[users@httpd] Error accessing some pages

2005-07-07 Thread Apache Apache
Sme of my users got the error "Due to the presence of characters known to be 
used in cross site scripting attacks, access is forbidden. This web site 
does not allow Urls which might include embedded HTML tags" when accessing 
one of the Intranet applications. Kindly advise is this error from apache 
and how can it be resolved. Thank you


_
Find just what you are after with the more precise, more powerful new MSN 
Search. http://search.msn.com.sg/ Try it now.



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[users@httpd] Apache 2.0.50

2005-07-12 Thread Apache Apache
By default, will any of the core modules in Apache 2.0.50 showed the the 
error "Due to the presence of characters known to be used in cross site 
scripting attacks, access is forbidden. This web site does not allow Urls 
which might include embedded HTML tags"???


If yes, what are these modules and can they be turned off???

_
Keep track of Singapore & Malaysia stock prices. 
http://www.msn.com.sg/money/



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[users@httpd] Support for HTTP 2.0

2015-03-31 Thread Apache Apache
Hi,

I would like to know is there any version of apache that is able to support 
HTTP 2.0?

If no, what is the roadmap for apache to support HTTP 2.0?

Thank you. 

  
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



[EMAIL PROTECTED] Running an Apache server with SCTP

2008-10-13 Thread apache
Hi
I´m  trying to change the configuration of Apachein order to let it work with 
SCTP.
I have foundsome models in the net :
http://pel.cis.udel.edu/
or 
www.sctp.org
Thoseversions seem to work only with Kame SCTP on FreeBSD
I´m using Ubuntu8.04 and LKSCTP.
 
Thx for anyKind of Help
HakimAdhari
UniversityOf Dortmund


[EMAIL PROTECTED] rewrite help

2008-11-03 Thread apache
I am trying to get a redirect to work so that I can get friendl URLs for
my website. I am using mod_perl and have written a little handler as a
controler to handle all requests.

What I currently have that works as follows.

RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^wc/(.*) /wc\?uni=$1 [L]


The user types in:  http://example.com/wc/docName
and apache rewrites: http://example.com/wc?arg=docName


Where /wc is my perl handler, as such:

PerlModule Examplepackage::WC

SetHandler perl-script
PerlResponseHandler Examplepackage::WC



This works and it's great, but I want to work just a little different.

I want the user to type in: http://example.com/docName
and apache rewrite: http://example.com/wc?arg=docName


I have tried a few different RewriteRule types and either they 404 or
it exceedes 10 internal redirects (internal server error).

I have tried:

RewriteRule ^/(.*) /wc\?uni=$1 [L]
RewriteRule ^(.*) /wc\?uni=$1 [L]
RewriteRule /(.*) /wc\?uni=$1 [L]
RewriteRule . /wc\?uni=$1 [L]
RewriteRule /(.*)$ /wc\?uni=$1 [L]


and other such permutations.

What am I doing wrong?



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [EMAIL PROTECTED] rewrite help

2008-11-04 Thread apache
I have figured out the problem. Once apache tested the request URI it
tested it a second time as an internal redirect and would fail, or get
in a loop. So I just had to tell it not to check for /wc , which wasn't
excluded by the !-f and !-d because it doesn't exist on the filesystem
because it is a perl handler.


my config that works:

RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/wc
RewriteRule ^(.*)$ /wc?uni=$1 [L]


Thanks solprovider and André for your help.


Ukiah





On Tue, Nov 04, 2008 at 08:53:00AM +0100, André Warnier wrote:
> Also, maybe be aware that (.*) will match anything, even the empty 
> string, so you may end up with "/wc?uni=" (unless as solprovider 
> indicates, you have a different rule for "/").
> It may be better to use "^/(.+)$", which will only match if there is 
> actually something after the /.
> 
> [EMAIL PROTECTED] wrote:
> >Do not escape the question mark.
> >
> >RewriteRule ^/(.*) /wc?uni=$1 [L]
> >- the first character must be a slash and is not included in the $1 
> >variable.
> >- Add "/wc?uni=" before the rest of the URL on the same server.
> >- Discard any querystring from the visitor.  (No QSA flag.)
> >- [L] = stop processing RewriteRules.
> >
> >You may want another RewriteRule for /,
> >
> >HTH,
> >solprovider
> >
> >On 11/3/08, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> >>I am trying to get a redirect to work so that I can get friendl URLs for
> >> my website. I am using mod_perl and have written a little handler as a
> >> controler to handle all requests.
> >>
> >> What I currently have that works as follows.
> >>
> >> RewriteEngine On
> >> RewriteBase /
> >> RewriteCond %{REQUEST_FILENAME} !-f [OR]
> >> RewriteCond %{REQUEST_FILENAME} !-d
> >> RewriteRule ^wc/(.*) /wc\?uni=$1 [L]
> >>
> >> The user types in:  http://example.com/wc/docName
> >> and apache rewrites: http://example.com/wc?arg=docName
> >>
> >> Where /wc is my perl handler, as such:
> >>
> >> PerlModule Examplepackage::WC
> >> 
> >>SetHandler perl-script
> >>PerlResponseHandler Examplepackage::WC
> >> 
> >>
> >> This works and it's great, but I want to work just a little different.
> >>
> >> I want the user to type in: http://example.com/docName
> >> and apache rewrite: http://example.com/wc?arg=docName
> >>
> >> I have tried a few different RewriteRule types and either they 404 or
> >> it exceedes 10 internal redirects (internal server error).
> >>
> >> I have tried:
> >> RewriteRule ^/(.*) /wc\?uni=$1 [L]
> >> RewriteRule ^(.*) /wc\?uni=$1 [L]
> >> RewriteRule /(.*) /wc\?uni=$1 [L]
> >> RewriteRule . /wc\?uni=$1 [L]
> >> RewriteRule /(.*)$ /wc\?uni=$1 [L]
> >> and other such permutations.
> >>
> >> What am I doing wrong?
> >
> >-
> >The official User-To-User support forum of the Apache HTTP Server Project.
> >See http://httpd.apache.org/userslist.html> for more info.
> >To unsubscribe, e-mail: [EMAIL PROTECTED]
> >   "   from the digest: [EMAIL PROTECTED]
> >For additional commands, e-mail: [EMAIL PROTECTED]
> >
> 
> 
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>   "   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[us...@httpd] Apache ldap authentication and secrurity

2009-04-16 Thread apache
Server - RH5 httpd-2.2.3

I have setup a server that uses ssl ldap authentication.  This all works
fine.  I am trying to understand the connection from a client browser to
the server.  I am sniffing the packets on the server with tcpdump and
also have tried wireshark. Since the server is using http not https I
assumed that all traffic from the client browser to the server would be
in clear text.  So, when I connect to the server with the client browser
I get the authentication window.  I enter a username and passwd. 
Looking at the traffic on the server I see everything but the username
and passwd.  I would of thought that it would transmit the username and
pass in clear text to the server since it is using http.  The web server
goes to the ldap server using ssl, so that traffic is encrypted as I
expected.  I'm just confused as to why the username and pass is not seen
when looking at the packets.   This is of course  good behavior, but I
am just trying to understand how it works.  It seems that I have done
this before with earlier versions and have seen the username and pass. 
Maybe I'm just remembering this wrong.  Anyone know how this works? 

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



[EMAIL PROTECTED] Any idea how to get the second SSL cert working?

2007-08-04 Thread apache
I have 2 certs installed.  One is for the main site and the other is for a
subdomain.  Both are set up as "VirtualHost"s in the ssl.conf file.  I
also set the default one to use the primary site's certs.  The certs are
from GoDaddy.  I have a NameVirtualHost specified for port 80 and port
443.  It seems like I have everything covered, but I go to the subdomain
and it tells me it's using the cert for the main site.  The main site cert
does appear to be working properly.  Any ideas?

Side note... I'm trying to point port 80 and 443 to the same directory on
the server for the main site.  Could that be causing the problem?



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [EMAIL PROTECTED] Any idea how to get the second SSL cert working?

2007-08-05 Thread apache

> Sounds like you are trying to do ssl hosting with name-based virtual
> hosts. That won't work. An explanation is here:
> http://wiki.apache.org/httpd/NameBasedSSLVHosts
>
> Joshua.

Yup - that's it exactly.  Thanks Joshua.




-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[EMAIL PROTECTED] Apache 2.2.6 and CGI problem.

2007-10-02 Thread Apache

I'm a newbie to Apache and throwing myself on the wisdom of the list.

I'm running FreeBSD6.2 in a jail with Apache 2.2.6.

The basic set-up works but I'm having problems with dynamic HTML and cgi 
scripts. I'm using perl for my testing.


Going through the HowTo I can invoke the script as a direct URL.
I can make a tag with an href of "/cgi-bin/xxx.pl" and clicking on the link 
brings up the script's result. So it looks like I have the CGI rules 
configured correctly.


But no matter what I've tried I can't get the text into the HTML page when 
it loads initially. I've tried:

 #exec cgi="/cgi-bin/xxx.pl"
and a number of tags that shouldn't and didn't work. All I see are the HTML 
tags. Including all my failed attempts as place holders for my stupidity.


I must be missing a config item somewhere but I can't see it.

Config that I've update are:


   ScriptAlias /cgi-bin/ "/usr/local/www/cgi-bin/"



TypesConfig mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddHandler cgi-script .cgi .pl



AllowOverride None
Options +ExecCGI +Includes
Order allow,deny
Allow from all



I don't believe I need the "+Includes" as I'm not doing anything with shtml 
 at this point.


If anyone sees anything I've missed it would be great if they would 
enlighten my ignorance.


Thanks

-----
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[EMAIL PROTECTED] Apache 2.2.6 and CGI problem redux

2007-10-03 Thread Apache

Not a total solution but getting there.

Joshua Slive had some of the answer.
He enlightened me that I was using SSI and told me to used SetOutputFilter
and I read-up on the SSI howto.

So I can include JavaScript files and they work nicely. However perl
scripts in the cgi-bin directly stubbornly refuse to fire unless called by
an HREF tag.

The config is simple:

ScriptAlias /cgi-bin/ "/usr/local/www/cgi-bin/"
Alias /javascript/ "/usr/local/www/javascript/"
AddHandler cgi-script .cgi .pl


 AllowOverride None
 Options +ExecCGI +Includes
 AddType text/html .html
 AddOutputFilter INCLUDES .html
 Order allow,deny
 Allow from all




 AllowOverride None
 Options +ExecCGI +Includes
 AddType text/html .html
 AddOutputFilter INCLUDES .html
 Order allow,deny
 Allow from all



The web page (index.html) is damn simple too:

http://www.w3.org/TR/XHTML1/DTD/XHTML1-strict.dtd";>
http://www.w3.org/1999/xhtml"; lang="en" xml:lang="en">


   
 Test page
   

   
 It works! Or so I say.David
 
  Test This 
 
 
 
 
   



And the perl script is trivial.
#!/usr/bin/perl
print "Content-type: text/html\r\n\r\n";
print "Work, damn it all!\n";


Any idea of what I'm missing? I'm going with html all pages will be using
dynamic HTML, if I can ever get it to work.

Does the new details ring bells with anybody?

Thanks, again.

Outstanding action: Contact the CGI HowTo doc people to put a ref to the
SSI HowTo doc.

-----
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[EMAIL PROTECTED] Apache 2.2.6 and CGI problem - solved - doc bug?

2007-10-03 Thread Apache
Thanks to my not reading Joshua Silve's reply and his second correction 
everything is working.


I needed a Directory entry for the directory that had the *html files that 
call the JavaScript and CGI files. So I needed three entries as follows:


For the file with *html:
AllowOverride None
Options +Includes
AddType text/html .html
AddOutputFilter INCLUDES .html
Order allow,deny
Allow from all

For the JavaScript area:
AllowOverride None
Options +Includes
Order allow,deny
Allow from all

For the CGI scripts:
AllowOverride None
Options +ExecCGI
Order allow,deny
Allow from all

I'll give the Apache people a few days to read this as I think this is a 
doucmentation bug.


1. I think the http://httpd.apache.org/docs/2.2/howto/cgi.html should have 
link to http://httpd.apache.org/docs/2.2/howto/ssi.html. Some of the data 
is related and required to get CGI running.


2. An example of http.conf entries (like given above) should be included 
with explanation on why each entry is needed with a recommended settings 
(which would need someone with more experience than me).


Thanks,

David

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[users@httpd] ??text?? On serveral webpages are questionmarks (??) where text is suppost to be or what has to be clear

2005-05-21 Thread apache
Hello,
I have set up apache on a fedora box:
Linux hostname.nl 2.6.9-1.667 #1 Tue Nov 2 14:41:25 EST 2004 i686 i686 i386
GNU/Linux
httpd-2.0.52-3

It al runs fine, but

On serveral pages are questionmarks (??) where text is suppost to be or
what has to be clear:

Examples:
http://www.afrekening.nl
http://www.t-t-n.nl/uitslagen/uitsl_04/Klaverjassen.htm (table)
http://www.zin-pa.nl/index_bestanden/slide0005.htm

I think it is caused because the html is made in Word or powerpoint or
other Microsoft #$!#$@ stuff.

How can I solve this behavior?

Thanx Nico



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [users@httpd] ??text?? On serveral webpages are questionmarks (??) where text is suppost to be or what has to be clear

2005-05-22 Thread apache

Thanx,
When I select in mij browser: West-Europees (ISO) the pages are correct.
Where can I find the correct charset??


The default charset is UTF 8.

Thanx for sending me in the correct direction!

Nico



|-+>
| |   Nick Kew |
| |   <[EMAIL PROTECTED]|
| |   m>   |
| ||
| |   21-05-2005 12:12 |
| |   Please respond to|
| |   users|
| ||
|-+>
  
>|
  | 
   |
  |   To:   users@httpd.apache.org  
   |
  |   cc:   
   |
  |   Subject:  Re: [EMAIL PROTECTED] ??text?? On serveral webpages are 
questionmarks (??) where text is suppost to be |
  |or what has to be clear  
   |
  
>|




[EMAIL PROTECTED] wrote:


> On serveral pages are questionmarks (??) where text is suppost to be or

Find out what charset your pages are in.  Then use AddCharset in Apache
to get the server to send the correct charset.


> I think it is caused because the html is made in Word or powerpoint or
> other Microsoft #$!#$@ stuff.

They might be producing undefined junk.  In which case you'd need to
fix it up first.  See what a validator tells you about them.

--
Nick Kew

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]







-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[users@httpd] pemanent "G" Gracefully finishing in mod_status

2005-06-30 Thread apache
Hello.

I'm in doubt with the info from mod_status

GGWGGGKRKGWG_GK_RGWGWKRK_G__W_G_KGKKWKKGGKK_G...
..G.



Too many threads in "G" Gracefully finishing state. Here is
typical example
Srv PID Acc M   CPU SS  Req ConnChild   Slot
HostVHost   Request
0-1 32536   0/190/41332 G   1.24165293  0   0.0 0.66
556.64
80.68.4.164 (unavailable)   GET /x.php HTTP/1.1

As you can see in SS field the latest request proceeding by
this thread was 165293 second ago. Process with 32536
exists, it consume memory by don't do any job. Just
permanent Gracefully finishing state.

All threads in this state have Request to only one page
/x.php. It's a absolutely normal page, except one thing
- page refreshing every 60 sec.


I have apache 1.3.33 and OS ALT Linux 2.2. Please, if you
can give me info about Gracefully finishing state or why
apache don't destroy useless process answer here.

PS: Sorry for my english

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



RE: [users@httpd] VirtualHosts, SSLProtocol, and SSLCipherSuite

2015-06-17 Thread apache

hello hello hello,

i recently posted a similar issue with the topic "Weirdo intepretation 
of SSLprotocol order" on this distlist (may 7th 2015)


I found that (at least on) Apache 2.2.29 64bit Prefork, the sslProtocol 
order is only challenged once for the whole server, that is the first 
occurence to appear. I think this is your problem too...


Someone asked me to build a backported dist of httpd, or at least a 
patch.. however, time never got to me...


The general solution seems to be running httpd 2.4.13+, but its unclear 
to me, whether the problem resides in openssl maybe.. however, its not 
fixed out of the blue. And i know, this doesnt answer your question, but 
it may make things a little clearer :)



br
Congo


On 2015-06-17 00:37, karl karloff wrote:

So that does not actually help in the case of SSLv3 because SNI is an
extension to TLS.  It seems like this is not possible in Apache given
the usage of OpenSSL as the SSL/TLS library.

Does that sum it up?

Thanks,
Karl



Date: Tue, 16 Jun 2015 23:54:39 +0200
From: ylavic@gmail.com
To: users@httpd.apache.org
Subject: Re: [users@httpd] VirtualHosts, SSLProtocol, and 
SSLCipherSuite


On Tue, Jun 16, 2015 at 10:48 PM, karl karloff 
 wrote:
I am attempting to set up more than one subdomain on :443 in this 
example.


so something like
sslv3.example.com:443 responds with SSLv3 only
tlsv1.example.com:443 responds with TLSv1.0 only
...

I wasn't aware that could be achieved using the ServerName directive.

The underlying IP/interface should be the same for all subdomains, 
but each subdomain responds by accepting only a single SSLProtocol.


Does that make sense?


It does, however there is a limitation currently in OpenSSL in that it
can't renegotiate the protocol.
Hence this configuration will work only with browsers/clients
supporting (and advertising) the Server Name Indication (SNI), which
allows to select the correct VirtualHost before the negotiation
occurs.
Otherwise, Apache HTTPd will have to negotiate before being able to
read the requested Host header, and hence determine the VirtualHost.
Thus it will do the negotiation occording to the parameters (protocol,
ciphers, ...) of the first vhost declared on the listening IP:port.
If finally the determined vhost is not the one used for the
negotiation, it will ask for a renegotiation which, as said above,
won't take the SSLProtocol into consideration due to OpenSSL not being
able to do that (the SSLCipherSuite can be renegotiated though).

So all should be fine with SNI only.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



RE: [users@httpd] RE: Apache Reverse Proxy deletes from code

2015-06-17 Thread apache

hello hello hello,


Ive seen exactly that behavior many times in 2.2.29. Once 
ProxyHTMLEnable is invoked in a vhost, output is heavily influenced, 
eventhough there are no rules to define modification of any html at 
all.. The rules i define works flawlessly, but the filter invocation 
swallows more than it should... i have been pulling my hair for this 
problem, with the result of light baldness...


I wasnt aware of the bug report - yet, i am not sure, whether it applies 
a fix at some point for the 2.2 branch - anyone to know this ?




br
congo

On 2015-06-16 17:25, Cruz Villanueva, Juan wrote:

Hello Yann,

Thanks for your reply.

I'll review this link. It's really possible that it's related

I'll post my findings later.

Thanks.

Juan Cruz Villanueva

-Original Message-
From: Yann Ylavic [mailto:ylavic@gmail.com]
Sent: martes, 16 de junio de 2015 9:09
To: users@httpd.apache.org
Subject: Re: [users@httpd] RE: Apache Reverse Proxy deletes  from
code

On Tue, Jun 16, 2015 at 8:58 AM, Cruz Villanueva, Juan
 wrote:

one has seen this issue (or similar one) before?


Maybe https://bz.apache.org/bugzilla/show_bug.cgi?id=56287 ?

Regards,
Yann.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



[users@httpd] slow reload apache22

2015-12-16 Thread apache

hello world,


so i run Apache/2.2.31 on FreeBSD9. 64 bit. Hosting about 400 websites 
on this virtual server that executes well enough - except, whenever i 
make configuration changes and gracefully reload the httpd, the service 
kind of stalls for about 10-20 seconds. The server acts as reverse proxy 
onto the backend servers, that might just as well be httpd in many 
cases, however when these reloads the same way, content is instantly 
available, but on the proxy content becomes dramatically slow responding 
right after "apachectl graceful" was executed, then after <20 seconds 
its fast responding again.


I run no custom cache solution on top of apache, only customsized SSL 
cache, but i cant see if this should interfere with plain http requests 
performance.



I would like to be able to serve the users with fast respondstimes 
eventhough i have to reload the config several times during the day.


The websites are located in about 50 config files, with about 400 
VirtualHosts inside. I only serve some small icons as content directly 
on the proxy, all the rest is either text errorpages in config or strict 
reverse proxy.



Does anyone else have this poor experience ? -or even better a tip for a 
solution to get this solved ?




br
Congo, Denmark

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



[users@httpd] Weirdo intepretation of SSLprotocol order

2015-05-06 Thread apache

hello,


So i have an apache 2.2.29 running Prefork on FreeBSD 64bit.

I have a number of vhosts included - one vhost per domain name. In any 
of these vhost containers the SSLProtocol directive seems to be ignored, 
but only the default vhost is dictating the SSLProtocol for all other 
(this is ofcourse the first HTTPS enabled vhost container, which might 
be relevant). Though documentation argues that its applicable per vhost, 
and not only in server config.


For testing purpose, i use add the following to my sub-vhost:
SSLProtocol -ALL +TLSv1.2

But when the default vhost is configured as such:
SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2

- that final example is the only, thats used throughout the webserver.


I read in http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslprotocol, 
that it should be applicable per virtual host.
The goal is to host some sites via TLS 1.2 only, and some other ones 
only in TLS 1.1 for instance.




Does anyone else meet the same challenge or know how to resolve this ?



br
congo



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



Re: [users@httpd] Weirdo intepretation of SSLprotocol order

2015-05-11 Thread apache

Hello,

Well - a patched version... what do you mean -i've build 
apache22-2.2.29_2 from ports... so its already up to date. However 
openssl runtime is openssl-1.0.1_16, where i see there is a 
openssl-1.0.2_1 available from ports. I prefer to build from ports, in 
order to host a standardized environment for the web..


I have been looking into migration to apache httpd 2.4, but from my 
understanding the config interpretor is not backwards compatible, so i 
have to renew all configs. I run around 50 domains and 450 sites, and 
about 15 instances of apache httpd.. so there will be a bunch of config 
redoing..



Do you mean - building 2.2.29 from apache.org sources ?



br
congo

On 2015-05-07 11:13, Yann Ylavic wrote:

Hello,

you may hit an issue fixed in [1] (for upcoming 2.4.13).

Can you manage to build a patched httpd-2.2.29 from sources?

Regards,
Yann.

[1] http://svn.us.apache.org/r1663258


On Wed, May 6, 2015 at 2:54 PM,   wrote:

hello,


So i have an apache 2.2.29 running Prefork on FreeBSD 64bit.

I have a number of vhosts included - one vhost per domain name. In any 
of
these vhost containers the SSLProtocol directive seems to be ignored, 
but
only the default vhost is dictating the SSLProtocol for all other 
(this is
ofcourse the first HTTPS enabled vhost container, which might be 
relevant).
Though documentation argues that its applicable per vhost, and not 
only in

server config.

For testing purpose, i use add the following to my sub-vhost:
SSLProtocol -ALL +TLSv1.2

But when the default vhost is configured as such:
SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2

- that final example is the only, thats used throughout the webserver.


I read in 
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslprotocol,

that it should be applicable per virtual host.
The goal is to host some sites via TLS 1.2 only, and some other ones 
only in

TLS 1.1 for instance.



Does anyone else meet the same challenge or know how to resolve this ?



br
congo



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



[users@httpd] SSLCertificateChainFile

2018-07-19 Thread apache
I am putting to together a config for both RH6 and RH7 systems.  RH6 used  
Apache/2.2.15, RH7 uses Apache/2.4.6.  

I understand that in 2.4.8 SSLCertificateChainFile is deprecated and the 
intermediates should be appended to  the file that SSLCertificateFile points 
to.   

Can 2.2 and < 2.4.8 work properly if the SSLCertificateChainFile in the config 
is NOT used and instead the intermediates are appended the file that  
SSLCertificateChainFile points to as you would in 2.4.8 and greater.  Just 
thinking that if it will work correctly, the config would be the same now and 
when 2.4.8 and greater  gets in place.

We have done this on a test system and it seems to work, however I'm not sure 
if we are just fooling ourselves and it isn't even seeing the intermediates and 
the client just isn't complaining. 

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



[users@httpd] Re: mod_rewrite: Conditionally set RemoteIPHeader

2025-06-11 Thread apache
Does anyone know of a way to conditionally set the RemoteIPHeader 
directive for mod_remoteip? I've tried a few things; a simple if/else 
says "RemoteIPHeader is not allowed here." And trying to set my own 
request header that I can point "RemoteIPHeader" to doesn't seem to 
work; no matter how I order it or create it it seems that RemoteIPHeader 
doesn't recognize the new header I've generated.


Any ideas?

Thanks in advance!

Dan


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



[us...@httpd] apache 2.2.3, virtual host and balancer manager. Only one balancer can be monitored

2009-05-20 Thread mboxdario-apache

We have configured an apache http server instance to serve as load balancer 
between 3 aplications and 6 tomcat nodes, each application served by 2 nodes 
each, using virtual host and mod_proxy_balancer.

This is the file which we use to set the first applicacion "A" to be served by 
nodes sftomcat02 and sftomcat05. (conf.d/vh_a_tramix.conf)

Everything works as expected until this point:
- request are directed to the vh according to the url. 
- request are balanced between tomcat nodes, session aware.
- if a node goes down, after a while, request are redirected to the surviving 
node 

But balancer shows only a balancer (the first one to be read?)

vh_a_tramix.conf follows:

    ServerAdmin anotherguy
    DocumentRoot "/var/www/html"
    ServerName www.a.ar
    ErrorLog logs/www.a.ar-error_log
    CustomLog logs/www.a.ar-error_log-access_log common

    ProxyRequests off

    
     Order deny,allow
     Allow from all
    

    ProxyPass /balancer-manager !
    ProxyPass / balancer://a/
    #ProxyPassReverse / balancer://a/
    
     BalancerMember ajp://sftomcat02:8029 route=tts2
     #BalancerMember ajp://sftomcat05:8059 route=tts5
    
    ProxySet balancer://a stickysession=JSESSIONID  nofailover=Off

  
          SetHandler balancer-manager
          Order deny,allow
          Allow from all
   



similar vh are configured (say vh_b_tramix.conf and vh_c_tramix.conf)
but request to balancer-manager on this virtual hosts fails (tomcat node 
responds, so... is not trapped even by the "ProxyPass /balancer-manager !" 
directive).

I have tried to change "ProxyPass /balancer-manager !" to  "ProxyPass 
/balancer-manager2 !" (and changed rest of file 'accordingly') and still fails.

So, I kindly ask:
Is it necesary to change something? (version? config?)
Is this behaviour expected / to be changed?
Which task should I accomplish to solve this is issue (if possible)?
Does anybody have seen it working?

Thanks in advance for any help you can provide.






  Yahoo! Cocina
Recetas prácticas y comida saludable
http://ar.mujer.yahoo.com/cocina/

-----
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



Re: [us...@httpd] Mod_rewrite and mod_proxy_balancer

2009-05-20 Thread mboxdario-apache

sorry for asking...
I do not understand why you use rewrite...

I would use "Location" or "ProxyPass" directive.
Simpler... Can not do a test now... but it seems pretty straight forward.



--- El mié 20-may-09, ricardo figueiredo  escribió:

> De: ricardo figueiredo 
> Asunto: Re: [us...@httpd] Mod_rewrite and mod_proxy_balancer
> Para: users@httpd.apache.org
> Fecha: miércoles, 20 de mayo de 2009, 6:00 pm
> Anyone ???
> 
> Or my English isn't good ??
> 
> Ricardo
> 
> On Wed, May 20, 2009 at 3:13 PM,
> ricardo13 
> wrote:
> 
> 
> 
> Hi all,
> 
> 
> 
> I have a web cluster with 6 machines. Three machines serve
> only clients
> 
> (class 1) and others serve only normal users (class 2).
> 
> I use apache with modules mod_rewrite and
> mod_proxy_balancer.
> 
> 
> 
> Use mod_rewrite to classify (between class1 and class2)
> incoming requests
> 
> and mod_proxy_balancer forward request to the cluster
> (class1 or class2).
> 
> 
> 
> Now, When I type in browser, for example "http://localhost/1";, the
> cluster A
> 
> serve my request and when I type "http://localhost/2";, the
> cluster B serve
> 
> my request.
> 
> 
> 
> Now, I would like to know how I drop a request when come
> with other type
> 
> user ?? For example, "http://localhost/3";
> 
> 
> 
> I tried this, but doesn't work.
> 
> 
> 
> My httpd.conf:
> 
> 
> 
> 
> 
>         RewriteEngine on
> 
>         RewriteLog /usr/local/apache2/logs/rewrite_log
> 
>         RewriteLogLevel 5
> 
> 
> 
>         RewriteLock /usr/local/apache2/logs/file.lock
> 
>         RewriteMap prgmap
> prg:/usr/local/apache2/admControl
> 
> 
> 
>         RewriteCond ${prgmap:$1} ^/bad_url$
> 
>         RewriteRule /bad_url - [F]
> 
>         RewriteRule ^/(.*) balancer:/${prgmap:$1} [P]
> 
> 
> 
> 
> 
> 
> 
> 
> 
>         BalancerMember http://192.168.1.11
> 
>         BalancerMember http://192.168.1.12
> 
>         BalancerMember http://192.168.1.13
> 
> 
> 
> 
> 
> 
> 
>         BalancerMember http://192.168.1.14
> 
>         BalancerMember http://192.168.1.15
> 
>         BalancerMember http://192.168.1.16
> 
> 
> 
> 
> 
> My admControl:
> 
> #include 
> 
> #include 
> 
> 
> 
> int main(int argc,char *argv[]) {
> 
> 
> 
>  char input;
> 
>  int  id;
> 
> 
> 
>  while(1) {
> 
>    fscanf(stdin, "%d", &id);
> 
> 
> 
>    switch(id) {
> 
>      case 1: fprintf(stdout, "/class1");
> break;
> 
>      case 2: fprintf(stdout, "/class2");
> break;
> 
>      case default: fprintf(stdout, "/bad_url");
> break;
> 
>    }
> 
>    fprintf(stdout, "\n");
> 
>    fflush(stdout);
> 
>  }
> 
>  return EXIT_SUCCESS;
> 
> }
> 
> 
> 
> Remember, How I drop a request from
> "http:localhost/3" ???
> 
> 
> 
> Thank you
> 
> Ricardo
> 
> 
> 
> 
> 
> 
> 
> --
> 
> View this message in context: 
> http://www.nabble.com/Mod_rewrite-and-mod_proxy_balancer-tp23640723p23640723.html
> 
> 
> Sent from the Apache HTTP Server - Users mailing list
> archive at Nabble.com.
> 
> 
> 
> 
> 
> -
> 
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> 
> See http://httpd.apache.org/userslist.html>
> for more info.
> 
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> 
>    "   from the digest: users-digest-unsubscr...@httpd.apache.org
> 
> For additional commands, e-mail: users-h...@httpd.apache.org
> 
> 
> 
> 
> 
> 
> -- 
> Muito Obrigado
> 
> Ricardo
> 
> 


  

¡Viví la mejor experiencia en la web!
Descargá gratis el nuevo Internet Explorer 8
http://downloads.yahoo.com/ieak8/?l=ar

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



Re: [us...@httpd] apache 2.2.3, virtual host and balancer manager. Only one balancer can be monitored

2009-05-20 Thread mboxdario-apache

I have read doc again, and after testing a little I think I should move 
"Location" directive to a different file (outside vh definition), in order to 
make "sense", but results are the same...

Thank you again.


--- El mié 20-may-09, mboxdario-apa...@yahoo.com.ar 
 escribió:

> De: mboxdario-apa...@yahoo.com.ar 
> Asunto: [us...@httpd] apache 2.2.3, virtual host and balancer manager. Only 
> one balancer can be monitored
> Para: users@httpd.apache.org
> Fecha: miércoles, 20 de mayo de 2009, 6:13 pm
> 
> We have configured an apache http server instance to serve
> as load balancer between 3 aplications and 6 tomcat nodes,
> each application served by 2 nodes each, using virtual host
> and mod_proxy_balancer.
> 
> This is the file which we use to set the first applicacion
> "A" to be served by nodes sftomcat02 and sftomcat05.
> (conf.d/vh_a_tramix.conf)
> 
> Everything works as expected until this point:
> - request are directed to the vh according to the url. 
> - request are balanced between tomcat nodes, session
> aware.
> - if a node goes down, after a while, request are
> redirected to the surviving node 
> 
> But balancer shows only a balancer (the first one to be
> read?)
> 
> vh_a_tramix.conf follows:
> 
>     ServerAdmin anotherguy
>     DocumentRoot "/var/www/html"
>     ServerName www.a.ar
>     ErrorLog logs/www.a.ar-error_log
>     CustomLog logs/www.a.ar-error_log-access_log common
> 
>     ProxyRequests off
> 
>     
>      Order deny,allow
>      Allow from all
>     
> 
>     ProxyPass /balancer-manager !
>     ProxyPass / balancer://a/
>     #ProxyPassReverse / balancer://a/
>     
>      BalancerMember ajp://sftomcat02:8029 route=tts2
>      #BalancerMember ajp://sftomcat05:8059 route=tts5
>     
>     ProxySet balancer://a stickysession=JSESSIONID 
> nofailover=Off
> 
>   
>           SetHandler balancer-manager
>           Order deny,allow
>           Allow from all
>    
> 
> 
> 
> similar vh are configured (say vh_b_tramix.conf and
> vh_c_tramix.conf)
> but request to balancer-manager on this virtual hosts fails
> (tomcat node responds, so... is not trapped even by the
> "ProxyPass /balancer-manager !" directive).
> 
> I have tried to change "ProxyPass /balancer-manager !"
> to  "ProxyPass /balancer-manager2 !" (and changed rest
> of file 'accordingly') and still fails.
> 
> So, I kindly ask:
> Is it necesary to change something? (version? config?)
> Is this behaviour expected / to be changed?
> Which task should I accomplish to solve this is issue (if
> possible)?
> Does anybody have seen it working?
> 
> Thanks in advance for any help you can provide.
> 
> 
> 
> 
> 
> 
>       Yahoo! Cocina
> Recetas prácticas y comida saludable
> http://ar.mujer.yahoo.com/cocina/
> 
> -
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See http://httpd.apache.org/userslist.html> for more
> info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>    "   from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
> 
> 


  Yahoo! Cocina
Recetas prácticas y comida saludable
http://ar.mujer.yahoo.com/cocina/

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



Re: [us...@httpd] apache 2.2.3, virtual host and balancer manager. Only one balancer can be monitored

2009-05-20 Thread mboxdario-apache

Well... it didnt worked, because i didn't rebooted httpd, but balancer-manager 
now is working for all vh sites.

It has to be defined globally (probably the location /balancer-manager 
directive which can not have scheme or server name), outside virtual host 
definition.

Sorry for the noise.

Greetings.

--- El mié 20-may-09, mboxdario-apa...@yahoo.com.ar 
 escribió:

> De: mboxdario-apa...@yahoo.com.ar 
> Asunto: Re: [us...@httpd] apache 2.2.3, virtual host and balancer manager. 
> Only one balancer can be monitored
> Para: users@httpd.apache.org
> Fecha: miércoles, 20 de mayo de 2009, 7:18 pm
> 
> I have read doc again, and after testing a little I think I
> should move "Location" directive to a different file
> (outside vh definition), in order to make "sense", but
> results are the same...
> 
> Thank you again.
> 
> 
> --- El mié 20-may-09, mboxdario-apa...@yahoo.com.ar
> 
> escribió:
> 
> > De: mboxdario-apa...@yahoo.com.ar
> 
> > Asunto: [us...@httpd] apache 2.2.3, virtual host and
> balancer manager. Only one balancer can be monitored
> > Para: users@httpd.apache.org
> > Fecha: miércoles, 20 de mayo de 2009, 6:13 pm
> > 
> > We have configured an apache http server instance to
> serve
> > as load balancer between 3 aplications and 6 tomcat
> nodes,
> > each application served by 2 nodes each, using virtual
> host
> > and mod_proxy_balancer.
> > 
> > This is the file which we use to set the first
> applicacion
> > "A" to be served by nodes sftomcat02 and sftomcat05.
> > (conf.d/vh_a_tramix.conf)
> > 
> > Everything works as expected until this point:
> > - request are directed to the vh according to the url.
> 
> > - request are balanced between tomcat nodes, session
> > aware.
> > - if a node goes down, after a while, request are
> > redirected to the surviving node 
> > 
> > But balancer shows only a balancer (the first one to
> be
> > read?)
> > 
> > vh_a_tramix.conf follows:
> > 
> >     ServerAdmin anotherguy
> >     DocumentRoot "/var/www/html"
> >     ServerName www.a.ar
> >     ErrorLog logs/www.a.ar-error_log
> >     CustomLog logs/www.a.ar-error_log-access_log
> common
> > 
> >     ProxyRequests off
> > 
> >     
> >      Order deny,allow
> >      Allow from all
> >     
> > 
> >     ProxyPass /balancer-manager !
> >     ProxyPass / balancer://a/
> >     #ProxyPassReverse / balancer://a/
> >     
> >      BalancerMember ajp://sftomcat02:8029
> route=tts2
> >      #BalancerMember ajp://sftomcat05:8059
> route=tts5
> >     
> >     ProxySet balancer://a
> stickysession=JSESSIONID 
> > nofailover=Off
> > 
> >   
> >           SetHandler balancer-manager
> >           Order deny,allow
> >           Allow from all
> >    
> > 
> > 
> > 
> > similar vh are configured (say vh_b_tramix.conf and
> > vh_c_tramix.conf)
> > but request to balancer-manager on this virtual hosts
> fails
> > (tomcat node responds, so... is not trapped even by
> the
> > "ProxyPass /balancer-manager !" directive).
> > 
> > I have tried to change "ProxyPass /balancer-manager
> !"
> > to  "ProxyPass /balancer-manager2 !" (and changed
> rest
> > of file 'accordingly') and still fails.
> > 
> > So, I kindly ask:
> > Is it necesary to change something? (version?
> config?)
> > Is this behaviour expected / to be changed?
> > Which task should I accomplish to solve this is issue
> (if
> > possible)?
> > Does anybody have seen it working?
> > 
> > Thanks in advance for any help you can provide.
> > 
> > 
> > 
> > 
> > 
> > 
> >       Yahoo! Cocina
> > Recetas prácticas y comida saludable
> > http://ar.mujer.yahoo.com/cocina/
> > 
> >
> -
> > The official User-To-User support forum of the Apache
> HTTP
> > Server Project.
> > See http://httpd.apache.org/userslist.html> for more
> > info.
> > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> >    "   from the digest: users-digest-unsubscr...@httpd.apache.org
> > For additional commands, e-mail: users-h...@httpd.apache.org
> > 
> > 
> 
> 
>       Yahoo! Cocina
> Recetas prácticas y comida saludable
> http://ar.mujer.yahoo.com/cocina/
> 
> -
> 

Re: [us...@httpd] How do you build a FIPS 140-2 apache ?!?!?!

2009-05-27 Thread mboxdario-apache

Not the best answers.

But it was not a good question neither.

"Can anyone supply the step-by-steps for building apache with FIPS 140-2 
openssl?" is NOT a "good question". There is a guide you should have readed 
before, about how to ask good questions.

Because the answer is:
"Yes. I'm almost sure somebody can do it."

Community answers are not always right to the point. You are not paying.

The good thing about open source is that now that you know the answer, YOU can 
publish it.

And you should have asked:
subject: building an apache with openssl fips 140-2
"I have made this, this and this. I have problems with THIS. Later I will do 
that other thing. which documentation should I read?

I use 'alfa' linux, with apache version x.y.z, and openssl version H."
"



 El mié 27-may-09, Frank Gingras  escribió:

> De: Frank Gingras 
> Asunto: Re: [us...@httpd] How do you build a FIPS 140-2 apache ?!?!?!
> Para: users@httpd.apache.org
> Fecha: miércoles, 27 de mayo de 2009, 3:51 pm
> Sam,
> 
> Since you're 'theman', I guess we assumed you'd manage on
> your own.
> 
> Seriously, however, no one is forcing you to use this
> software. Go ahead 
> and use commercial software, we won't mind.
> 
> Frank
> 
> Sam theman wrote:
> > I was able to build a FIPS 140-2 apache, thanks to
> nobody at the apache users list. I banged my head against
> the wall for 2 days, and pieced together a lot of confused
> emails... WHY do apache developers not go the extra half
> foot and publish a doc. They will develop code out the
> gazoo, but then not tell anyone HOW to use it and people
> wonder why open source software is gradually being flushed
> down the toliet by the Oracle corp's of the world!!
> >
> >
> >
> >   
> >> From: j.zucker...@gmail.com
> >> Date: Tue, 26 May 2009 19:13:15 -0700
> >> To: users@httpd.apache.org
> >> Subject: Re: [us...@httpd] How do you build a FIPS
> 140-2 apache ?!?!?!
> >>
> >> On Tue, May 26, 2009 at 12:44 PM, Sam theman
> 
> wrote:
> >>     
> >>> Hello,
> >>>
> >>> Can anyone supply the step-by-steps for
> building apache with FIPS 140-2
> >>> openssl?
> >>>
> >>> Sam
> >>>
> >>> 
> >>> Insert movie times and more without leaving
> Hotmail®. See how.
> >>>       
> >> hotmail ads? lol
> >>
> >>
> -
> >> The official User-To-User support forum of the
> Apache HTTP Server Project.
> >> See http://httpd.apache.org/userslist.html> for more
> info.
> >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> >>    "   from the digest:
> users-digest-unsubscr...@httpd.apache.org
> >> For additional commands, e-mail: users-h...@httpd.apache.org
> >>
> >>     
> >
> >
> _
> > Hotmail® goes with you. 
> > http://windowslive.com/Tutorial/Hotmail/Mobile?ocid=TXT_TAGLM_WL_HM_Tutorial_Mobile1_052009
> >   
> 
> 
> 
> -
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See http://httpd.apache.org/userslist.html> for more
> info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>    "   from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
> 
> 


  

¡Viví la mejor experiencia en la web!
Descargá gratis el nuevo Internet Explorer 8
http://downloads.yahoo.com/ieak8/?l=ar

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



Re: [us...@httpd] How can I secure my apache server from DoS attack ?

2009-06-23 Thread Apache Admin
Please Change Following Parameters

Timeout 60
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
MinSpareServers 5
MaxSpareServers 10
StartServers 5
MaxClients 150
MaxRequestsPerChild 4000

Then Kernel settings are like :

tcp_keepalive_time=900
tcp_fin_timeout=30
tcp_max_orphans=16384
tcp_tw_reuse=1
tcp_tw_recycle=1
tcp_rfc1337=1
tcp_no_metrics_save=1
tcp_fin_timeout 60
conf.default.rp_filter=1
tcp_syncookies=1
tcp_synack_retries=3
tcp_syn_retries=3
Regards

Amit Maheshwari
Linux System Administrator
New Del







On Tue, Jun 23, 2009 at 5:55 PM, Neelesh Gurjar  wrote:

> Hi,
> I have a web server which has CentOS Linux 2.6.18-028stab059.6-ent kernel
> and Apache 1.3.37 running on it.
>
> 2 days back I got one script to test DoS attack on website. It is called
> slowloris.pl  from http://ha.ckers.org/slowloris/
>
> I run that script against my server and it worked. It stopped my website
> for some time. That time all other services like SSH were working fine.
>
> Can anybody suggests any configuration changes at Apache and OS/Kernel
> level to prevent from this type of attack ?
>
> Currently I am using following settings:
>
> Timeout 300
> KeepAlive On
> MaxKeepAliveRequests 100
> KeepAliveTimeout 5
> MinSpareServers 5
> MaxSpareServers 10
> StartServers 5
> MaxClients 150
> MaxRequestsPerChild 0
>
> Then Kernel settings are like :
> tcp_keepalive_time 7200
> tcp_keepalive_time 9
> tcp_keepalive_intvl 75
> tcp_syn_retries 5
> tcp_synack_retries 5
> tcp_fin_timeout 60
>
> --
> Regards
> NeeleshG
>
> LINUX is basically a simple operating system, but you have to be a genius
> to understand the simplicity
>


[us...@httpd] Apache dies in Freebsd jail

2009-08-04 Thread apache-user
I know this sounds like a headline, but its true.

I had a disk space problem in the jail, so I reconfigured and restored the 
apache on the new disk size. I then added my other modules that I required from 
ports. I then checked if it all worked, and I got nada- firefox tells me the 
sites valid but the server won't connect.

So far I've tried upping log levels to debug, httpd -X, and running portupgrade 
-fRr apache. All to no avail- I can get no message or hint or idea of why 
apache fails. If I run ps -ax I see httpd -DNOHTTPACCEPT or httpd -X still 
running (apparently), but I can't see any listeners on any ports/interfaces 
with sockstat.

I need some help debugging this- something (ANYTHING!) that will give me a clue 
on what I've missed here. I'd rather not just blow it all away without 
attempting to find out what the hell is behind this.

I'm running a jailed FreeBSD 7.2 and apache-2.2.11_7 built from ports. I've 
built php5-5.2.10, mod_perl2-2.0.4_2,3, and mod_python-3.3.1_2 all from ports 
as well. I've tried the freebsd-questions list, but I haven't got a response or 
seen my message even get through.

Any clues will be much appreciated. My logs aren't giving me anything, only 
that all the modules are all loading ok. I had some ssl cache warnings, but 
they're resolved (I think). I believe it can't bind to the network for some 
reason: I need to find that reason :)

Cheers


 Msg sent via @Mail - http://atmail.com/

-----
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



[us...@httpd] [solved] Re: [us...@httpd] Apache dies in Freebsd jail

2009-08-05 Thread apache-user
>From out of left field with a little inspiration:

I hazarded a look at the host log files and found I was getting exited on sig 
11 errors from httpd- even though ps was still showing it as running in the 
jail.

So a google search now showed up some more possible causes; most of those 
surrounding mods. In particular php was common with extensions causing a lot of 
failures.

I now had something to work with. I commented out all the extensions in 
php/extensions.ini and restarted apache: Its alive! I then tried to work out 
why- I suspected memory, but more googling found reordering of the extensions 
to help, but which ones? I went through one by one each of the extensions to 
find a culprit or space problem (actually got impatient and by the end tried 4 
at a time) and found 4 which seemed similar and did cause a failure.

I commented out different combinations and finally hit on the spl extension; 
uncommenting all others apache kept going, so here was my culprit. Googled some 
more, and couldn't find a reason why it would be hurting. So I ran php -v on 
the cli and got a seg fault with spl, I ran gdb php -v and got a different 
error which had to be deciphered (something to do with misc.c), but if spl was 
not available mysql and others whinged.

More googling... tried apache php5 spl seg fault and got an obscure reference: 
spl was not the problem at all! I had in my endeavours to resolve this issue 
put the spl extension at the beginning of the extensions.ini file, apparently 
the recode extension can cause conflicts because the mysql and imap extension 
want it, and recode is not available until later in the extensions.ini- put 
recode at the beginning and presto! Finally everybody's happy... :)

Sorry to waste electrons (so to speak), but I figured someone might have a 
similar issue and I'm hoping this will point them in the right direction sooner 
rather than hours of endless searching for something they're not sure they're 
searching for. I've also given my workings in the resolution to save 
"maybe/maybe not the same kind of problem". The spl/recode extension issue is 
rather obscure, the majority of references only point to reordering of 
extensions but don't say which ones.

BTW: why didn't I think of the php mod first? I was sure I had php and apache 
working fine before- I just hadn't installed all of the extensions due to 
space... :) Such is life...

Cheers




On Wed  5/08/09  2:02 PM , apache-u...@herveybayaustralia.com.au wrote:

> I know this sounds like a headline, but its true.
> I had a disk space problem in the jail, so I reconfigured and
> restored the apache on the new disk size. I then added my other
> modules that I required from ports. I then checked if it all worked,
> and I got nada- firefox tells me the sites valid but the server won't
> connect.
> So far I've tried upping log levels to debug, httpd -X, and running
> portupgrade -fRr apache. All to no avail- I can get no message or hint
> or idea of why apache fails. If I run ps -ax I see httpd
> -DNOHTTPACCEPT or httpd -X still running (apparently), but I can't see
> any listeners on any ports/interfaces with sockstat.
> I need some help debugging this- something (ANYTHING!) that will
> give me a clue on what I've missed here. I'd rather not just blow it
> all away without attempting to find out what the hell is behind this.
> I'm running a jailed FreeBSD 7.2 and apache-2.2.11_7 built from
> ports. I've built php5-5.2.10, mod_perl2-2.0.4_2,3, and
> mod_python-3.3.1_2 all from ports as well. I've tried the
> freebsd-questions list, but I haven't got a response or seen my
> message even get through.
> Any clues will be much appreciated. My logs aren't giving me
> anything, only that all the modules are all loading ok. I had some ssl
> cache warnings, but they're resolved (I think). I believe it can't
> bind to the network for some reason: I need to find that reason.... :)
> Cheers
>  Msg sent via @Mail - http://atmail.com/
> 
> -
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See  for more info.
> To unsubscribe, e-mail: 
> "   from the digest: 
> For additional commands, e-mail: 
> 
> 
 Msg sent via @Mail - http://atmail.com/

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



Re: [us...@httpd] Specific filesystem for cache

2009-08-06 Thread Apache Admin
Hi


Try JFS or XFS file System can be used for Better i/o Performance in
MOD_DISK_CACHE

JFS: Journaling File System : having better journiling & faster then ext3
XFS: Xtra Large File System  : Read Write Performance Is Much Better

Thanks

Amit Maheshwari



On Thu, Aug 6, 2009 at 1:18 AM, "Fábio Jr."  wrote:

> Hello all.
>
> I'm wondering if someone have a suggestion of what filesystem to use in the
> cache directory used by mod_disk_cache. I'm having some i/o problems, and
> want to choose the right filesystem, since I use a separate partition for
> the cache.
>
> Thanks
>
> []s
>   Fábio Jr.
>
> -----
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>  "   from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>


Re: [us...@httpd] How to set prefer-language from a URL parameter without cookies?

2009-08-20 Thread Apache Admin
Hi,

I Show you an example of access manual from browser . having different
language support


AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br|ru))?(/.*)?$
"/usr/local/apache2/manual$1"


Options Indexes
AllowOverride None
Order allow,deny
Allow from all


SetHandler type-map


SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|pt-br|ru)/
prefer-language=$1
RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|pt-br|ru)){2,}(/.*)?$
/manual/$1$2

LanguagePriority en de es fr ja ko pt-br ru
ForceLanguagePriority Prefer Fallback


It gives u an idea

Amit
http://new-innovation.blogspot.com/








On Tue, Aug 18, 2009 at 2:37 PM, Victor Engmark wrote:

> Hi all,
>
> I'm trying to do language auto-negotiation in .htaccess on version
> 2.0.63, and it mostly works (see code below). The only thing that
> doesn't is the "env=prefer-language:%1" part, and I can't figure out
> why. I tried asking at Stack Overflow
> <
> http://stackoverflow.com/questions/1280220/how-to-use-setenv-with-a-url-parameter
> >,
> but although the answers are good, none of them seem to work. The
> manual <http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html#rewriterule>
> didn't mention any gotchas and Google didn't help, so this is the last
> try before going back to a PHP hack.
>
> # Available languages
> AddLanguage en .en
> AddLanguage fr .fr
> AddLanguage no .no
>
> # Priority (highest first)
> LanguagePriority no en fr
>
> # Fallback to specified language priority if the browser doesn't
> supply any of the supported languages
> ForceLanguagePriority Fallback
>
> # Language auto-negotiation
> Options +MultiViews
>
> # Set cookie when setting language in URL
> RewriteEngine On
> RewriteBase /
> RewriteCond %{QUERY_STRING} (?:^|&)language=(en|fr|no)
> RewriteRule ^(.*)$ $1?
> [cookie=language:%1:.aspaass.no:7200
> :/,env=prefer-language:%1,redirect=permanent]
>
> # Disable caching if the cookie was set
> RewriteCond %{HTTP_COOKIE} language=(.*)
> RewriteRule .* - [env=cookie_language:%1]
> 
>Header append Vary cookie
>Header set Cache-Control "store, no-cache, must-revalidate,
> post-check=0, pre-check=0"
> 
>
> # Set preferred language from cookie if it exists
> SetEnvIf Cookie "language=(.+)" prefer-language=$1
>
> --
> Victor Engmark
>
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>   "   from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>


Re: [us...@httpd] Apache graceful-stop

2009-08-20 Thread Apache Admin
Hi,

when u run graceful-stop , it will work in different manner

Let see  first it kill parent process  if any child process serve
request.. it continue to server, but not accept new request ..new
request handle by new child process ... mean it will take a little bit
time to kill all running  httpd process .

hope got an idea now !

Amit
<http://new-innovation.blogspot.com/>http://new-innovation.blogspot.com/




On Wed, Aug 12, 2009 at 7:52 PM, Mohit Anchlia wrote:

> I installed Apache 2.2.11 and tested graceful-stop. When I run
> graceful-stop I still see all the httpd processes even though there is
> nothing listening on port 80. Those httpd processes stay there even
> though there are no incoming or existing sessions. Is there a bug
> someone knows about or am I doing something wrong?
>
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>   "   from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>


[us...@httpd] how to create payment gateway

2009-08-20 Thread Apache Admin
Hi , users

How to create Payment Gateway by Apache with other Application ...


Thanx in advance

Amit


Re: [us...@httpd] inter module communication

2010-03-11 Thread snmp apache
Hi Edgar,

I am trying to call a function from all modules into one module,
for example if i have the following modules,
A,B,C,D. and X

I want to be able to call a function in module X from A,B,C, and D.
your thoughts?

hash

On Thu, Mar 11, 2010 at 2:13 AM, Edgar Frank  wrote:

> 10/03/10 hashim qaderi
> >Is there an example of how to communicate between apache modules?
> >Any help would be appreciated.
>
> Hi.
>
> The easy way is, communication via request_rec->notes. You have
> to pay attention to the module/hook excution order, but you have
> to do this anyway for your module to function properly.
>
> Another way are request environment variables.
>
> Or you could use optional functions, but that depends heavily
> on what you are trying to achieve. Maybe with a litte more
> detail, we could help you out better.
>
> Regards,
> Edgar
>
> -----
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>   "   from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>


Re: [us...@httpd] inter module communication

2010-03-11 Thread snmp apache
thanks, this looks promising, i will give it a try.

On Thu, Mar 11, 2010 at 10:47 AM, Eric Covener  wrote:

> On Thu, Mar 11, 2010 at 10:01 AM, snmp apache 
> wrote:
> > Hi Edgar,
> >
> > I am trying to call a function from all modules into one module,
> > for example if i have the following modules,
> > A,B,C,D. and X
> >
> > I want to be able to call a function in module X from A,B,C, and D.
> > your thoughts?
>
> See the optional functions various modules export/import in the base
> server (mod_ldap, mod_ssl provide optional functions)
>
> --
> Eric Covener
> cove...@gmail.com
>
> -----
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>   "   from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>


Re: [EMAIL PROTECTED] Serve static files from Apache 2.2.9 question

2008-10-17 Thread Apache Indian

add a documentroot for your static files in your configuration, something
like :

DocumentRoot "C:/Program Files/Apache Software Foundation/Tomcat
6.0/webapps/"


David Williams-15 wrote:
> 
> Hello All,
> 
> I'm trying to set up Apache 2.2.9 web server on Windows to front, in this
> case, a Tomcat environment.  What I would like to do is direct certain
> file
> types, for example .css files, to Apache and proxy the rest to Tomcat. 
> I've
> got Apache proxing all but the .css files using the following.
> 
> ProxyRequests Off
> 
> 
> Order deny,allow
> Allow from all
> 
> 
> ProxyPassMatch ^(/.*\.css)$ !
> 
> ProxyPass /myapp http://example.com:port/myapp
> ProxyPassReverse /myapp http://example.com:port/myapp
> 
> Now what I need to do is direct the .css files to Apache and that's where
> I'm not sure what to do next.  Does anyone have any suggestions?
> 
> Thanks for your help,
> 
> David
> 
> 

-- 
View this message in context: 
http://www.nabble.com/Serve-static-files-from-Apache-2.2.9-question-tp19850061p20042560.html
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.


-----
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[EMAIL PROTECTED] httpd-2.2.0 on FreeBSD 6 working... one small message, though

2005-12-07 Thread Joe Apache
ok I remove all traces of APR and it works!  Now I have this message:

[Wed Dec 07 12:37:09 2005] [warn] (2)No such file or directory: Failed
to enable the 'httpready' Accept Filter

Any ideas?

Thanks for all you help,
J


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[EMAIL PROTECTED] Compiling Modules on Apache-2.2.0

2005-12-08 Thread Joe Apache
Hello,

I've tried to compile some modules on Apache-2.2.0 with little success. 
For example, here is the error message for mod_fastcgi:

mod_fastcgi.c: In function `init_module':
mod_fastcgi.c:271: error: `ap_null_cleanup' undeclared (first use in
this function)
mod_fastcgi.c:271: error: (Each undeclared identifier is reported only once
mod_fastcgi.c:271: error: for each function it appears in.)
mod_fastcgi.c: In function `process_headers':
mod_fastcgi.c:726: warning: return makes pointer from integer without a cast
mod_fastcgi.c:730: warning: assignment makes pointer from integer
without a cast
mod_fastcgi.c:740: warning: assignment makes pointer from integer
without a cast
mod_fastcgi.c:769: warning: initialization makes pointer from integer
without a cast
mod_fastcgi.c:839: warning: return makes pointer from integer without a cast
mod_fastcgi.c:843: warning: return makes pointer from integer without a cast
mod_fastcgi.c: In function `set_uid_n_gid':
mod_fastcgi.c:1023: warning: passing arg 1 of `memcpy' makes pointer
from integer without a cast
mod_fastcgi.c:1025: warning: assignment makes pointer from integer
without a cast
mod_fastcgi.c:1034: warning: assignment makes pointer from integer
without a cast
mod_fastcgi.c:1035: warning: assignment makes pointer from integer
without a cast
mod_fastcgi.c: In function `do_work':
mod_fastcgi.c:2322: error: `ap_null_cleanup' undeclared (first use in
this function)
mod_fastcgi.c: In function `create_fcgi_request':
mod_fastcgi.c:2426: warning: cast to pointer from integer of different size
mod_fastcgi.c:2454: warning: cast to pointer from integer of different size
mod_fastcgi.c:2480: warning: assignment makes pointer from integer
without a cast
mod_fastcgi.c:2493: warning: assignment makes pointer from integer
without a cast
mod_fastcgi.c: In function `apache_is_scriptaliased':
mod_fastcgi.c:2535: warning: initialization makes pointer from integer
without a cast
mod_fastcgi.c: In function `post_process_for_redirects':
mod_fastcgi.c:2560: warning: passing arg 1 of
`ap_internal_redirect_handler' makes pointer from integer without a cast
mod_fastcgi.c: In function `check_user_authentication':
mod_fastcgi.c:2683: warning: assignment makes pointer from integer
without a cast
mod_fastcgi.c:2701: warning: comparison between pointer and integer
mod_fastcgi.c: In function `check_user_authorization':
mod_fastcgi.c:2750: warning: assignment makes pointer from integer
without a cast
mod_fastcgi.c:2766: warning: comparison between pointer and integer
mod_fastcgi.c: In function `check_access':
mod_fastcgi.c:2810: warning: assignment makes pointer from integer
without a cast
mod_fastcgi.c:2827: warning: comparison between pointer and integer
*** Error code 1

What gives?  Has Apache-2.2.0 changed that much from v2.0.x?

Thanks for any pointers.
J

-----
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[EMAIL PROTECTED] trouble mod_fcgid module on Apache-2.2.0

2005-12-15 Thread Joe Apache
Nick Kew wrote:
> On Thursday 08 December 2005 21:05, Joe Apache wrote:
>   
>> Hello,
>>
>> I've tried to compile some modules on Apache-2.2.0 with little success.
>> 
>
> I've compiled lots of modules on it.  Most of them were originally written
> for 2.0.
>   
Hey httpd users,

this is sort of the wrong place for this... but I know that Nick Krew
provided a patch for mod_fcgid on Apache-2.1.x.  I'm trying to compile
it for 2.2.0 and getting this error:

rch/unix/fcgid_proc_unix.c: In function 'ap_unix_create_privileged_process':
arch/unix/fcgid_proc_unix.c:81: error: 'SUEXEC_BIN' undeclared (first
use in this function)
arch/unix/fcgid_proc_unix.c:81: error: (Each undeclared identifier is
reported only once
arch/unix/fcgid_proc_unix.c:81: error: for each function it appears in.)
make: *** [fcgid_proc_unix.slo] Error 1

I contacted the programmer with no luck...  any ideas?

Thanks,
J


-----
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[EMAIL PROTECTED] Apache 2.2.2 error with FreeBSD 6.1

2006-06-22 Thread Joe Apache
Good Day,

I have a strange problem, I've just compiled httpd-2.2.2 on FreeBSD
6.1.  When I try to start it up I get this message:

Assertion failed: (lu->lu_myreq->lr_owner == lu), function
_lock_acquire, file /usr/src/lib/libpthread/sys/lock.c, line 171.
Abort trap (core dumped)

I think the problem lies with the fact httpd is linked to libpthreads
twice.  Here is the ldd of httpd:

libm.so.4 => /lib/libm.so.4 (0x280b7000)
libpcre.so.0 => /usr/local/lib/libpcre.so.0 (0x280cd000)
libaprutil-1.so.2 => /usr/local/lib/libaprutil-1.so.2 (0x280ec000)
libgdbm.so.3 => /usr/local/lib/libgdbm.so.3 (0x28101000)
libdb4.so.0 => /usr/local/lib/libdb4.so.0 (0x28107000)
libpq.so.4 => /usr/local/pgsql/lib/libpq.so.4 (0x2818d000)
libexpat.so.5 => /usr/local/lib/libexpat.so.5 (0x281a7000)
libapr-1.so.2 => /usr/local/lib/libapr-1.so.2 (0x281c8000)
libcrypt.so.3 => /lib/libcrypt.so.3 (0x281e8000)
libpthread.so.20 => /usr/local/lib/libpthread.so.20 (0x2820)
libc.so.6 => /lib/libc.so.6 (0x28218000)
libssl.so.4 => /usr/lib/libssl.so.4 (0x282ef000)
libcrypto.so.4 => /lib/libcrypto.so.4 (0x2831d000)
libpthread.so.2 => /usr/lib/libpthread.so.2 (0x2840f000)

I figure to ask here as some of you use FreeBSD.  Any suggestions or
ideas are welcome. I don't know why it's linked to libpthread twice.

Thanks,
J


-----
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[EMAIL PROTECTED] No remote user in LOG file in CGI (HTTP Authentification)

2007-08-03 Thread apache . org

Hello,

According to my previous post on the bug track:
http://issues.apache.org/bugzilla/show_bug.cgi?id=43018

This is a script in PHP that is called by the a CGI handler in Apache. HTTP
Authentification.

In a normal Apache module environnement, a HTTP Authentification is 
called and

we can see on the log of Apache :
IP - USER - [DATETIME] "GET / HTTP/1.1" 200 SIZE "REFERER" "AGENT"

Meanwhile, in a CGI environnement, Apache call a CGI script, in my 
exemple PHP

and pass him variables.
So in order of compatibility to pass the authentification to the PHP 
script, we

have to set a .htaccess where :
RewriteEngine on
RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L 
]


So with it in environnement variables we can see :
[REDIRECT_REMOTE_USER] => Basic dGl0aTp0b3Rv
[REDIRECT_STATUS] => 200
where dGl0aTp0b3Rv is corresponding to user:password titi:toto (base64)

Of course, with network analyzer, we can see that the browser send to 
the Apache

serveur in HTTP headers :
Authorization: Basic dGl0aTp0b3Rv
(our titi:toto)

In this cas, Apache log don't indicate the user :
IP - - - [DATETIME] "GET / HTTP/1.1" 200 SIZE "REFERER" "AGENT"

Ok, the use of PHP is independant of Apache log writes but if browser send
Authorization: Basic dGl0aTp0b3Rv in a module Apache or CGI Apache 
(PHP), why

Apache, that see the basic, don't write the remote_user in the log ?

In normal environnement, whithout CGI, handler ..., the browser send the 
same

request and the log indicate the USER.

According to the track response, I've replaced the %u to %LogFormat directive but the user authentified still no appear

in the log :
IP - - - [DATETIME] "GET / HTTP/1.1" 200 SIZE "REFERER" "AGENT"


Has anyone the same problem or a soltion ?


Thank you for any help.




-----
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [EMAIL PROTECTED] No remote user in LOG file in CGI (HTTP Authentification)

2007-08-03 Thread apache . org

Hi,

Authentification is configured by PHP, it send to the browser required 
headers in order to provide authentification :

header("WWW-Authenticate: Basic realm=\"Realm\"");
header("HTTP/1.0 401 Unauthorized");

For the CGI, it is called in Apache CONF as following :
AddHandler cgi-php5 .php5 .php
Action cgi-php5 /php5/php5-cgi
SuexecUserGroup  users

where /php5/php5-cgi is the executable compiled CGI PHP and 
 is an non privilegied user of the unix system.

So the PHP (CGI) script is executed with  privilege.

The authentification mechanism is OK, I login in the CGI script 
perfectly with credential titi:toto but logs'apache don't indicate titi 
as %

Thanks,


Joshua Slive a écrit :

On 8/3/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
  

Hello,

According to my previous post on the bug track:
http://issues.apache.org/bugzilla/show_bug.cgi?id=43018

This is a script in PHP that is called by the a CGI handler in Apache. HTTP
Authentification.



Your problem is very hard to decipher.

Exactly how is authentication configured, and exactly how is your CGI called?

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
  



-----
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[EMAIL PROTECTED] doubts on jsp requirements

2005-09-05 Thread liobod apache
Hello world, 

I've doubts on few things to use jSP/jsl in my environment
jboss-3.2.2/tomcat41 Hope some of you can help me to make it
clearer...

I think my environment was JSP 1.1 compliant. Is that true? 

I don't see those files in my jboss directory (even in
jakarta-tomcat-4.1.31 standard distrib) ...

I suppose that should be considered as normal. The point is where
should i found standard.jar and jstl.jar (in order to get my tld
files)?

On my mind if my env is JSP1.1 compliant, it should integrates these
libs and i wouldn't have to insert them my my war ...

Where am i wrong ?

thx,

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[EMAIL PROTECTED] Creating a Catch-Everything Catch-All

2005-10-17 Thread apache . org
Please forgive my lack of clue.  I have read the FAQ and googled
ferociously but haven't been able to find a solution, I hope that
someone here can help me.

I would like anybody to be able to point their domains at my nameservers
and for anybody browsing to "thatdomain.com" or "www.thatdomain.com" or
"*.thatdomain.com" or "thatdomain.com/*" to see a default/catch-all PHP
page.

Of course, if someone browses to a domain I have defined I don't want
them to see the catch-all.

>From my research so far, I suspect there is some way to achieve this
using default virtualhosts and I have tried entering various entries
into httpd.conf but, unfortunately, most of the instructions I'm working
from presume more basic knowledge than I have and leave out certain
parts of the entry that are probably obvious to everyone but me.

I would greatly appreciate it if someone could show me exactly what a
comprehensive default virtualhost entry that catches all variations and
subdomains etc should look like, and tell me if there are any other
settings I should also be changing.

Again, sorry if this is all very obvious stuff, I honestly haven't been
able to get my head around it.

Thanks,

Donnacha 

-----
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



RE: [EMAIL PROTECTED] Creating a Catch-Everything Catch-All

2005-10-17 Thread apache . org


Gary, thank you so much for taking the time to answer.

If possible, could you clarify how I should format the _default_
virtualhost entry?

A typical virtualhost entry in my conf looks like this:

---

ServerAlias mydomain.com
ServerAdmin [EMAIL PROTECTED]
DocumentRoot /home/mydomain/public_html
BytesLog domlogs/mydomain.com-bytes_log
ServerName www.mydomain.com

User mydomain
Group mydomain
CustomLog /usr/local/apache/domlogs/mydomain.com combined
ScriptAlias /cgi-bin/ /home/mydomain/public_html/cgi-bin/

---

What parts of that should I alter to create a _default_ virtualhost?

Should I simply replace the "mydomain.com" with "ServerAlias *.*", and
"Servername www.mydomain.com" with "*.*.*"?

Sorry, again, for my lack of clue on this, I really am finding this
bewildering.

Thanks,

Donnacha


On Mon, 17 Oct 2005 13:55:10 -0700, "Gary W. Smith"
<[EMAIL PROTECTED]> said:
> This requires two things.  One, you need to configure DNS to catchall.
> I'm not sure how to do this but search google for bind and all.
> 
> As for the other one, create a vitual site as _default_ and give server
> aliases.  Then if you create a real virtual site you will need to use
> the qualified domain name for it (say ServerAlias jack.thissite.com) in
> the configuration.
> 
> ServerAlias thissite.com
> ServerAlias *.thissite.com
> 
> Then I would just create a 404 rule that points to a single pave and
> remove all of the other content.
> 
> I think that's the easiest way.
> 
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> > Sent: Monday, October 17, 2005 1:25 PM
> > To: users@httpd.apache.org
> > Subject: [EMAIL PROTECTED] Creating a Catch-Everything Catch-All
> > 
> > Please forgive my lack of clue.  I have read the FAQ and googled
> > ferociously but haven't been able to find a solution, I hope that
> > someone here can help me.
> > 
> > I would like anybody to be able to point their domains at my
> nameservers
> > and for anybody browsing to "thatdomain.com" or "www.thatdomain.com"
> or
> > "*.thatdomain.com" or "thatdomain.com/*" to see a default/catch-all
> PHP
> > page.
> > 
> > Of course, if someone browses to a domain I have defined I don't want
> > them to see the catch-all.
> > 
> > From my research so far, I suspect there is some way to achieve this
> > using default virtualhosts and I have tried entering various entries
> > into httpd.conf but, unfortunately, most of the instructions I'm
> working
> > from presume more basic knowledge than I have and leave out certain
> > parts of the entry that are probably obvious to everyone but me.
> > 
> > I would greatly appreciate it if someone could show me exactly what a
> > comprehensive default virtualhost entry that catches all variations
> and
> > subdomains etc should look like, and tell me if there are any other
> > settings I should also be changing.
> > 
> > Again, sorry if this is all very obvious stuff, I honestly haven't
> been
> > able to get my head around it.
> > 
> > Thanks,
> > 
> > Donnacha
> > 
> > -
> > The official User-To-User support forum of the Apache HTTP Server
> Project.
> > See http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> >"   from the digest: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> 
> 
> -----
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [EMAIL PROTECTED] Redirecting limit for this URL exceeded.

2005-10-17 Thread apache . org

Joshua, thanks a lot.

I created an entry in that form and restarted Apache but, unfortunately,
it doesn't seem to work.

Here is what I exactly entered:

---

 ServerName cvfx.com
 Redirect / http://www.cvfx.com/
 
---

... and the existing entry for cvfx is as follows:

---

ServerAlias www.cvfx.com
ServerAdmin [EMAIL PROTECTED]
DocumentRoot /home/cvfx/public_html
BytesLog domlogs/cvfx.com-bytes_log
ServerName www.cvfx.com

User cvfx
Group cvfx
CustomLog /usr/local/apache/domlogs/cvfx.com combined
ScriptAlias /cgi-bin/ /home/cvfx/public_html/cgi-bin/

---

To test it, I browsed to docmo.com which is pointed to my nameservers,
ns1.cvfx.com and ns2.cvfx.com, but which has not been entered as a
virtualhost entry on this server.

Unfortunately, both "docmo.com" and "www.docmo.com" resulted in a Site
Not Found error. 

One question I have about doing this as a redirect is, will this remove
my PHP page's ability to know what domain the user originally wanted? 
That's a pretty important part of the service I want to offer.

I very much appreciate your help, thank you.

Donnacha



On Mon, 17 Oct 2005 17:54:04 -0400, "Joshua Slive" <[EMAIL PROTECTED]>
said:
> On 10/17/05, Mukarram Syed <[EMAIL PROTECTED]> wrote:
> > 
> > ServerName esalton.com
> > ServerAlias www.esalton.com
> > Redirect / http://www.esalton.com/
> > 
> 
> This is our second redirect-loop question today.  This is a
> redirection loop because the redirected URL hits the same Redirect as
> the original URL.  You want.
> 
>  
>  ServerName esalton.com
>  Redirect / http://www.esalton.com/
>  
> 
> 
>   ServerAlias www.esalton.com
>  DocumentRoot ...
> 
> 
> Joshua.
> 
> -
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[EMAIL PROTECTED] Compile httpd-2.2.0 on FreeBSD 6

2005-12-06 Thread Joe Apache
Hello,

I'm having problem compiling httpd-2.2.0 on FreeBSD 6 versions i386 and
amd64.  The errors are has follows:

server/.libs/libmain.a(exports.o)(.data+0xae0): undefined reference to
`apr_memcache_stats'
server/.libs/libmain.a(exports.o)(.data+0xae8): undefined reference to
`apr_memcache_version'
server/.libs/libmain.a(exports.o)(.data+0xaf0): undefined reference to
`apr_memcache_decr'
server/.libs/libmain.a(exports.o)(.data+0xaf8): undefined reference to
`apr_memcache_incr'
server/.libs/libmain.a(exports.o)(.data+0xb00): undefined reference to
`apr_memcache_delete'
server/.libs/libmain.a(exports.o)(.data+0xb08): undefined reference to
`apr_memcache_replace'
server/.libs/libmain.a(exports.o)(.data+0xb10): undefined reference to
`apr_memcache_add'
server/.libs/libmain.a(exports.o)(.data+0xb18): undefined reference to
`apr_memcache_set'
server/.libs/libmain.a(exports.o)(.data+0xb20): undefined reference to
`apr_memcache_getp'
server/.libs/libmain.a(exports.o)(.data+0xb28): undefined reference to
`apr_memcache_create'
server/.libs/libmain.a(exports.o)(.data+0xb30): undefined reference to
`apr_memcache_server_create'
server/.libs/libmain.a(exports.o)(.data+0xb38): undefined reference to
`apr_memcache_disable_server'
server/.libs/libmain.a(exports.o)(.data+0xb40): undefined reference to
`apr_memcache_enable_server'
server/.libs/libmain.a(exports.o)(.data+0xb48): undefined reference to
`apr_memcache_find_server'
server/.libs/libmain.a(exports.o)(.data+0xb50): undefined reference to
`apr_memcache_add_server'
server/.libs/libmain.a(exports.o)(.data+0xb58): undefined reference to
`apr_memcache_find_server_hash'
server/.libs/libmain.a(exports.o)(.data+0xb60): undefined reference to
`apr_memcache_hash'
server/.libs/libmain.a(exports.o)(.data+0xbb8): undefined reference to
`apr_md4_set_xlate'
*** Error code 1

Anyone have httpd-2.2.0 install on FreeBSD 6... any pointers are
appreciated.

Thanks,
J


-----
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [EMAIL PROTECTED] Compile httpd-2.2.0 on FreeBSD 6

2005-12-06 Thread Joe Apache

>> server/.libs/libmain.a(exports.o)(.data+0xae0): undefined reference to
>> `apr_memcache_stats'
>> 
>
> Where did you get your version of apr from? The bundled version doesn't
> include apr_memcache.
>
>   
I installed apr-1.2.2 from the apache.org.  I wasn't able to ./configure
it (APR version was 0.9.7 it said)

Is that the problem you think?

J

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [EMAIL PROTECTED] Compile httpd-2.2.0 on FreeBSD 6

2005-12-07 Thread Joe Apache
I downloaded and installed APR from apache.org
http://apr.apache.org. Source apr-1.2.2.tar.gz  How do I disable this?

J

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[EMAIL PROTECTED] Apache 2.2 MPM Worker Virtual Memory Usage

2007-10-18 Thread Apache User


There appears to be a significant difference between Apache 2.2 MPM 
Worker and MPM Perfork virtual memory usage. As well as between Apache 
2.2 MPM Worker and Apache 1.3 virtual memory usage. This can become an 
issue in a VPS (virtual private server) environment where resources are 
more constrained.


I am seeing 280MB vs 5.8MB of VM usage per process. You could argue that 
worker is supposed to use more virtual memory, as running multiple 
threads per process it actually uses less. But, that is not the case. 
Total VPS privvmpages is 2.1GB vs 358MB. What is really interesting here 
is why is it so much higher. You would expect some increase but it looks 
like most (if not all) of the virtual memory of each of the 7 worker 
processes is not shared. 7 * 280MB = 2GB. Which means it can't be code. 
I don't see how it could be this much code anyway. So then what is it? 
(Conversely most of the 2.2 perfork virtual memory is shared code. 150 * 
5.8MB = 850MB,which is more than 358MB for the entire VPS.) Is the code 
building some kind of large local process database? Anyway to turn it off?


Note I do have PHP or any other programmatic modules loaded. See below 
for configure info.


Thanks...


#
# Apache 2.2 Worker Thread Memory Usage
#

# Process data.
599 28344 28338  20   0  5772 1772 -  S?  0:00 
/usr/local/apache/bin/httpd -k start -DSSL
599 28347 28338  20   0 282496 2020 pipe_w Sl  ?  0:00 
/usr/local/apache/bin/httpd -k start -DSSL
599 28349 28338  22   0 282496 2020 pipe_w Sl  ?  0:00 
/usr/local/apache/bin/httpd -k start -DSSL
599 28351 28338  22   0 282496 2020 pipe_w Sl  ?  0:00 
/usr/local/apache/bin/httpd -k start -DSSL
599 28352 28338  22   0 282496 2020 pipe_w Sl  ?  0:00 
/usr/local/apache/bin/httpd -k start -DSSL
599 28360 28338  20   0 282496 2020 pipe_w Sl  ?  0:00 
/usr/local/apache/bin/httpd -k start -DSSL
599 30684 28338  15   0 282496 2020 pipe_w Sl  ?  0:00 
/usr/local/apache/bin/httpd -k start -DSSL
5 0 28338 1  16   0  5868 2468 -  Ss   ?  0:00 
/usr/local/apache/bin/httpd -k start -DSSL
599 28345 28338  20   0 282632 2660 pipe_w Sl  ?  0:00 
/usr/local/apache/bin/httpd -k start -DSSL


# Vpsstat data.
+--+++++--+
| Resource |Current | Recent Max |Barrier |  Limit | 
Failures |

+--+++++--+
Primary Parameters
+--+++++--+
| all memory   |   157.0 MB |n/a |  1024.0 MB |n/a 
|  n/a |
| vmguarpages  |n/a |n/a |   256.0 MB |n/a 
|0 |
| oomguarpages |   146.4 MB |   146.5 MB |n/a |n/a 
|0 |
| privvmpages  | 2.1 GB | 2.1 GB |n/a |n/a 
|0 |
| physpages|   146.4 MB |   146.5 MB |n/a |n/a 
|0 |

+--+++++--+
Secondary Parameters
+--+++++--+
| kmemsize | 9.8 MB | 9.9 MB | 2.0 GB | 2.0 GB 
|0 |
| tcpsndbuf|   423.6 kB |   423.6 kB | 2.0 GB | 2.0 GB 
|0 |
| tcprcvbuf|   562.2 kB |   562.2 kB | 2.0 GB | 2.0 GB 
|0 |
| othersockbuf |94.4 kB |94.4 kB | 2.0 GB | 2.0 GB 
|0 |
| dgramrcvbuf  |   0  B |   0  B | 2.0 GB | 2.0 GB 
|0 |
| shmpages | 5.2 MB | 5.2 MB |n/a |n/a 
|0 |
| lockedpages  |   0  B |   0  B |n/a |n/a 
|0 |

+--+++++--+
Auxiliary Parameters
+--+++++--+
| numproc  |271 |272 |n/a |400 
|0 |
| numtcpsock   | 35 | 35 |n/a |500 
|0 |
| numothersock | 70 | 70 |n/a |500 
|0 |
| numfile  |   5663 |   5680 |n/a |   8192 
|0 |
| numflock |  9 |  9 |200 |220 
|0 |
| numpty   |  2 |  2 |n/a | 64 
|0 |
| numiptent| 75 | 75 |n/a |500 
|0 |

+--+++++--+

# Configure options.
CFLAGS/CPPFLAGS = -pipe -Os -march=pentium4

   ./configure
   --enable-deflate
   --enable-expires
   --enable-headers
   --enable-imagemap
   --enable-logio
   --enable-nonportable-atomics=yes
 

[EMAIL PROTECTED] Roadmap for Apache HTTP 2.0 and/or 2.2

2008-04-16 Thread Apache Support

Hello,

I have been asked to evaluate the life cycle contingencies for our apache 
servers.
So far I have been unable to find something like a roadmap to see how future 
releases are planned for the different branches.
Is there such a thing ? I am especially interested in how long the branches are 
likely to stay supported with bugfixes etc.

Thanks for any hints
Christian

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[EMAIL PROTECTED] Apache 2.0 support for huge files (>2 GB) on 64 bit platform

2008-06-24 Thread apache . service

Hi,

my current state of information is that to allow serving such huge files 
on a 32 bit system I need to:

- set compile time flags "D_LARGEFILE_SOURCE" AND "-D_FILE_OFFSET_BITS=64"
- set LimitRequestBody to a high enough value

Are the compile switches necessary on a 64 bit platform as well?

Thanks for any help.
Christian

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[EMAIL PROTECTED] http response without parsing the header

2008-07-02 Thread apache a
 does apache have a feature, where a response is given without parsing the
header at all.

also, if there is header parsing, which module should i check

aa9160


[EMAIL PROTECTED] RewriteMap with Java

2008-07-15 Thread Anazys - Apache

Hi all,

I try tu use a RewriteMap to rewrite dynamically urls on MacOS 10.5  
Leopard Server. The code is really simple in the http.conf file :


RewriteMapmymap   prg:/path/to/map.class
RewriteRule   ^/path/(.*)$  /path/page?${mymap:$1}

But when I launch Apache, I have this message in error log :
	[Mon Jul 14 15:47:43 2008] [error] (86)Bad CPU type in executable:  
exec of '/etc/apache2/Main.class' failed


Anybody knows what could be the problem ?
Is it possible tu use a Java file for RewriteMap ?

Thanks for your help
Cedric.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [EMAIL PROTECTED] RewriteMap with Java & RewriteLock

2008-07-16 Thread Anazys - Apache
Thanks for your answer. I already try this but when I write this  
script, I don't know how to handle the loop with stdin (in the shell  
script or in the java file ?) :

I try this in the shell :
#!/bin/sh
while read text
do
java -classpath /path/to/java/class/ MainClass
done


But it don't seem to work..

I didn't manage to configure the lock file, could it be the main  
problem ?
I just add "RewriteLock /etc/apache2/myLock.lock" in my http.conf  
file. But apache server simply don't start with that, without any  
error in the log file. I try creating the file or not, with chmod 777.  
But I think I miss something.


Somebody could help ?
Thanks
Cedric

Le 15 juil. 08 à 13:28, Eric Covener a écrit :

On Tue, Jul 15, 2008 at 4:26 AM, Anazys - Apache <[EMAIL PROTECTED]>  
wrote:

Hi all,

I try tu use a RewriteMap to rewrite dynamically urls on MacOS 10.5  
Leopard

Server. The code is really simple in the http.conf file :

  RewriteMapmymap   prg:/path/to/map.class
  RewriteRule   ^/path/(.*)$  /path/page?${mymap:$1}

But when I launch Apache, I have this message in error log :
  [Mon Jul 14 15:47:43 2008] [error] (86)Bad CPU type in  
executable:

exec of '/etc/apache2/Main.class' failed

Anybody knows what could be the problem ?
Is it possible tu use a Java file for RewriteMap ?



You need to write a shell script that launches java class, and use the
script in your Apache config. Class files are not executables.


--
Eric Covener
[EMAIL PROTECTED]

-
The official User-To-User support forum of the Apache HTTP Server  
Project.

See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





-----
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [EMAIL PROTECTED] RewriteMap with Java & RewriteLock

2008-07-16 Thread Anazys - Apache
My Java class read from stdin (System.in), the main problem is the  
loop : with the "while read text", there is an infinite loop.


But when I only write a call from the shell to the java class :
#!/bin/sh
java -classpath /path/to/java/class/ MainClass
It work perfectly the first time but nothing after this first call.  
It's normal because there isn't any loop, but i don't know how to  
write this loop in the shell script.


Thanks for your help Eric.


Le 16 juil. 08 à 15:38, Eric Covener a écrit :

On Wed, Jul 16, 2008 at 3:01 AM, Anazys - Apache <[EMAIL PROTECTED]>  
wrote:
Thanks for your answer. I already try this but when I write this  
script, I
don't know how to handle the loop with stdin (in the shell script  
or in the

java file ?) :
I try this in the shell :
  #!/bin/sh
  while read text
  do
  java -classpath /path/to/java/class/ MainClass
  done



Your java class should read from stdin.

--
Eric Covener
[EMAIL PROTECTED]

-
The official User-To-User support forum of the Apache HTTP Server  
Project.

See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[EMAIL PROTECTED] http header parsing

2008-07-21 Thread apache a
has anyone found a scenarion, wherein based on a condition, the http header
will NOT be parsed at all...

what the steps involved, after an http request reaches the server,


[EMAIL PROTECTED] ACL - access control lists

2008-07-21 Thread apache a
does apache servers use ACLs to check conditions based on the incoming http
request URL, even before the header is parsed?


[EMAIL PROTECTED] mod_deflate/mod_mem_cache issues

2006-07-19 Thread Apache User

Hi,

I have an Apache 2.2.2 setup on a Redhat box. Mod_proxy(mod_proxy_ajp) is 
being used to connect to tomcat on the same machine. Caching is implemented 
using mod_cache(mod_mem_cache). This setup works fine and caching seems to 
be working as expected.


The problem occurs when I try to optimize further by supporting HTML 
compression using mod_deflate. In this case, whenever deflated documents are 
served by the cache the Content-length returned is 0. Is this a known issue 
? Can mod_deflate and mod_mem_cache be used together ? Or is it that 
mod_mem_cache cannot handle compressed content ?


Here's the output from lwp-request( the second one shows the serving up of 
cached content)


[EMAIL PROTECTED] lwp-request -uedsx http://localhost:80/Main.do -H 
Accept-Encoding:gzip,deflate

LWP::UserAgent::new: ()
LWP::UserAgent::request: ()
LWP::UserAgent::send_request: GET http://localhost:80/Main.do
LWP::UserAgent::_need_proxy: Not proxied
LWP::Protocol::http::request: ()
LWP::Protocol::collect: read 670 bytes
LWP::Protocol::collect: read 4096 bytes
LWP::Protocol::collect: read 3002 bytes
LWP::UserAgent::request: Simple response: OK
GET http://localhost:80/Main.do
200 OK
Cache-Control: no-store, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 18 Jul 2006 18:27:35 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 7768
Content-Type: text/html;charset=ISO-8859-1
Expires: Tue, 18 Jul 2006 18:30:37 GMT
Last-Modified: Tue, 18 Jul 2006 18:27:37 GMT
Client-Date: Tue, 18 Jul 2006 18:27:37 GMT
Client-Peer: 127.0.0.1:80
Client-Response-Num: 1

[EMAIL PROTECTED] lwp-request -uedsx http://localhost:80/Main.do -H 
Accept-Encoding:gzip,deflate

LWP::UserAgent::new: ()
LWP::UserAgent::request: ()
LWP::UserAgent::send_request: GET http://localhost:80/Main.do
LWP::UserAgent::_need_proxy: Not proxied
LWP::Protocol::http::request: ()
LWP::UserAgent::request: Simple response: OK
GET http://localhost:80/Main.do
200 OK
Cache-Control: no-store, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 18 Jul 2006 18:28:32 GMT
Age: 56
Server: Apache/2.2.2 (Unix)
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 0
Content-Type: text/html;charset=ISO-8859-1
Expires: Tue, 18 Jul 2006 18:30:37 GMT
Last-Modified: Tue, 18 Jul 2006 18:27:37 GMT
Client-Date: Tue, 18 Jul 2006 18:28:32 GMT
Client-Peer: 127.0.0.1:80
Client-Response-Num: 1

Here's the deflate.log contents
"GET /Main.do HTTP/1.1" 7750/35169 (22%)
"GET /Main.do HTTP/1.1" -/- (-%)

Relevant sections of my httpd.conf:

LoadModule cache_module modules/mod_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so


#
# mod_expires settings
#

ExpiresActive On
ExpiresByType text/css "access plus 1 day"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"


#
# mod_proxy/mod_proxy ajp settings
#

ProxyRequests Off

Order deny,allow
Allow from all

ProxyPass /favicon.ico !
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/


#
# mod_cache/mod_mem_cache settings
#


  CacheEnable mem /
  CacheStoreNoStore On
#   CacheIgnoreCacheControl On
#   CacheIgnoreNoLastMod On
#   CacheMaxExpire 150
  MCacheSize  4096
  MCacheMaxObjectCount 200
  MCacheMinObjectSize 1
  MCacheMaxObjectSize 524288



#
# Worker MPM settings
#

StartServers 1
MaxClients 250
ThreadsPerChild 50
MinSpareThreads 25
MaxSpareThreads 75



 SetOutputFilter DEFLATE
 SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|rar|zip)$ no-gzip

 DeflateFilterNote Input instream
 DeflateFilterNote Output outstream
 DeflateFilterNote Ratio ratio
 LogFormat '"%r" %{outstream}n/%{instream}n (%{ratio}n%%)' deflate
 CustomLog logs/deflate.log deflate

 BrowserMatch ^Mozilla/4 gzip-only-text/html
 BrowserMatch ^Mozilla/4\.0[678] no-gzip
 BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

 
   Header append Vary User-Agent
 


Any insight, suggestions or assistance with this would be very much 
appreciated.  Thank you.


--S

_
Express yourself instantly with MSN Messenger! Download today - it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/



-----
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [EMAIL PROTECTED] mod_deflate/mod_mem_cache issues

2006-07-20 Thread Apache User
Thanks for the help, Joshua. I configured apache to use mod_disk_cache and 
it seems to be working and compressed content is getting served up 
correctly. Guess that means it is a bug in mod_mem_cache ?


I still have to run some tests to check the performance of (caching on disk 
+ compression) vs ( caching in memory) though.



From: "Joshua Slive" <[EMAIL PROTECTED]>
Reply-To: users@httpd.apache.org
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] mod_deflate/mod_mem_cache issues
Date: Wed, 19 Jul 2006 20:01:48 -0400

On 7/19/06, Apache User <[EMAIL PROTECTED]> wrote:

Hi,

I have an Apache 2.2.2 setup on a Redhat box. Mod_proxy(mod_proxy_ajp) is
being used to connect to tomcat on the same machine. Caching is 
implemented

using mod_cache(mod_mem_cache). This setup works fine and caching seems to
be working as expected.

The problem occurs when I try to optimize further by supporting HTML
compression using mod_deflate. In this case, whenever deflated documents 
are
served by the cache the Content-length returned is 0. Is this a known 
issue

? Can mod_deflate and mod_mem_cache be used together ? Or is it that
mod_mem_cache cannot handle compressed content ?


I don't have any specific info on this problem, but I'd highly
recommend using mod_disk_cache in place of mod_mem_cache.  It is
better tested, and will be more performant in most scenarios.

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



_
FREE pop-up blocking with the new MSN Toolbar – get it now! 
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [us...@httpd] The requested URL ....was not found on this server - Scratch my head

2010-04-13 Thread Apache Admin
Hi,

Check

RewriteEngine on


Amit






On Fri, Apr 9, 2010 at 10:04 PM, Wang, Mary Y wrote:

> Hi,
>
> I'm in the process of upgrading to httpd 2.0.46.  I'm getting this error
> when it goes to this URL
> https://devbrass2.ana.bna.boeing.com/projects/ms-tools-charts/ .  The page
> showed as "The requested URL /projects/ms-tools-charts/ was not found on
> this server."   The ssl_error_log showed "File does not exist:
>   /usr/brass/www/projects/ms-tools-charts/, "
>
> I read several blogs and postings, and many people suggested using the
> RewriteEngine directive.  I've never used the rewriteengine directive in the
> previous apache configuration (it worked before).
>
> In the httpd.conf file
> I have defined the following:
>
> ServerName devbrass2.ana.bna.boeing.com:443
>
> DocumentRoot "/usr/brass/www"
>
> # This should be changed to whatever you set DocumentRoot to.
> #
> 
>Options Indexes FollowSymLinks
>AllowOverride All
>Order allow,deny
>Allow from all
> 
>
> I'm running on Redhat.
>
> Any ideas on how I can fix this problem?
>
> Thanks in advance.
>
> Mary
>
>
>
>
>
>
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>   "   from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>


[us...@httpd] mod_authnz_ldap: constructible AuthLDAPBindDN

2010-06-19 Thread apache-ml
I've searched the mod_authnz documentation and also had already a look 
into mod_authnz's sources to find an existing chance to configure some 
kind of variable "bindDN-Pattern" but after reading both I understand 
mod_authnz the way that it is mandatory to either use anonymous bind or 
some kind of "proxy-user bind" (AuthLDAPBindDN) to search for an user's 
DN (e.g. searching for uid/email) to bind to the LDAP server using the 
found DN and the user provided password.


Have I missed something during my readings or is this an unsupported 
feature?


For example apache's tomcat 5.5/6.0 JNDIrealm's configuration already 
does provide a userPattern (please see 
http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JNDIRealm and 
search for "userPattern").


Please let me explain the background why there is a common demand for 
such a mod_authnz feature:
Anonymous and even proxy-user based search request could harm a 
company's restrictive data privacy policies. Therefore some directory 
information tree (DIT) and LDAP server designs offer advanced but very 
easy (for clients like mod_authnz) to implement/use approaches to offer 
the administrator a chance to get rid of the need for proxy-user based 
search but to be able to make an authorization decission directly in 
each user's context.


As searching the user's branch seems not very harmful in regard to 
privacy concerns searching the groups and their memberships is 
definitively more "interesting". In modern directory 
designs/implementations therefore an user's group membership is also 
stored (as the DNs of the groups a distinct user is member of) directly 
in each user's entry where the directory keeps track of the referential 
integrity (which for example is supported by openldap). Thus there is no 
need to expose the groups and their membership in general to any 
service's proxy-user.


Instead, the authorization decision can be made directly using the 
authenticated user's ldap connection as the user has been successfully 
bind to the LDAP server before. Take for example this shortend LDIF 
based user entry:


dn: uid=userA,dc=example,dc=com
uid: userA
memberOf: cn=groupA,dc=example,dc=com
memberOf: cn=groupB,dc=example,dc=com
memberOf: cn=groupC,dc=example,dc=com

IMHO there's no a need to prior search for "(uid=userA)" using a proxy 
user in case the company's default policy is to just permit the uid for 
login (instead of the eMail address for example) and use the user 
provided uid to construct the bindDN which will be bind against the LDAP 
server using the provided password. If the bind was successful the 
user's connection (in this user's context) can be used to *compare* his 
memberOf attribute against the authorized groupDN. Please note that an 
LDAP server that only allows the "compare" operation on the memberOf 
attribute (which can be enforced by LDAP server internal ACLs) will not 
disclose any others of this user's group membership information to the 
service (compare != search and compare != read) which fulfills most 
restrictive privacy policies.



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



Re: [us...@httpd] mod_authnz_ldap: constructible AuthLDAPBindDN

2010-06-19 Thread apache-ml

Eric Covener schrieb:

On Sat, Jun 19, 2010 at 7:48 AM,   wrote:
  

I've searched the mod_authnz documentation and also had already a look into
mod_authnz's sources to find an existing chance to configure some kind of
variable "bindDN-Pattern" but after reading both I understand mod_authnz the
way that it is mandatory to either use anonymous bind or some kind of
"proxy-user bind" (AuthLDAPBindDN) to search for an user's DN (e.g.
searching for uid/email) to bind to the LDAP server using the found DN and
the user provided password.



Look at the trunk documentation, there are a few recently added
directives in this neighborhood.
  
Ahhh that sounds very fine: 
http://httpd.apache.org/docs/trunk/mod/mod_authnz_ldap.html

Thanks a lot for your help!

How are the chances that these directives get "backported" into 
mod_authnz_ldap of any httpd 2.2.[>15]?


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



Re: [us...@httpd] mod_authnz_ldap: constructible AuthLDAPBindDN

2010-06-19 Thread apache-ml

Eric Covener schrieb:

On Sat, Jun 19, 2010 at 10:49 AM,   wrote:
  

Eric Covener schrieb:


On Sat, Jun 19, 2010 at 7:48 AM,   wrote:

  

I've searched the mod_authnz documentation and also had already a look
into
mod_authnz's sources to find an existing chance to configure some kind of
variable "bindDN-Pattern" but after reading both I understand mod_authnz
the
way that it is mandatory to either use anonymous bind or some kind of
"proxy-user bind" (AuthLDAPBindDN) to search for an user's DN (e.g.
searching for uid/email) to bind to the LDAP server using the found DN and the 
user provided password.

Look at the trunk documentation, there are a few recently added
directives in this neighborhood.
  

Ahhh that sounds very fine:
http://httpd.apache.org/docs/trunk/mod/mod_authnz_ldap.html
Thanks a lot for your help!

How are the chances that these directives get "backported" into
mod_authnz_ldap of any httpd 2.2.[>15]?



Not too likely at the moment, but if you test them on trunk and
provide feedback maybe a bit more likely.
  


ok, I'll give feedback in case I get the current trunk version to 
compile successfully on my ldap development system and also: if you need 
or want me to test/debug special LDAP related features of trunk's 
mod_authnz_ldap just let me know.



-----
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



[us...@httpd] What IP address is this log entry coming from? (Is "::" a valid IP address?)

2010-08-30 Thread Apache Issues
I'm using:

CustomLog "/var/log/apache2/access_log" "%a %l %u %t \"%r\" %>s %b 
\"%{Referer}i\""

And I occasionally see this right around the time the CPU starts running at 
100%:

:: - - [27/Aug/2010:12:28:01 -0700] "GET /favicon.ico HTTP/1.1" 200 - "-"

%a is supposed to be an IP address, so what IP address is "::"?  I'm  only 
somewhat familiar with IPv6 but I've never seen "::" before.


I'm attempting to try to figure out why, on random occasions, the server CPU 
suddenly spikes to 100%.  I'm not sure where the problem lies.  Could be 
Apache, 
MySQL, PHP, or something else (e.g. the OS).  This problem has been ongoing for 
months now and the only "fix" is to reboot the box, which is a rather 
frustrating "solution".  The "::" issue is the first possible clue I've gotten. 
 
It seems to crop up only around the times the server is at 100% in the logs.



  

Re: [us...@httpd] What IP address is this log entry coming from? (Is "::" a valid IP address?)

2010-09-01 Thread Apache Issues
Okay...  That makes it rather difficult to track down a solution.  Any 
theory as to why this occurs/how this can occur would be quite helpful.





From: Tom Evans 
To: users@httpd.apache.org
Sent: Wed, September 1, 2010 8:12:23 AM
Subject: Re: [us...@httpd] What IP address is this log entry coming from? (Is 
"::" a valid IP address?)

On Tue, Aug 31, 2010 at 12:00 AM, Apache Issues  wrote:
> I'm using:
>
> CustomLog "/var/log/apache2/access_log" "%a %l %u %t \"%r\" %>s %b
> \"%{Referer}i\""
>
> And I occasionally see this right around the time the CPU starts running at
> 100%:
>
> :: - - [27/Aug/2010:12:28:01 -0700] "GET /favicon.ico HTTP/1.1" 200 - "-"
>
> %a is supposed to be an IP address, so what IP address is "::"? I'm only
> somewhat familiar with IPv6 but I've never seen "::" before.

http://en.wikipedia.org/wiki/IPv6_address#Notation

One or any number of consecutive groups of zero value may be replaced
with two colons. [ ... ]

The localhost (loopback) address, 0:0:0:0:0:0:0:1, and the IPv6
unspecified address, 0:0:0:0:0:0:0:0, are reduced to ::1 and ::,
respectively.

Cheers

Tom


  

Re: [us...@httpd] What IP address is this log entry coming from? (Is "::" a valid IP address?)

2010-09-02 Thread Apache Issues
Our server just went nuts again.  And again "::" shows up in the logs right 
around the moment it started chugging 100% CPU.  Help!





____
From: Apache Issues 
To: users@httpd.apache.org
Sent: Wed, September 1, 2010 11:36:02 AM
Subject: Re: [us...@httpd] What IP address is this log entry coming from? (Is 
"::" a valid IP address?)


Okay...  That makes it rather difficult to track down a solution.  Any 
theory as to why this occurs/how this can occur would be quite helpful.





From: Tom Evans 
To: users@httpd.apache.org
Sent: Wed, September 1, 2010 8:12:23 AM
Subject: Re: [us...@httpd] What IP address is this log entry coming from? (Is 
"::" a valid IP address?)

On Tue, Aug 31, 2010 at 12:00 AM, Apache Issues  wrote:
> I'm using:
>
> CustomLog "/var/log/apache2/access_log" "%a %l %u %t \"%r\" %>s %b
> \"%{Referer}i\""
>
> And I occasionally see this right around the time the CPU starts running at
> 100%:
>
> :: - - [27/Aug/2010:12:28:01 -0700] "GET /favicon.ico HTTP/1.1" 200 - "-"
>
> %a is supposed to be an IP address, so what IP address is "::"? I'm only
> somewhat familiar with IPv6 but I've never seen "::" before.

http://en.wikipedia.org/wiki/IPv6_address#Notation

One or any number of consecutive groups of zero value may be replaced
with two colons. [ ... ]

The localhost (loopback) address, 0:0:0:0:0:0:0:1,  and the IPv6
unspecified address, 0:0:0:0:0:0:0:0, are reduced to ::1 and ::,
respectively.

Cheers

Tom


  

Re: [us...@httpd] What IP address is this log entry coming from? (Is "::" a valid IP address?)

2010-09-02 Thread Apache Issues
That won't work.  I can't even get results from 'ps aux' to get a pid, SSH is 
super laggy (I can type maybe one character every 4 or 5 seconds - if I'm that 
lucky), and most commands never complete.

The hardware has been tested and is fine.  The problem occurs randomly - we've 
gone a week without incident before but we've also had days where this problem 
crops up 4-6 times throughout the day.  The "::" log entries are the first real 
clue to the cause.  And the only "solution" we've come up with is to reboot the 
box.





From: Jeff Trawick 
To: users@httpd.apache.org
Sent: Thu, September 2, 2010 11:32:10 AM
Subject: Re: [us...@httpd] What IP address is this log entry coming from? (Is 
"::" a valid IP address?)


On Thu, Sep 2, 2010 at 2:24 PM, Apache Issues  wrote:

Our server just went nuts again.  And again "::" shows up in the logs right 
around the moment it started chugging 100% CPU.  Help!
>

attach to the high CPU httpd process with a debugger and get backtraces

see http://httpd.apache.org/dev/debugging.html


  

Re: [us...@httpd] What IP address is this log entry coming from? (Is "::" a valid IP address?)

2010-09-02 Thread Apache Issues
We're trying a few of your suggestions.  Kind of hard to test it.  Thanks for 
the quick responses.






From: Jeff Trawick 
To: users@httpd.apache.org
Sent: Thu, September 2, 2010 12:34:43 PM
Subject: Re: [us...@httpd] What IP address is this log entry coming from? (Is 
"::" a valid IP address?)


On Thu, Sep 2, 2010 at 3:03 PM, Apache Issues  wrote:

That won't work.  I can't even get results from 'ps aux' to get a pid, SSH is 
super laggy (I can type maybe one character every 4 or 5 seconds - if I'm that 
lucky), and most commands never complete.
>
>The hardware has been tested and is fine.  The problem occurs randomly - we've 
>gone a week without incident before but we've also had days where this problem 
>crops up 4-6 times throughout the day.  The "::" log entries are the first 
>real 
>clue to the cause.  And the only "solution" we've come up with is to reboot 
>the 
>box.
>

wild ideas

any monitoring scripts which can take action at the first sign of the problem 
might be more successful than interactive attempts at capturing ps, running 
gcore against high CPU process, whatever

change your "Listen portnumber" directives to "Listen 0.0.0.0:portnumber" to 
avoid httpd seeing an IPv6 connection (especially one with no source address or 
which it somehow mangles to look like that)

CPU rlimits on httpd perhaps?  (I don't think I've ever tried that)

Can you nice the httpd down?  (haven't tried that)

make sure MaxClients isn't way over the capacity of your machine


  

Re: [us...@httpd] What IP address is this log entry coming from? (Is "::" a valid IP address?)

2010-09-15 Thread Apache Issues
Turns out the box only had 2GB RAM and was simply running out of physical 
memory 
- running a web server on swap is a Bad Idea(TM).  We tossed in 8GB more (10GB 
RAM total) and the problem seems to have gone away.  It was a real 
head-scratcher since we were told that the box had "awesome hardware" so the 
thought that there might not be enough hardware never even crossed our minds.

The "make sure MaxClients isn't way over the capacity of your machine" tip 
below 
is what led us to the 2GB RAM issue.  Thanks Jeff.  You're the man!





____
From: Apache Issues 
To: users@httpd.apache.org
Sent: Thu, September 2, 2010 1:50:10 PM
Subject: Re: [us...@httpd] What IP address is this log entry coming from? (Is 
"::" a valid IP address?)


We're trying a few of your suggestions.  Kind of hard to test it.  Thanks for 
the quick responses.






From: Jeff Trawick 
To: users@httpd.apache.org
Sent: Thu, September 2, 2010 12:34:43 PM
Subject: Re: [us...@httpd] What IP address is this log entry coming from? (Is 
"::" a valid IP address?)


On Thu, Sep 2, 2010 at 3:03 PM, Apache Issues  wrote:

That won't work.  I can't even get results from 'ps aux' to get a pid, SSH is 
super laggy (I can type maybe one character every 4 or 5 seconds - if I'm that 
lucky), and most commands never complete.
>
>The hardware has been tested and is fine.  The problem occurs randomly - we've 
>gone a week without incident before but we've also had days where this problem 
>crops up 4-6 times throughout the day.  The "::" log entries are the first 
>real 
>clue to the cause.  And the only "solution" we've come up with is to reboot 
>the 
>box.
>

wild ideas

any monitoring scripts which can take action at the first sign of the problem 
might be more successful than interactive attempts at capturing ps, running 
gcore against high CPU process, whatever

change your "Listen portnumber" directives to "Listen 0.0.0.0:portnumber" to 
avoid httpd seeing an IPv6 connection (especially one with no source address or 
which it somehow mangles to look like that)

CPU rlimits on httpd perhaps?  (I don't think I've ever tried that)

Can you nice the httpd down?  (haven't tried that)

make sure MaxClients isn't way over the capacity of your machine


  

[users@httpd] mod_proxy_balancer - no way to name pool members by IP.

2011-02-03 Thread dfw-apache
I've hit a vexing impasse with mod_proxy_balancer.

I have a pool of backend boxes. They vhost many domains, so
need the specific Host: header in requests to them (the *same*
Host: header for all of them)

I proxy reqeusts to them potentially thousands of times a second,   
and their IP's are not going to be changing, so I name the
BalancerMembers by IP address, as the DNS lookup overhead is 
a fatal waste of CPU, especially if your DNS servers melt
and your site dies unnecessarily. (No, /etc/hosts is not possible.
The sitename has multiple A records, and I make the backends choose
individualiseable vhosts. Besides, my hosts file is vast!)

Unfortunately, when I try and use mod_headers to set the Host: header
for these backend connections, the balancer layer destroys the
result and replaces it with the IP.

Apparently, if I switch ProxyPreserveHost on, I may get further,
but since that's a site-wide setting a side effect would mean all
of my other proxied directories would now get the wrong Host: header.
All the RewriteRule [P]'s would break and I would have to catch and
replace the Host in every single one of them in individual  blocks.
That deluge of perpetual kludgery does not appeal.

What I need is a way to tell a ProxyPass or BalancerMember, that
they should use a certain Host: header in its communications
with this backend. e.g.
BalancerMember http://10.0.0.1/foo/ host=foobar.com

The logical alternative would have been to be able to specify a
certain target IP to connect to instead of a certain Host name
to use e.g.
BalancerMember http://foobar.com/foo/ address=10.0.0.1

but I suspect apache would then be unable to set  block
rules for individual balancer members since they'd all declare
the same URL and you'd be unable to match them individually

So, I currently can't use my backends in mod_proxy_balancer

Does anyone have any suggestions?

DFW


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



Re: [users@httpd] mod_proxy_balancer - no way to name pool members by IP.

2011-02-04 Thread dfw-apache
On Thu, Feb 03, 2011 at 11:00:25PM +, Igor Gali?? wrote:
> - dfw-apa...@white.u-net.com wrote:
> > I've hit a vexing impasse with mod_proxy_balancer.
> > 
> > I have a pool of backend boxes. They vhost many domains, so
> > need the specific Host: header in requests to them (the *same*
> > Host: header for all of them)
> > 
> > I proxy requests to them potentially thousands of times a second,   
> > and their IP's are not going to be changing, so I name the
> > BalancerMembers by IP address, as the DNS lookup overhead is 
> > a fatal waste of CPU, especially if your DNS servers melt
> > and your site dies unnecessarily. (No, /etc/hosts is not possible.
> 
> http://httpd.apache.org/docs/current/mod/mod_proxy.html#startup

That only mentions ProxyBlock. We do not use ProxyBlock. Also, when we
lost DNS, we lost the site, so reality has the last word regardless.

> > The sitename has multiple A records, and I make the backends choose
> > individualiseable vhosts. Besides, my hosts file is vast!)
> > 
> > Unfortunately, when I try and use mod_headers to set the Host: header
> > for these backend connections, the balancer layer destroys the
> > result and replaces it with the IP.
> > 
> > Apparently, if I switch ProxyPreserveHost on, I may get further,
> > but since that's a site-wide setting a side effect would mean all
> 
> Not quite sure what you mean by site-wide, but:
> http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost
> says: Context:server config, virtual host

It does. Our site is a vhost. It has squillions of proxypasses to squillions of 
different backend boxes run by squillions of different people. I want to add
another backend without breaking all of the other ones.

> > of my other proxied directories would now get the wrong Host: header.
> > All the RewriteRule [P]'s would break and I would have to catch and
> 
> Wit a sec.
> You're using mod_rewrite for proxying?
> Why? (http://bash.org/?866112)

Because I'm rewriting the URL, and then proxying it? Because I'm using
rewritemaps? Because I like the letter P? Pick one :) Also, this problem
is only using ProxyPass, so mod_rewrite is not the problem here.

> > replace the Host in every single one of them in individual 
> > blocks.
> > That deluge of perpetual kludgery does not appeal.
> > 
> > What I need is a way to tell a ProxyPass or BalancerMember, that
> > they should use a certain Host: header in its communications
> > with this backend. e.g.
> > BalancerMember http://10.0.0.1/foo/ host=foobar.com
> 
> Now I'm confused. How do your configs actually look like?

ProxyPreserveHost Off
ProxyPass /foo/ balancer://www.mybackend1.net/

  ProxySet lbmethod=bybusyness timeout=10
  BalancerMember http://192.168.0.1 lbset=0 retry=0 ttl=5
  BalancerMember http://10.0.0.1lbset=1 retry=0 ttl=5

http://192.168.0.1>
  RequestHeader set Host www.mybackend1.net

http://10.0.0.1>
  RequestHeader set Host www.mybackend1.net

ProxyPass /bar/  http://www.mybackend2.net/
ProxyPass /bar1/ http://www.mybackend3.net/
ProxyPass /bar2/ http://www.mybackend4.net/
...

192.168.0.1 receives 'Host: 192.168.0.1', not the 'Host: www.mybackend1.net' I 
want it to. www.mybackend2.net receives 'Host: www.mybackend2.net' and I want 
to keep it that way.

> > The logical alternative would have been to be able to specify a
> > certain target IP to connect to instead of a certain Host name
> > to use e.g.
> > BalancerMember http://foobar.com/foo/ address=10.0.0.1
> > 
> > but I suspect apache would then be unable to set  block
> > rules for individual balancer members since they'd all declare
> > the same URL and you'd be unable to match them individually
> 
> You can use ProxySet
> http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyset
> in  and 
> 
> But ProxySet only allows you to set the same Variables as
> ProxyPass does. host is none of them.

Indeed. This appears to be the problem. Such an option is missing.

DFW

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



Re: [users@httpd] mod_proxy_balancer - no way to name pool members by IP.

2011-02-04 Thread dfw-apache
On Fri, Feb 04, 2011 at 05:36:01PM +, Igor Gali?? wrote:
> 
> > > > But ProxySet only allows you to set the same Variables as
> > > > ProxyPass does. host is none of them.
> > > 
> > > Indeed. This appears to be the problem. Such an option is missing.
> > 
> > Right now I'm looking into 2.2's source to see how to add an option
> > preservehost=(on|off).
> > 
> > Can you please test:
> > http://people.apache.org/~igalic/patches/mod_proxy-preserve_host.diff
> > 
> > duh.. nodocumentationpatch!
> > But I'm pretty sure you can guess how to use it ;)
> 
> http://people.apache.org/~igalic/patches/mod_proxy-preserve_host.2.diff
> Adds: Documentation, CHANGES update, MMN bump
> Also has a _set variable analogous to the other options.
> 
> Bonus: compiles.
> Untested so far.

Thanks. I've poked and snuffled, but a co-worker has pointed out that
there may be problems if this worker is a member of two different balance
pools. The connection properties would be controlled by the worker, but
what is sent down that connection should be controlled by the balancer pool.

I followed your earlier lead when you mentioned ProxyPreserveHost is now
localisable in trunk. I dug out svn commit r824072 which looks to be exactly
what I need. It should prevent shared workers getting mixed up by allowing
me to set the Host at the  level.

I have a sneaking suspicion trying to set http://10.*> for a worker
would never work anyway, as the system won't see that as the destination.
It will see the balancer instead, so only the  config
would apply anyway.

We'll see how far I get.

DFW


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



Re: [users@httpd] mod_proxy_balancer - no way to name pool members by IP.

2011-04-20 Thread dfw-apache
On Fri, Feb 04, 2011 at 11:06:48PM +, dfw-apa...@white.u-net.com wrote:
> On Fri, Feb 04, 2011 at 05:36:01PM +, Igor Gali?? wrote:
> > 
> > > > > But ProxySet only allows you to set the same Variables as
> > > > > ProxyPass does. host is none of them.
> > > > 
> > > > Indeed. This appears to be the problem. Such an option is missing.
> > > 
> > > Right now I'm looking into 2.2's source to see how to add an option
> > > preservehost=(on|off).
> > > 
> > > Can you please test:
> > > http://people.apache.org/~igalic/patches/mod_proxy-preserve_host.diff
> > > 
> > > duh.. nodocumentationpatch!
> > > But I'm pretty sure you can guess how to use it ;)
> > 
> > http://people.apache.org/~igalic/patches/mod_proxy-preserve_host.2.diff
> > Adds: Documentation, CHANGES update, MMN bump
> > Also has a _set variable analogous to the other options.
> > 
> > Bonus: compiles.
> > Untested so far.
> 
> Thanks. I've poked and snuffled, but a co-worker has pointed out that
> there may be problems if this worker is a member of two different balance
> pools. The connection properties would be controlled by the worker, but
> what is sent down that connection should be controlled by the balancer pool.
> 
> I followed your earlier lead when you mentioned ProxyPreserveHost is now
> localisable in trunk. I dug out svn commit r824072 which looks to be exactly
> what I need. It should prevent shared workers getting mixed up by allowing
> me to set the Host at the  level.
> 
> I have a sneaking suspicion trying to set http://10.*> for a worker
> would never work anyway, as the system won't see that as the destination.
> It will see the balancer instead, so only the  config
> would apply anyway.
> 
> We'll see how far I get.

As it turns out, after a very long journey, I didn't get very far at all.
I needed to backport a few mod_proxy thread safety patches from 2.3 to 2.2.17 
or else apachebench was just a massacre.

After backporting the localisable ProxyPreserveHost patch I successfully 
overwrote the Host header from inside a Proxy block, allowing me to control 
which vhost I talked to on the backend member. Unfortunately this kludged Host 
header makes its way into your cached object headers and your access log...

Now, you can fix the log by catching the Host in a Setenvif and logging that, 
and I don't *think* anything looks at the Host header in the cached object, but 
it turns out there is a more unpleasant problem :

This works as expected :
RewriteRule /foo(.*) balancer://back.foo.com/fooback/$1 [P]

And this also proxypasses, but *none* of the directives in the  take effect: 

 RewriteRule /foo(.*) balancer://back.foo.com/fooback/$1 [P]


No, I don't know why. Without the Proxy block directives to control the Host 
header sent to the backend, the backend gives us the finger, as its balancer 
member IP/hostname is not the vhost we want.

I think I'm going to have to retreat. It looks like I will need a patch to 
*specify* a host header at the balancer config level.

Does anyone have any tips on how this might be done?

DFW

PS: "Ignoring parameter 'lbset=0' for worker 'http://10.1.2.3' because of 
worker sharing" (I backported a log verbosity patch too) 

Ignoring the other variables I can understand, but shouldn't lbset be unique to 
each balancer? e.g. I share the same backend workers amongst several balancers, 
but each backend IP may serve each vhost to a differing degree.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



Re: [users@httpd] mod_proxy_balancer - no way to name pool members by IP.

2011-04-20 Thread dfw-apache
On Fri, Feb 04, 2011 at 11:06:48PM +, dfw-apa...@white.u-net.com wrote:
> On Fri, Feb 04, 2011 at 05:36:01PM +, Igor Gali?? wrote:
> > 
> > > > > But ProxySet only allows you to set the same Variables as
> > > > > ProxyPass does. host is none of them.
> > > > 
> > > > Indeed. This appears to be the problem. Such an option is missing.
> > > 
> > > Right now I'm looking into 2.2's source to see how to add an option
> > > preservehost=(on|off).
> > > 
> > > Can you please test:
> > > http://people.apache.org/~igalic/patches/mod_proxy-preserve_host.diff
> > > 
> > > duh.. nodocumentationpatch!
> > > But I'm pretty sure you can guess how to use it ;)
> > 
> > http://people.apache.org/~igalic/patches/mod_proxy-preserve_host.2.diff
> > Adds: Documentation, CHANGES update, MMN bump
> > Also has a _set variable analogous to the other options.
> > 
> > Bonus: compiles.
> > Untested so far.
> 
> Thanks. I've poked and snuffled, but a co-worker has pointed out that
> there may be problems if this worker is a member of two different balance
> pools. The connection properties would be controlled by the worker, but
> what is sent down that connection should be controlled by the balancer pool.
> 
> I followed your earlier lead when you mentioned ProxyPreserveHost is now
> localisable in trunk. I dug out svn commit r824072 which looks to be exactly
> what I need. It should prevent shared workers getting mixed up by allowing
> me to set the Host at the  level.
> 
> I have a sneaking suspicion trying to set http://10.*> for a worker
> would never work anyway, as the system won't see that as the destination.
> It will see the balancer instead, so only the  config
> would apply anyway.
> 
> We'll see how far I get.

As it turns out, after a very long journey, I didn't get very far at all.

After backporting the localisable ProxyPreserveHost patch I successfully 
overwrote the Host header from inside a Proxy block, allowing me to control 
which vhost I talked to on the backend member. Unfortunately this kludged Host 
header makes its way into your cached object headers and your access log...

Now, you can fix the log by catching the Host in a Setenvif and logging that, 
and I don't *think* anything looks at the Host header in the cached object, but 
it turns out there is a more unpleasant problem :

This works as expected :
RewriteRule /foo(.*) balancer://back.foo.com/fooback/$1 [P]

And this also proxypasses, but *none* of the directives in the  take effect: 

 RewriteRule /foo(.*) balancer://back.foo.com/fooback/$1 [P]


No, I don't know why. Without the Proxy block directives to control the Host 
header sent to the backend, the backend gives us the finger, as its balancer 
member IP/hostname is not the vhost we want.

I also needed to backport a few mod_proxy_http.c thread safety patches from 2.3 
to 2.2.17 or else apachebenching was just a massacre.

I think I'm going to have to retreat. It looks like I will need a patch to 
*specify* a host header at the balancer config level.

Does anyone have any tips on how this might be done?

DFW

PS: "Ignoring parameter 'lbset=0' for worker 'http://10.1.2.3' because of 
worker sharing" (I backported a log verbosity patch too) 

Ignoring the other variables I can understand, but shouldn't lbset be unique to 
each balancer? e.g. I share the same backend workers amongst several balancers, 
but each backend IP may serve each vhost to a differing degree.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



Re: [users@httpd] mod_proxy_balancer - no way to name pool members by IP.

2011-04-20 Thread dfw-apache
On Wed, Apr 20, 2011 at 02:17:43PM -0400, Eric Covener wrote:
> > and I don't *think* anything looks at the Host header in the cached object,
> 
> you could add a Vary on the Host header.

I'd rather not play with the Host header after all if I can help it.

If it Vary's on Host, won't it check that the Host matches the cached object's 
Host? Which it never will coz we broke it to get the backend proxy Host header 
working.

DFW

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



Re: [users@httpd] Peak download performance with single file

2011-04-23 Thread dfw-apache
On Sat, Apr 23, 2011 at 07:46:37PM +0530, vrukesh panse wrote:
> But, when we simultaneosly download more than one file (for example, two
> different 10MB text files), we get total download speed of 12Mbps.

This is the kind of thing you might see if the *client* TCP receive window
is being filled. It may not be the server's fault.

I'd also look into support of 'TCP window scaling' and 'selective acks'.
Neither which I believe XP does by default.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



[users@httpd] Visual Studio C++ 6 Processor Pack

2012-11-15 Thread apache-admin

Hello,

I want to build the new version 2.2.23 of the Apache HTTPD
on myself to get involved in the debugging of the http server.

Unfortunately I was not able to find the Visual C++ 6.0
Processor Pack at microsofts download center nor on the web.
Does anyone know, where I can get this processor pack ?

Would be great, if you could help me.

Thanks a lot.

apache-admin




-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



Re: [users@httpd] Re: Visual Studio C++ 6 Processor Pack

2012-11-16 Thread apache-admin

Hello Good Guy,

thanks for your answer.

I have looked through your suggested download list, but did not find
the Processor Pack for Visual C++ 6, that is needed to assemble the
SSL code with the build procedure.

Do you have another idea where to get this optional software pack ?

Thanks a lot.

apache-admin


Am 2012-11-16 02:30, schrieb Good Guy:

On 15/11/2012 20:36, apache-ad...@ultra-it.de wrote:

Hello,

I want to build the new version 2.2.23 of the Apache HTTPD
on myself to get involved in the debugging of the http server.

Unfortunately I was not able to find the Visual C++ 6.0
Processor Pack at microsofts download center nor on the web.
Does anyone know, where I can get this processor pack ?

Would be great, if you could help me.

Thanks a lot.

apache-admin



<http://www.cnet.com/topic-software/microsoft-visual-c.html>




-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



[users@httpd] Problem with building apache httpd from win sources

2012-11-21 Thread apache-admin

Hello,

I am trying to build the apache httpd version 2.2.22 from the windows 
sources,

but running in the following problem with ldap support of apr-util:

apr_ldap.h(136) : fatal error C1189: #Fehler :  Support for LDAP v2.0 
toolkits has been removed from apr-util. Please use an LDAP v3.0 
toolkit.


Can anyone tell me, where I can find an instruction note, how to 
integrate the ldap sources or library

correct into apr-util. I did not find something useful ...

Thanks for your help.

Greetings


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



[users@httpd] AuthnProviderAlias not working in 2.4 but did in 2.2

2012-12-05 Thread magic-apache

Hi,
before I start: I guess it is tricky missconfiguration but I don't get it 
:( May someone could help? 

What happend? I have upgraded from Apache 2.2 to 2.4. I was using 
AuthnProviderAlias to use two AuthUserFiles for Basic authentication. The 
configuration was working on Apache 2.2 but stopped working on 2.4. I have 
tried to simplify the use case. This was resulting in the following config: 
http://pastebin.de/31329 . As you can see it also fails with using only one 
AuthnProviderAlias. The difference between the working and the none working 
config is the use of the AuthnProviderAlias directive (last two lines in 
Directory section).
I have already spoken to some peoples at IRC. They suggested me to run 
strace to see which files are opened by apache. The difference between the 
working and the none working configuration is just the use of the htpasswd 
file: http://pastebin.de/31328 

Apache version and loaded modules: http://pastebin.de/31330 

Any ideas what's going on there or how to dig further into the problem? 


thanks in advance,
Daniel

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



[users@httpd] Tomcat mod_jk & isapi_redirect.dll updated VC15 to 1.2.43

2018-03-08 Thread Land10 : : Apache


Windows bin updated see:

https://www.apachelounge.com/viewtopic.php?p=36570

https://www.apachelounge.com/viewtopic.php?p=36571


Cheers



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



[users@httpd] Apache httpd 2.4.33-vote available

2018-03-18 Thread Land10 : : Apache




See www.apachelounge.com/viewtopic.php?p=36618

When you see/have issues please mail to me and/or file it in Bugzilla.

Enjoy,

Apache Lounge Team



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



[users@httpd] Apache httpd 2.4.34-dev Win snapshot available

2018-06-21 Thread Apache Lounge






www.apachelounge.com/viewtopic.php?p=36981



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



Re: [users@httpd] Apache httpd 2.4.34-dev Win snapshot available

2018-07-08 Thread Apache Lounge



Snap 2 now available


On Thursday 21/06/2018 at 16:05, Apache Lounge  wrote:





http://www.apachelounge.com/viewtopic.php?p=36981



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org






-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



[users@httpd] Apache httpd 2.4.37 GA Win available

2018-10-22 Thread Apache Lounge



Vote to release httpd-2.4.37 has PASSED.

See  www.apachelounge.com/viewtopic.php?p=37467



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



[users@httpd] Season Greetings

2018-12-22 Thread Apache Lounge




The year 2018 has been again exciting in terms of growth of the Apache 
community and the Feature set of the Apache HTTPD server.


In 2018 we celebrated 15 years Apache Lounge, wow.. time is flying.

I am thrilled to see so many folks making use of Apache Lounge 
Binaries and visiting the Apache Lounge, more and more non-windows 
users are participating. For many of users the forum is a big valuable 
archive and also thanks to the moderators Mario, Gregg and Tom we 
continued the quality level. Also big thanks to all the members who 
answered questions from users.


It is really rewarding to see that the effort we put into the Apache 
Server is appreciated so much.


For the next weeks, I'll be spending time with my family enjoying 
Christmas end of year festivities. As exciting as computers and 
servers can be, this year will also forever serve as a reminder of 
what is really important: family, friends and the compassion of 
strangers.


I wish for you and your families time to reconnect, enjoy traditions, 
and to find some rest during the holiday season. Whatever you 
celebrate, I hope you take a moment to reflect on the year that is 
closing and on your goals for 2019 as it approaches.


Many thanks to all my friends in the Apache Community and ASF and 
enjoy the holidays !



Steffen

http://www.apachelounge.com/



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



[us...@httpd] WebDAV works for anything but Windows Vista and Windows 7

2009-04-16 Thread antispam . apache . org

Hi all,

my WebDAV setup works fine for Windows XP, Linux, Mac OS X, Java, 
but it doesn't work at all when using the native WebDAV client of 
 Windows Vista (and Windows 7).


https://www.numlock.ch/webdav/testshare
user: testshare
pwd: testshare

The share uses a self-signed certificate and the configuration 
looks as follows:




Options Indexes
Dav On
AuthType Basic
AuthName "Some name"
AuthUserFile /path/to/pwdfile
Require user testshare




# Note: setenvif_module is loaded by default

BrowserMatch "Microsoft Data Access Internet Publishing Provider" 
redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[012345]" redirect-carefully
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully



The error message on Windows Vista (64 bit business edition) 
reads in about: "Specified folder invalid. Choose another folder"


Apache doesn't log any error at all, suggesting that Vista's 
request doesn't even reach the server for whatever strange reason 
(note that using a Java-based DAVExplorer client on the same 
Windows Vista box works fine, however). Strangely, I couldn't 
spot any WebDAV related error message in Windows Vista's logs either.


I already tried a lot of the (server and client side) hints I 
found on the web, but none of them helped.


I'd appreciate if any of you could confirm whether accessing my 
test share using Windows Vista (64 bit) works.


The mission's primary target is to make my Apache WebDAV share 
work nicely with Vista/Windows 7 (or the other way round, more 
appropriately ;).


Thanks

Daniel

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



Re: [us...@httpd] WebDAV works for anything but Windows Vista and Windows 7

2009-04-17 Thread antispam . apache . org

André Warnier wrote:

André Warnier wrote:


Summaries (apparently recently updated) can be found here : 
http://greenbytes.de/tech/webdav/webfolder-client-list.html 
http://greenbytes.de/tech/webdav/webdav-redirector-list.html


Thanks for these summary links and the hints, André. Looks like 
Windows's WebDAV support is a nightmare indeed. Even in Windows 
7, WebDAV support doesn't seem to be good.



Maybe one hint, if you have not seen or tried it before :
when you create/connect the DAV folder under Windows, at the
moment it asks for the URL/path, make sure to add the :port
number after the hostname, even if it is the default port
for the protocol. Like, connect to
"http(s)://server.company.com:port/dirname"


Sorry, according to the summaries above, it would seem that
for Vista it may be just the opposite : the port number should
/not/ be specified.


I've tried both variants once again, but there wasn't any difference.


However, another of the listed cases may
apply : I see your URL is
https://www.numlock.ch/webdav/testshare , which would fall in
the category "server-discovery" of the above pages. Suggestion
: - in the server configuration, define an Alias /testdav/
/webdav/testshare/ - in Windows, try connecting to
https://www.numlock.ch/testdav


The same for this, unfortunately. Also with a publicly readable 
parent directory.


Daniel

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



Re: [us...@httpd] WebDAV works for anything but Windows Vista and Windows 7

2009-04-17 Thread antispam . apache . org

Pete.LeMay wrote:

Vista and I'm assuming W7 have issues with most webdav,

These are the extra steps on the client I've had to do to make
vista work with webdav from a win server.

(a) The below update must be applied.

http://www.microsoft.com/downloads/details.aspx?FamilyId=17C36612-632E-4C04-9382-987622ED1D64&displaylang=en


It is also necessary to have the client machine completely
current will all Windows updates (and client restarted of
course).

(b) Access through Internet Explorer does not work, the user
must access via Windows Explorer:

Windows Vista - Map Web Folder: -> Computer -> Map Network
Drive -> Connect to a Web site that you can use to store our
documents and pictures -> Enter address


Thanks, Pete. I tried this hotfix already, but I applied it 
again. Vista wasn't impressed, however.


A pretty strange thing is that the version of the WebDAV mini 
redirector (mrxdav.sys) on my Vista box is 6.0.6001.18000. 
According to 
http://greenbytes.de/tech/webdav/webdav-redirector-list.html
it should be 6.0.6001.22167 with the latest Vista updates 
applied. According to Windows Update I've installed all the 
available updates for Vista.


Daniel

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



[EMAIL PROTECTED] Why the sudden need to raise MaxClients?

2006-02-07 Thread dan+apache-list
We are using Apache 2.0.54 on Debian GNU/Linux (standard Debian  
packages). The server had been running for several months with  
absolutely no problems. A couple of days ago, Apache started slowing  
down, then would eventually stop responding completely. The only way  
to fix it was to restart Apache. It got to the point that Apache  
would only stay functional for a few seconds at a time. Watching the  
Apache logs revealed no unusual activity before the lockup.


I discovered the MaxClients setting, which in Debian defaults to 20  
for the prefork MPM. I raised it to 100, and the problem went away. I  
believe the default for this value is normally 256.


What would cause this problem all of the sudden? My first thought was  
a DOS attack. Am I on the right track?


--df


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[EMAIL PROTECTED] .htaccess: How to "cut only the middle branch" from a directory tree?

2006-02-24 Thread Apache . 20 . TEN
One bewildering observation on a low-traffic, co-hosted account (hence no logs,
& unusual first lines required in .htaccess) by a provider using Apache 1.3.29:

Some directories didn't seem to get the password protection they deserve.

I figured out that the protection on every level in the directory
tree can be obtained by creating this structure of subdirectories below root:
/1/2/3 - and then uploading an .htaccess with these contents into each of them:

PerlSetVar AuthFile /.htpasswd
AuthType Basic
AuthName "confidential documents"
require valid-user

Apache requires a password on http://site.dom/1/2/3, http://site.dom/1/2
and http://site.dom/1 - however when uploading a different .htaccess that
is supposed to open up (ONLY) http://site.dom/1/2 to the "middle" directory of
/1/2, something unexpected is caused by this /1/2/.htaccess file:

PerlSetVar AuthFile /.htpasswd
AuthType Basic
AuthName "wide open"
order deny,allow
Satisfy any

Besides directory 2, its subdirectory 3 becomes accessible without credentials,
as well, although the more restrictive version of .htaccess has remained in...3
and should therefore be unaffected by any changes to /1/2/.htaccess - is there
any explanation for this, and a way around the issue? (The format of .htaccess
being largely restricted by the hosting provider's requirements, of course...)?

If this is a "feature", how does one make sure that the .htaccess placed in the
"sub-sub-subdirectory" /1/2/3 is observed, so 3 will not be affected by changes
to the .htaccess for its parent directory, i.e. remain protected just like /1 ?

-----
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[users@httpd] Getting error: request failed: error reading the headers

2011-11-15 Thread httpd . apache . org

Hello there,
I have some entries in my error_log that driving me crazy.

[Tue Nov 15 15:06:36 2011] [error] [client 74.125.78.92] request failed: 
error reading the headers, referer: http://www.example.com/page1.html
[Tue Nov 15 15:06:36 2011] [error] [client 66.102.12.89] request failed: 
error reading the headers, referer: http://www.example.com/page5.html
[Tue Nov 15 15:09:32 2011] [error] [client 74.125.78.86] request failed: 
error reading the headers, referer: http://www.example.com/page18.html


There are many more entries like that with other pages on my server.
These are all IPs from Google. I fear that Google is not able to view my 
pages the correct way.
I’m not sure but maybe these error logs are there since I added a 
rewrite rule from http://example.com to http://www.example.com.


RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301]

Can this be the cause of the error?
Has anybody an idea why I'm getting this error?

Dont know if it matters. I'm using Drupal 6 at the page where getting 
the errors.


Thanks for help.

Greets
Manuel

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



Re: [users@httpd] Intermittent SSL failure on Tomcat port

2020-01-29 Thread apache-httpd-users

Hi Madhan,

I suppose you would have better chances with that on the Tomcat users 
list, however your Tomcat and Java versions are quite old (even if 
Tomcat in this version is still actively supported by the project, Java 
7 is totally outdated in regards to TLS support). Are you using 
tc-native (TLS with OpenSSL) or pure Java TLS? Are any Middleboxes (that 
perform TLS inspection) in place? I would rather invest time to update 
to more recent stack (that will lead to acceptable security, IIRC Java 7 
does not support TLS1.2)...



Tomcat version details:-

Server version: Apache Tomcat/7.0.91
Server built:   Sep 13 2018 19:52:12 UTC
Server number:  7.0.91.0
OS Name:Linux
OS Version: 2.6.32-431.20.3.el6.x86_64
Architecture:   i386
JVM Version:1.7.0_201-mockbuild_2018_10_22_02_29-b00
JVM Vendor: Oracle Corporation


Best regards,
Thomas

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



Re: [users@httpd] HSTS verification

2021-07-03 Thread apache-httpd-users
Hi,

On 02.07.21 09:27, @lbutlr wrote:
> When checking for https HSTS compliance on htstpreload.org I get a warning 
> 
>> We cannot connect to https://example.net using TLS ("Get 
>> https://example.net: http: server gave HTTP response to HTTPS client").

What is in your access logs, can you identify the request and check which 
virtual hosts served it? You can enable logging of the
virtual host in the access log or log to dedicated files (see 
https://httpd.apache.org/docs/2.4/mod/mod_log_config.html#formats for
a list of what is available).

> And I do not understand how this can be. The page in questions loads as https 
> with a valid cert and the http query is set to redirect to https
> 
> 
>ServerName www.example.net
>ServerAlias foo.example.net
>ServerAlias example.net
>DocumentRoot /usr/local/www/example/
>DirectoryIndex index.html
>ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/usr/local/www/example/$1
>SSLEngine on
>SSLCertificateFile /usr/local/etc/dehydrated/certs/example.net/cert.pem
>SSLCertificateKeyFile 
> /usr/local/etc/dehydrated/certs/example.net/privkey.pem
>SSLCertificateChainFile 
> /usr/local/etc/dehydrated/certs/example.net/chain.pem
>SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
>SSLHonorCipherOrder on
>SSLCipherSuite 
> ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
>#SSLUseStapling On
>Header always set Strict-Transport-Security "max-age=15638400; 
> includeSubdomains;"
>Header always set X-Frame-Options DENY
>Alias /.well-known/ /usr/local/www/.well-known/
> 
> 
> 
>ServerName www.example.net
>ServerAlias foo,example.net
>ServerAlias example.net
>ServerAlias webmail.example.net
>Redirect / https://www.example.net/
>Alias /.well-known/ /usr/local/www/.well-known/
> 
> 
> 

I do not see anything onbviously wrong here (there is a typo on "ServerAlias 
foo,example.net" though, assume this is just an example issue).
However, your TLS virtualhost is bound to a fixed IP, your plain HTTP virtual 
host is bound to all available IPs on the machine.

My guess would be virtual host mismatch or a DNS specific issue (does 
example.net resolve to different IPs for different resolvers?). Again
access logs may reveal some more information on that.

hth,
Thomas

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



Re: [users@httpd] SSL VHosts

2021-08-30 Thread apache-httpd-users
Hi Peter,

On 30.08.21 04:24, Peter Horn wrote:
> I have been successfully running an Apache server for some years (currently 
> 2.4.41 on Ubuntu 20.04LTS).
> I have three "real" http vhosts on port 80, findable through a dynamic DNS 
> service. I also have a (first in line) default vhost with an "unreachable" 
> ServerName, which returns a 4xx status,
> and exposes the request to fail2ban.
> This takes care of the script kiddies and IOT bug-probers who access by IP 
> address, not hostname.
> Recently I upgraded to https on port 443, using LetsEncrypt and CertBot. The 
> transition went smoothly; http requests to the vhosts on port 80 are returned 
> a 301 redirect permanent to https.
> I have two questions:

> 1. Can I implement the same "nameless catchall" in the https environment, or 
> does the vhost selection work differently there? My ssl cert appears to name 
> all three real vhosts, but I am unsure
> what happens when a request doesn't match any of them.

The cert you are using lists only these three names (you could check via 
"openssl x509 -in  -noout -text"). All connections using IP addresses 
or names not part of the cert should
fail on TLS handshake (at least if certificate is validated by the client). You 
might catch clients, which do not validate certificates with your current TLS 
setup (that would be clients
connecting using IP). Clients that validate the certificate will not send the 
actual request.

Let's encrypt does not issue certificates for IP addresses 
(https://community.letsencrypt.org/t/ssl-on-a-ip-instead-of-domain/90635/3), so 
you can not simply add your IP to the certificate.

> 2. Are there any adverse consequences to closing down http / port 80 now that 
> the vhosts are up on https / port 443?

That depends, new browsers versions are currently changing their behaviour on 
site access (e.g. see
https://blog.mozilla.org/security/2021/08/10/firefox-91-introduces-https-by-default-in-private-browsing/,
https://www.bleepingcomputer.com/news/google/google-chrome-90-released-with-https-as-the-default-protocol/).
 Older Browsers try HTTP (port 80) before trying HTTPS (port 443), some even do 
not
try HTTPS, if the initial HTTP fails. YMMV. I'd suggest to keep the HTTP vhost 
for pure redirects and additionally set the Strict-Transport-Security header 
(see
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security)
 on HTTPS requests. With the header, most browsers will cache the information 
that HTTPS is enabled for your
site and even enforce it for the time you set in the header.

hth.
Thomas

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



[EMAIL PROTECTED] Apache 2.0 support for huge files (>2 GB) on 64 bit platform

2008-06-24 Thread Christian Mailer (Apache-Support)

Hi,

my current state of information is that to allow serving huge files on a 
32 bit system I need to:

- set compile time flags "D_LARGEFILE_SOURCE" AND "-D_FILE_OFFSET_BITS=64"
- set LimitRequestBody to a high enough value

Are the compile switches necessary on a 64 bit platform as well?

Thanks for any help.
Christian


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[users@httpd] Apache reverse proxy 2-way SSL authentication

2011-12-05 Thread SoCruel.NU Apache Users Mailbox

Hello list,
I am investigating what kind of reverse proxy solution would fit a 
customers requirement. I am also looking at Apache. One of the 
requirements is to support 2-way SSL authentication. Is this possible 
with Apache (using version 2.2) as reverse proxy? And if so any config 
examples would be appreciated.

Regards,
Lars

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org