl.nasa.gov. 569   IN  TXT "v=DMARC1; p=reject; 

which means that messages that purport to be from that host/domain
can't be seen to be being sent from "just anywhere". Because the
sender's message was (re-)sent from an "apache.org" domain/IP it
failed DMARC which got it rejected from DMARC-enforcing ESPs.

For anyone using a DMARC-enforcing ESP (of which gmail is one), it's
fairly routine to get kicked off (or threatened with removal from)
lists that don't do the necessary rewriting -- which seems to include
most (all?) of the "apache.org" hosted lists.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Fwd: Warning from users@httpd.apache.org

[Richard]

> Date: Sunday, October 27, 2019 12:17:36 +
> From: sebb 
>
>> On Sun, 27 Oct 2019 at 09:32, Richard
>>  wrote:
>> 
>> I agree, there are a range of reasons that a receiving host might
>> reject a message. When you add in DMARC - because the headers
>> aren't rewritten - the chances of rejects, and because of that
>> that someone will get kicked off a list, increase dramatically (at
>> least for those of us whose ESPs enforce DMARC).
>> 
>> Indeed, the headers on that message don't include any DMARC
>> references, and that's the problem. The sender's host/domain
>> (helios.jpl.nasa.gov) has DMARC set to "p=reject":
>> 
>>   dig txt _dmarc.helios.jpl.nasa.gov
>> 
>>   ;; ANSWER SECTION:
>>   _dmarc.helios.jpl.nasa.gov. 569 IN TXT "v=DMARC1; p=reject;
>> 
>> which means that messages that purport to be from that host/domain
>> can't be seen to be being sent from "just anywhere". Because the
>> sender's message was (re-)sent from an "apache.org" domain/IP it
>> failed DMARC which got it rejected from DMARC-enforcing ESPs.
>> 
>> For anyone using a DMARC-enforcing ESP (of which gmail is one),
>> it's fairly routine to get kicked off (or threatened with removal
>> from) lists that don't do the necessary rewriting -- which seems
>> to include most (all?) of the "apache.org" hosted lists.
> 
> I see, thanks for the clear explanation.
> 
> I've just checked the DMARC filter, and whilst it removes the DKIM
> signature, it is also supposed to munge the From line to append
> '.INVALID'.
>
> This does not appear to have happened.
>
> The script assumes that the DKIM header comes before the From line;
> maybe that was not the case here.
> 
> I assume the From rewriting is intended to disable the DMARC check
> at the receiving end.
>
> There are several examples of the From munging on the list, e.g.
> 
> http://mail-archives.apache.org/mod_mbox/httpd-users/201910.mbox/%3
> c158c6a04-ef01-2fce-bf33-aabc673bb...@copyrightwitness.net%3e
> 

The '.INVALID' "From" rewrite works, at least with my DMARC-enforcing
ESP, when it's invoked. I got the message you referenced above, as
well as about 20 others, from this list over the course of the last
~4 months that were munged that way.

The filter is missing enough, however, that I have been threatened
with expulsion from this list at least once over that same period
(plus 5 times from another ".apache.org" hosted one).



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Fwd: Warning from users@httpd.apache.org

[Richard]

> Date: Tuesday, October 29, 2019 22:03:58 +
> From: sebb 
>
> On Mon, 28 Oct 2019 at 09:19, sebb  wrote:
>> 
>> On Sun, 27 Oct 2019 at 14:21, Richard
>>  wrote:
>> > 
>> > 
>> > 
>> > > Date: Sunday, October 27, 2019 12:17:36 +0000
>> > > From: sebb 
>> > > 
>> > >> On Sun, 27 Oct 2019 at 09:32, Richard
>> > >>  wrote:
>> > >> 
>> > >> I agree, there are a range of reasons that a receiving host
>> > >> might reject a message. When you add in DMARC - because the
>> > >> headers aren't rewritten - the chances of rejects, and
>> > >> because of that that someone will get kicked off a list,
>> > >> increase dramatically (at least for those of us whose ESPs
>> > >> enforce DMARC).
>> > >> 
>> > >> Indeed, the headers on that message don't include any DMARC
>> > >> references, and that's the problem. The sender's host/domain
>> > >> (helios.jpl.nasa.gov) has DMARC set to "p=reject":
>> > >> 
>> > >>   dig txt _dmarc.helios.jpl.nasa.gov
>> > >> 
>> > >>   ;; ANSWER SECTION:
>> > >>   _dmarc.helios.jpl.nasa.gov. 569 IN TXT "v=DMARC1; p=reject;
>> > >> 
>> > >> which means that messages that purport to be from that
>> > >> host/domain can't be seen to be being sent from "just
>> > >> anywhere". Because the sender's message was (re-)sent from an
>> > >> "apache.org" domain/IP it failed DMARC which got it rejected
>> > >> from DMARC-enforcing ESPs.
>> > >> 
>> > >> For anyone using a DMARC-enforcing ESP (of which gmail is
>> > >> one), it's fairly routine to get kicked off (or threatened
>> > >> with removal from) lists that don't do the necessary
>> > >> rewriting -- which seems to include most (all?) of the
>> > >> "apache.org" hosted lists.
>> > > 
>> > > I see, thanks for the clear explanation.
>> > > 
>> > > I've just checked the DMARC filter, and whilst it removes the
>> > > DKIM signature, it is also supposed to munge the From line to
>> > > append '.INVALID'.
>> > > 
>> > > This does not appear to have happened.
>> > > 
>> > > The script assumes that the DKIM header comes before the From
>> > > line; maybe that was not the case here.
>> > > 
>> > > I assume the From rewriting is intended to disable the DMARC
>> > > check at the receiving end.
>> > > 
>> > > There are several examples of the From munging on the list,
>> > > e.g.
>> > > 
>> > > http://mail-archives.apache.org/mod_mbox/httpd-users/201910.mb
>> > > ox/%3
>> > > c158c6a04-ef01-2fce-bf33-aabc673bb...@copyrightwitness.net%3e
>> > > 
>> > 
>> > The '.INVALID' "From" rewrite works, at least with my
>> > DMARC-enforcing ESP, when it's invoked. I got the message you
>> > referenced above, as well as about 20 others, from this list
>> > over the course of the last ~4 months that were munged that way.
>> 
>> Good to know.
>> 
>> > The filter is missing enough, however, that I have been
>> > threatened with expulsion from this list at least once over that
>> > same period (plus 5 times from another ".apache.org" hosted one).
>> 
>> It does look like the filter does not always work correctly.
>> 
>> It would be useful to know which messages and lists are involved.
>> Note that about half apache.org lists use the dmarc filter; the
>> others do not.
>> 
>> I have raised https://issues.apache.org/jira/browse/INFRA-19347.
>> 
>> If you could add any relevant details to the issue, that would be
>> great.
> 
> FTR: the email from helios.jpl.nasa.gov does not have an
> Authentication-Results: header in it.
> AFAICT all the other emails with DKIM-Sigs or munged From: headers
> (i.e. they originally had a DKIM header) have an
> Authentication-Results header from one of the spamd MTAs.
> 
> Since the email was definitely seen by spamd3-us-west.apache.org
> this is a bit odd.
> Also the X-Spam-Status header does not mention any DKIM tests.
> 
> This suggests to me that the original email probably did not have a
> DKIM signature in it.
&

Re: [users@httpd] Expose my server to internet

[Richard]

Looking back some months I'm not finding the beginning of this
thread, so maybe you should start fresh.

-- what is the public IPnumber of your server?

-- what is the public DNS name for your server (i.e., the dns entry 
   that points to the public IPnumber)?


> Date: Tuesday, January 14, 2020 09:28:45 +0530
> From: Padmahas Bn 
>
> Continued from my previous email.
> One more interesting observation.
> 
> I've forwarded both both port 80 and port 8080.
> On port 80 my Apache web server is running on port 8080, Tomcat
> server is running.
> 
> When I hit IP_ADDR:80, I got "Connection timed out".
> When I hit IP_ADDR:8080, I got "This site can't be reached".
> 
> Any reason why this happened?
> 


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Expose my server to internet

[Richard]

The IPnumber associated with padmahasa.ddns.net (103.228.221.102) is
not reachable via ping or traceroute. A traceroute ends at:

   43.254.160.42.static.belltele.in (43.254.160.42)

Additionally, attempting to telnet to either port 80 or 8080 on
103.228.221.102 results in a "network hang". 

So, it would seem that that IPnumber is not publicly reachable.
{Assuming the dns entry to be correct] if you're not firewalling it
then you need to speak with your provider.


> Date: Wednesday, January 15, 2020 01:03:27 +0530
> From: Padmahas Bn 
>
> Hello @Richard and @Monah baki
> 
> @Richard,
> 
>> -- what is the public IPnumber of your server?
>> 
> I'm not sure whether it's OK or not to tell my public IP openly.
> But I can give partial IP address.
> xxx.xxx.221.102
> 
>> -- what is the public DNS name for your server (i.e., the dns entry
>> 
> padmahasa.ddns.net
> 
>>  that points to the public IPnumber)?
>> 
> Yeah that points to public IP number.
> 
> @Monah,
> I think the firewall will not be active by default and I double
> checked with firewall, which is not active in my Ubuntu system.
> But should I do any weird thing like, activating it and explicitly
> allow http traffic in?
> Until now this is the situation.
> 1. There is no problem with OS and firewall.
> 2. There is no problem with web server configuration.
> 3. There is no problem with my ISP (I had asked my ISP whether they
> are going to block any incoming traffic but they said No).
> 
> Still not able to reach my server from internet.
> Let me know what you guys think the reason could be.
> 
> Thank you.
> 
> On Tue, Jan 14, 2020 at 9:23 PM Monah Baki 
> wrote:
> 
>> Check firewall
>> 
>> On Tue, Jan 14, 2020 at 10:43 AM Richard <
>> lists-apa...@listmail.innovate.net> wrote:
>> 
>>> Looking back some months I'm not finding the beginning of this
>>> thread, so maybe you should start fresh.
>>> 
>>> -- what is the public IPnumber of your server?
>>> 
>>> -- what is the public DNS name for your server (i.e., the dns
>>> entry that points to the public IPnumber)?
>>> 
>>> 
>>> > Date: Tuesday, January 14, 2020 09:28:45 +0530
>>> > From: Padmahas Bn 
>>> > 
>>> > Continued from my previous email.
>>> > One more interesting observation.
>>> > 
>>> > I've forwarded both both port 80 and port 8080.
>>> > On port 80 my Apache web server is running on port 8080, Tomcat
>>> > server is running.
>>> > 
>>> > When I hit IP_ADDR:80, I got "Connection timed out".
>>> > When I hit IP_ADDR:8080, I got "This site can't be reached".
>>> > 
>>> > Any reason why this happened?
>>> > 
>>> 
>>> 
>>> -
>>>  To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>>> For additional commands, e-mail: users-h...@httpd.apache.org
>>> 
>>> 

 End Original Message 



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Expose my server to internet

[Richard]

Since your hostname/ipnumber can't be pinged and all low-level ports
seem to be closed I'm going to bet that the blocking is at your
provider's level. You might want to check that that's really your
IPnumber. Try using something like:

<http://www.ipnumber.eu/ip/>

to confirm your public IPnumber. 


 Original Message 
> Date: Wednesday, January 15, 2020 10:01:51 +0530
> From: Padmahas Bn 
> To: users 
> Subject: Re: [users@httpd] Expose my server to internet
>
> Thank you all for nmap and traceroute report.
> 
> @Otis Dewitt,
> 
>> You are being firewalld, those ports are not available from
>> outside.
>> 
> Do you mean the firewall of my OS (Ubuntu) or is there any other
> levels of firewall?
> Like at my router level (even though it's there, since I've port
> forwarded it will allow these ports right?)?
> OR is it possible my ISP also have firewall that can block incoming
> traffic to my system?
> 
> On Wed, Jan 15, 2020 at 2:05 AM Otis Dewitt - NOAA Affiliate
>  wrote:
> 
>> You are being firewalld, those ports are not available from
>> outside.
>> 
>> On Tue, Jan 14, 2020 at 3:23 PM Larry Irwin (work) <
>> larry.ir...@ccamedical.com> wrote:
>> 
>>> nmap shows all ports as filtered:
>>> 
>>> # nmap -Pn padmahasa.ddns.net
>>> 
>>> Starting Nmap 7.01 ( https://nmap.org ) at 2020-01-14 15:17 EST
>>> Nmap scan report for padmahasa.ddns.net (103.228.221.102)
>>> Host is up.
>>> rDNS record for 103.228.221.102:
>>> 103.228.221.102.static.belltele.in All 1000 scanned ports on
>>> padmahasa.ddns.net (103.228.221.102) are filtered
>>> 
>>> Nmap done: 1 IP address (1 host up) scanned in 201.85 seconds--
>>> 
>>> Larry Irwin
>>> 
>>> On 1/14/20 2:58 PM, Richard wrote:
>>> > The IPnumber associated with padmahasa.ddns.net
>>> > (103.228.221.102) is not reachable via ping or traceroute. A
>>> > traceroute ends at:
>>> > 
>>> > 43.254.160.42.static.belltele.in (43.254.160.42)
>>> > 
>>> > Additionally, attempting to telnet to either port 80 or 8080 on
>>> > 103.228.221.102 results in a "network hang".
>>> > 
>>> > So, it would seem that that IPnumber is not publicly reachable.
>>> > {Assuming the dns entry to be correct] if you're not
>>> > firewalling it then you need to speak with your provider.
>>> > 
>>> > 
>>> >> Date: Wednesday, January 15, 2020 01:03:27 +0530
>>> >> From: Padmahas Bn 
>>> >> 
>>> >> Hello @Richard and @Monah baki
>>> >> 
>>> >> @Richard,
>>> >> 
>>> >>> -- what is the public IPnumber of your server?
>>> >>> 
>>> >> I'm not sure whether it's OK or not to tell my public IP
>>> >> openly. But I can give partial IP address.
>>> >> xxx.xxx.221.102
>>> >> 
>>> >>> -- what is the public DNS name for your server (i.e., the dns
>>> >>> entry
>>> >>> 
>>> >> padmahasa.ddns.net
>>> >> 
>>> >>>   that points to the public IPnumber)?
>>> >>> 
>>> >> Yeah that points to public IP number.
>>> >> 
>>> >> @Monah,
>>> >> I think the firewall will not be active by default and I double
>>> >> checked with firewall, which is not active in my Ubuntu system.
>>> >> But should I do any weird thing like, activating it and
>>> >> explicitly allow http traffic in?
>>> >> Until now this is the situation.
>>> >> 1. There is no problem with OS and firewall.
>>> >> 2. There is no problem with web server configuration.
>>> >> 3. There is no problem with my ISP (I had asked my ISP whether
>>> >> they are going to block any incoming traffic but they said No).
>>> >> 
>>> >> Still not able to reach my server from internet.
>>> >> Let me know what you guys think the reason could be.
>>> >> 
>>> >> Thank you.
>>> >> 
>>> >> On Tue, Jan 14, 2020 at 9:23 PM Monah Baki
>>> >>  wrote:
>>> >> 
>>> >>> Check firewall
>>> >>> 
>>> >>> On Tue, Jan 14, 2020 at 10:43 AM Richard <
>>> >>> lists-apa...@listmail.innovate.net&g

Re: [users@httpd] Re: Configuration question

[Richard]

> Date: Monday, January 27, 2020 09:42:51 -0600
> From: o1bigtenor 
>
> So I don't really need to use 'virtual hosts'. What I am actually
> needing to do is to use different ports to the same 'stack' rather
> than creating different 'stacks'.
>
> By this I mean that I don't need to use different server
> configurations for each application rather than I need to 'just'
> assign different ports to the different applications and this
> should work.

I think you may be confusing "virtual machines" and "(apache) virtual
hosts". A virtual machine (VM) is indeed a whole "stack" (as you are
referring to things). A[n apache] virtual host environment is simply
configuring an instance of apache to serve content (more or less) as
if it's on different VMs. This will allow you to use different
document roots for each content set as well as serve out on different
ports and/or hostnames from a single machine.

In general I try to avoid serving content on non-standard http/https
ports as it tends to be confusing to users. Using different hostnames
and/or IPnumbers is cleaner and causes fewer headaches.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Re: Configuration question

[Richard]

> Date: Monday, January 27, 2020 16:51:44 -0600
> From: o1bigtenor 
>
> On Mon, Jan 27, 2020 at 4:17 PM Richard wrote:
>> 
>> > Date: Monday, January 27, 2020 09:42:51 -0600
>> > From: o1bigtenor 
>> > 
>> > So I don't really need to use 'virtual hosts'. What I am actually
>> > needing to do is to use different ports to the same 'stack'
>> > rather than creating different 'stacks'.
>> > 
>> > By this I mean that I don't need to use different server
>> > configurations for each application rather than I need to 'just'
>> > assign different ports to the different applications and this
>> > should work.
>> 
>> I think you may be confusing "virtual machines" and "(apache)
>> virtual hosts". A virtual machine (VM) is indeed a whole "stack"
>> (as you are referring to things). A[n apache] virtual host
>> environment is simply configuring an instance of apache to serve
>> content (more or less) as if it's on different VMs. This will
>> allow you to use different document roots for each content set as
>> well as serve out on different ports and/or hostnames from a
>> single machine.
>> 
>> In general I try to avoid serving content on non-standard
>> http/https ports as it tends to be confusing to users. Using
>> different hostnames and/or IPnumbers is cleaner and causes fewer
>> headaches.
>> 
> It may have not been clear but I was asking as to whether I should
> be using virtual hosts or something else (maybe different port
> numbers).
> 
> Different hostnames - - - - how do I have that on one physical
> machine?
> 
> Are you recommending using subdomains? (I think that's what its
> called!?!)
> 

If you're trying to serve your content via http, which appears to be
your goal, then to serve it out on different ports - without using
the apache virtual host configuration - you'd need to have multiple
instances of apache running. That's possible, but very ugly. 

You may want to read the apache virtual host documentation:

  <https://httpd.apache.org/docs/2.4/vhosts/>

Any number of hostnames (unique or sub-domains) can resolve to the
same ipnumber, the responding software simply needs to know how to
handle things, assuming that different responses are necessary. Look
at the "name-based virtual host" information in the vhosts
documentation. [A machine can also have multiple ipnumbers assigned
to it.]



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Re: Configuration question

[Richard]

> Date: Tuesday, January 28, 2020 07:00:07 -0600
> From: o1bigtenor 
>
> On Mon, Jan 27, 2020 at 8:27 PM Richard
>  wrote:
>> 
>> > Date: Monday, January 27, 2020 16:51:44 -0600
>> > From: o1bigtenor 
>> > 
>> > It may have not been clear but I was asking as to whether I
>> > should be using virtual hosts or something else (maybe different
>> > port numbers).
>> > 
>> > Different hostnames - - - - how do I have that on one physical
>> > machine?
>> > 
>> > Are you recommending using subdomains? (I think that's what its
>> > called!?!)
>> > 
>> 
>> If you're trying to serve your content via http, which appears to
>> be your goal, then to serve it out on different ports - without
>> using the apache virtual host configuration - you'd need to have
>> multiple instances of apache running. That's possible, but very
>> ugly.
> 
> OK - - - - Mr Richard suggests that I use different ports but
> further offers that using different hostnames offers a 'cleaner'
> solution. If I'm understanding
> this all correctly meaning using vhosts and multiple hostnames.
> 
> You're suggesting just use different ports.

I am *NOT* suggesting that you use different ports, in any context.

Setting things up to use different ports for apache, outside the
context of apache vhosts is not something that you would want to try.

Within the context of apache vhosts you don't need to use different
ports as you can simply use different hostnames and a "name-based
virtual host" setup.

>> 
>> You may want to read the apache virtual host documentation:
>> 
>>   <https://httpd.apache.org/docs/2.4/vhosts/>
> 
> I had read that page quite a few times before - - - in the
> tradition of excellent LInux documentation that page is a wonderful
> example. All information needful to a skilled practitioner is
> included but for one who isn't highly skilled there are little to
> no examples and definitely no context. That means that one who is
> working through things for a first time  - - - - - well the
> information isn't terribly helpful.
>> 
>> Any number of hostnames (unique or sub-domains) can resolve to the
>> same ipnumber, the responding software simply needs to know how to
>> handle things, assuming that different responses are necessary.
>> Look at the "name-based virtual host" information in the vhosts
>> documentation. [A machine can also have multiple ipnumbers assigned
>> to it.]
>> 
> I understand that multiple ips can be assigned to a machine - - - -
> my server, but not my server test box, actually has 4 nics
> available.
> 
> So I'm coming back to my previous question - - - - how do I set up
> different FQDNs (hostnames) on 'one' machine?
> 

Simply point multiple hostnames to a single IPnumber - either through
dns or /etc/hosts -- depending on your specific needs (and what you
can control). Then configure the server-side application, e.g.,
apache, to handle the hostnames as desired. Note, with apache, if
you're using SSL (i.e., https/443) this is a bit more complicated. 

[if needed, multiple IPnumbers can be assigned to the same NIC, but
you'll want to talk with your networking people on how to do that.]



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Configuration question

[Richard]

> Date: Monday, January 27, 2020 22:21:30 -0700
> From: "@lbutlr" 
>
>> On 27 Jan 2020, at 19:27, Richard wrote:
>>
>> If you're trying to serve your content via http, which appears to
>> be your goal, then to serve it out on different ports - without
>> using the apache virtual host configuration - you'd need to have
>> multiple instances of apache running. That's possible, but very
>> ugly. 
> 
> Is this a change in recent versions? I recall using apache in the
> past to server pages on port 80 and 8080 and 8081 all from the same
> conf file.
> 
> I mean, I am reasonably sure it was apache, though it was quite a
> long time ago (1.3 days, probably)

Yes, you can serve content on different ports, without benefit of
virtual hosts, but can you serve different content - i.e., have
different document roots? It's very possible that my memory is foggy
on this.  [I do find things like :8080 to be very confusing to users
so avoid that approach.]



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] "Work from home" access

[Richard]

> Date: Thursday, March 19, 2020 16:05:19 -0400
> From: Jim Albert 
>
> On 3/19/2020 3:48 PM, Stormy wrote:
>> I have, on Apache 2.4.7:
>> https://mysite.com/ which runs a Perl/Mysql based application
>> perfectly and a parallel "staff only" accessed (now) only on our
>> LAN to edit the  above public application.
>> 
>> I need to add "outside" access for staff working from home, so
>> that I  would end up with e.g.
>> 
>> https://mysite.com/  [working exactly as before]
>> and
>> https://mysite.com/foo  [for the "staff_only", fully working on
>> LAN]
>> 
>> I have tried variations of:   Redirect permanent "/foo/" 
>> "http://mysite.com/staff_only/"; -- but end up with 404 every time.
>> 
>> Is there an elegant solution for this?
>> 
>> Many thanks -- Paul
> 
> You need to explain in more detail what you are trying to do.
> Is mysite.com referencing the same server whether accessed publicly
> or privately?
> Are you trying to use split-DNS to reference public vs private
> servers so you can use the same domain name to access a private
> server across a VPN?
> 
> If staff-only is confidential and on the same server as public
> mysite.com you still have some significant risks which can be
> mitigated with apache access controls (.htaccess for example)...
> but still not a very good idea.
> 
> If none of above is relevant to what you want to do then your
> redirect is to an http resource where you reference https
> everywhere else... is that your problem?
> 
> If still none of my discussion is relevant then what is the purpose
> of https://mysite.com/foo redirecting to staff_only... why not just
> use a URL directly to staff_only?
> 
> If working from home is completely new to your company (and I
> imagine there's a lot of that with current health concerns) and
> security is a concern then opening up private resources on a public
> server is not a good idea and you should look into some secure
> remote access solutions to access private servers across a vpn.
> 

Also, please show the relevant error log entries as they are rather
more insightful than something like the browser reported 404.




-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache error after Microsoft patching

[Richard]

> Date: Monday, March 23, 2020 17:39:47 +
> From: "Joshi, Harini" 
>
> Hi,
> 
> We recently patched Apache web server (Windows 2016) with Microsoft
> Patch KB4537764
> 
> The version of Apache that we currently use in our prod environment
> is as below:
> 
> 
> Server version: Apache/2.4.41 (Win64)
> 
> Apache Lounge VS16 Server built:   Aug  9 2019 16:46:32
> 
> We noticed that after the installation of this patch end users were
> getting HTTP 500 error. Once the patch was rolled back, this error
> got resolved.

On its own, a browser "500" error is mostly meaningless. What is
showing in your error log?





-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Mediawiki 1.34 doesn't find Localsettings.php on Windows -Ubuntu

[Richard]

> Date: Monday, March 23, 2020 20:49:20 +0100
> From: Francis Franck 
>
> I'm trying to install Mediawiki 1.34 via tarball - apparently all
> the modules are working fine: phpmyadmin, sql database, apache2.
> http://localhost/mediawiki/Mw-config ran successfully and produced
> a valid Localsettings.php
> 
> I tried to put the mediawiki directory in /var/www/html/ and
> alternatively in /var/lib/ with a symbolic link to /var/www/html/
> but
> http://localhost/mediawiki keeps telling me : LocalSettings.php not
> found.
> 
> I've put LocalSettings.php in all the directories one can imagine
> without success. There are lots of suggestions on several sites but
> nothing works. It is clear that
> http://localhost/mediawiki/index.php is opened:


Have you looked at your error log to see the path/location that the
server is pointing to for this file, and whether other things (e.g.,
your FollowSymLinks setting) are getting in the way of your server
finding it?



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Http Server 2.4.43 version RPM

[Richard]

> Date: Tuesday, May 05, 2020 18:09:47 +0530
> From: Kushagra Bindal 
>
> Hi Experts,
> 
> I am new to HTTP Server. We are currently running on centos 7.7
> version and we are currently using
> httpd-2.4.6-90.el7.centos.x86_64  version.
> 
> This version is having multiple vulnerabilities and thus we need to
> upgrade our system to latest available version i.e. 2.4.43. But I
> am not able to found any rpm file which I can use on my centos 7.7
> environment.
> 

The current release of centos is 7.8, which includes
httpd-2.4.6-93.el7. The RH (and so centos) approach is to keep the
base release of a package as stable as possible over the life of the
RH release. To do this they backport security, bug fixes and
enhancements into the package base -- hence the "-93" on their
current httpd 2.4.6 package naming. They tend to be very good and
current on these updates, so I suspect (without going through all the
CVEs) that the announced security issues have been dealt with in the
current RH/centos -93 release. You can check any CVEs you have
specific concern about against their announcements and change logs.

There may be other, functional, reasons to move to 2.4.43, but I
don't think that open CVEs is likely one of them.





-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache and systemd

[Richard]

> Date: Wednesday, June 17, 2020 06:48:27 -0500
> From: Tom Browder 
>
> If I build a new server using --enable-systemd how does that affect
> using apachectl?
> 
> Can I still apachectl for interactive start/stop while systemd
> takes care of reboots?
> 


You would use "systemctl" to start/stop/reload/... the server, e.g., 

   systemctl start httpd.service  


(the ".service" bit is probably unnecessary).



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache virtual hosts listening on specific IPv6 addresses

[Richard]

> Date: Saturday, June 27, 2020 20:06:30 -0400
> From: David Mehler 
> 
> I'm wanting to set up Apache 2.4 virtual hosts to listen to specific
> IPv6 addresses. I see a Listen directive in my http configuration,
> but nothing for each virtual host. I've got several different
> virtual hosts each I want to listen on it's own specific IPv6
> address. In the virtual host configuration i've got VirtualHost
> *:443.


You may want to look at the apache documentation on ip-based virtual
hosting, e.g.,

  

There's an IPv4/http example there that you should be able to use as
a starting point for your IPv6/https needs.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] How to config Authz form ?

[Richard]

> Date: Saturday, January 02, 2021 16:03:31 +0100
> From: Jens Kallup 
>
> I added a picture link, which shows the error message,
> that comes, when i click "Login".
> 
> in the decent yellow box: translated:
> "unknow protocol"
> 
> https://imgur.com/FYER4Y7


Searching "PR_CONNECT_RESET_ERROR" points to this likely being an
issue with browser or network settings potentially related to your
site's certificate. I'd suggest searching that error and working
through the ideas suggested, depending on your environment/settings.

Your certificate appears to be self-signed, so if your browser
rejects these, without an option to accept, that may be the problem.


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache in under attack.

[Richard]

You should look at adding the %D and %T format strings to your httpd
access log configuration so that you can capture the amount of time
spent in delivery of a resource.


> Date: Thursday, January 14, 2021 11:48:55 +
> From: Jason Long 
>
> Server have 4 CPU cores and 6GB of RAM.
> I pasted Apache configuration. In your opinion, which parts of
> servers must be examine?
> 
> 
> On Wednesday, January 13, 2021, 08:30:58 PM GMT+3:30, @lbutlr
>  wrote: 
> 
> 
>> On 12 Jan 2021, at 01:52, Jason Long 
>> wrote:
>> 
>> It show me:
>> 
>> 13180 X.X.X.X
>>     1127 X.X.X.X 
>>     346 X.X.X.X 
>>     294 X.X.X.X 
>>     241 X.X.X.X 
>>     169 X.X.X.X 
>>     168 X.X.X.X
>>     157 X.X.X.X
>>     155 X.X.X.X
>>     153 X.X.X.X
> 
> Your server would not be getting bogged down by that few
> connections unless your hardware is very weak or you are hosting
> something insane.
> 
> I have a very lightly used web server that gets more than 40K hits
> a day running on a Celeron machine with a whole 4GB of RAM and my
> load average is in the 1.2 range consistently.
> 
> I wonder if there is not some configuration error.
> 
> Also, the URLs shown in your logs starting with /tag/ followed by a
> long series of hex digits, do those look like valid URLs for your
> server?
> 
> Do a dig -x on the IP that is hitting you 13,000 times and see
> where it is. You can try firewalling it, but if it's not some
> misconfigured server, the DOS will simply move to another IP.
> 
>> https://paste.ubuntu.com/p/PsxM8yPXPQ/
> 
> I haven't run F2B in quite a while, but is that a list of IPs that
> you are whitelisiing or does [Protect] mean "Protect FROM"?
> 
> But if 13,000 queries are crippling your web server, I think your
> real problem lies elsewhere than the 13,000 hits.
> 
> (You are loading almost double the modules that I am, by the way.
> It seems like an lot. Do you know why each of those modules is
> enabled?)

 End Original Message 



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] 500 Internal Server Error

[Richard]

> Date: Monday, February 15, 2021 20:13:29 -0300
> From: João Aguiar 
>
> I installed apache to be able to use python in version 3.8 together
> with virtualenv and after making certain configurations that used
> to run, now it doesn't work anymore with an error:
> 
> Internal Server Error
 ...
> More information about this error may be available in the server 
> error log.

As the error message says ...

 > More information about this error may be available in the server 
 > error log.

You should start there to see what details it provides. 



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] 500 Internal Server Error

[Richard]

> Date: Monday, February 15, 2021 20:34:15 -0300
> From: João Aguiar 
>
>> Em seg., 15 de fev. de 2021 às 20:28, Richard escreveu:
>>  
>> > Date: Monday, February 15, 2021 20:13:29 -0300
>> > From: João Aguiar 
>> > 
>> > I installed apache to be able to use python in version 3.8
>> > together with virtualenv and after making certain configurations
>> > that used to run, now it doesn't work anymore with an error:
>> > 
>> > Internal Server Error
>>  ...
>> > More information about this error may be available in the server
>> > error log.
>> 
>> As the error message says ...
>> 
>>  > More information about this error may be available in the server
>>  > error log.
>> 
>> You should start there to see what details it provides.
>
> Can you tell me where the error logs are in Debian 10 ?

The log location is part of the httpd server configuration. Look in
your httpd configuration for the specifics.


[please don't top post.]

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Re: httpd[803535]:

[Richard]

> Date: Monday, March 15, 2021 14:36:45 +0100
> From: Antony Stone 
>
> On Monday 15 March 2021 at 14:23:18, Jason Long wrote:
> 
>> Thank you.
>> As I said, I visted https://www.myip.com/ website without Tor
>> Browser and it showed me my real IP address. OK, I added the IP
>> address that Apache log file showed me and restart my Apache
>> service, but I can visit my site!!! Apache log tell me my IP is :
>> 46.167.45.*
>> myip website tell me my IP is : 79.99.83.*
> 
> So, just to be clear, you added 46.167.45.* to your file of blocked
> IPs,  restarted Apache, re-visited your website, and found the same
> address again in  Apache's access file with a timestamp after the
> restart?
> 

The real question is, what was the response code? Was it (still) a
200 or was it a 401 or 403 or something else. An apache config block
doesn't keep the client that is targeted from reaching the site, just
from accessing content.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache2 troubleshooting - newbie

[Richard]

> Date: Wednesday, March 17, 2021 17:03:51 +
> From: S K 
>
> Hi, this is my scenario (everything is within my LAN):
> 
> BEFORE
> I have my MariaDB in machine 192.168.1.209; I access the MariaDB
> using windows client DBeaver and works fine. I had a working ubuntu
> machine 192.168.1.209 and my Perl scripts could be executed in my
> local windows browser (192.168.1.xxx)
> as http://192.168.1.209/p/index.pl I also have windows pc clone of
> p folder in c:/inetpub/wwwroot/p and works fine in
> browser http://127.0.0.1/p/index,pl (my local ip connects to
> MariaDB in 192.168.1.209)
> 
> Change DoneI did a LAN-to-WAN to hide all my private info (pc,
> servers etc) from IoT.
> 
> One of the Router 1 (192.168.1.1) LAN is connected to Router's 2
> WAN (192.168.2.1). All my IOT's are connected to Router 1 and
> private PC's, servers etc is connected to Router 2.
> 
> AFTER
> Now the IP of the MariaDB & Apache Server machine has changed from
> 192.168.1.209 TO 192.168.2.109. It is still within my LAN.
> 
> I  pointed my DBeaver to new IP and my mariadb connects fine.
> My local ip http://127.0.0.1/p/index,pl (mariadb pointing to new
> ip 192.168.2.109)  works fine.
> However http://192.168.2.109/p/index.pl does not work and I get a
> message as follows in the browser:
> 
> This site can’t be reached
> 
> 192.168.2.109 took too long to respond.
> 
> Try:
>
>- Checking the connection
>- Checking the proxy and the firewall
>- Running Windows Network Diagnostics
> ERR_CONNECTION_TIMED_OUT
> Please note that perl is working fine in 192.168.2.109 (no issues)
> From a newbie perspective this something to do with networking or
> apache2 or both. Not sure, can experts point me how I go about
> troubleshooting. Thanks muchvsk

This sounds like a networking issue, rather than anything specific to
httpd/apache.

I can't tell from your description where (which network .1 or .2) you
are trying to connect from when you say:

  > http://192.168.2.109/p/index.plﾠdoes not work

If it's from a machine on the .1 network, the issue is that you've
segmented your network and probably need to change the netmask on
some machines (and perhaps a router) so that they can see both
segments not just the one they are on.

You can use the netmask calculator at:

  

to get a sense of what you need to do. You likely need to change your
netmasks from 255.255.255.0 to 255.255.252.0.

By the way:

  > My local ipﾠhttp://127.0.0.1/p/index,pl ... works fine.

127.0.0.1 is "localhost", i.e., the machine you are on. So it sounds
like you are on the mariadb machine connecting back to itself.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Re: Related question on having multiple subdomains on one host

[Richard]

> On 04/09/2021 03:50 PM, H wrote:
> I have been trying to configure running both php 7.0 and 7.2 on
> one host, certain sites using the former and others the latter.


While you say you need to run both php 7.0 and 7.2 I don't see that
you have explained why. 

I scanned through the changelogs from 7.2.0 back to 7.0. I may have
missed something but nothing popped out as breaking backwards
compatibility between 7.2 to 7.0. [actually, i think that there is
one backwards incompatible change, but it's security-related so if
it's in older PHP code that code should be updated.]



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Logging issue

[Richard]

> Date: Thursday, April 15, 2021 20:46:56 -0600
> From: Jonathon Koyle 
>
> I'm not sure, but my understanding is that of you have multiple
> virtual hosts on one machine, and they all listen on the same
> interfaces/ip addresses then they have to have unique ServerName
> directive.  If you have duplicates, they will all be served by the
> first virtual host, with a matching ServerName, read httpd.
> 
> I'm not really an expert, but you need to do something like:
> A. Distinguish the servers (distinct hostname, IP, or port).
> B. Have a single virtual host include the definitions for all paths
> as locations or maybe directories, could possibly maintain separate
> files by using the include directive, not sure.
> C. Have a single virtual host that proxies to the other defined
> virtual host - they still need a unique name, ip or port.

The OP may want to read up on apache name-/ip-based virtual host
configurations:

  

If name-based each has to be a unique (resolvable) fqdn. If IP-based,
each has to have its own ipnumber.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Logging issue

[Richard]

> Date: Saturday, April 17, 2021 17:37:43 -0400
> From: H 
>
> Yes, I (believe) I understand and find many examples how to
> configure virtual name hosts when you have a domain name. BUT, I
> have yet to find any examples where this works with /one/ single IP
> address rather than a domain name.
> 
> The former pertains to defining various virtual hosts such as
> site1.thisismydomain.com, site2.thisismydomain.com where the domain
> name is the same.
> 
> However, my current setup does not have a domain name associated
> with it, only an IP address. Thus the virtual hosts I am trying to
> work would be site1.aaa.bbb.ccc.ddd and site2.aaa.bbb.ccc.ddd where
> the IP address is the same.
> 
> Note that the sites are on an external server and accessed
> remotely, not on a local computer, and need to be accessed by
> multiple computers.
> 

That's because it doesn't:

  > BUT, I have yet to find any examples where this works 
  > with /one/ single IP address rather than a domain name.

In the documentation I pointed to previously:

  

the first line has ...

   IP-based virtual hosts use the IP address of the connection to
   determine the correct virtual host to serve. Therefore you need
   to  have a separate IP address for each host.

An IPnumber is just that -- (in IPv4) just the 4 octets, nothing
else. I.e., you can't append or prepend anything to that. [a port
number can be included as indicated in the documentation, but that's
a separate issue.]

  > ... I am trying to work would be site1.aaa.bbb.ccc.ddd 


The apache server has to have *something* to use to differentiate
among the virtual hosts that are configured. 
 
  - In the name-based approach, the IP number is the same but
the FQDN (the "domain" doesn't have to be the same) will be 
different for each virtual host (any number of FQDNs can point
to a single IPnumber). 

  - With IP-based virtual hosting, *each* virtual host has to have
a different IPnumber.

Please be certain to read the documentation carefully. When showing
examples of code or configurations you should include real examples
where you have not unnecessarily obscured what you are doing. With
something like a virtual host setup where how the first differs from
the second matters, you should show more than just the first.






-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Logging issue

[Richard]

> Date: Saturday, April 17, 2021 20:14:02 -0400
> From: H 
> 
> My ultimate goal is to be able to run different php apps each
> potentially requiring its unique php version using php-fpm. I would
> also like so separate access and error logs by app, ie
> app1-access.log, app2-access.log etc.

  ...

> - To use unique php versions would require separating the apps into
> individual VirtualHosts directives. Each VirtualHost directive can
> then call its unique php-fpm handler.
> 
> - I now understand this cannot be done using just an IP address in
> the VirtualHost directive followed by app1, app2 etc. A domain name
> must be used.

  ...

> Therefore, it seems I need to pivot and use a common domain name
> instead of IP address:


Your site-level logging issue and likely also your problem getting
the different versions of php to be invoked were probably both due to
your mal-configuration of the ServerName on the VirtualHost. When
things aren't configured correctly the first VirtualHost instance
will be used.

This is not required:

  > use a common domain name

I.e., when using the name-based approach the host names used for the
ServerName directive don't have to be subdomains under a single
domainname. They can be any (resolvable) FQDN that points to your
IPnumber.





-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Logging issue

[Richard]

> Date: Thursday, April 22, 2021 16:53:56 -0400
> From: H 
>
> I read on one webpage that the locations (ie app1, app2 etc) have
> to have their own A records. Does that mean that I need to have
> app1.mydomain.com, app2.mydomain.com etc. registered individually
> with my domain registrar for each of them to get its own A record?

Yes, the sub-domains need A-records, that is done through the DNS
records you set up for the domain. Only the *domain* (e.g.,
example.com) is registered with the registrar.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Logging issue

[Richard]

> Date: Thursday, April 22, 2021 20:24:02 -0400
> From: H 
>
> On 04/22/2021 06:02 PM, Richard wrote:
>>> Date: Thursday, April 22, 2021 16:53:56 -0400
>>> From: H 
>>> 
>>> I read on one webpage that the locations (ie app1, app2 etc) have
>>> to have their own A records. Does that mean that I need to have
>>> app1.mydomain.com, app2.mydomain.com etc. registered individually
>>> with my domain registrar for each of them to get its own A record?
>> Yes, the sub-domains need A-records, that is done through the DNS
>> records you set up for the domain. Only the *domain* (e.g.,
>> example.com) is registered with the registrar.
>> 
> Great, thank you. I just did that and another piece of knowledge
> fell into place... :-) I will let it propagate overnight and look
> at it again tomorrow.
> 

DNS is a query and cache system, records don't "propagate". If done
properly, once you have entered a record and the zone has been loaded
a query should result in an accurate answer. "Properly" includes
bringing down the TTL if you are changing details on an existing
record, and of course updating the serial so that secondaries know to
update.




-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Re: LAN to WAN access

[Richard]

> Date: Wednesday, April 28, 2021 00:25:29 +
> From: back Button 
>  
>  After the fresh installation of 2.4.46 and It works! 
> When I ran apache for the first time I was getting 
> AH00558: httpd: Could not reliably determine the server's fully
> qualified domain name, using 127.0.1.1. Set the 'ServerName'
> directive globally to suppress this message Then I updated the 
> httpd.conf with 
> ServerName   http://backbtn.ddns.net
> Now the AH0058 message has gone, so I guess that has been accepted.
> still when I put  http://backbtn.ddns.net
> I am getting  
> 
> 400 Bad Request
> Invalid Header. 
> 

The "ServerName" is the FQDN (i.e., "backbtn.ddns.net") and does not
include the protocol ("http://";). If the protocol is included in your
message because of something your mail client is doing you need a
mail client that doesn't "auto-html" things like that.

You need to look in your apache server logs (specifically error) to
get a better sense of what that error message may be being caused by.
The user messages you are showing are of only marginal value.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] LAN to WAN access

[Richard]

> Date: Tuesday, April 27, 2021 22:10:35 +0200
> From: Antony Stone 
>
> On Tuesday 27 April 2021 at 22:02:40, back Button wrote:
> 
>> > PS; Why do you always append ".invalid" to whatever email
>> > address you happen  to be using at the time?
> 
>> That just happens 
> 
> I would complain at my email client if it did that sort of thing
> without me  wanting it to.

That's a DMARC-related mailinglist address rewrite issue, not
something controlled by the sender or their MUA. If you want more
details, look into DMARC in general and how different mailinglist
software packages handle enforced DMARC.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org