[users@httpd] Error accessing some pages
Sme of my users got the error "Due to the presence of characters known to be used in cross site scripting attacks, access is forbidden. This web site does not allow Urls which might include embedded HTML tags" when accessing one of the Intranet applications. Kindly advise is this error from apache and how can it be resolved. Thank you _ Find just what you are after with the more precise, more powerful new MSN Search. http://search.msn.com.sg/ Try it now. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[users@httpd] Apache 2.0.50
By default, will any of the core modules in Apache 2.0.50 showed the the error "Due to the presence of characters known to be used in cross site scripting attacks, access is forbidden. This web site does not allow Urls which might include embedded HTML tags"??? If yes, what are these modules and can they be turned off??? _ Keep track of Singapore & Malaysia stock prices. http://www.msn.com.sg/money/ - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[users@httpd] Support for HTTP 2.0
Hi, I would like to know is there any version of apache that is able to support HTTP 2.0? If no, what is the roadmap for apache to support HTTP 2.0? Thank you. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[EMAIL PROTECTED] Running an Apache server with SCTP
Hi I´m trying to change the configuration of Apachein order to let it work with SCTP. I have foundsome models in the net : http://pel.cis.udel.edu/ or www.sctp.org Thoseversions seem to work only with Kame SCTP on FreeBSD I´m using Ubuntu8.04 and LKSCTP. Thx for anyKind of Help HakimAdhari UniversityOf Dortmund
[EMAIL PROTECTED] rewrite help
I am trying to get a redirect to work so that I can get friendl URLs for my website. I am using mod_perl and have written a little handler as a controler to handle all requests. What I currently have that works as follows. RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f [OR] RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^wc/(.*) /wc\?uni=$1 [L] The user types in: http://example.com/wc/docName and apache rewrites: http://example.com/wc?arg=docName Where /wc is my perl handler, as such: PerlModule Examplepackage::WC SetHandler perl-script PerlResponseHandler Examplepackage::WC This works and it's great, but I want to work just a little different. I want the user to type in: http://example.com/docName and apache rewrite: http://example.com/wc?arg=docName I have tried a few different RewriteRule types and either they 404 or it exceedes 10 internal redirects (internal server error). I have tried: RewriteRule ^/(.*) /wc\?uni=$1 [L] RewriteRule ^(.*) /wc\?uni=$1 [L] RewriteRule /(.*) /wc\?uni=$1 [L] RewriteRule . /wc\?uni=$1 [L] RewriteRule /(.*)$ /wc\?uni=$1 [L] and other such permutations. What am I doing wrong? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] rewrite help
I have figured out the problem. Once apache tested the request URI it tested it a second time as an internal redirect and would fail, or get in a loop. So I just had to tell it not to check for /wc , which wasn't excluded by the !-f and !-d because it doesn't exist on the filesystem because it is a perl handler. my config that works: RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} !^/wc RewriteRule ^(.*)$ /wc?uni=$1 [L] Thanks solprovider and André for your help. Ukiah On Tue, Nov 04, 2008 at 08:53:00AM +0100, André Warnier wrote: > Also, maybe be aware that (.*) will match anything, even the empty > string, so you may end up with "/wc?uni=" (unless as solprovider > indicates, you have a different rule for "/"). > It may be better to use "^/(.+)$", which will only match if there is > actually something after the /. > > [EMAIL PROTECTED] wrote: > >Do not escape the question mark. > > > >RewriteRule ^/(.*) /wc?uni=$1 [L] > >- the first character must be a slash and is not included in the $1 > >variable. > >- Add "/wc?uni=" before the rest of the URL on the same server. > >- Discard any querystring from the visitor. (No QSA flag.) > >- [L] = stop processing RewriteRules. > > > >You may want another RewriteRule for /, > > > >HTH, > >solprovider > > > >On 11/3/08, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > >>I am trying to get a redirect to work so that I can get friendl URLs for > >> my website. I am using mod_perl and have written a little handler as a > >> controler to handle all requests. > >> > >> What I currently have that works as follows. > >> > >> RewriteEngine On > >> RewriteBase / > >> RewriteCond %{REQUEST_FILENAME} !-f [OR] > >> RewriteCond %{REQUEST_FILENAME} !-d > >> RewriteRule ^wc/(.*) /wc\?uni=$1 [L] > >> > >> The user types in: http://example.com/wc/docName > >> and apache rewrites: http://example.com/wc?arg=docName > >> > >> Where /wc is my perl handler, as such: > >> > >> PerlModule Examplepackage::WC > >> > >>SetHandler perl-script > >>PerlResponseHandler Examplepackage::WC > >> > >> > >> This works and it's great, but I want to work just a little different. > >> > >> I want the user to type in: http://example.com/docName > >> and apache rewrite: http://example.com/wc?arg=docName > >> > >> I have tried a few different RewriteRule types and either they 404 or > >> it exceedes 10 internal redirects (internal server error). > >> > >> I have tried: > >> RewriteRule ^/(.*) /wc\?uni=$1 [L] > >> RewriteRule ^(.*) /wc\?uni=$1 [L] > >> RewriteRule /(.*) /wc\?uni=$1 [L] > >> RewriteRule . /wc\?uni=$1 [L] > >> RewriteRule /(.*)$ /wc\?uni=$1 [L] > >> and other such permutations. > >> > >> What am I doing wrong? > > > >- > >The official User-To-User support forum of the Apache HTTP Server Project. > >See http://httpd.apache.org/userslist.html> for more info. > >To unsubscribe, e-mail: [EMAIL PROTECTED] > > " from the digest: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] > " from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[us...@httpd] Apache ldap authentication and secrurity
Server - RH5 httpd-2.2.3 I have setup a server that uses ssl ldap authentication. This all works fine. I am trying to understand the connection from a client browser to the server. I am sniffing the packets on the server with tcpdump and also have tried wireshark. Since the server is using http not https I assumed that all traffic from the client browser to the server would be in clear text. So, when I connect to the server with the client browser I get the authentication window. I enter a username and passwd. Looking at the traffic on the server I see everything but the username and passwd. I would of thought that it would transmit the username and pass in clear text to the server since it is using http. The web server goes to the ldap server using ssl, so that traffic is encrypted as I expected. I'm just confused as to why the username and pass is not seen when looking at the packets. This is of course good behavior, but I am just trying to understand how it works. It seems that I have done this before with earlier versions and have seen the username and pass. Maybe I'm just remembering this wrong. Anyone know how this works? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[EMAIL PROTECTED] Any idea how to get the second SSL cert working?
I have 2 certs installed. One is for the main site and the other is for a subdomain. Both are set up as "VirtualHost"s in the ssl.conf file. I also set the default one to use the primary site's certs. The certs are from GoDaddy. I have a NameVirtualHost specified for port 80 and port 443. It seems like I have everything covered, but I go to the subdomain and it tells me it's using the cert for the main site. The main site cert does appear to be working properly. Any ideas? Side note... I'm trying to point port 80 and 443 to the same directory on the server for the main site. Could that be causing the problem? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Any idea how to get the second SSL cert working?
> Sounds like you are trying to do ssl hosting with name-based virtual > hosts. That won't work. An explanation is here: > http://wiki.apache.org/httpd/NameBasedSSLVHosts > > Joshua. Yup - that's it exactly. Thanks Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Apache 2.2.6 and CGI problem.
I'm a newbie to Apache and throwing myself on the wisdom of the list. I'm running FreeBSD6.2 in a jail with Apache 2.2.6. The basic set-up works but I'm having problems with dynamic HTML and cgi scripts. I'm using perl for my testing. Going through the HowTo I can invoke the script as a direct URL. I can make a tag with an href of "/cgi-bin/xxx.pl" and clicking on the link brings up the script's result. So it looks like I have the CGI rules configured correctly. But no matter what I've tried I can't get the text into the HTML page when it loads initially. I've tried: #exec cgi="/cgi-bin/xxx.pl" and a number of tags that shouldn't and didn't work. All I see are the HTML tags. Including all my failed attempts as place holders for my stupidity. I must be missing a config item somewhere but I can't see it. Config that I've update are: ScriptAlias /cgi-bin/ "/usr/local/www/cgi-bin/" TypesConfig mime.types AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddHandler cgi-script .cgi .pl AllowOverride None Options +ExecCGI +Includes Order allow,deny Allow from all I don't believe I need the "+Includes" as I'm not doing anything with shtml at this point. If anyone sees anything I've missed it would be great if they would enlighten my ignorance. Thanks ----- The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Apache 2.2.6 and CGI problem redux
Not a total solution but getting there. Joshua Slive had some of the answer. He enlightened me that I was using SSI and told me to used SetOutputFilter and I read-up on the SSI howto. So I can include JavaScript files and they work nicely. However perl scripts in the cgi-bin directly stubbornly refuse to fire unless called by an HREF tag. The config is simple: ScriptAlias /cgi-bin/ "/usr/local/www/cgi-bin/" Alias /javascript/ "/usr/local/www/javascript/" AddHandler cgi-script .cgi .pl AllowOverride None Options +ExecCGI +Includes AddType text/html .html AddOutputFilter INCLUDES .html Order allow,deny Allow from all AllowOverride None Options +ExecCGI +Includes AddType text/html .html AddOutputFilter INCLUDES .html Order allow,deny Allow from all The web page (index.html) is damn simple too: http://www.w3.org/TR/XHTML1/DTD/XHTML1-strict.dtd";> http://www.w3.org/1999/xhtml"; lang="en" xml:lang="en"> Test page It works! Or so I say.David Test This And the perl script is trivial. #!/usr/bin/perl print "Content-type: text/html\r\n\r\n"; print "Work, damn it all!\n"; Any idea of what I'm missing? I'm going with html all pages will be using dynamic HTML, if I can ever get it to work. Does the new details ring bells with anybody? Thanks, again. Outstanding action: Contact the CGI HowTo doc people to put a ref to the SSI HowTo doc. ----- The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Apache 2.2.6 and CGI problem - solved - doc bug?
Thanks to my not reading Joshua Silve's reply and his second correction everything is working. I needed a Directory entry for the directory that had the *html files that call the JavaScript and CGI files. So I needed three entries as follows: For the file with *html: AllowOverride None Options +Includes AddType text/html .html AddOutputFilter INCLUDES .html Order allow,deny Allow from all For the JavaScript area: AllowOverride None Options +Includes Order allow,deny Allow from all For the CGI scripts: AllowOverride None Options +ExecCGI Order allow,deny Allow from all I'll give the Apache people a few days to read this as I think this is a doucmentation bug. 1. I think the http://httpd.apache.org/docs/2.2/howto/cgi.html should have link to http://httpd.apache.org/docs/2.2/howto/ssi.html. Some of the data is related and required to get CGI running. 2. An example of http.conf entries (like given above) should be included with explanation on why each entry is needed with a recommended settings (which would need someone with more experience than me). Thanks, David - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[users@httpd] ??text?? On serveral webpages are questionmarks (??) where text is suppost to be or what has to be clear
Hello, I have set up apache on a fedora box: Linux hostname.nl 2.6.9-1.667 #1 Tue Nov 2 14:41:25 EST 2004 i686 i686 i386 GNU/Linux httpd-2.0.52-3 It al runs fine, but On serveral pages are questionmarks (??) where text is suppost to be or what has to be clear: Examples: http://www.afrekening.nl http://www.t-t-n.nl/uitslagen/uitsl_04/Klaverjassen.htm (table) http://www.zin-pa.nl/index_bestanden/slide0005.htm I think it is caused because the html is made in Word or powerpoint or other Microsoft #$!#$@ stuff. How can I solve this behavior? Thanx Nico - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users@httpd] ??text?? On serveral webpages are questionmarks (??) where text is suppost to be or what has to be clear
Thanx, When I select in mij browser: West-Europees (ISO) the pages are correct. Where can I find the correct charset?? The default charset is UTF 8. Thanx for sending me in the correct direction! Nico |-+> | | Nick Kew | | | <[EMAIL PROTECTED]| | | m> | | || | | 21-05-2005 12:12 | | | Please respond to| | | users| | || |-+> >| | | | To: users@httpd.apache.org | | cc: | | Subject: Re: [EMAIL PROTECTED] ??text?? On serveral webpages are questionmarks (??) where text is suppost to be | |or what has to be clear | >| [EMAIL PROTECTED] wrote: > On serveral pages are questionmarks (??) where text is suppost to be or Find out what charset your pages are in. Then use AddCharset in Apache to get the server to send the correct charset. > I think it is caused because the html is made in Word or powerpoint or > other Microsoft #$!#$@ stuff. They might be producing undefined junk. In which case you'd need to fix it up first. See what a validator tells you about them. -- Nick Kew - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[users@httpd] pemanent "G" Gracefully finishing in mod_status
Hello. I'm in doubt with the info from mod_status GGWGGGKRKGWG_GK_RGWGWKRK_G__W_G_KGKKWKKGGKK_G... ..G. Too many threads in "G" Gracefully finishing state. Here is typical example Srv PID Acc M CPU SS Req ConnChild Slot HostVHost Request 0-1 32536 0/190/41332 G 1.24165293 0 0.0 0.66 556.64 80.68.4.164 (unavailable) GET /x.php HTTP/1.1 As you can see in SS field the latest request proceeding by this thread was 165293 second ago. Process with 32536 exists, it consume memory by don't do any job. Just permanent Gracefully finishing state. All threads in this state have Request to only one page /x.php. It's a absolutely normal page, except one thing - page refreshing every 60 sec. I have apache 1.3.33 and OS ALT Linux 2.2. Please, if you can give me info about Gracefully finishing state or why apache don't destroy useless process answer here. PS: Sorry for my english - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [users@httpd] VirtualHosts, SSLProtocol, and SSLCipherSuite
hello hello hello, i recently posted a similar issue with the topic "Weirdo intepretation of SSLprotocol order" on this distlist (may 7th 2015) I found that (at least on) Apache 2.2.29 64bit Prefork, the sslProtocol order is only challenged once for the whole server, that is the first occurence to appear. I think this is your problem too... Someone asked me to build a backported dist of httpd, or at least a patch.. however, time never got to me... The general solution seems to be running httpd 2.4.13+, but its unclear to me, whether the problem resides in openssl maybe.. however, its not fixed out of the blue. And i know, this doesnt answer your question, but it may make things a little clearer :) br Congo On 2015-06-17 00:37, karl karloff wrote: So that does not actually help in the case of SSLv3 because SNI is an extension to TLS. It seems like this is not possible in Apache given the usage of OpenSSL as the SSL/TLS library. Does that sum it up? Thanks, Karl Date: Tue, 16 Jun 2015 23:54:39 +0200 From: ylavic@gmail.com To: users@httpd.apache.org Subject: Re: [users@httpd] VirtualHosts, SSLProtocol, and SSLCipherSuite On Tue, Jun 16, 2015 at 10:48 PM, karl karloff wrote: I am attempting to set up more than one subdomain on :443 in this example. so something like sslv3.example.com:443 responds with SSLv3 only tlsv1.example.com:443 responds with TLSv1.0 only ... I wasn't aware that could be achieved using the ServerName directive. The underlying IP/interface should be the same for all subdomains, but each subdomain responds by accepting only a single SSLProtocol. Does that make sense? It does, however there is a limitation currently in OpenSSL in that it can't renegotiate the protocol. Hence this configuration will work only with browsers/clients supporting (and advertising) the Server Name Indication (SNI), which allows to select the correct VirtualHost before the negotiation occurs. Otherwise, Apache HTTPd will have to negotiate before being able to read the requested Host header, and hence determine the VirtualHost. Thus it will do the negotiation occording to the parameters (protocol, ciphers, ...) of the first vhost declared on the listening IP:port. If finally the determined vhost is not the one used for the negotiation, it will ask for a renegotiation which, as said above, won't take the SSLProtocol into consideration due to OpenSSL not being able to do that (the SSLCipherSuite can be renegotiated though). So all should be fine with SNI only. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [users@httpd] RE: Apache Reverse Proxy deletes from code
hello hello hello, Ive seen exactly that behavior many times in 2.2.29. Once ProxyHTMLEnable is invoked in a vhost, output is heavily influenced, eventhough there are no rules to define modification of any html at all.. The rules i define works flawlessly, but the filter invocation swallows more than it should... i have been pulling my hair for this problem, with the result of light baldness... I wasnt aware of the bug report - yet, i am not sure, whether it applies a fix at some point for the 2.2 branch - anyone to know this ? br congo On 2015-06-16 17:25, Cruz Villanueva, Juan wrote: Hello Yann, Thanks for your reply. I'll review this link. It's really possible that it's related I'll post my findings later. Thanks. Juan Cruz Villanueva -Original Message- From: Yann Ylavic [mailto:ylavic@gmail.com] Sent: martes, 16 de junio de 2015 9:09 To: users@httpd.apache.org Subject: Re: [users@httpd] RE: Apache Reverse Proxy deletes from code On Tue, Jun 16, 2015 at 8:58 AM, Cruz Villanueva, Juan wrote: one has seen this issue (or similar one) before? Maybe https://bz.apache.org/bugzilla/show_bug.cgi?id=56287 ? Regards, Yann. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] slow reload apache22
hello world, so i run Apache/2.2.31 on FreeBSD9. 64 bit. Hosting about 400 websites on this virtual server that executes well enough - except, whenever i make configuration changes and gracefully reload the httpd, the service kind of stalls for about 10-20 seconds. The server acts as reverse proxy onto the backend servers, that might just as well be httpd in many cases, however when these reloads the same way, content is instantly available, but on the proxy content becomes dramatically slow responding right after "apachectl graceful" was executed, then after <20 seconds its fast responding again. I run no custom cache solution on top of apache, only customsized SSL cache, but i cant see if this should interfere with plain http requests performance. I would like to be able to serve the users with fast respondstimes eventhough i have to reload the config several times during the day. The websites are located in about 50 config files, with about 400 VirtualHosts inside. I only serve some small icons as content directly on the proxy, all the rest is either text errorpages in config or strict reverse proxy. Does anyone else have this poor experience ? -or even better a tip for a solution to get this solved ? br Congo, Denmark - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Weirdo intepretation of SSLprotocol order
hello, So i have an apache 2.2.29 running Prefork on FreeBSD 64bit. I have a number of vhosts included - one vhost per domain name. In any of these vhost containers the SSLProtocol directive seems to be ignored, but only the default vhost is dictating the SSLProtocol for all other (this is ofcourse the first HTTPS enabled vhost container, which might be relevant). Though documentation argues that its applicable per vhost, and not only in server config. For testing purpose, i use add the following to my sub-vhost: SSLProtocol -ALL +TLSv1.2 But when the default vhost is configured as such: SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2 - that final example is the only, thats used throughout the webserver. I read in http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslprotocol, that it should be applicable per virtual host. The goal is to host some sites via TLS 1.2 only, and some other ones only in TLS 1.1 for instance. Does anyone else meet the same challenge or know how to resolve this ? br congo - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Weirdo intepretation of SSLprotocol order
Hello, Well - a patched version... what do you mean -i've build apache22-2.2.29_2 from ports... so its already up to date. However openssl runtime is openssl-1.0.1_16, where i see there is a openssl-1.0.2_1 available from ports. I prefer to build from ports, in order to host a standardized environment for the web.. I have been looking into migration to apache httpd 2.4, but from my understanding the config interpretor is not backwards compatible, so i have to renew all configs. I run around 50 domains and 450 sites, and about 15 instances of apache httpd.. so there will be a bunch of config redoing.. Do you mean - building 2.2.29 from apache.org sources ? br congo On 2015-05-07 11:13, Yann Ylavic wrote: Hello, you may hit an issue fixed in [1] (for upcoming 2.4.13). Can you manage to build a patched httpd-2.2.29 from sources? Regards, Yann. [1] http://svn.us.apache.org/r1663258 On Wed, May 6, 2015 at 2:54 PM, wrote: hello, So i have an apache 2.2.29 running Prefork on FreeBSD 64bit. I have a number of vhosts included - one vhost per domain name. In any of these vhost containers the SSLProtocol directive seems to be ignored, but only the default vhost is dictating the SSLProtocol for all other (this is ofcourse the first HTTPS enabled vhost container, which might be relevant). Though documentation argues that its applicable per vhost, and not only in server config. For testing purpose, i use add the following to my sub-vhost: SSLProtocol -ALL +TLSv1.2 But when the default vhost is configured as such: SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2 - that final example is the only, thats used throughout the webserver. I read in http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslprotocol, that it should be applicable per virtual host. The goal is to host some sites via TLS 1.2 only, and some other ones only in TLS 1.1 for instance. Does anyone else meet the same challenge or know how to resolve this ? br congo - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] SSLCertificateChainFile
I am putting to together a config for both RH6 and RH7 systems. RH6 used Apache/2.2.15, RH7 uses Apache/2.4.6. I understand that in 2.4.8 SSLCertificateChainFile is deprecated and the intermediates should be appended to the file that SSLCertificateFile points to. Can 2.2 and < 2.4.8 work properly if the SSLCertificateChainFile in the config is NOT used and instead the intermediates are appended the file that SSLCertificateChainFile points to as you would in 2.4.8 and greater. Just thinking that if it will work correctly, the config would be the same now and when 2.4.8 and greater gets in place. We have done this on a test system and it seems to work, however I'm not sure if we are just fooling ourselves and it isn't even seeing the intermediates and the client just isn't complaining. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Re: mod_rewrite: Conditionally set RemoteIPHeader
Does anyone know of a way to conditionally set the RemoteIPHeader directive for mod_remoteip? I've tried a few things; a simple if/else says "RemoteIPHeader is not allowed here." And trying to set my own request header that I can point "RemoteIPHeader" to doesn't seem to work; no matter how I order it or create it it seems that RemoteIPHeader doesn't recognize the new header I've generated. Any ideas? Thanks in advance! Dan - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] apache 2.2.3, virtual host and balancer manager. Only one balancer can be monitored
We have configured an apache http server instance to serve as load balancer between 3 aplications and 6 tomcat nodes, each application served by 2 nodes each, using virtual host and mod_proxy_balancer. This is the file which we use to set the first applicacion "A" to be served by nodes sftomcat02 and sftomcat05. (conf.d/vh_a_tramix.conf) Everything works as expected until this point: - request are directed to the vh according to the url. - request are balanced between tomcat nodes, session aware. - if a node goes down, after a while, request are redirected to the surviving node But balancer shows only a balancer (the first one to be read?) vh_a_tramix.conf follows: ServerAdmin anotherguy DocumentRoot "/var/www/html" ServerName www.a.ar ErrorLog logs/www.a.ar-error_log CustomLog logs/www.a.ar-error_log-access_log common ProxyRequests off Order deny,allow Allow from all ProxyPass /balancer-manager ! ProxyPass / balancer://a/ #ProxyPassReverse / balancer://a/ BalancerMember ajp://sftomcat02:8029 route=tts2 #BalancerMember ajp://sftomcat05:8059 route=tts5 ProxySet balancer://a stickysession=JSESSIONID nofailover=Off SetHandler balancer-manager Order deny,allow Allow from all similar vh are configured (say vh_b_tramix.conf and vh_c_tramix.conf) but request to balancer-manager on this virtual hosts fails (tomcat node responds, so... is not trapped even by the "ProxyPass /balancer-manager !" directive). I have tried to change "ProxyPass /balancer-manager !" to "ProxyPass /balancer-manager2 !" (and changed rest of file 'accordingly') and still fails. So, I kindly ask: Is it necesary to change something? (version? config?) Is this behaviour expected / to be changed? Which task should I accomplish to solve this is issue (if possible)? Does anybody have seen it working? Thanks in advance for any help you can provide. Yahoo! Cocina Recetas prácticas y comida saludable http://ar.mujer.yahoo.com/cocina/ ----- The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Mod_rewrite and mod_proxy_balancer
sorry for asking... I do not understand why you use rewrite... I would use "Location" or "ProxyPass" directive. Simpler... Can not do a test now... but it seems pretty straight forward. --- El mié 20-may-09, ricardo figueiredo escribió: > De: ricardo figueiredo > Asunto: Re: [us...@httpd] Mod_rewrite and mod_proxy_balancer > Para: users@httpd.apache.org > Fecha: miércoles, 20 de mayo de 2009, 6:00 pm > Anyone ??? > > Or my English isn't good ?? > > Ricardo > > On Wed, May 20, 2009 at 3:13 PM, > ricardo13 > wrote: > > > > Hi all, > > > > I have a web cluster with 6 machines. Three machines serve > only clients > > (class 1) and others serve only normal users (class 2). > > I use apache with modules mod_rewrite and > mod_proxy_balancer. > > > > Use mod_rewrite to classify (between class1 and class2) > incoming requests > > and mod_proxy_balancer forward request to the cluster > (class1 or class2). > > > > Now, When I type in browser, for example "http://localhost/1";, the > cluster A > > serve my request and when I type "http://localhost/2";, the > cluster B serve > > my request. > > > > Now, I would like to know how I drop a request when come > with other type > > user ?? For example, "http://localhost/3"; > > > > I tried this, but doesn't work. > > > > My httpd.conf: > > > > > > RewriteEngine on > > RewriteLog /usr/local/apache2/logs/rewrite_log > > RewriteLogLevel 5 > > > > RewriteLock /usr/local/apache2/logs/file.lock > > RewriteMap prgmap > prg:/usr/local/apache2/admControl > > > > RewriteCond ${prgmap:$1} ^/bad_url$ > > RewriteRule /bad_url - [F] > > RewriteRule ^/(.*) balancer:/${prgmap:$1} [P] > > > > > > > > > > BalancerMember http://192.168.1.11 > > BalancerMember http://192.168.1.12 > > BalancerMember http://192.168.1.13 > > > > > > > > BalancerMember http://192.168.1.14 > > BalancerMember http://192.168.1.15 > > BalancerMember http://192.168.1.16 > > > > > > My admControl: > > #include > > #include > > > > int main(int argc,char *argv[]) { > > > > char input; > > int id; > > > > while(1) { > > fscanf(stdin, "%d", &id); > > > > switch(id) { > > case 1: fprintf(stdout, "/class1"); > break; > > case 2: fprintf(stdout, "/class2"); > break; > > case default: fprintf(stdout, "/bad_url"); > break; > > } > > fprintf(stdout, "\n"); > > fflush(stdout); > > } > > return EXIT_SUCCESS; > > } > > > > Remember, How I drop a request from > "http:localhost/3" ??? > > > > Thank you > > Ricardo > > > > > > > > -- > > View this message in context: > http://www.nabble.com/Mod_rewrite-and-mod_proxy_balancer-tp23640723p23640723.html > > > Sent from the Apache HTTP Server - Users mailing list > archive at Nabble.com. > > > > > > - > > The official User-To-User support forum of the Apache HTTP > Server Project. > > See http://httpd.apache.org/userslist.html> > for more info. > > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > > " from the digest: users-digest-unsubscr...@httpd.apache.org > > For additional commands, e-mail: users-h...@httpd.apache.org > > > > > > > -- > Muito Obrigado > > Ricardo > > ¡Viví la mejor experiencia en la web! Descargá gratis el nuevo Internet Explorer 8 http://downloads.yahoo.com/ieak8/?l=ar - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] apache 2.2.3, virtual host and balancer manager. Only one balancer can be monitored
I have read doc again, and after testing a little I think I should move "Location" directive to a different file (outside vh definition), in order to make "sense", but results are the same... Thank you again. --- El mié 20-may-09, mboxdario-apa...@yahoo.com.ar escribió: > De: mboxdario-apa...@yahoo.com.ar > Asunto: [us...@httpd] apache 2.2.3, virtual host and balancer manager. Only > one balancer can be monitored > Para: users@httpd.apache.org > Fecha: miércoles, 20 de mayo de 2009, 6:13 pm > > We have configured an apache http server instance to serve > as load balancer between 3 aplications and 6 tomcat nodes, > each application served by 2 nodes each, using virtual host > and mod_proxy_balancer. > > This is the file which we use to set the first applicacion > "A" to be served by nodes sftomcat02 and sftomcat05. > (conf.d/vh_a_tramix.conf) > > Everything works as expected until this point: > - request are directed to the vh according to the url. > - request are balanced between tomcat nodes, session > aware. > - if a node goes down, after a while, request are > redirected to the surviving node > > But balancer shows only a balancer (the first one to be > read?) > > vh_a_tramix.conf follows: > > ServerAdmin anotherguy > DocumentRoot "/var/www/html" > ServerName www.a.ar > ErrorLog logs/www.a.ar-error_log > CustomLog logs/www.a.ar-error_log-access_log common > > ProxyRequests off > > > Order deny,allow > Allow from all > > > ProxyPass /balancer-manager ! > ProxyPass / balancer://a/ > #ProxyPassReverse / balancer://a/ > > BalancerMember ajp://sftomcat02:8029 route=tts2 > #BalancerMember ajp://sftomcat05:8059 route=tts5 > > ProxySet balancer://a stickysession=JSESSIONID > nofailover=Off > > > SetHandler balancer-manager > Order deny,allow > Allow from all > > > > > similar vh are configured (say vh_b_tramix.conf and > vh_c_tramix.conf) > but request to balancer-manager on this virtual hosts fails > (tomcat node responds, so... is not trapped even by the > "ProxyPass /balancer-manager !" directive). > > I have tried to change "ProxyPass /balancer-manager !" > to "ProxyPass /balancer-manager2 !" (and changed rest > of file 'accordingly') and still fails. > > So, I kindly ask: > Is it necesary to change something? (version? config?) > Is this behaviour expected / to be changed? > Which task should I accomplish to solve this is issue (if > possible)? > Does anybody have seen it working? > > Thanks in advance for any help you can provide. > > > > > > > Yahoo! Cocina > Recetas prácticas y comida saludable > http://ar.mujer.yahoo.com/cocina/ > > - > The official User-To-User support forum of the Apache HTTP > Server Project. > See http://httpd.apache.org/userslist.html> for more > info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > Yahoo! Cocina Recetas prácticas y comida saludable http://ar.mujer.yahoo.com/cocina/ - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] apache 2.2.3, virtual host and balancer manager. Only one balancer can be monitored
Well... it didnt worked, because i didn't rebooted httpd, but balancer-manager now is working for all vh sites. It has to be defined globally (probably the location /balancer-manager directive which can not have scheme or server name), outside virtual host definition. Sorry for the noise. Greetings. --- El mié 20-may-09, mboxdario-apa...@yahoo.com.ar escribió: > De: mboxdario-apa...@yahoo.com.ar > Asunto: Re: [us...@httpd] apache 2.2.3, virtual host and balancer manager. > Only one balancer can be monitored > Para: users@httpd.apache.org > Fecha: miércoles, 20 de mayo de 2009, 7:18 pm > > I have read doc again, and after testing a little I think I > should move "Location" directive to a different file > (outside vh definition), in order to make "sense", but > results are the same... > > Thank you again. > > > --- El mié 20-may-09, mboxdario-apa...@yahoo.com.ar > > escribió: > > > De: mboxdario-apa...@yahoo.com.ar > > > Asunto: [us...@httpd] apache 2.2.3, virtual host and > balancer manager. Only one balancer can be monitored > > Para: users@httpd.apache.org > > Fecha: miércoles, 20 de mayo de 2009, 6:13 pm > > > > We have configured an apache http server instance to > serve > > as load balancer between 3 aplications and 6 tomcat > nodes, > > each application served by 2 nodes each, using virtual > host > > and mod_proxy_balancer. > > > > This is the file which we use to set the first > applicacion > > "A" to be served by nodes sftomcat02 and sftomcat05. > > (conf.d/vh_a_tramix.conf) > > > > Everything works as expected until this point: > > - request are directed to the vh according to the url. > > > - request are balanced between tomcat nodes, session > > aware. > > - if a node goes down, after a while, request are > > redirected to the surviving node > > > > But balancer shows only a balancer (the first one to > be > > read?) > > > > vh_a_tramix.conf follows: > > > > ServerAdmin anotherguy > > DocumentRoot "/var/www/html" > > ServerName www.a.ar > > ErrorLog logs/www.a.ar-error_log > > CustomLog logs/www.a.ar-error_log-access_log > common > > > > ProxyRequests off > > > > > > Order deny,allow > > Allow from all > > > > > > ProxyPass /balancer-manager ! > > ProxyPass / balancer://a/ > > #ProxyPassReverse / balancer://a/ > > > > BalancerMember ajp://sftomcat02:8029 > route=tts2 > > #BalancerMember ajp://sftomcat05:8059 > route=tts5 > > > > ProxySet balancer://a > stickysession=JSESSIONID > > nofailover=Off > > > > > > SetHandler balancer-manager > > Order deny,allow > > Allow from all > > > > > > > > > > similar vh are configured (say vh_b_tramix.conf and > > vh_c_tramix.conf) > > but request to balancer-manager on this virtual hosts > fails > > (tomcat node responds, so... is not trapped even by > the > > "ProxyPass /balancer-manager !" directive). > > > > I have tried to change "ProxyPass /balancer-manager > !" > > to "ProxyPass /balancer-manager2 !" (and changed > rest > > of file 'accordingly') and still fails. > > > > So, I kindly ask: > > Is it necesary to change something? (version? > config?) > > Is this behaviour expected / to be changed? > > Which task should I accomplish to solve this is issue > (if > > possible)? > > Does anybody have seen it working? > > > > Thanks in advance for any help you can provide. > > > > > > > > > > > > > > Yahoo! Cocina > > Recetas prácticas y comida saludable > > http://ar.mujer.yahoo.com/cocina/ > > > > > - > > The official User-To-User support forum of the Apache > HTTP > > Server Project. > > See http://httpd.apache.org/userslist.html> for more > > info. > > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > > " from the digest: users-digest-unsubscr...@httpd.apache.org > > For additional commands, e-mail: users-h...@httpd.apache.org > > > > > > > Yahoo! Cocina > Recetas prácticas y comida saludable > http://ar.mujer.yahoo.com/cocina/ > > - >
Re: [us...@httpd] How do you build a FIPS 140-2 apache ?!?!?!
Not the best answers. But it was not a good question neither. "Can anyone supply the step-by-steps for building apache with FIPS 140-2 openssl?" is NOT a "good question". There is a guide you should have readed before, about how to ask good questions. Because the answer is: "Yes. I'm almost sure somebody can do it." Community answers are not always right to the point. You are not paying. The good thing about open source is that now that you know the answer, YOU can publish it. And you should have asked: subject: building an apache with openssl fips 140-2 "I have made this, this and this. I have problems with THIS. Later I will do that other thing. which documentation should I read? I use 'alfa' linux, with apache version x.y.z, and openssl version H." " El mié 27-may-09, Frank Gingras escribió: > De: Frank Gingras > Asunto: Re: [us...@httpd] How do you build a FIPS 140-2 apache ?!?!?! > Para: users@httpd.apache.org > Fecha: miércoles, 27 de mayo de 2009, 3:51 pm > Sam, > > Since you're 'theman', I guess we assumed you'd manage on > your own. > > Seriously, however, no one is forcing you to use this > software. Go ahead > and use commercial software, we won't mind. > > Frank > > Sam theman wrote: > > I was able to build a FIPS 140-2 apache, thanks to > nobody at the apache users list. I banged my head against > the wall for 2 days, and pieced together a lot of confused > emails... WHY do apache developers not go the extra half > foot and publish a doc. They will develop code out the > gazoo, but then not tell anyone HOW to use it and people > wonder why open source software is gradually being flushed > down the toliet by the Oracle corp's of the world!! > > > > > > > > > >> From: j.zucker...@gmail.com > >> Date: Tue, 26 May 2009 19:13:15 -0700 > >> To: users@httpd.apache.org > >> Subject: Re: [us...@httpd] How do you build a FIPS > 140-2 apache ?!?!?! > >> > >> On Tue, May 26, 2009 at 12:44 PM, Sam theman > > wrote: > >> > >>> Hello, > >>> > >>> Can anyone supply the step-by-steps for > building apache with FIPS 140-2 > >>> openssl? > >>> > >>> Sam > >>> > >>> > >>> Insert movie times and more without leaving > Hotmail®. See how. > >>> > >> hotmail ads? lol > >> > >> > - > >> The official User-To-User support forum of the > Apache HTTP Server Project. > >> See http://httpd.apache.org/userslist.html> for more > info. > >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > >> " from the digest: > users-digest-unsubscr...@httpd.apache.org > >> For additional commands, e-mail: users-h...@httpd.apache.org > >> > >> > > > > > _ > > Hotmail® goes with you. > > http://windowslive.com/Tutorial/Hotmail/Mobile?ocid=TXT_TAGLM_WL_HM_Tutorial_Mobile1_052009 > > > > > > - > The official User-To-User support forum of the Apache HTTP > Server Project. > See http://httpd.apache.org/userslist.html> for more > info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > ¡Viví la mejor experiencia en la web! Descargá gratis el nuevo Internet Explorer 8 http://downloads.yahoo.com/ieak8/?l=ar - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] How can I secure my apache server from DoS attack ?
Please Change Following Parameters Timeout 60 KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 5 MinSpareServers 5 MaxSpareServers 10 StartServers 5 MaxClients 150 MaxRequestsPerChild 4000 Then Kernel settings are like : tcp_keepalive_time=900 tcp_fin_timeout=30 tcp_max_orphans=16384 tcp_tw_reuse=1 tcp_tw_recycle=1 tcp_rfc1337=1 tcp_no_metrics_save=1 tcp_fin_timeout 60 conf.default.rp_filter=1 tcp_syncookies=1 tcp_synack_retries=3 tcp_syn_retries=3 Regards Amit Maheshwari Linux System Administrator New Del On Tue, Jun 23, 2009 at 5:55 PM, Neelesh Gurjar wrote: > Hi, > I have a web server which has CentOS Linux 2.6.18-028stab059.6-ent kernel > and Apache 1.3.37 running on it. > > 2 days back I got one script to test DoS attack on website. It is called > slowloris.pl from http://ha.ckers.org/slowloris/ > > I run that script against my server and it worked. It stopped my website > for some time. That time all other services like SSH were working fine. > > Can anybody suggests any configuration changes at Apache and OS/Kernel > level to prevent from this type of attack ? > > Currently I am using following settings: > > Timeout 300 > KeepAlive On > MaxKeepAliveRequests 100 > KeepAliveTimeout 5 > MinSpareServers 5 > MaxSpareServers 10 > StartServers 5 > MaxClients 150 > MaxRequestsPerChild 0 > > Then Kernel settings are like : > tcp_keepalive_time 7200 > tcp_keepalive_time 9 > tcp_keepalive_intvl 75 > tcp_syn_retries 5 > tcp_synack_retries 5 > tcp_fin_timeout 60 > > -- > Regards > NeeleshG > > LINUX is basically a simple operating system, but you have to be a genius > to understand the simplicity >
[us...@httpd] Apache dies in Freebsd jail
I know this sounds like a headline, but its true. I had a disk space problem in the jail, so I reconfigured and restored the apache on the new disk size. I then added my other modules that I required from ports. I then checked if it all worked, and I got nada- firefox tells me the sites valid but the server won't connect. So far I've tried upping log levels to debug, httpd -X, and running portupgrade -fRr apache. All to no avail- I can get no message or hint or idea of why apache fails. If I run ps -ax I see httpd -DNOHTTPACCEPT or httpd -X still running (apparently), but I can't see any listeners on any ports/interfaces with sockstat. I need some help debugging this- something (ANYTHING!) that will give me a clue on what I've missed here. I'd rather not just blow it all away without attempting to find out what the hell is behind this. I'm running a jailed FreeBSD 7.2 and apache-2.2.11_7 built from ports. I've built php5-5.2.10, mod_perl2-2.0.4_2,3, and mod_python-3.3.1_2 all from ports as well. I've tried the freebsd-questions list, but I haven't got a response or seen my message even get through. Any clues will be much appreciated. My logs aren't giving me anything, only that all the modules are all loading ok. I had some ssl cache warnings, but they're resolved (I think). I believe it can't bind to the network for some reason: I need to find that reason :) Cheers Msg sent via @Mail - http://atmail.com/ ----- The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] [solved] Re: [us...@httpd] Apache dies in Freebsd jail
>From out of left field with a little inspiration: I hazarded a look at the host log files and found I was getting exited on sig 11 errors from httpd- even though ps was still showing it as running in the jail. So a google search now showed up some more possible causes; most of those surrounding mods. In particular php was common with extensions causing a lot of failures. I now had something to work with. I commented out all the extensions in php/extensions.ini and restarted apache: Its alive! I then tried to work out why- I suspected memory, but more googling found reordering of the extensions to help, but which ones? I went through one by one each of the extensions to find a culprit or space problem (actually got impatient and by the end tried 4 at a time) and found 4 which seemed similar and did cause a failure. I commented out different combinations and finally hit on the spl extension; uncommenting all others apache kept going, so here was my culprit. Googled some more, and couldn't find a reason why it would be hurting. So I ran php -v on the cli and got a seg fault with spl, I ran gdb php -v and got a different error which had to be deciphered (something to do with misc.c), but if spl was not available mysql and others whinged. More googling... tried apache php5 spl seg fault and got an obscure reference: spl was not the problem at all! I had in my endeavours to resolve this issue put the spl extension at the beginning of the extensions.ini file, apparently the recode extension can cause conflicts because the mysql and imap extension want it, and recode is not available until later in the extensions.ini- put recode at the beginning and presto! Finally everybody's happy... :) Sorry to waste electrons (so to speak), but I figured someone might have a similar issue and I'm hoping this will point them in the right direction sooner rather than hours of endless searching for something they're not sure they're searching for. I've also given my workings in the resolution to save "maybe/maybe not the same kind of problem". The spl/recode extension issue is rather obscure, the majority of references only point to reordering of extensions but don't say which ones. BTW: why didn't I think of the php mod first? I was sure I had php and apache working fine before- I just hadn't installed all of the extensions due to space... :) Such is life... Cheers On Wed 5/08/09 2:02 PM , apache-u...@herveybayaustralia.com.au wrote: > I know this sounds like a headline, but its true. > I had a disk space problem in the jail, so I reconfigured and > restored the apache on the new disk size. I then added my other > modules that I required from ports. I then checked if it all worked, > and I got nada- firefox tells me the sites valid but the server won't > connect. > So far I've tried upping log levels to debug, httpd -X, and running > portupgrade -fRr apache. All to no avail- I can get no message or hint > or idea of why apache fails. If I run ps -ax I see httpd > -DNOHTTPACCEPT or httpd -X still running (apparently), but I can't see > any listeners on any ports/interfaces with sockstat. > I need some help debugging this- something (ANYTHING!) that will > give me a clue on what I've missed here. I'd rather not just blow it > all away without attempting to find out what the hell is behind this. > I'm running a jailed FreeBSD 7.2 and apache-2.2.11_7 built from > ports. I've built php5-5.2.10, mod_perl2-2.0.4_2,3, and > mod_python-3.3.1_2 all from ports as well. I've tried the > freebsd-questions list, but I haven't got a response or seen my > message even get through. > Any clues will be much appreciated. My logs aren't giving me > anything, only that all the modules are all loading ok. I had some ssl > cache warnings, but they're resolved (I think). I believe it can't > bind to the network for some reason: I need to find that reason.... :) > Cheers > Msg sent via @Mail - http://atmail.com/ > > - > The official User-To-User support forum of the Apache HTTP Server > Project. > See for more info. > To unsubscribe, e-mail: > " from the digest: > For additional commands, e-mail: > > Msg sent via @Mail - http://atmail.com/ - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Specific filesystem for cache
Hi Try JFS or XFS file System can be used for Better i/o Performance in MOD_DISK_CACHE JFS: Journaling File System : having better journiling & faster then ext3 XFS: Xtra Large File System : Read Write Performance Is Much Better Thanks Amit Maheshwari On Thu, Aug 6, 2009 at 1:18 AM, "Fábio Jr." wrote: > Hello all. > > I'm wondering if someone have a suggestion of what filesystem to use in the > cache directory used by mod_disk_cache. I'm having some i/o problems, and > want to choose the right filesystem, since I use a separate partition for > the cache. > > Thanks > > []s > Fábio Jr. > > ----- > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
Re: [us...@httpd] How to set prefer-language from a URL parameter without cookies?
Hi, I Show you an example of access manual from browser . having different language support AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br|ru))?(/.*)?$ "/usr/local/apache2/manual$1" Options Indexes AllowOverride None Order allow,deny Allow from all SetHandler type-map SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|pt-br|ru)/ prefer-language=$1 RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|pt-br|ru)){2,}(/.*)?$ /manual/$1$2 LanguagePriority en de es fr ja ko pt-br ru ForceLanguagePriority Prefer Fallback It gives u an idea Amit http://new-innovation.blogspot.com/ On Tue, Aug 18, 2009 at 2:37 PM, Victor Engmark wrote: > Hi all, > > I'm trying to do language auto-negotiation in .htaccess on version > 2.0.63, and it mostly works (see code below). The only thing that > doesn't is the "env=prefer-language:%1" part, and I can't figure out > why. I tried asking at Stack Overflow > < > http://stackoverflow.com/questions/1280220/how-to-use-setenv-with-a-url-parameter > >, > but although the answers are good, none of them seem to work. The > manual <http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html#rewriterule> > didn't mention any gotchas and Google didn't help, so this is the last > try before going back to a PHP hack. > > # Available languages > AddLanguage en .en > AddLanguage fr .fr > AddLanguage no .no > > # Priority (highest first) > LanguagePriority no en fr > > # Fallback to specified language priority if the browser doesn't > supply any of the supported languages > ForceLanguagePriority Fallback > > # Language auto-negotiation > Options +MultiViews > > # Set cookie when setting language in URL > RewriteEngine On > RewriteBase / > RewriteCond %{QUERY_STRING} (?:^|&)language=(en|fr|no) > RewriteRule ^(.*)$ $1? > [cookie=language:%1:.aspaass.no:7200 > :/,env=prefer-language:%1,redirect=permanent] > > # Disable caching if the cookie was set > RewriteCond %{HTTP_COOKIE} language=(.*) > RewriteRule .* - [env=cookie_language:%1] > >Header append Vary cookie >Header set Cache-Control "store, no-cache, must-revalidate, > post-check=0, pre-check=0" > > > # Set preferred language from cookie if it exists > SetEnvIf Cookie "language=(.+)" prefer-language=$1 > > -- > Victor Engmark > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
Re: [us...@httpd] Apache graceful-stop
Hi, when u run graceful-stop , it will work in different manner Let see first it kill parent process if any child process serve request.. it continue to server, but not accept new request ..new request handle by new child process ... mean it will take a little bit time to kill all running httpd process . hope got an idea now ! Amit <http://new-innovation.blogspot.com/>http://new-innovation.blogspot.com/ On Wed, Aug 12, 2009 at 7:52 PM, Mohit Anchlia wrote: > I installed Apache 2.2.11 and tested graceful-stop. When I run > graceful-stop I still see all the httpd processes even though there is > nothing listening on port 80. Those httpd processes stay there even > though there are no incoming or existing sessions. Is there a bug > someone knows about or am I doing something wrong? > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
[us...@httpd] how to create payment gateway
Hi , users How to create Payment Gateway by Apache with other Application ... Thanx in advance Amit
Re: [us...@httpd] inter module communication
Hi Edgar, I am trying to call a function from all modules into one module, for example if i have the following modules, A,B,C,D. and X I want to be able to call a function in module X from A,B,C, and D. your thoughts? hash On Thu, Mar 11, 2010 at 2:13 AM, Edgar Frank wrote: > 10/03/10 hashim qaderi > >Is there an example of how to communicate between apache modules? > >Any help would be appreciated. > > Hi. > > The easy way is, communication via request_rec->notes. You have > to pay attention to the module/hook excution order, but you have > to do this anyway for your module to function properly. > > Another way are request environment variables. > > Or you could use optional functions, but that depends heavily > on what you are trying to achieve. Maybe with a litte more > detail, we could help you out better. > > Regards, > Edgar > > ----- > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
Re: [us...@httpd] inter module communication
thanks, this looks promising, i will give it a try. On Thu, Mar 11, 2010 at 10:47 AM, Eric Covener wrote: > On Thu, Mar 11, 2010 at 10:01 AM, snmp apache > wrote: > > Hi Edgar, > > > > I am trying to call a function from all modules into one module, > > for example if i have the following modules, > > A,B,C,D. and X > > > > I want to be able to call a function in module X from A,B,C, and D. > > your thoughts? > > See the optional functions various modules export/import in the base > server (mod_ldap, mod_ssl provide optional functions) > > -- > Eric Covener > cove...@gmail.com > > ----- > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
Re: [EMAIL PROTECTED] Serve static files from Apache 2.2.9 question
add a documentroot for your static files in your configuration, something like : DocumentRoot "C:/Program Files/Apache Software Foundation/Tomcat 6.0/webapps/" David Williams-15 wrote: > > Hello All, > > I'm trying to set up Apache 2.2.9 web server on Windows to front, in this > case, a Tomcat environment. What I would like to do is direct certain > file > types, for example .css files, to Apache and proxy the rest to Tomcat. > I've > got Apache proxing all but the .css files using the following. > > ProxyRequests Off > > > Order deny,allow > Allow from all > > > ProxyPassMatch ^(/.*\.css)$ ! > > ProxyPass /myapp http://example.com:port/myapp > ProxyPassReverse /myapp http://example.com:port/myapp > > Now what I need to do is direct the .css files to Apache and that's where > I'm not sure what to do next. Does anyone have any suggestions? > > Thanks for your help, > > David > > -- View this message in context: http://www.nabble.com/Serve-static-files-from-Apache-2.2.9-question-tp19850061p20042560.html Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com. ----- The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] httpd-2.2.0 on FreeBSD 6 working... one small message, though
ok I remove all traces of APR and it works! Now I have this message: [Wed Dec 07 12:37:09 2005] [warn] (2)No such file or directory: Failed to enable the 'httpready' Accept Filter Any ideas? Thanks for all you help, J - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Compiling Modules on Apache-2.2.0
Hello, I've tried to compile some modules on Apache-2.2.0 with little success. For example, here is the error message for mod_fastcgi: mod_fastcgi.c: In function `init_module': mod_fastcgi.c:271: error: `ap_null_cleanup' undeclared (first use in this function) mod_fastcgi.c:271: error: (Each undeclared identifier is reported only once mod_fastcgi.c:271: error: for each function it appears in.) mod_fastcgi.c: In function `process_headers': mod_fastcgi.c:726: warning: return makes pointer from integer without a cast mod_fastcgi.c:730: warning: assignment makes pointer from integer without a cast mod_fastcgi.c:740: warning: assignment makes pointer from integer without a cast mod_fastcgi.c:769: warning: initialization makes pointer from integer without a cast mod_fastcgi.c:839: warning: return makes pointer from integer without a cast mod_fastcgi.c:843: warning: return makes pointer from integer without a cast mod_fastcgi.c: In function `set_uid_n_gid': mod_fastcgi.c:1023: warning: passing arg 1 of `memcpy' makes pointer from integer without a cast mod_fastcgi.c:1025: warning: assignment makes pointer from integer without a cast mod_fastcgi.c:1034: warning: assignment makes pointer from integer without a cast mod_fastcgi.c:1035: warning: assignment makes pointer from integer without a cast mod_fastcgi.c: In function `do_work': mod_fastcgi.c:2322: error: `ap_null_cleanup' undeclared (first use in this function) mod_fastcgi.c: In function `create_fcgi_request': mod_fastcgi.c:2426: warning: cast to pointer from integer of different size mod_fastcgi.c:2454: warning: cast to pointer from integer of different size mod_fastcgi.c:2480: warning: assignment makes pointer from integer without a cast mod_fastcgi.c:2493: warning: assignment makes pointer from integer without a cast mod_fastcgi.c: In function `apache_is_scriptaliased': mod_fastcgi.c:2535: warning: initialization makes pointer from integer without a cast mod_fastcgi.c: In function `post_process_for_redirects': mod_fastcgi.c:2560: warning: passing arg 1 of `ap_internal_redirect_handler' makes pointer from integer without a cast mod_fastcgi.c: In function `check_user_authentication': mod_fastcgi.c:2683: warning: assignment makes pointer from integer without a cast mod_fastcgi.c:2701: warning: comparison between pointer and integer mod_fastcgi.c: In function `check_user_authorization': mod_fastcgi.c:2750: warning: assignment makes pointer from integer without a cast mod_fastcgi.c:2766: warning: comparison between pointer and integer mod_fastcgi.c: In function `check_access': mod_fastcgi.c:2810: warning: assignment makes pointer from integer without a cast mod_fastcgi.c:2827: warning: comparison between pointer and integer *** Error code 1 What gives? Has Apache-2.2.0 changed that much from v2.0.x? Thanks for any pointers. J ----- The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] trouble mod_fcgid module on Apache-2.2.0
Nick Kew wrote: > On Thursday 08 December 2005 21:05, Joe Apache wrote: > >> Hello, >> >> I've tried to compile some modules on Apache-2.2.0 with little success. >> > > I've compiled lots of modules on it. Most of them were originally written > for 2.0. > Hey httpd users, this is sort of the wrong place for this... but I know that Nick Krew provided a patch for mod_fcgid on Apache-2.1.x. I'm trying to compile it for 2.2.0 and getting this error: rch/unix/fcgid_proc_unix.c: In function 'ap_unix_create_privileged_process': arch/unix/fcgid_proc_unix.c:81: error: 'SUEXEC_BIN' undeclared (first use in this function) arch/unix/fcgid_proc_unix.c:81: error: (Each undeclared identifier is reported only once arch/unix/fcgid_proc_unix.c:81: error: for each function it appears in.) make: *** [fcgid_proc_unix.slo] Error 1 I contacted the programmer with no luck... any ideas? Thanks, J ----- The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Apache 2.2.2 error with FreeBSD 6.1
Good Day, I have a strange problem, I've just compiled httpd-2.2.2 on FreeBSD 6.1. When I try to start it up I get this message: Assertion failed: (lu->lu_myreq->lr_owner == lu), function _lock_acquire, file /usr/src/lib/libpthread/sys/lock.c, line 171. Abort trap (core dumped) I think the problem lies with the fact httpd is linked to libpthreads twice. Here is the ldd of httpd: libm.so.4 => /lib/libm.so.4 (0x280b7000) libpcre.so.0 => /usr/local/lib/libpcre.so.0 (0x280cd000) libaprutil-1.so.2 => /usr/local/lib/libaprutil-1.so.2 (0x280ec000) libgdbm.so.3 => /usr/local/lib/libgdbm.so.3 (0x28101000) libdb4.so.0 => /usr/local/lib/libdb4.so.0 (0x28107000) libpq.so.4 => /usr/local/pgsql/lib/libpq.so.4 (0x2818d000) libexpat.so.5 => /usr/local/lib/libexpat.so.5 (0x281a7000) libapr-1.so.2 => /usr/local/lib/libapr-1.so.2 (0x281c8000) libcrypt.so.3 => /lib/libcrypt.so.3 (0x281e8000) libpthread.so.20 => /usr/local/lib/libpthread.so.20 (0x2820) libc.so.6 => /lib/libc.so.6 (0x28218000) libssl.so.4 => /usr/lib/libssl.so.4 (0x282ef000) libcrypto.so.4 => /lib/libcrypto.so.4 (0x2831d000) libpthread.so.2 => /usr/lib/libpthread.so.2 (0x2840f000) I figure to ask here as some of you use FreeBSD. Any suggestions or ideas are welcome. I don't know why it's linked to libpthread twice. Thanks, J ----- The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] No remote user in LOG file in CGI (HTTP Authentification)
Hello, According to my previous post on the bug track: http://issues.apache.org/bugzilla/show_bug.cgi?id=43018 This is a script in PHP that is called by the a CGI handler in Apache. HTTP Authentification. In a normal Apache module environnement, a HTTP Authentification is called and we can see on the log of Apache : IP - USER - [DATETIME] "GET / HTTP/1.1" 200 SIZE "REFERER" "AGENT" Meanwhile, in a CGI environnement, Apache call a CGI script, in my exemple PHP and pass him variables. So in order of compatibility to pass the authentification to the PHP script, we have to set a .htaccess where : RewriteEngine on RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L ] So with it in environnement variables we can see : [REDIRECT_REMOTE_USER] => Basic dGl0aTp0b3Rv [REDIRECT_STATUS] => 200 where dGl0aTp0b3Rv is corresponding to user:password titi:toto (base64) Of course, with network analyzer, we can see that the browser send to the Apache serveur in HTTP headers : Authorization: Basic dGl0aTp0b3Rv (our titi:toto) In this cas, Apache log don't indicate the user : IP - - - [DATETIME] "GET / HTTP/1.1" 200 SIZE "REFERER" "AGENT" Ok, the use of PHP is independant of Apache log writes but if browser send Authorization: Basic dGl0aTp0b3Rv in a module Apache or CGI Apache (PHP), why Apache, that see the basic, don't write the remote_user in the log ? In normal environnement, whithout CGI, handler ..., the browser send the same request and the log indicate the USER. According to the track response, I've replaced the %u to %LogFormat directive but the user authentified still no appear in the log : IP - - - [DATETIME] "GET / HTTP/1.1" 200 SIZE "REFERER" "AGENT" Has anyone the same problem or a soltion ? Thank you for any help. ----- The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] No remote user in LOG file in CGI (HTTP Authentification)
Hi, Authentification is configured by PHP, it send to the browser required headers in order to provide authentification : header("WWW-Authenticate: Basic realm=\"Realm\""); header("HTTP/1.0 401 Unauthorized"); For the CGI, it is called in Apache CONF as following : AddHandler cgi-php5 .php5 .php Action cgi-php5 /php5/php5-cgi SuexecUserGroup users where /php5/php5-cgi is the executable compiled CGI PHP and is an non privilegied user of the unix system. So the PHP (CGI) script is executed with privilege. The authentification mechanism is OK, I login in the CGI script perfectly with credential titi:toto but logs'apache don't indicate titi as % Thanks, Joshua Slive a écrit : On 8/3/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: Hello, According to my previous post on the bug track: http://issues.apache.org/bugzilla/show_bug.cgi?id=43018 This is a script in PHP that is called by the a CGI handler in Apache. HTTP Authentification. Your problem is very hard to decipher. Exactly how is authentication configured, and exactly how is your CGI called? Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ----- The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] doubts on jsp requirements
Hello world, I've doubts on few things to use jSP/jsl in my environment jboss-3.2.2/tomcat41 Hope some of you can help me to make it clearer... I think my environment was JSP 1.1 compliant. Is that true? I don't see those files in my jboss directory (even in jakarta-tomcat-4.1.31 standard distrib) ... I suppose that should be considered as normal. The point is where should i found standard.jar and jstl.jar (in order to get my tld files)? On my mind if my env is JSP1.1 compliant, it should integrates these libs and i wouldn't have to insert them my my war ... Where am i wrong ? thx, - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Creating a Catch-Everything Catch-All
Please forgive my lack of clue. I have read the FAQ and googled ferociously but haven't been able to find a solution, I hope that someone here can help me. I would like anybody to be able to point their domains at my nameservers and for anybody browsing to "thatdomain.com" or "www.thatdomain.com" or "*.thatdomain.com" or "thatdomain.com/*" to see a default/catch-all PHP page. Of course, if someone browses to a domain I have defined I don't want them to see the catch-all. >From my research so far, I suspect there is some way to achieve this using default virtualhosts and I have tried entering various entries into httpd.conf but, unfortunately, most of the instructions I'm working from presume more basic knowledge than I have and leave out certain parts of the entry that are probably obvious to everyone but me. I would greatly appreciate it if someone could show me exactly what a comprehensive default virtualhost entry that catches all variations and subdomains etc should look like, and tell me if there are any other settings I should also be changing. Again, sorry if this is all very obvious stuff, I honestly haven't been able to get my head around it. Thanks, Donnacha ----- The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Creating a Catch-Everything Catch-All
Gary, thank you so much for taking the time to answer. If possible, could you clarify how I should format the _default_ virtualhost entry? A typical virtualhost entry in my conf looks like this: --- ServerAlias mydomain.com ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/mydomain/public_html BytesLog domlogs/mydomain.com-bytes_log ServerName www.mydomain.com User mydomain Group mydomain CustomLog /usr/local/apache/domlogs/mydomain.com combined ScriptAlias /cgi-bin/ /home/mydomain/public_html/cgi-bin/ --- What parts of that should I alter to create a _default_ virtualhost? Should I simply replace the "mydomain.com" with "ServerAlias *.*", and "Servername www.mydomain.com" with "*.*.*"? Sorry, again, for my lack of clue on this, I really am finding this bewildering. Thanks, Donnacha On Mon, 17 Oct 2005 13:55:10 -0700, "Gary W. Smith" <[EMAIL PROTECTED]> said: > This requires two things. One, you need to configure DNS to catchall. > I'm not sure how to do this but search google for bind and all. > > As for the other one, create a vitual site as _default_ and give server > aliases. Then if you create a real virtual site you will need to use > the qualified domain name for it (say ServerAlias jack.thissite.com) in > the configuration. > > ServerAlias thissite.com > ServerAlias *.thissite.com > > Then I would just create a 404 rule that points to a single pave and > remove all of the other content. > > I think that's the easiest way. > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > Sent: Monday, October 17, 2005 1:25 PM > > To: users@httpd.apache.org > > Subject: [EMAIL PROTECTED] Creating a Catch-Everything Catch-All > > > > Please forgive my lack of clue. I have read the FAQ and googled > > ferociously but haven't been able to find a solution, I hope that > > someone here can help me. > > > > I would like anybody to be able to point their domains at my > nameservers > > and for anybody browsing to "thatdomain.com" or "www.thatdomain.com" > or > > "*.thatdomain.com" or "thatdomain.com/*" to see a default/catch-all > PHP > > page. > > > > Of course, if someone browses to a domain I have defined I don't want > > them to see the catch-all. > > > > From my research so far, I suspect there is some way to achieve this > > using default virtualhosts and I have tried entering various entries > > into httpd.conf but, unfortunately, most of the instructions I'm > working > > from presume more basic knowledge than I have and leave out certain > > parts of the entry that are probably obvious to everyone but me. > > > > I would greatly appreciate it if someone could show me exactly what a > > comprehensive default virtualhost entry that catches all variations > and > > subdomains etc should look like, and tell me if there are any other > > settings I should also be changing. > > > > Again, sorry if this is all very obvious stuff, I honestly haven't > been > > able to get my head around it. > > > > Thanks, > > > > Donnacha > > > > - > > The official User-To-User support forum of the Apache HTTP Server > Project. > > See http://httpd.apache.org/userslist.html> for more info. > > To unsubscribe, e-mail: [EMAIL PROTECTED] > >" from the digest: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > ----- > The official User-To-User support forum of the Apache HTTP Server > Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] >" from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Redirecting limit for this URL exceeded.
Joshua, thanks a lot. I created an entry in that form and restarted Apache but, unfortunately, it doesn't seem to work. Here is what I exactly entered: --- ServerName cvfx.com Redirect / http://www.cvfx.com/ --- ... and the existing entry for cvfx is as follows: --- ServerAlias www.cvfx.com ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/cvfx/public_html BytesLog domlogs/cvfx.com-bytes_log ServerName www.cvfx.com User cvfx Group cvfx CustomLog /usr/local/apache/domlogs/cvfx.com combined ScriptAlias /cgi-bin/ /home/cvfx/public_html/cgi-bin/ --- To test it, I browsed to docmo.com which is pointed to my nameservers, ns1.cvfx.com and ns2.cvfx.com, but which has not been entered as a virtualhost entry on this server. Unfortunately, both "docmo.com" and "www.docmo.com" resulted in a Site Not Found error. One question I have about doing this as a redirect is, will this remove my PHP page's ability to know what domain the user originally wanted? That's a pretty important part of the service I want to offer. I very much appreciate your help, thank you. Donnacha On Mon, 17 Oct 2005 17:54:04 -0400, "Joshua Slive" <[EMAIL PROTECTED]> said: > On 10/17/05, Mukarram Syed <[EMAIL PROTECTED]> wrote: > > > > ServerName esalton.com > > ServerAlias www.esalton.com > > Redirect / http://www.esalton.com/ > > > > This is our second redirect-loop question today. This is a > redirection loop because the redirected URL hits the same Redirect as > the original URL. You want. > > > ServerName esalton.com > Redirect / http://www.esalton.com/ > > > > ServerAlias www.esalton.com > DocumentRoot ... > > > Joshua. > > - > The official User-To-User support forum of the Apache HTTP Server > Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] >" from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Compile httpd-2.2.0 on FreeBSD 6
Hello, I'm having problem compiling httpd-2.2.0 on FreeBSD 6 versions i386 and amd64. The errors are has follows: server/.libs/libmain.a(exports.o)(.data+0xae0): undefined reference to `apr_memcache_stats' server/.libs/libmain.a(exports.o)(.data+0xae8): undefined reference to `apr_memcache_version' server/.libs/libmain.a(exports.o)(.data+0xaf0): undefined reference to `apr_memcache_decr' server/.libs/libmain.a(exports.o)(.data+0xaf8): undefined reference to `apr_memcache_incr' server/.libs/libmain.a(exports.o)(.data+0xb00): undefined reference to `apr_memcache_delete' server/.libs/libmain.a(exports.o)(.data+0xb08): undefined reference to `apr_memcache_replace' server/.libs/libmain.a(exports.o)(.data+0xb10): undefined reference to `apr_memcache_add' server/.libs/libmain.a(exports.o)(.data+0xb18): undefined reference to `apr_memcache_set' server/.libs/libmain.a(exports.o)(.data+0xb20): undefined reference to `apr_memcache_getp' server/.libs/libmain.a(exports.o)(.data+0xb28): undefined reference to `apr_memcache_create' server/.libs/libmain.a(exports.o)(.data+0xb30): undefined reference to `apr_memcache_server_create' server/.libs/libmain.a(exports.o)(.data+0xb38): undefined reference to `apr_memcache_disable_server' server/.libs/libmain.a(exports.o)(.data+0xb40): undefined reference to `apr_memcache_enable_server' server/.libs/libmain.a(exports.o)(.data+0xb48): undefined reference to `apr_memcache_find_server' server/.libs/libmain.a(exports.o)(.data+0xb50): undefined reference to `apr_memcache_add_server' server/.libs/libmain.a(exports.o)(.data+0xb58): undefined reference to `apr_memcache_find_server_hash' server/.libs/libmain.a(exports.o)(.data+0xb60): undefined reference to `apr_memcache_hash' server/.libs/libmain.a(exports.o)(.data+0xbb8): undefined reference to `apr_md4_set_xlate' *** Error code 1 Anyone have httpd-2.2.0 install on FreeBSD 6... any pointers are appreciated. Thanks, J ----- The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Compile httpd-2.2.0 on FreeBSD 6
>> server/.libs/libmain.a(exports.o)(.data+0xae0): undefined reference to >> `apr_memcache_stats' >> > > Where did you get your version of apr from? The bundled version doesn't > include apr_memcache. > > I installed apr-1.2.2 from the apache.org. I wasn't able to ./configure it (APR version was 0.9.7 it said) Is that the problem you think? J - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Compile httpd-2.2.0 on FreeBSD 6
I downloaded and installed APR from apache.org http://apr.apache.org. Source apr-1.2.2.tar.gz How do I disable this? J - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Apache 2.2 MPM Worker Virtual Memory Usage
There appears to be a significant difference between Apache 2.2 MPM Worker and MPM Perfork virtual memory usage. As well as between Apache 2.2 MPM Worker and Apache 1.3 virtual memory usage. This can become an issue in a VPS (virtual private server) environment where resources are more constrained. I am seeing 280MB vs 5.8MB of VM usage per process. You could argue that worker is supposed to use more virtual memory, as running multiple threads per process it actually uses less. But, that is not the case. Total VPS privvmpages is 2.1GB vs 358MB. What is really interesting here is why is it so much higher. You would expect some increase but it looks like most (if not all) of the virtual memory of each of the 7 worker processes is not shared. 7 * 280MB = 2GB. Which means it can't be code. I don't see how it could be this much code anyway. So then what is it? (Conversely most of the 2.2 perfork virtual memory is shared code. 150 * 5.8MB = 850MB,which is more than 358MB for the entire VPS.) Is the code building some kind of large local process database? Anyway to turn it off? Note I do have PHP or any other programmatic modules loaded. See below for configure info. Thanks... # # Apache 2.2 Worker Thread Memory Usage # # Process data. 599 28344 28338 20 0 5772 1772 - S? 0:00 /usr/local/apache/bin/httpd -k start -DSSL 599 28347 28338 20 0 282496 2020 pipe_w Sl ? 0:00 /usr/local/apache/bin/httpd -k start -DSSL 599 28349 28338 22 0 282496 2020 pipe_w Sl ? 0:00 /usr/local/apache/bin/httpd -k start -DSSL 599 28351 28338 22 0 282496 2020 pipe_w Sl ? 0:00 /usr/local/apache/bin/httpd -k start -DSSL 599 28352 28338 22 0 282496 2020 pipe_w Sl ? 0:00 /usr/local/apache/bin/httpd -k start -DSSL 599 28360 28338 20 0 282496 2020 pipe_w Sl ? 0:00 /usr/local/apache/bin/httpd -k start -DSSL 599 30684 28338 15 0 282496 2020 pipe_w Sl ? 0:00 /usr/local/apache/bin/httpd -k start -DSSL 5 0 28338 1 16 0 5868 2468 - Ss ? 0:00 /usr/local/apache/bin/httpd -k start -DSSL 599 28345 28338 20 0 282632 2660 pipe_w Sl ? 0:00 /usr/local/apache/bin/httpd -k start -DSSL # Vpsstat data. +--+++++--+ | Resource |Current | Recent Max |Barrier | Limit | Failures | +--+++++--+ Primary Parameters +--+++++--+ | all memory | 157.0 MB |n/a | 1024.0 MB |n/a | n/a | | vmguarpages |n/a |n/a | 256.0 MB |n/a |0 | | oomguarpages | 146.4 MB | 146.5 MB |n/a |n/a |0 | | privvmpages | 2.1 GB | 2.1 GB |n/a |n/a |0 | | physpages| 146.4 MB | 146.5 MB |n/a |n/a |0 | +--+++++--+ Secondary Parameters +--+++++--+ | kmemsize | 9.8 MB | 9.9 MB | 2.0 GB | 2.0 GB |0 | | tcpsndbuf| 423.6 kB | 423.6 kB | 2.0 GB | 2.0 GB |0 | | tcprcvbuf| 562.2 kB | 562.2 kB | 2.0 GB | 2.0 GB |0 | | othersockbuf |94.4 kB |94.4 kB | 2.0 GB | 2.0 GB |0 | | dgramrcvbuf | 0 B | 0 B | 2.0 GB | 2.0 GB |0 | | shmpages | 5.2 MB | 5.2 MB |n/a |n/a |0 | | lockedpages | 0 B | 0 B |n/a |n/a |0 | +--+++++--+ Auxiliary Parameters +--+++++--+ | numproc |271 |272 |n/a |400 |0 | | numtcpsock | 35 | 35 |n/a |500 |0 | | numothersock | 70 | 70 |n/a |500 |0 | | numfile | 5663 | 5680 |n/a | 8192 |0 | | numflock | 9 | 9 |200 |220 |0 | | numpty | 2 | 2 |n/a | 64 |0 | | numiptent| 75 | 75 |n/a |500 |0 | +--+++++--+ # Configure options. CFLAGS/CPPFLAGS = -pipe -Os -march=pentium4 ./configure --enable-deflate --enable-expires --enable-headers --enable-imagemap --enable-logio --enable-nonportable-atomics=yes
[EMAIL PROTECTED] Roadmap for Apache HTTP 2.0 and/or 2.2
Hello, I have been asked to evaluate the life cycle contingencies for our apache servers. So far I have been unable to find something like a roadmap to see how future releases are planned for the different branches. Is there such a thing ? I am especially interested in how long the branches are likely to stay supported with bugfixes etc. Thanks for any hints Christian - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Apache 2.0 support for huge files (>2 GB) on 64 bit platform
Hi, my current state of information is that to allow serving such huge files on a 32 bit system I need to: - set compile time flags "D_LARGEFILE_SOURCE" AND "-D_FILE_OFFSET_BITS=64" - set LimitRequestBody to a high enough value Are the compile switches necessary on a 64 bit platform as well? Thanks for any help. Christian - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] http response without parsing the header
does apache have a feature, where a response is given without parsing the header at all. also, if there is header parsing, which module should i check aa9160
[EMAIL PROTECTED] RewriteMap with Java
Hi all, I try tu use a RewriteMap to rewrite dynamically urls on MacOS 10.5 Leopard Server. The code is really simple in the http.conf file : RewriteMapmymap prg:/path/to/map.class RewriteRule ^/path/(.*)$ /path/page?${mymap:$1} But when I launch Apache, I have this message in error log : [Mon Jul 14 15:47:43 2008] [error] (86)Bad CPU type in executable: exec of '/etc/apache2/Main.class' failed Anybody knows what could be the problem ? Is it possible tu use a Java file for RewriteMap ? Thanks for your help Cedric. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] RewriteMap with Java & RewriteLock
Thanks for your answer. I already try this but when I write this script, I don't know how to handle the loop with stdin (in the shell script or in the java file ?) : I try this in the shell : #!/bin/sh while read text do java -classpath /path/to/java/class/ MainClass done But it don't seem to work.. I didn't manage to configure the lock file, could it be the main problem ? I just add "RewriteLock /etc/apache2/myLock.lock" in my http.conf file. But apache server simply don't start with that, without any error in the log file. I try creating the file or not, with chmod 777. But I think I miss something. Somebody could help ? Thanks Cedric Le 15 juil. 08 à 13:28, Eric Covener a écrit : On Tue, Jul 15, 2008 at 4:26 AM, Anazys - Apache <[EMAIL PROTECTED]> wrote: Hi all, I try tu use a RewriteMap to rewrite dynamically urls on MacOS 10.5 Leopard Server. The code is really simple in the http.conf file : RewriteMapmymap prg:/path/to/map.class RewriteRule ^/path/(.*)$ /path/page?${mymap:$1} But when I launch Apache, I have this message in error log : [Mon Jul 14 15:47:43 2008] [error] (86)Bad CPU type in executable: exec of '/etc/apache2/Main.class' failed Anybody knows what could be the problem ? Is it possible tu use a Java file for RewriteMap ? You need to write a shell script that launches java class, and use the script in your Apache config. Class files are not executables. -- Eric Covener [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ----- The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] RewriteMap with Java & RewriteLock
My Java class read from stdin (System.in), the main problem is the loop : with the "while read text", there is an infinite loop. But when I only write a call from the shell to the java class : #!/bin/sh java -classpath /path/to/java/class/ MainClass It work perfectly the first time but nothing after this first call. It's normal because there isn't any loop, but i don't know how to write this loop in the shell script. Thanks for your help Eric. Le 16 juil. 08 à 15:38, Eric Covener a écrit : On Wed, Jul 16, 2008 at 3:01 AM, Anazys - Apache <[EMAIL PROTECTED]> wrote: Thanks for your answer. I already try this but when I write this script, I don't know how to handle the loop with stdin (in the shell script or in the java file ?) : I try this in the shell : #!/bin/sh while read text do java -classpath /path/to/java/class/ MainClass done Your java class should read from stdin. -- Eric Covener [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] http header parsing
has anyone found a scenarion, wherein based on a condition, the http header will NOT be parsed at all... what the steps involved, after an http request reaches the server,
[EMAIL PROTECTED] ACL - access control lists
does apache servers use ACLs to check conditions based on the incoming http request URL, even before the header is parsed?
[EMAIL PROTECTED] mod_deflate/mod_mem_cache issues
Hi, I have an Apache 2.2.2 setup on a Redhat box. Mod_proxy(mod_proxy_ajp) is being used to connect to tomcat on the same machine. Caching is implemented using mod_cache(mod_mem_cache). This setup works fine and caching seems to be working as expected. The problem occurs when I try to optimize further by supporting HTML compression using mod_deflate. In this case, whenever deflated documents are served by the cache the Content-length returned is 0. Is this a known issue ? Can mod_deflate and mod_mem_cache be used together ? Or is it that mod_mem_cache cannot handle compressed content ? Here's the output from lwp-request( the second one shows the serving up of cached content) [EMAIL PROTECTED] lwp-request -uedsx http://localhost:80/Main.do -H Accept-Encoding:gzip,deflate LWP::UserAgent::new: () LWP::UserAgent::request: () LWP::UserAgent::send_request: GET http://localhost:80/Main.do LWP::UserAgent::_need_proxy: Not proxied LWP::Protocol::http::request: () LWP::Protocol::collect: read 670 bytes LWP::Protocol::collect: read 4096 bytes LWP::Protocol::collect: read 3002 bytes LWP::UserAgent::request: Simple response: OK GET http://localhost:80/Main.do 200 OK Cache-Control: no-store, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Tue, 18 Jul 2006 18:27:35 GMT Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Content-Length: 7768 Content-Type: text/html;charset=ISO-8859-1 Expires: Tue, 18 Jul 2006 18:30:37 GMT Last-Modified: Tue, 18 Jul 2006 18:27:37 GMT Client-Date: Tue, 18 Jul 2006 18:27:37 GMT Client-Peer: 127.0.0.1:80 Client-Response-Num: 1 [EMAIL PROTECTED] lwp-request -uedsx http://localhost:80/Main.do -H Accept-Encoding:gzip,deflate LWP::UserAgent::new: () LWP::UserAgent::request: () LWP::UserAgent::send_request: GET http://localhost:80/Main.do LWP::UserAgent::_need_proxy: Not proxied LWP::Protocol::http::request: () LWP::UserAgent::request: Simple response: OK GET http://localhost:80/Main.do 200 OK Cache-Control: no-store, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Tue, 18 Jul 2006 18:28:32 GMT Age: 56 Server: Apache/2.2.2 (Unix) Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Content-Length: 0 Content-Type: text/html;charset=ISO-8859-1 Expires: Tue, 18 Jul 2006 18:30:37 GMT Last-Modified: Tue, 18 Jul 2006 18:27:37 GMT Client-Date: Tue, 18 Jul 2006 18:28:32 GMT Client-Peer: 127.0.0.1:80 Client-Response-Num: 1 Here's the deflate.log contents "GET /Main.do HTTP/1.1" 7750/35169 (22%) "GET /Main.do HTTP/1.1" -/- (-%) Relevant sections of my httpd.conf: LoadModule cache_module modules/mod_cache.so LoadModule mem_cache_module modules/mod_mem_cache.so LoadModule deflate_module modules/mod_deflate.so LoadModule expires_module modules/mod_expires.so LoadModule headers_module modules/mod_headers.so LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_ajp_module modules/mod_proxy_ajp.so # # mod_expires settings # ExpiresActive On ExpiresByType text/css "access plus 1 day" ExpiresByType image/gif "access plus 1 month" ExpiresByType image/jpeg "access plus 1 month" # # mod_proxy/mod_proxy ajp settings # ProxyRequests Off Order deny,allow Allow from all ProxyPass /favicon.ico ! ProxyPass / ajp://localhost:8009/ ProxyPassReverse / ajp://localhost:8009/ # # mod_cache/mod_mem_cache settings # CacheEnable mem / CacheStoreNoStore On # CacheIgnoreCacheControl On # CacheIgnoreNoLastMod On # CacheMaxExpire 150 MCacheSize 4096 MCacheMaxObjectCount 200 MCacheMinObjectSize 1 MCacheMaxObjectSize 524288 # # Worker MPM settings # StartServers 1 MaxClients 250 ThreadsPerChild 50 MinSpareThreads 25 MaxSpareThreads 75 SetOutputFilter DEFLATE SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|rar|zip)$ no-gzip DeflateFilterNote Input instream DeflateFilterNote Output outstream DeflateFilterNote Ratio ratio LogFormat '"%r" %{outstream}n/%{instream}n (%{ratio}n%%)' deflate CustomLog logs/deflate.log deflate BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4\.0[678] no-gzip BrowserMatch \bMSIE !no-gzip !gzip-only-text/html Header append Vary User-Agent Any insight, suggestions or assistance with this would be very much appreciated. Thank you. --S _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ----- The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] mod_deflate/mod_mem_cache issues
Thanks for the help, Joshua. I configured apache to use mod_disk_cache and it seems to be working and compressed content is getting served up correctly. Guess that means it is a bug in mod_mem_cache ? I still have to run some tests to check the performance of (caching on disk + compression) vs ( caching in memory) though. From: "Joshua Slive" <[EMAIL PROTECTED]> Reply-To: users@httpd.apache.org To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] mod_deflate/mod_mem_cache issues Date: Wed, 19 Jul 2006 20:01:48 -0400 On 7/19/06, Apache User <[EMAIL PROTECTED]> wrote: Hi, I have an Apache 2.2.2 setup on a Redhat box. Mod_proxy(mod_proxy_ajp) is being used to connect to tomcat on the same machine. Caching is implemented using mod_cache(mod_mem_cache). This setup works fine and caching seems to be working as expected. The problem occurs when I try to optimize further by supporting HTML compression using mod_deflate. In this case, whenever deflated documents are served by the cache the Content-length returned is 0. Is this a known issue ? Can mod_deflate and mod_mem_cache be used together ? Or is it that mod_mem_cache cannot handle compressed content ? I don't have any specific info on this problem, but I'd highly recommend using mod_disk_cache in place of mod_mem_cache. It is better tested, and will be more performant in most scenarios. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ FREE pop-up blocking with the new MSN Toolbar get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [us...@httpd] The requested URL ....was not found on this server - Scratch my head
Hi, Check RewriteEngine on Amit On Fri, Apr 9, 2010 at 10:04 PM, Wang, Mary Y wrote: > Hi, > > I'm in the process of upgrading to httpd 2.0.46. I'm getting this error > when it goes to this URL > https://devbrass2.ana.bna.boeing.com/projects/ms-tools-charts/ . The page > showed as "The requested URL /projects/ms-tools-charts/ was not found on > this server." The ssl_error_log showed "File does not exist: > /usr/brass/www/projects/ms-tools-charts/, " > > I read several blogs and postings, and many people suggested using the > RewriteEngine directive. I've never used the rewriteengine directive in the > previous apache configuration (it worked before). > > In the httpd.conf file > I have defined the following: > > ServerName devbrass2.ana.bna.boeing.com:443 > > DocumentRoot "/usr/brass/www" > > # This should be changed to whatever you set DocumentRoot to. > # > >Options Indexes FollowSymLinks >AllowOverride All >Order allow,deny >Allow from all > > > I'm running on Redhat. > > Any ideas on how I can fix this problem? > > Thanks in advance. > > Mary > > > > > > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
[us...@httpd] mod_authnz_ldap: constructible AuthLDAPBindDN
I've searched the mod_authnz documentation and also had already a look into mod_authnz's sources to find an existing chance to configure some kind of variable "bindDN-Pattern" but after reading both I understand mod_authnz the way that it is mandatory to either use anonymous bind or some kind of "proxy-user bind" (AuthLDAPBindDN) to search for an user's DN (e.g. searching for uid/email) to bind to the LDAP server using the found DN and the user provided password. Have I missed something during my readings or is this an unsupported feature? For example apache's tomcat 5.5/6.0 JNDIrealm's configuration already does provide a userPattern (please see http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JNDIRealm and search for "userPattern"). Please let me explain the background why there is a common demand for such a mod_authnz feature: Anonymous and even proxy-user based search request could harm a company's restrictive data privacy policies. Therefore some directory information tree (DIT) and LDAP server designs offer advanced but very easy (for clients like mod_authnz) to implement/use approaches to offer the administrator a chance to get rid of the need for proxy-user based search but to be able to make an authorization decission directly in each user's context. As searching the user's branch seems not very harmful in regard to privacy concerns searching the groups and their memberships is definitively more "interesting". In modern directory designs/implementations therefore an user's group membership is also stored (as the DNs of the groups a distinct user is member of) directly in each user's entry where the directory keeps track of the referential integrity (which for example is supported by openldap). Thus there is no need to expose the groups and their membership in general to any service's proxy-user. Instead, the authorization decision can be made directly using the authenticated user's ldap connection as the user has been successfully bind to the LDAP server before. Take for example this shortend LDIF based user entry: dn: uid=userA,dc=example,dc=com uid: userA memberOf: cn=groupA,dc=example,dc=com memberOf: cn=groupB,dc=example,dc=com memberOf: cn=groupC,dc=example,dc=com IMHO there's no a need to prior search for "(uid=userA)" using a proxy user in case the company's default policy is to just permit the uid for login (instead of the eMail address for example) and use the user provided uid to construct the bindDN which will be bind against the LDAP server using the provided password. If the bind was successful the user's connection (in this user's context) can be used to *compare* his memberOf attribute against the authorized groupDN. Please note that an LDAP server that only allows the "compare" operation on the memberOf attribute (which can be enforced by LDAP server internal ACLs) will not disclose any others of this user's group membership information to the service (compare != search and compare != read) which fulfills most restrictive privacy policies. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] mod_authnz_ldap: constructible AuthLDAPBindDN
Eric Covener schrieb: On Sat, Jun 19, 2010 at 7:48 AM, wrote: I've searched the mod_authnz documentation and also had already a look into mod_authnz's sources to find an existing chance to configure some kind of variable "bindDN-Pattern" but after reading both I understand mod_authnz the way that it is mandatory to either use anonymous bind or some kind of "proxy-user bind" (AuthLDAPBindDN) to search for an user's DN (e.g. searching for uid/email) to bind to the LDAP server using the found DN and the user provided password. Look at the trunk documentation, there are a few recently added directives in this neighborhood. Ahhh that sounds very fine: http://httpd.apache.org/docs/trunk/mod/mod_authnz_ldap.html Thanks a lot for your help! How are the chances that these directives get "backported" into mod_authnz_ldap of any httpd 2.2.[>15]? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] mod_authnz_ldap: constructible AuthLDAPBindDN
Eric Covener schrieb: On Sat, Jun 19, 2010 at 10:49 AM, wrote: Eric Covener schrieb: On Sat, Jun 19, 2010 at 7:48 AM, wrote: I've searched the mod_authnz documentation and also had already a look into mod_authnz's sources to find an existing chance to configure some kind of variable "bindDN-Pattern" but after reading both I understand mod_authnz the way that it is mandatory to either use anonymous bind or some kind of "proxy-user bind" (AuthLDAPBindDN) to search for an user's DN (e.g. searching for uid/email) to bind to the LDAP server using the found DN and the user provided password. Look at the trunk documentation, there are a few recently added directives in this neighborhood. Ahhh that sounds very fine: http://httpd.apache.org/docs/trunk/mod/mod_authnz_ldap.html Thanks a lot for your help! How are the chances that these directives get "backported" into mod_authnz_ldap of any httpd 2.2.[>15]? Not too likely at the moment, but if you test them on trunk and provide feedback maybe a bit more likely. ok, I'll give feedback in case I get the current trunk version to compile successfully on my ldap development system and also: if you need or want me to test/debug special LDAP related features of trunk's mod_authnz_ldap just let me know. ----- The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] What IP address is this log entry coming from? (Is "::" a valid IP address?)
I'm using: CustomLog "/var/log/apache2/access_log" "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\"" And I occasionally see this right around the time the CPU starts running at 100%: :: - - [27/Aug/2010:12:28:01 -0700] "GET /favicon.ico HTTP/1.1" 200 - "-" %a is supposed to be an IP address, so what IP address is "::"? I'm only somewhat familiar with IPv6 but I've never seen "::" before. I'm attempting to try to figure out why, on random occasions, the server CPU suddenly spikes to 100%. I'm not sure where the problem lies. Could be Apache, MySQL, PHP, or something else (e.g. the OS). This problem has been ongoing for months now and the only "fix" is to reboot the box, which is a rather frustrating "solution". The "::" issue is the first possible clue I've gotten. It seems to crop up only around the times the server is at 100% in the logs.
Re: [us...@httpd] What IP address is this log entry coming from? (Is "::" a valid IP address?)
Okay... That makes it rather difficult to track down a solution. Any theory as to why this occurs/how this can occur would be quite helpful. From: Tom Evans To: users@httpd.apache.org Sent: Wed, September 1, 2010 8:12:23 AM Subject: Re: [us...@httpd] What IP address is this log entry coming from? (Is "::" a valid IP address?) On Tue, Aug 31, 2010 at 12:00 AM, Apache Issues wrote: > I'm using: > > CustomLog "/var/log/apache2/access_log" "%a %l %u %t \"%r\" %>s %b > \"%{Referer}i\"" > > And I occasionally see this right around the time the CPU starts running at > 100%: > > :: - - [27/Aug/2010:12:28:01 -0700] "GET /favicon.ico HTTP/1.1" 200 - "-" > > %a is supposed to be an IP address, so what IP address is "::"? I'm only > somewhat familiar with IPv6 but I've never seen "::" before. http://en.wikipedia.org/wiki/IPv6_address#Notation One or any number of consecutive groups of zero value may be replaced with two colons. [ ... ] The localhost (loopback) address, 0:0:0:0:0:0:0:1, and the IPv6 unspecified address, 0:0:0:0:0:0:0:0, are reduced to ::1 and ::, respectively. Cheers Tom
Re: [us...@httpd] What IP address is this log entry coming from? (Is "::" a valid IP address?)
Our server just went nuts again. And again "::" shows up in the logs right around the moment it started chugging 100% CPU. Help! ____ From: Apache Issues To: users@httpd.apache.org Sent: Wed, September 1, 2010 11:36:02 AM Subject: Re: [us...@httpd] What IP address is this log entry coming from? (Is "::" a valid IP address?) Okay... That makes it rather difficult to track down a solution. Any theory as to why this occurs/how this can occur would be quite helpful. From: Tom Evans To: users@httpd.apache.org Sent: Wed, September 1, 2010 8:12:23 AM Subject: Re: [us...@httpd] What IP address is this log entry coming from? (Is "::" a valid IP address?) On Tue, Aug 31, 2010 at 12:00 AM, Apache Issues wrote: > I'm using: > > CustomLog "/var/log/apache2/access_log" "%a %l %u %t \"%r\" %>s %b > \"%{Referer}i\"" > > And I occasionally see this right around the time the CPU starts running at > 100%: > > :: - - [27/Aug/2010:12:28:01 -0700] "GET /favicon.ico HTTP/1.1" 200 - "-" > > %a is supposed to be an IP address, so what IP address is "::"? I'm only > somewhat familiar with IPv6 but I've never seen "::" before. http://en.wikipedia.org/wiki/IPv6_address#Notation One or any number of consecutive groups of zero value may be replaced with two colons. [ ... ] The localhost (loopback) address, 0:0:0:0:0:0:0:1, and the IPv6 unspecified address, 0:0:0:0:0:0:0:0, are reduced to ::1 and ::, respectively. Cheers Tom
Re: [us...@httpd] What IP address is this log entry coming from? (Is "::" a valid IP address?)
That won't work. I can't even get results from 'ps aux' to get a pid, SSH is super laggy (I can type maybe one character every 4 or 5 seconds - if I'm that lucky), and most commands never complete. The hardware has been tested and is fine. The problem occurs randomly - we've gone a week without incident before but we've also had days where this problem crops up 4-6 times throughout the day. The "::" log entries are the first real clue to the cause. And the only "solution" we've come up with is to reboot the box. From: Jeff Trawick To: users@httpd.apache.org Sent: Thu, September 2, 2010 11:32:10 AM Subject: Re: [us...@httpd] What IP address is this log entry coming from? (Is "::" a valid IP address?) On Thu, Sep 2, 2010 at 2:24 PM, Apache Issues wrote: Our server just went nuts again. And again "::" shows up in the logs right around the moment it started chugging 100% CPU. Help! > attach to the high CPU httpd process with a debugger and get backtraces see http://httpd.apache.org/dev/debugging.html
Re: [us...@httpd] What IP address is this log entry coming from? (Is "::" a valid IP address?)
We're trying a few of your suggestions. Kind of hard to test it. Thanks for the quick responses. From: Jeff Trawick To: users@httpd.apache.org Sent: Thu, September 2, 2010 12:34:43 PM Subject: Re: [us...@httpd] What IP address is this log entry coming from? (Is "::" a valid IP address?) On Thu, Sep 2, 2010 at 3:03 PM, Apache Issues wrote: That won't work. I can't even get results from 'ps aux' to get a pid, SSH is super laggy (I can type maybe one character every 4 or 5 seconds - if I'm that lucky), and most commands never complete. > >The hardware has been tested and is fine. The problem occurs randomly - we've >gone a week without incident before but we've also had days where this problem >crops up 4-6 times throughout the day. The "::" log entries are the first >real >clue to the cause. And the only "solution" we've come up with is to reboot >the >box. > wild ideas any monitoring scripts which can take action at the first sign of the problem might be more successful than interactive attempts at capturing ps, running gcore against high CPU process, whatever change your "Listen portnumber" directives to "Listen 0.0.0.0:portnumber" to avoid httpd seeing an IPv6 connection (especially one with no source address or which it somehow mangles to look like that) CPU rlimits on httpd perhaps? (I don't think I've ever tried that) Can you nice the httpd down? (haven't tried that) make sure MaxClients isn't way over the capacity of your machine
Re: [us...@httpd] What IP address is this log entry coming from? (Is "::" a valid IP address?)
Turns out the box only had 2GB RAM and was simply running out of physical memory - running a web server on swap is a Bad Idea(TM). We tossed in 8GB more (10GB RAM total) and the problem seems to have gone away. It was a real head-scratcher since we were told that the box had "awesome hardware" so the thought that there might not be enough hardware never even crossed our minds. The "make sure MaxClients isn't way over the capacity of your machine" tip below is what led us to the 2GB RAM issue. Thanks Jeff. You're the man! ____ From: Apache Issues To: users@httpd.apache.org Sent: Thu, September 2, 2010 1:50:10 PM Subject: Re: [us...@httpd] What IP address is this log entry coming from? (Is "::" a valid IP address?) We're trying a few of your suggestions. Kind of hard to test it. Thanks for the quick responses. From: Jeff Trawick To: users@httpd.apache.org Sent: Thu, September 2, 2010 12:34:43 PM Subject: Re: [us...@httpd] What IP address is this log entry coming from? (Is "::" a valid IP address?) On Thu, Sep 2, 2010 at 3:03 PM, Apache Issues wrote: That won't work. I can't even get results from 'ps aux' to get a pid, SSH is super laggy (I can type maybe one character every 4 or 5 seconds - if I'm that lucky), and most commands never complete. > >The hardware has been tested and is fine. The problem occurs randomly - we've >gone a week without incident before but we've also had days where this problem >crops up 4-6 times throughout the day. The "::" log entries are the first >real >clue to the cause. And the only "solution" we've come up with is to reboot >the >box. > wild ideas any monitoring scripts which can take action at the first sign of the problem might be more successful than interactive attempts at capturing ps, running gcore against high CPU process, whatever change your "Listen portnumber" directives to "Listen 0.0.0.0:portnumber" to avoid httpd seeing an IPv6 connection (especially one with no source address or which it somehow mangles to look like that) CPU rlimits on httpd perhaps? (I don't think I've ever tried that) Can you nice the httpd down? (haven't tried that) make sure MaxClients isn't way over the capacity of your machine
[users@httpd] mod_proxy_balancer - no way to name pool members by IP.
I've hit a vexing impasse with mod_proxy_balancer. I have a pool of backend boxes. They vhost many domains, so need the specific Host: header in requests to them (the *same* Host: header for all of them) I proxy reqeusts to them potentially thousands of times a second, and their IP's are not going to be changing, so I name the BalancerMembers by IP address, as the DNS lookup overhead is a fatal waste of CPU, especially if your DNS servers melt and your site dies unnecessarily. (No, /etc/hosts is not possible. The sitename has multiple A records, and I make the backends choose individualiseable vhosts. Besides, my hosts file is vast!) Unfortunately, when I try and use mod_headers to set the Host: header for these backend connections, the balancer layer destroys the result and replaces it with the IP. Apparently, if I switch ProxyPreserveHost on, I may get further, but since that's a site-wide setting a side effect would mean all of my other proxied directories would now get the wrong Host: header. All the RewriteRule [P]'s would break and I would have to catch and replace the Host in every single one of them in individual blocks. That deluge of perpetual kludgery does not appeal. What I need is a way to tell a ProxyPass or BalancerMember, that they should use a certain Host: header in its communications with this backend. e.g. BalancerMember http://10.0.0.1/foo/ host=foobar.com The logical alternative would have been to be able to specify a certain target IP to connect to instead of a certain Host name to use e.g. BalancerMember http://foobar.com/foo/ address=10.0.0.1 but I suspect apache would then be unable to set block rules for individual balancer members since they'd all declare the same URL and you'd be unable to match them individually So, I currently can't use my backends in mod_proxy_balancer Does anyone have any suggestions? DFW - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] mod_proxy_balancer - no way to name pool members by IP.
On Thu, Feb 03, 2011 at 11:00:25PM +, Igor Gali?? wrote: > - dfw-apa...@white.u-net.com wrote: > > I've hit a vexing impasse with mod_proxy_balancer. > > > > I have a pool of backend boxes. They vhost many domains, so > > need the specific Host: header in requests to them (the *same* > > Host: header for all of them) > > > > I proxy requests to them potentially thousands of times a second, > > and their IP's are not going to be changing, so I name the > > BalancerMembers by IP address, as the DNS lookup overhead is > > a fatal waste of CPU, especially if your DNS servers melt > > and your site dies unnecessarily. (No, /etc/hosts is not possible. > > http://httpd.apache.org/docs/current/mod/mod_proxy.html#startup That only mentions ProxyBlock. We do not use ProxyBlock. Also, when we lost DNS, we lost the site, so reality has the last word regardless. > > The sitename has multiple A records, and I make the backends choose > > individualiseable vhosts. Besides, my hosts file is vast!) > > > > Unfortunately, when I try and use mod_headers to set the Host: header > > for these backend connections, the balancer layer destroys the > > result and replaces it with the IP. > > > > Apparently, if I switch ProxyPreserveHost on, I may get further, > > but since that's a site-wide setting a side effect would mean all > > Not quite sure what you mean by site-wide, but: > http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost > says: Context:server config, virtual host It does. Our site is a vhost. It has squillions of proxypasses to squillions of different backend boxes run by squillions of different people. I want to add another backend without breaking all of the other ones. > > of my other proxied directories would now get the wrong Host: header. > > All the RewriteRule [P]'s would break and I would have to catch and > > Wit a sec. > You're using mod_rewrite for proxying? > Why? (http://bash.org/?866112) Because I'm rewriting the URL, and then proxying it? Because I'm using rewritemaps? Because I like the letter P? Pick one :) Also, this problem is only using ProxyPass, so mod_rewrite is not the problem here. > > replace the Host in every single one of them in individual > > blocks. > > That deluge of perpetual kludgery does not appeal. > > > > What I need is a way to tell a ProxyPass or BalancerMember, that > > they should use a certain Host: header in its communications > > with this backend. e.g. > > BalancerMember http://10.0.0.1/foo/ host=foobar.com > > Now I'm confused. How do your configs actually look like? ProxyPreserveHost Off ProxyPass /foo/ balancer://www.mybackend1.net/ ProxySet lbmethod=bybusyness timeout=10 BalancerMember http://192.168.0.1 lbset=0 retry=0 ttl=5 BalancerMember http://10.0.0.1lbset=1 retry=0 ttl=5 http://192.168.0.1> RequestHeader set Host www.mybackend1.net http://10.0.0.1> RequestHeader set Host www.mybackend1.net ProxyPass /bar/ http://www.mybackend2.net/ ProxyPass /bar1/ http://www.mybackend3.net/ ProxyPass /bar2/ http://www.mybackend4.net/ ... 192.168.0.1 receives 'Host: 192.168.0.1', not the 'Host: www.mybackend1.net' I want it to. www.mybackend2.net receives 'Host: www.mybackend2.net' and I want to keep it that way. > > The logical alternative would have been to be able to specify a > > certain target IP to connect to instead of a certain Host name > > to use e.g. > > BalancerMember http://foobar.com/foo/ address=10.0.0.1 > > > > but I suspect apache would then be unable to set block > > rules for individual balancer members since they'd all declare > > the same URL and you'd be unable to match them individually > > You can use ProxySet > http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyset > in and > > But ProxySet only allows you to set the same Variables as > ProxyPass does. host is none of them. Indeed. This appears to be the problem. Such an option is missing. DFW - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] mod_proxy_balancer - no way to name pool members by IP.
On Fri, Feb 04, 2011 at 05:36:01PM +, Igor Gali?? wrote: > > > > > But ProxySet only allows you to set the same Variables as > > > > ProxyPass does. host is none of them. > > > > > > Indeed. This appears to be the problem. Such an option is missing. > > > > Right now I'm looking into 2.2's source to see how to add an option > > preservehost=(on|off). > > > > Can you please test: > > http://people.apache.org/~igalic/patches/mod_proxy-preserve_host.diff > > > > duh.. nodocumentationpatch! > > But I'm pretty sure you can guess how to use it ;) > > http://people.apache.org/~igalic/patches/mod_proxy-preserve_host.2.diff > Adds: Documentation, CHANGES update, MMN bump > Also has a _set variable analogous to the other options. > > Bonus: compiles. > Untested so far. Thanks. I've poked and snuffled, but a co-worker has pointed out that there may be problems if this worker is a member of two different balance pools. The connection properties would be controlled by the worker, but what is sent down that connection should be controlled by the balancer pool. I followed your earlier lead when you mentioned ProxyPreserveHost is now localisable in trunk. I dug out svn commit r824072 which looks to be exactly what I need. It should prevent shared workers getting mixed up by allowing me to set the Host at the level. I have a sneaking suspicion trying to set http://10.*> for a worker would never work anyway, as the system won't see that as the destination. It will see the balancer instead, so only the config would apply anyway. We'll see how far I get. DFW - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] mod_proxy_balancer - no way to name pool members by IP.
On Fri, Feb 04, 2011 at 11:06:48PM +, dfw-apa...@white.u-net.com wrote: > On Fri, Feb 04, 2011 at 05:36:01PM +, Igor Gali?? wrote: > > > > > > > But ProxySet only allows you to set the same Variables as > > > > > ProxyPass does. host is none of them. > > > > > > > > Indeed. This appears to be the problem. Such an option is missing. > > > > > > Right now I'm looking into 2.2's source to see how to add an option > > > preservehost=(on|off). > > > > > > Can you please test: > > > http://people.apache.org/~igalic/patches/mod_proxy-preserve_host.diff > > > > > > duh.. nodocumentationpatch! > > > But I'm pretty sure you can guess how to use it ;) > > > > http://people.apache.org/~igalic/patches/mod_proxy-preserve_host.2.diff > > Adds: Documentation, CHANGES update, MMN bump > > Also has a _set variable analogous to the other options. > > > > Bonus: compiles. > > Untested so far. > > Thanks. I've poked and snuffled, but a co-worker has pointed out that > there may be problems if this worker is a member of two different balance > pools. The connection properties would be controlled by the worker, but > what is sent down that connection should be controlled by the balancer pool. > > I followed your earlier lead when you mentioned ProxyPreserveHost is now > localisable in trunk. I dug out svn commit r824072 which looks to be exactly > what I need. It should prevent shared workers getting mixed up by allowing > me to set the Host at the level. > > I have a sneaking suspicion trying to set http://10.*> for a worker > would never work anyway, as the system won't see that as the destination. > It will see the balancer instead, so only the config > would apply anyway. > > We'll see how far I get. As it turns out, after a very long journey, I didn't get very far at all. I needed to backport a few mod_proxy thread safety patches from 2.3 to 2.2.17 or else apachebench was just a massacre. After backporting the localisable ProxyPreserveHost patch I successfully overwrote the Host header from inside a Proxy block, allowing me to control which vhost I talked to on the backend member. Unfortunately this kludged Host header makes its way into your cached object headers and your access log... Now, you can fix the log by catching the Host in a Setenvif and logging that, and I don't *think* anything looks at the Host header in the cached object, but it turns out there is a more unpleasant problem : This works as expected : RewriteRule /foo(.*) balancer://back.foo.com/fooback/$1 [P] And this also proxypasses, but *none* of the directives in the take effect: RewriteRule /foo(.*) balancer://back.foo.com/fooback/$1 [P] No, I don't know why. Without the Proxy block directives to control the Host header sent to the backend, the backend gives us the finger, as its balancer member IP/hostname is not the vhost we want. I think I'm going to have to retreat. It looks like I will need a patch to *specify* a host header at the balancer config level. Does anyone have any tips on how this might be done? DFW PS: "Ignoring parameter 'lbset=0' for worker 'http://10.1.2.3' because of worker sharing" (I backported a log verbosity patch too) Ignoring the other variables I can understand, but shouldn't lbset be unique to each balancer? e.g. I share the same backend workers amongst several balancers, but each backend IP may serve each vhost to a differing degree. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] mod_proxy_balancer - no way to name pool members by IP.
On Fri, Feb 04, 2011 at 11:06:48PM +, dfw-apa...@white.u-net.com wrote: > On Fri, Feb 04, 2011 at 05:36:01PM +, Igor Gali?? wrote: > > > > > > > But ProxySet only allows you to set the same Variables as > > > > > ProxyPass does. host is none of them. > > > > > > > > Indeed. This appears to be the problem. Such an option is missing. > > > > > > Right now I'm looking into 2.2's source to see how to add an option > > > preservehost=(on|off). > > > > > > Can you please test: > > > http://people.apache.org/~igalic/patches/mod_proxy-preserve_host.diff > > > > > > duh.. nodocumentationpatch! > > > But I'm pretty sure you can guess how to use it ;) > > > > http://people.apache.org/~igalic/patches/mod_proxy-preserve_host.2.diff > > Adds: Documentation, CHANGES update, MMN bump > > Also has a _set variable analogous to the other options. > > > > Bonus: compiles. > > Untested so far. > > Thanks. I've poked and snuffled, but a co-worker has pointed out that > there may be problems if this worker is a member of two different balance > pools. The connection properties would be controlled by the worker, but > what is sent down that connection should be controlled by the balancer pool. > > I followed your earlier lead when you mentioned ProxyPreserveHost is now > localisable in trunk. I dug out svn commit r824072 which looks to be exactly > what I need. It should prevent shared workers getting mixed up by allowing > me to set the Host at the level. > > I have a sneaking suspicion trying to set http://10.*> for a worker > would never work anyway, as the system won't see that as the destination. > It will see the balancer instead, so only the config > would apply anyway. > > We'll see how far I get. As it turns out, after a very long journey, I didn't get very far at all. After backporting the localisable ProxyPreserveHost patch I successfully overwrote the Host header from inside a Proxy block, allowing me to control which vhost I talked to on the backend member. Unfortunately this kludged Host header makes its way into your cached object headers and your access log... Now, you can fix the log by catching the Host in a Setenvif and logging that, and I don't *think* anything looks at the Host header in the cached object, but it turns out there is a more unpleasant problem : This works as expected : RewriteRule /foo(.*) balancer://back.foo.com/fooback/$1 [P] And this also proxypasses, but *none* of the directives in the take effect: RewriteRule /foo(.*) balancer://back.foo.com/fooback/$1 [P] No, I don't know why. Without the Proxy block directives to control the Host header sent to the backend, the backend gives us the finger, as its balancer member IP/hostname is not the vhost we want. I also needed to backport a few mod_proxy_http.c thread safety patches from 2.3 to 2.2.17 or else apachebenching was just a massacre. I think I'm going to have to retreat. It looks like I will need a patch to *specify* a host header at the balancer config level. Does anyone have any tips on how this might be done? DFW PS: "Ignoring parameter 'lbset=0' for worker 'http://10.1.2.3' because of worker sharing" (I backported a log verbosity patch too) Ignoring the other variables I can understand, but shouldn't lbset be unique to each balancer? e.g. I share the same backend workers amongst several balancers, but each backend IP may serve each vhost to a differing degree. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] mod_proxy_balancer - no way to name pool members by IP.
On Wed, Apr 20, 2011 at 02:17:43PM -0400, Eric Covener wrote: > > and I don't *think* anything looks at the Host header in the cached object, > > you could add a Vary on the Host header. I'd rather not play with the Host header after all if I can help it. If it Vary's on Host, won't it check that the Host matches the cached object's Host? Which it never will coz we broke it to get the backend proxy Host header working. DFW - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Peak download performance with single file
On Sat, Apr 23, 2011 at 07:46:37PM +0530, vrukesh panse wrote: > But, when we simultaneosly download more than one file (for example, two > different 10MB text files), we get total download speed of 12Mbps. This is the kind of thing you might see if the *client* TCP receive window is being filled. It may not be the server's fault. I'd also look into support of 'TCP window scaling' and 'selective acks'. Neither which I believe XP does by default. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Visual Studio C++ 6 Processor Pack
Hello, I want to build the new version 2.2.23 of the Apache HTTPD on myself to get involved in the debugging of the http server. Unfortunately I was not able to find the Visual C++ 6.0 Processor Pack at microsofts download center nor on the web. Does anyone know, where I can get this processor pack ? Would be great, if you could help me. Thanks a lot. apache-admin - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Re: Visual Studio C++ 6 Processor Pack
Hello Good Guy, thanks for your answer. I have looked through your suggested download list, but did not find the Processor Pack for Visual C++ 6, that is needed to assemble the SSL code with the build procedure. Do you have another idea where to get this optional software pack ? Thanks a lot. apache-admin Am 2012-11-16 02:30, schrieb Good Guy: On 15/11/2012 20:36, apache-ad...@ultra-it.de wrote: Hello, I want to build the new version 2.2.23 of the Apache HTTPD on myself to get involved in the debugging of the http server. Unfortunately I was not able to find the Visual C++ 6.0 Processor Pack at microsofts download center nor on the web. Does anyone know, where I can get this processor pack ? Would be great, if you could help me. Thanks a lot. apache-admin <http://www.cnet.com/topic-software/microsoft-visual-c.html> - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Problem with building apache httpd from win sources
Hello, I am trying to build the apache httpd version 2.2.22 from the windows sources, but running in the following problem with ldap support of apr-util: apr_ldap.h(136) : fatal error C1189: #Fehler : Support for LDAP v2.0 toolkits has been removed from apr-util. Please use an LDAP v3.0 toolkit. Can anyone tell me, where I can find an instruction note, how to integrate the ldap sources or library correct into apr-util. I did not find something useful ... Thanks for your help. Greetings - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] AuthnProviderAlias not working in 2.4 but did in 2.2
Hi, before I start: I guess it is tricky missconfiguration but I don't get it :( May someone could help? What happend? I have upgraded from Apache 2.2 to 2.4. I was using AuthnProviderAlias to use two AuthUserFiles for Basic authentication. The configuration was working on Apache 2.2 but stopped working on 2.4. I have tried to simplify the use case. This was resulting in the following config: http://pastebin.de/31329 . As you can see it also fails with using only one AuthnProviderAlias. The difference between the working and the none working config is the use of the AuthnProviderAlias directive (last two lines in Directory section). I have already spoken to some peoples at IRC. They suggested me to run strace to see which files are opened by apache. The difference between the working and the none working configuration is just the use of the htpasswd file: http://pastebin.de/31328 Apache version and loaded modules: http://pastebin.de/31330 Any ideas what's going on there or how to dig further into the problem? thanks in advance, Daniel - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Tomcat mod_jk & isapi_redirect.dll updated VC15 to 1.2.43
Windows bin updated see: https://www.apachelounge.com/viewtopic.php?p=36570 https://www.apachelounge.com/viewtopic.php?p=36571 Cheers - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Apache httpd 2.4.33-vote available
See www.apachelounge.com/viewtopic.php?p=36618 When you see/have issues please mail to me and/or file it in Bugzilla. Enjoy, Apache Lounge Team - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Apache httpd 2.4.34-dev Win snapshot available
www.apachelounge.com/viewtopic.php?p=36981 - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Apache httpd 2.4.34-dev Win snapshot available
Snap 2 now available On Thursday 21/06/2018 at 16:05, Apache Lounge wrote: http://www.apachelounge.com/viewtopic.php?p=36981 - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Apache httpd 2.4.37 GA Win available
Vote to release httpd-2.4.37 has PASSED. See www.apachelounge.com/viewtopic.php?p=37467 - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Season Greetings
The year 2018 has been again exciting in terms of growth of the Apache community and the Feature set of the Apache HTTPD server. In 2018 we celebrated 15 years Apache Lounge, wow.. time is flying. I am thrilled to see so many folks making use of Apache Lounge Binaries and visiting the Apache Lounge, more and more non-windows users are participating. For many of users the forum is a big valuable archive and also thanks to the moderators Mario, Gregg and Tom we continued the quality level. Also big thanks to all the members who answered questions from users. It is really rewarding to see that the effort we put into the Apache Server is appreciated so much. For the next weeks, I'll be spending time with my family enjoying Christmas end of year festivities. As exciting as computers and servers can be, this year will also forever serve as a reminder of what is really important: family, friends and the compassion of strangers. I wish for you and your families time to reconnect, enjoy traditions, and to find some rest during the holiday season. Whatever you celebrate, I hope you take a moment to reflect on the year that is closing and on your goals for 2019 as it approaches. Many thanks to all my friends in the Apache Community and ASF and enjoy the holidays ! Steffen http://www.apachelounge.com/ - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] WebDAV works for anything but Windows Vista and Windows 7
Hi all, my WebDAV setup works fine for Windows XP, Linux, Mac OS X, Java, but it doesn't work at all when using the native WebDAV client of Windows Vista (and Windows 7). https://www.numlock.ch/webdav/testshare user: testshare pwd: testshare The share uses a self-signed certificate and the configuration looks as follows: Options Indexes Dav On AuthType Basic AuthName "Some name" AuthUserFile /path/to/pwdfile Require user testshare # Note: setenvif_module is loaded by default BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully BrowserMatch "MS FrontPage" redirect-carefully BrowserMatch "^WebDrive" redirect-carefully BrowserMatch "^WebDAVFS/1.[012345]" redirect-carefully BrowserMatch "^gnome-vfs/1.0" redirect-carefully BrowserMatch "^XML Spy" redirect-carefully BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully The error message on Windows Vista (64 bit business edition) reads in about: "Specified folder invalid. Choose another folder" Apache doesn't log any error at all, suggesting that Vista's request doesn't even reach the server for whatever strange reason (note that using a Java-based DAVExplorer client on the same Windows Vista box works fine, however). Strangely, I couldn't spot any WebDAV related error message in Windows Vista's logs either. I already tried a lot of the (server and client side) hints I found on the web, but none of them helped. I'd appreciate if any of you could confirm whether accessing my test share using Windows Vista (64 bit) works. The mission's primary target is to make my Apache WebDAV share work nicely with Vista/Windows 7 (or the other way round, more appropriately ;). Thanks Daniel - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] WebDAV works for anything but Windows Vista and Windows 7
André Warnier wrote: André Warnier wrote: Summaries (apparently recently updated) can be found here : http://greenbytes.de/tech/webdav/webfolder-client-list.html http://greenbytes.de/tech/webdav/webdav-redirector-list.html Thanks for these summary links and the hints, André. Looks like Windows's WebDAV support is a nightmare indeed. Even in Windows 7, WebDAV support doesn't seem to be good. Maybe one hint, if you have not seen or tried it before : when you create/connect the DAV folder under Windows, at the moment it asks for the URL/path, make sure to add the :port number after the hostname, even if it is the default port for the protocol. Like, connect to "http(s)://server.company.com:port/dirname" Sorry, according to the summaries above, it would seem that for Vista it may be just the opposite : the port number should /not/ be specified. I've tried both variants once again, but there wasn't any difference. However, another of the listed cases may apply : I see your URL is https://www.numlock.ch/webdav/testshare , which would fall in the category "server-discovery" of the above pages. Suggestion : - in the server configuration, define an Alias /testdav/ /webdav/testshare/ - in Windows, try connecting to https://www.numlock.ch/testdav The same for this, unfortunately. Also with a publicly readable parent directory. Daniel - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] WebDAV works for anything but Windows Vista and Windows 7
Pete.LeMay wrote: Vista and I'm assuming W7 have issues with most webdav, These are the extra steps on the client I've had to do to make vista work with webdav from a win server. (a) The below update must be applied. http://www.microsoft.com/downloads/details.aspx?FamilyId=17C36612-632E-4C04-9382-987622ED1D64&displaylang=en It is also necessary to have the client machine completely current will all Windows updates (and client restarted of course). (b) Access through Internet Explorer does not work, the user must access via Windows Explorer: Windows Vista - Map Web Folder: -> Computer -> Map Network Drive -> Connect to a Web site that you can use to store our documents and pictures -> Enter address Thanks, Pete. I tried this hotfix already, but I applied it again. Vista wasn't impressed, however. A pretty strange thing is that the version of the WebDAV mini redirector (mrxdav.sys) on my Vista box is 6.0.6001.18000. According to http://greenbytes.de/tech/webdav/webdav-redirector-list.html it should be 6.0.6001.22167 with the latest Vista updates applied. According to Windows Update I've installed all the available updates for Vista. Daniel - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[EMAIL PROTECTED] Why the sudden need to raise MaxClients?
We are using Apache 2.0.54 on Debian GNU/Linux (standard Debian packages). The server had been running for several months with absolutely no problems. A couple of days ago, Apache started slowing down, then would eventually stop responding completely. The only way to fix it was to restart Apache. It got to the point that Apache would only stay functional for a few seconds at a time. Watching the Apache logs revealed no unusual activity before the lockup. I discovered the MaxClients setting, which in Debian defaults to 20 for the prefork MPM. I raised it to 100, and the problem went away. I believe the default for this value is normally 256. What would cause this problem all of the sudden? My first thought was a DOS attack. Am I on the right track? --df - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] .htaccess: How to "cut only the middle branch" from a directory tree?
One bewildering observation on a low-traffic, co-hosted account (hence no logs, & unusual first lines required in .htaccess) by a provider using Apache 1.3.29: Some directories didn't seem to get the password protection they deserve. I figured out that the protection on every level in the directory tree can be obtained by creating this structure of subdirectories below root: /1/2/3 - and then uploading an .htaccess with these contents into each of them: PerlSetVar AuthFile /.htpasswd AuthType Basic AuthName "confidential documents" require valid-user Apache requires a password on http://site.dom/1/2/3, http://site.dom/1/2 and http://site.dom/1 - however when uploading a different .htaccess that is supposed to open up (ONLY) http://site.dom/1/2 to the "middle" directory of /1/2, something unexpected is caused by this /1/2/.htaccess file: PerlSetVar AuthFile /.htpasswd AuthType Basic AuthName "wide open" order deny,allow Satisfy any Besides directory 2, its subdirectory 3 becomes accessible without credentials, as well, although the more restrictive version of .htaccess has remained in...3 and should therefore be unaffected by any changes to /1/2/.htaccess - is there any explanation for this, and a way around the issue? (The format of .htaccess being largely restricted by the hosting provider's requirements, of course...)? If this is a "feature", how does one make sure that the .htaccess placed in the "sub-sub-subdirectory" /1/2/3 is observed, so 3 will not be affected by changes to the .htaccess for its parent directory, i.e. remain protected just like /1 ? ----- The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[users@httpd] Getting error: request failed: error reading the headers
Hello there, I have some entries in my error_log that driving me crazy. [Tue Nov 15 15:06:36 2011] [error] [client 74.125.78.92] request failed: error reading the headers, referer: http://www.example.com/page1.html [Tue Nov 15 15:06:36 2011] [error] [client 66.102.12.89] request failed: error reading the headers, referer: http://www.example.com/page5.html [Tue Nov 15 15:09:32 2011] [error] [client 74.125.78.86] request failed: error reading the headers, referer: http://www.example.com/page18.html There are many more entries like that with other pages on my server. These are all IPs from Google. I fear that Google is not able to view my pages the correct way. I’m not sure but maybe these error logs are there since I added a rewrite rule from http://example.com to http://www.example.com. RewriteCond %{HTTP_HOST} ^example\.com$ [NC] RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301] Can this be the cause of the error? Has anybody an idea why I'm getting this error? Dont know if it matters. I'm using Drupal 6 at the page where getting the errors. Thanks for help. Greets Manuel - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Intermittent SSL failure on Tomcat port
Hi Madhan, I suppose you would have better chances with that on the Tomcat users list, however your Tomcat and Java versions are quite old (even if Tomcat in this version is still actively supported by the project, Java 7 is totally outdated in regards to TLS support). Are you using tc-native (TLS with OpenSSL) or pure Java TLS? Are any Middleboxes (that perform TLS inspection) in place? I would rather invest time to update to more recent stack (that will lead to acceptable security, IIRC Java 7 does not support TLS1.2)... Tomcat version details:- Server version: Apache Tomcat/7.0.91 Server built: Sep 13 2018 19:52:12 UTC Server number: 7.0.91.0 OS Name:Linux OS Version: 2.6.32-431.20.3.el6.x86_64 Architecture: i386 JVM Version:1.7.0_201-mockbuild_2018_10_22_02_29-b00 JVM Vendor: Oracle Corporation Best regards, Thomas - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] HSTS verification
Hi, On 02.07.21 09:27, @lbutlr wrote: > When checking for https HSTS compliance on htstpreload.org I get a warning > >> We cannot connect to https://example.net using TLS ("Get >> https://example.net: http: server gave HTTP response to HTTPS client"). What is in your access logs, can you identify the request and check which virtual hosts served it? You can enable logging of the virtual host in the access log or log to dedicated files (see https://httpd.apache.org/docs/2.4/mod/mod_log_config.html#formats for a list of what is available). > And I do not understand how this can be. The page in questions loads as https > with a valid cert and the http query is set to redirect to https > > >ServerName www.example.net >ServerAlias foo.example.net >ServerAlias example.net >DocumentRoot /usr/local/www/example/ >DirectoryIndex index.html >ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/usr/local/www/example/$1 >SSLEngine on >SSLCertificateFile /usr/local/etc/dehydrated/certs/example.net/cert.pem >SSLCertificateKeyFile > /usr/local/etc/dehydrated/certs/example.net/privkey.pem >SSLCertificateChainFile > /usr/local/etc/dehydrated/certs/example.net/chain.pem >SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 >SSLHonorCipherOrder on >SSLCipherSuite > ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS >#SSLUseStapling On >Header always set Strict-Transport-Security "max-age=15638400; > includeSubdomains;" >Header always set X-Frame-Options DENY >Alias /.well-known/ /usr/local/www/.well-known/ > > > >ServerName www.example.net >ServerAlias foo,example.net >ServerAlias example.net >ServerAlias webmail.example.net >Redirect / https://www.example.net/ >Alias /.well-known/ /usr/local/www/.well-known/ > > > I do not see anything onbviously wrong here (there is a typo on "ServerAlias foo,example.net" though, assume this is just an example issue). However, your TLS virtualhost is bound to a fixed IP, your plain HTTP virtual host is bound to all available IPs on the machine. My guess would be virtual host mismatch or a DNS specific issue (does example.net resolve to different IPs for different resolvers?). Again access logs may reveal some more information on that. hth, Thomas - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] SSL VHosts
Hi Peter, On 30.08.21 04:24, Peter Horn wrote: > I have been successfully running an Apache server for some years (currently > 2.4.41 on Ubuntu 20.04LTS). > I have three "real" http vhosts on port 80, findable through a dynamic DNS > service. I also have a (first in line) default vhost with an "unreachable" > ServerName, which returns a 4xx status, > and exposes the request to fail2ban. > This takes care of the script kiddies and IOT bug-probers who access by IP > address, not hostname. > Recently I upgraded to https on port 443, using LetsEncrypt and CertBot. The > transition went smoothly; http requests to the vhosts on port 80 are returned > a 301 redirect permanent to https. > I have two questions: > 1. Can I implement the same "nameless catchall" in the https environment, or > does the vhost selection work differently there? My ssl cert appears to name > all three real vhosts, but I am unsure > what happens when a request doesn't match any of them. The cert you are using lists only these three names (you could check via "openssl x509 -in -noout -text"). All connections using IP addresses or names not part of the cert should fail on TLS handshake (at least if certificate is validated by the client). You might catch clients, which do not validate certificates with your current TLS setup (that would be clients connecting using IP). Clients that validate the certificate will not send the actual request. Let's encrypt does not issue certificates for IP addresses (https://community.letsencrypt.org/t/ssl-on-a-ip-instead-of-domain/90635/3), so you can not simply add your IP to the certificate. > 2. Are there any adverse consequences to closing down http / port 80 now that > the vhosts are up on https / port 443? That depends, new browsers versions are currently changing their behaviour on site access (e.g. see https://blog.mozilla.org/security/2021/08/10/firefox-91-introduces-https-by-default-in-private-browsing/, https://www.bleepingcomputer.com/news/google/google-chrome-90-released-with-https-as-the-default-protocol/). Older Browsers try HTTP (port 80) before trying HTTPS (port 443), some even do not try HTTPS, if the initial HTTP fails. YMMV. I'd suggest to keep the HTTP vhost for pure redirects and additionally set the Strict-Transport-Security header (see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security) on HTTPS requests. With the header, most browsers will cache the information that HTTPS is enabled for your site and even enforce it for the time you set in the header. hth. Thomas - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[EMAIL PROTECTED] Apache 2.0 support for huge files (>2 GB) on 64 bit platform
Hi, my current state of information is that to allow serving huge files on a 32 bit system I need to: - set compile time flags "D_LARGEFILE_SOURCE" AND "-D_FILE_OFFSET_BITS=64" - set LimitRequestBody to a high enough value Are the compile switches necessary on a 64 bit platform as well? Thanks for any help. Christian - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[users@httpd] Apache reverse proxy 2-way SSL authentication
Hello list, I am investigating what kind of reverse proxy solution would fit a customers requirement. I am also looking at Apache. One of the requirements is to support 2-way SSL authentication. Is this possible with Apache (using version 2.2) as reverse proxy? And if so any config examples would be appreciated. Regards, Lars - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org