Re: [users@httpd] Allow or Deny from large numbers of hosts

Frank, On 3/21/25 10:15 AM, Frank Gingras wrote: On Fri, Mar 21, 2025 at 9:03 AM Christopher Schultz mailto:ch...@christopherschultz.net>> wrote: All, Is there a way to load a bunch of allow or deny hosts from a file or other data-store? I have several dozen CIDR expressio

[users@httpd] Allow or Deny from large numbers of hosts

All, Is there a way to load a bunch of allow or deny hosts from a file or other data-store? I have several dozen CIDR expressions and they will need to change periodically, so it would be more convenient if I could load them from at least a file on the disk and clean-up my config a bit. I su

Re: [users@httpd] Automatically set Keep-Alive response header

Eric, On 8/4/21 18:35, Christopher Schultz wrote: Eric, On 8/4/21 14:14, Christopher Schultz wrote: Eric, On 8/4/21 13:18, Eric Covener wrote: On Wed, Aug 4, 2021 at 12:59 PM Christopher Schultz wrote: Reic, On 8/4/21 11:17, Eric Covener wrote: On Wed, Aug 4, 2021 at 11:08 AM

Re: [users@httpd] Automatically set Keep-Alive response header

Eric, On 8/4/21 14:14, Christopher Schultz wrote: Eric, On 8/4/21 13:18, Eric Covener wrote: On Wed, Aug 4, 2021 at 12:59 PM Christopher Schultz wrote: Reic, On 8/4/21 11:17, Eric Covener wrote: On Wed, Aug 4, 2021 at 11:08 AM Christopher Schultz wrote: All, Can httpd automatically

Re: [users@httpd] Automatically set Keep-Alive response header

Eric, On 8/4/21 13:18, Eric Covener wrote: On Wed, Aug 4, 2021 at 12:59 PM Christopher Schultz wrote: Reic, On 8/4/21 11:17, Eric Covener wrote: On Wed, Aug 4, 2021 at 11:08 AM Christopher Schultz wrote: All, Can httpd automatically set Keep-Alive response header based upon the

Re: [users@httpd] Automatically set Keep-Alive response header

Reic, On 8/4/21 11:17, Eric Covener wrote: On Wed, Aug 4, 2021 at 11:08 AM Christopher Schultz wrote: All, Can httpd automatically set Keep-Alive response header based upon the KeepAlive and other configuration settings? Something like this: HTTP/1.1 200 OK Server: Apache/2 Date: Wed, 04

[users@httpd] Automatically set Keep-Alive response header

All, Can httpd automatically set Keep-Alive response header based upon the KeepAlive and other configuration settings? Something like this: HTTP/1.1 200 OK Server: Apache/2 Date: Wed, 04 Aug 2021 15:00:00 GMT Content-Length: 12345 Connection: keep-alive Keep-Alive: timeout=5; max=100 I'm int

[users@httpd] Which proxy modules are required for proxying Websocket connections?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, If I want to allow HTTP connections to upgrade to WebSocket, which mod_proxy modules do I need to enable and configure? More specifically, do I need to enable+configure both mod_proxy_http AND mod_proxy_wstunnel, or only mod_proxy_wstunnel?

[users@httpd] Using Balancer Manager for fun and profit

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, I'm looking at moving from mod_jk to mod_proxy and I need to migrate my tooling for things like scripted worker-management. My existing tool for mod_jk is on GitHub[1] for those interested in what it can do. Mostly, I'm interested in fetching

Re: [users@httpd] Re: Copying environment variables

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, On 6/30/20 12:42, Christopher Schultz wrote: > Eric, > > On 6/30/20 11:47, Eric Covener wrote: >>> Does it need direct-support from mod_proxy instead of trying >>> to cobble the pieces together from BZ 64338 and ot

Re: [users@httpd] Re: Copying environment variables

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Eric, On 6/30/20 11:47, Eric Covener wrote: >> Does it need direct-support from mod_proxy instead of trying to >> cobble the pieces together from BZ 64338 and other existing >> directives? My goal with 64388 was to write the smallest patch >> that c

[users@httpd] Re: Copying environment variables

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, On 6/30/20 11:20, Christopher Schultz wrote: > All, > > Is it possible to "copy" an environment variable to another name? > Something like this: > > SetEnv foo "bar" SetEnv baz ${foo}e > > Now, &qu

[users@httpd] Copying environment variables

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, Is it possible to "copy" an environment variable to another name? Something like this: SetEnv foo "bar" SetEnv baz ${foo}e Now, "baz" has value "bar". It doesn't appear to work as written above, but the documentation doesn't actually suggest

Re: [users@httpd] Reverse Proxy Configuration

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 John, On 5/24/19 07:19, John Welsby wrote: > Hi everyone, I am looking for some help configuring Apache Web > Server as a reverse proxy. > > A little background: I have a Debian 9 (stretch) server at my > home, running Nextcloud on Apache2. I have

[users@httpd] Problem with mod_authnz_ldap w/ldaps?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, I've been using mod_authnz_ldap for a while with OpenLDAP over TLS and things have been going fairly well. This weekend, however, I had 3 servers stop working (returning HTTP 500 responses) for pages which were protected with HTTP Basic auth +

Re: [users@httpd] Expiring DAV file locks with mod_dav

52 AM, Christopher Schultz wrote: > All, > > Ping. Any ideas? > > Thanks, -chris > > On 2/5/16 4:04 PM, Christopher Schultz wrote: >> All, > >> I've been searching for a bit and mostly people are having the >> opposite problem I'm having: they are ha

Re: [users@httpd] DH^H^H EC parameter selection on httpd 2.2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, On 3/30/17 4:32 PM, Christopher Schultz wrote: > All, > > I'm running httpd 2.2.31 on Amazon Linux, and the docs for > SSLCertificateFile say: > > " Beginning with version 2.2.30, mod_ssl makes use of standardize

[users@httpd] DH parameter selection on httpd 2.2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, I'm running httpd 2.2.31 on Amazon Linux, and the docs for SSLCertificateFile say: " Beginning with version 2.2.30, mod_ssl makes use of standardized DH parameters with prime lengths of 2048, 3072, 4096, 6144 and 8192 bits (from RFC 3526), and

Re: [users@httpd] Processes starts

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hement, On 2/15/17 6:05 AM, Hemant Chaudhary wrote: > When I am stating my httpd-2.4.23 servers, sometime 6 process id's > or sometimes 7 process id's are generated. Can I edit how many > process id's I want to start. Yes. > I am assuming 1 proces

Re: [users@httpd] proxypass does'nt seem to work on apache 2.4.25

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Stéphane, On 2/17/17 11:06 AM, Stéphane Laurencelle wrote: > i try to implment the proxypass and proxypassreverse in apache 2.4 > vhost file on oel 6.8 to redirect does to tomcat apps web page but > nothing seem to work like in apache 2.2.x > > is

Re: [users@httpd] apache 2.4.10 sslv3 not offering when tls is enabled

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Daniel, On 2/9/17 4:53 PM, Daniel wrote: > Try manually: > > SSLProtocol SSLv3 TLSv1 TLSv1.1 TLSv1.2 And, please, for the love of god, add these, too: SSLHonorServerOrder On SSLCipherSuite TLSv1.2:TLSv1.1:TLSv1:SSLv3 This will cause "better" cip

Re: [users@httpd] Configuring redirects httpd behind a TLS-terminating proxy

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Konstantin, On 1/24/17 3:53 AM, Konstantin Kolinko wrote: > 2017-01-24 1:07 GMT+03:00 Christopher Schultz > : >> >> I've got an EC2 instance behind a load balancer where TLS is >> being terminated. I've arran

[users@httpd] Configuring redirects httpd behind a TLS-terminating proxy

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, I've got an EC2 instance behind a load balancer where TLS is being terminated. I've arranged for two separate httpd (2.4.25) VirtualHosts: one for the secure connections (proxied from the lb) and another for the non-secure connections. I have

Re: [users@httpd] Copyright notices in httpd source files

this discussion with a better audience. Thanks, - -chris >> On Dec 29, 2016, at 3:56 AM, Nick Kew wrote: >> >> Cc: dev list. Looks like a catch? >> >> On Wed, 2016-12-28 at 17:44 -0500, Christopher Schultz wrote: >>> All, >>> >>> Is it

Re: [users@httpd] Copyright notices in httpd source files

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Nick, On 12/29/16 3:56 AM, Nick Kew wrote: > Cc: dev list. Looks like a catch? (my reply might be bounced from the dev@ list... I don't think I'm subscribed) > On Wed, 2016-12-28 at 17:44 -0500, Christopher Schultz wrote: >

[users@httpd] Copyright notices in httpd source files

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, Is it common to have a copyright notice in httpd C source files? Jim committed a donation of code for HAProxy's PROXY protocol in r1776076 and later. (Thanks, by the way: I've been hoping to get this in 2.4 for a while so consider me a big (ka

Re: [users@httpd] Fine Tuning Apache 2.4 on AWS EC2 t2.medium Instance

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Tony, On 10/1/16 4:36 PM, Tony DiLoreto wrote: > All, > > I'm at my wits end trying to simply run Apache 2.4 on my Amazon > EC2 server. There are dozens of stackoverflow and websites, but > the suggestions do not seem to work on my instance. > > *

Re: [users@httpd] Showing exact filesize in bytes instead of shortform in directory listing

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cie, On 9/30/16 5:59 AM, Cie wrote: > In Apache server 2.4, when activating the IndexOptions > +FancyIndexing in the httpd.conf, the directory listing shows the > file size of a file like in the following example: > > exported_file.pdf 2.1M > > Th

Re: [users@httpd] problem compiling apache

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Pavol, On 9/20/16 3:07 PM, Pavol Eisenberg wrote: > Hello > > After I've tried to upgrade my openssl 1.0.2 (ubuntu default) to > Openssl 1.1.0 I cannot compile apache with ssl anymore.I also > reverse to openssl 1.0.2 but the problem still remain.

Re: [users@httpd] Apache losing its connection from Tomcat in few minutes

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 James, On 9/4/16 5:16 AM, Dr James Smith wrote: > You don't give enough information about the setup to solve any of > your problems really. > > Are the apache/tomcat/cms on the same box or different > > We have seen big problems with mod_jk when t

Re: [users@httpd] questions about IPv6 and SSL

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Andreas, On 8/31/16 6:05 PM, Andreas Meyer wrote: > Christopher Schultz schrieb am > 31.08.16 um 17:28:04 Uhr: > >>> A few days ago I added IPv6-connectivity to the web server and >>> changed the Listen-directives

Re: [users@httpd] questions about IPv6 and SSL

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Andreas, On 8/31/16 10:56 AM, Andreas Meyer wrote: > Just subscribed to this list because people reported my web server > is not reachable anymore. > > A few days ago I added IPv6-connectivity to the web server and > changed the Listen-directives a

Re: [users@httpd] 32 bit - httpd-2.2.31 Binary distribution for linux

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Manjusha, On 8/30/16 4:09 AM, Gole, Manjusha (Manjusha) wrote: > Does anyone has a 32 bit - httpd-2.2.31 Binary distribution for > linux? Can anyone share instructions to build one? Most Linux distributions have httpd available through the package

Re: [users@httpd] httpd session timeout

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Roger, On 8/24/16 9:53 AM, Roger Paanini wrote: > Chris, I am testing it by logging into the website using basic > authentication and then waiting for the time out duration and try > to access the page again. I am expecting to be challenged for > c

Re: [users@httpd] httpd session timeout

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Roger, On 8/23/16 4:26 PM, Roger Paanini wrote: > Folks, I have tried to configure httpd with session timeout but it > does not seem to work. My httpd.conf has the following: > > Session on SessionMaxAge 1 AuthType Basic *** > > I was trying to pu

Re: [users@httpd] authnz_ldap with fallback to file

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Eric, On 8/21/16 1:42 PM, Eric Covener wrote: > On Sun, Aug 21, 2016 at 1:40 PM, Christopher Schultz > wrote: >> Is there any way to combine these two authentication mechanisms >> (ldap, file) such that I can require an ldap-

[users@httpd] authnz_ldap with fallback to file

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, (Running Apache 2.2.22 with Debian patches) I've got some services that use LDAP for authentication. One specific service is our Nagios monitor. When the LDAP service is down, we get notifications that (duh) it's down, but because Nagios uses

Re: [users@httpd] How to restart apache after reboot on ubuntu 16.04?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 8/17/16 4:12 PM, Dr James Smith wrote: > It may be possible to write your own auto-renewal script > relatively easily for LetsEncrypt. I have done for Apache as (a) I > don't use the standard paths and setup, (b) I wish to use HPKP on > my serve

Re: [users@httpd] HTTPD asking for password after power failure

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, On 8/11/16 11:10 PM, Marat Khalili wrote: > From what I saw, this behavior of /dev/random is totally normal on > an idle Linux system. There seems to be some confusion about /dev/random on Linux systems. Yes, the behavior described here is nor

Re: [users@httpd] Is it possible to set different protocol for particular User-Agent?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Daniel, On 8/3/16 4:55 AM, Daniel wrote: > No, by the time the user agent or any actual http data gets to be > seen the protocol/cipher and complete ssl connection has already > been stablished. > > 2016-08-02 23:26 GMT+02:00 ghost

Re: [users@httpd] Location location location

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Eric, On 7/18/16 2:12 PM, Eric Covener wrote: > On Mon, Jul 18, 2016 at 2:10 PM, Christopher Schultz > wrote: >> I believe by putting the exception-Location first in the >> configuration file, I should be able to

[users@httpd] Location location location

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, I have a long-standing configuration for a private server where all users must authenticate against our LDAP server. Something like this: AuthType Basic Require ldap-group mygroup I'm trying to use certbot to get a TLS certificate for t

Re: [users@httpd] find IP and PORT in use by Apache

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mahmood, On 6/21/16 5:43 PM, Christopher Schultz wrote: > Mahmood, > > On 6/21/16 2:54 PM, Mahmood N wrote: >> You know, the problem is that compute nodes in Rocks >> distribution use Apache web server to locate the instal

Re: [users@httpd] find IP and PORT in use by Apache

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mahmood, On 6/21/16 2:54 PM, Mahmood N wrote: > You know, the problem is that compute nodes in Rocks distribution > use Apache web server to locate the install image. Currently, the > compute node, says Unable to retrieve > http://10.10.10.1/instal

Re: [users@httpd] find IP and PORT in use by Apache

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mahmood, On 6/21/16 2:45 PM, Mahmood N wrote: >> tcp 0 0 0.0.0.0:5666 0.0.0.0:* LISTEN 28122/xinetd Shows the >> port, 5666, the PID, 28122, and the program name, xinetd > So, you still don't know what is the IP address (network > interface)? I mean

Re: [users@httpd] find IP and PORT in use by Apache

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mahmood, On 6/21/16 2:29 PM, Mahmood N wrote: > How can I find which IP:PORT Apache web server is monitoring? There > are some network commands (netstat -pat), but they show the TCP > port in use. The machine has multiple network interfaces and the

Re: [users@httpd] LetsEncrypt.org with Virtual Hosting

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Filipe, On 6/14/16 3:15 PM, Filipe Cifali wrote: > Your are probably hitting the wrong cert file, check with: > > |openssl s_client -connect example.info:443 > | > > You can also try to disable the first SSL and check if you

Re: [users@httpd] SVN checkout of latest official Apache release

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mike, On 6/8/16 12:10 PM, Mike Rumph wrote: > > On 6/7/2016 5:54 PM, Balcos, Michael wrote: >> >> Hi Mike, >> >> >> >> Thank you for the reply. I believe that I’ll have to write a >> script in order to know what is the latest official release of

Re: [users@httpd] Secured connection between Apache Httpd and Tomcat over AJP protocol

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mohanavelu, On 5/25/16 10:16 AM, Mohanavelu Subramanian wrote: > Hi All, > > Good Morning. > > I have Httpd process and Tomcat instances both running on 2 > different machines. The communication between them happens through > AJP protocol (mod_jk) w

Re: [users@httpd] Apache mod_dav alternatives?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Bjoern, On 5/21/16 5:08 PM, Bjoern Voigt wrote: > I am using Apache as a web and proxy server, but I am unhappy with > Apache as a WebDAV file server. > > I am missing a good file permission or ACL configuration in Apache > mod_dav. > > My wishli

Re: [users@httpd] One page hanging entire server

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 D'arcy, On 5/9/16 2:16 PM, D'Arcy J.M. Cain wrote: > This weekend at various times my server was brought down. I saw > one process using over 99% of the CPU. No pages could be served > while this was going on. I found the culprit. It was a Wordpre

Re: [users@httpd] Not able to make .so file during install apache-2.4.18

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hemant, On 4/12/16 6:40 AM, Yann Ylavic wrote: > Hello Hemant, > > On Tue, Apr 12, 2016 at 10:58 AM, Hemant Chaudhary > wrote: >> While installing apache-2.4.18 on Non Stop HP, I am not able to >> create .so file(shared file) which is required in

Re: AW: [users@httpd] How to test my self-compiled Apache (overall and specifically LDAP)

t; HTTP authentication using an LDAP server? The answer to that question is insanely easy to find: http://httpd.apache.org/docs/2.4/mod/mod_authnz_ldap.html - -chris > -Ursprüngliche Nachricht- Von: Christopher Schultz > [mailto:ch...@christopherschultz.net] Gesendet: Montag, 11. Ap

Re: [users@httpd] How to test my self-compiled Apache (overall and specifically LDAP)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel, On 4/11/16 12:11 PM, Poggenpohl, Daniel wrote: > Hello everyone, > > now that I have a self-compiled httpd, I of course would like to > test its features, or rather if all features are working right when > it is running. Is there a way to tes

Re: [users@httpd] url forwarding

" &popular=HOT-TOPIC > <http://myhost.com/index?page=content&topic=TVAR&popular=HOT-TOPIC> " > on the redirect You can use mod_rewrite to do just about anything. You can even mutate the URL such that you don't even need to redirect the request.

Re: [users@httpd] url forwarding

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 K, On 4/8/16 2:35 PM, K R wrote: > I have a need to setup a redirect for around 3000 pages which are > in below format > > http://myhost.com/index?page=content&topic=TVAR&popular=HOT-TOPIC > --> http://myhost.com/index?page=content&topic=TVAR > > a

Re: [users@httpd] Self-compiled httpd and OpenSSL: Trying to start httpd without using LD_LIBRARY_PATH

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rainer, On 4/8/16 11:30 AM, Rainer Jung wrote: > Am 08.04.2016 um 10:41 schrieb Rainer Canavan: >> On Fri, Apr 8, 2016 at 12:31 AM, Yann Ylavic >> wrote: >>> On Thu, Apr 7, 2016 at 5:21 PM, Poggenpohl, Daniel >>> wrote: LDFLAGS="-L$OPENS

Re: AW: [users@httpd] Self-compiled httpd and OpenSSL: Trying to start httpd without using LD_LIBRARY_PATH

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel, On 4/7/16 2:52 PM, Poggenpohl, Daniel wrote: > my setup is: I have a Moodle installation I need to run. So I need > Apache, PHP, OpenSSL, iconv, mbstring, curl, zip, etc. . The plan > is to have a relatively new PHP (5.6.20) and stay "new" wit

Re: [users@httpd] Self-compiled httpd and OpenSSL: Trying to start httpd without using LD_LIBRARY_PATH

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel, On 4/7/16 11:21 AM, Poggenpohl, Daniel wrote: > I'm working with Solaris 11.3 32Bit. > > I've compiled and installed OpenSSL 1.0.2g with SSLv2 support > (yeah, I know, but I can't get my setup to work without it) using: You need to fix that

Re: [users@httpd] Load balancing based on header value

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Niranjan, On 3/30/16 3:02 PM, Niranjan Rao wrote: > I am using AJP to connect to tomcat. > > Entry in the config file looks like > > BalancerMember ajp://myserver:8009 > route=node2 ProxySet lbmethod=bytraffic ProxySet > stickysession=JSESSIONID >

Re: [users@httpd] Load balancing based on header value

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Niranjan, On 3/30/16 2:15 PM, Niranjan Rao wrote: > Greetings, > > My first post to this mailing list. > > I have apache2 load balancing working perfectly based on session > affinity. Traffic does get directed properly to appropriate tomcat > serve

Re: [users@httpd] Apache permissions stabs new Linux user in face with icepick. Suggestions?

Eric, On 3/9/16 8:44 PM, Eric Covener wrote: > On Wed, Mar 9, 2016 at 8:40 PM, Francis Roy > wrote: >> drwxr-x--- username > > > If you want to serve out of your home directory, it needs to be > executable by "other". Or group-owned by whatever group httpd runs under. No ownership was previ

Re: [users@httpd] Apache virus scanning

in in memory to be scanned, or will it be streamed to a disk somewhere first? You don't want AV-scans to bust your memory cap. -chris > On 3/9/16 9:49 AM, "Christopher Schultz" > wrote: > >> John, >> >> On 3/8/16 6:02 PM, Rose, John B wrote: >>> I

Re: [users@httpd] Apache virus scanning

John, On 3/8/16 6:02 PM, Rose, John B wrote: > I am interested in both > > Thanks > > Sent from my iPad > >> On Mar 8, 2016, at 3:27 PM, Christopher Schultz >> wrote: >> > John > >>>> On 3/8/16 2:43 PM, Rose, John B wrote: >>>

Re: [users@httpd] Apache virus scanning

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John On 3/8/16 2:43 PM, Rose, John B wrote: > Looking for comments on mod_clamav, and any other alternative > antivirus software for Apache on linux Are you trying to protect your clients or your servers? - -chris -BEGIN PGP SIGNATURE- Comme

Re: [users@httpd] apache 2.4, APR and online prefix

Raf, On 2/24/16 4:41 AM, Raf Roger wrote: > Hi > > i'm trying to create a LAMP stack that allow user to synchronize LAMP > stack files and webapps among several computers. > > Instead of reinstalling everything identically on each computer, they > could just synchronize the stack and voila. > >

Re: [users@httpd] Howto accept only one connection

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oliver, On 2/19/16 10:11 AM, Oliver Graute wrote: > On 19/02/16, Aurélien Terrestris wrote: >> Hello, >> >> I'm not sure we can accept only one connection at a given time. I >> tested with the "prefork MPM", and I only achieve 1 concurrent >> request

Re: [users@httpd] Howto accept only one connection

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oliver, On 2/18/16 8:31 AM, Oliver Graute wrote: > is it possible to configure Apache 2.4 to accept only one > connection at time on port 443? is this something I can configure > for my Virtual Hosts? For testing, or for long-term behavior? - -chris

Re: [users@httpd] image display error with stock icon

Douglas, On 2/14/16 9:44 PM, Douglas W. Goodall wrote: > I have written a very simple pair of cgi scripts in python that display > a toggle switch either > in the up position, or in the down position. When you click on the > switch, it toggles between > the two and switches between the images appr

Re: [users@httpd] Expiring DAV file locks with mod_dav

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, Ping. Any ideas? Thanks, - -chris On 2/5/16 4:04 PM, Christopher Schultz wrote: > All, > > I've been searching for a bit and mostly people are having the > opposite problem I'm having: they are having file locks expir

[users@httpd] Proxy logging

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, I'm using mod_proxy_http as a reverse-proxy to another origin server. It seems that httpd doesn't record access logs for stuff going over to the proxy. Is there a way to write an access log for requests handles by mod_proxy? Or is the best pract

Re: [users@httpd] How to build Apache with FIPS mode capable?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yann, On 2/10/16 6:11 PM, Yann Ylavic wrote: > Hi, > > On Wed, Feb 10, 2016 at 11:14 PM, Christopher Schultz > wrote: >> >> To those down and dirty with httpd: is there a reason not to >> UNCONDITIONALLY build again

Re: [users@httpd] How to build Apache with FIPS mode capable?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rich, On 2/10/16 1:12 PM, cloud force wrote: > I added the "SSLFIPS on" option to the httpd.conf as suggested in > the ssl_mod doc, and I got the following error: > > * Starting web server apache2 > > > Syntax error on line 1 of /etc/apache2/httpd.

Re: [users@httpd] How to build Apache with FIPS mode capable?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rich, On 2/10/16 11:24 AM, cloud force wrote: > Hi Chris, > > Please see my comments below. > > Thanks, Rich > > On Wed, Feb 10, 2016 at 7:20 AM, Christopher Schultz > <mailto:ch...@christopherschultz.net>> wrot

Re: [users@httpd] How to build Apache with FIPS mode capable?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rich, On 2/9/16 6:21 PM, cloud force wrote: > On Tue, Feb 9, 2016 at 2:59 PM, Christopher Schultz > <mailto:ch...@christopherschultz.net>> wrote: > > Rich, > > On 2/9/16 4:09 PM, cloud force wrote: >> Yes I do h

Re: [users@httpd] How to build Apache with FIPS mode capable?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rich, On 2/9/16 4:09 PM, cloud force wrote: > Yes I do have* *some regulatory requirement to use FIPS and I have > built the FIPS capable OpenSSL lib. Where is that library located on the disk? > I tried to add the "SSLFIPS on" parameter to the http

Re: [users@httpd] How to build Apache with FIPS mode capable?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rich, On 2/8/16 3:25 PM, cloud force wrote: > Hi All: > > From the mod_ssl doc, it mentioned: "If httpd was compiled against > an SSL library which did not support the FIPS_mode flag, |SSLFIPS > on| will fail." > > How do I compile apache (version 2

[users@httpd] Expiring DAV file locks with mod_dav

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, I've been searching for a bit and mostly people are having the opposite problem I'm having: they are having file locks expire too early . I have a lock on a file on the DAV that looks like it's no longer valid, but LibreOffice Writer won't open

Re: [users@httpd] proper MPM and mod_php

Eric, On 1/7/16 5:47 PM, Eric Covener wrote: > On Thu, Jan 7, 2016 at 4:51 PM, Rose, John B wrote: >> Is using "event" MPM and mod_php ok, or should "prefork" always be used with >> mod_php? > > The conventional wisdom is prefork-only if you must use mod_php. I was just looking at this yesterda

Re: [users@httpd] ProxyPass + Redirect

Yann, On 12/17/15 3:51 AM, Yann Ylavic wrote: > On Thu, Dec 17, 2015 at 8:14 AM, Marat Khalili wrote: >> Crude, but what about: >> >> ProxyPassMatch "^/foo/(.+)$" "http://localhost:8009/foo/$1"; > > or (along the lines): > ProxyPassMatch ^/foo/((?!index\.html$).+)$ http://localhost:8009/

Re: [users@httpd] Uneven load distribution in Tomcat application servers proxy balanced in front end Apache httpd web server

Gaurav, On 12/22/15 11:26 AM, Gaurav Kumar wrote: > I am using 6 Apache httpd 2.2.15 which are forwarding requests to the > Tomcat application servers (version: 7.0.41). Using mod_proxy, all the > application servers are balanced with proxy balancers. Below is the > similar configuration of apache

Re: [users@httpd] ProxyPass + Redirect

Bill, On 12/16/15 5:45 PM, William A Rowe Jr wrote: > On Wed, Dec 16, 2015 at 4:34 PM, Christopher Schultz > mailto:ch...@christopherschultz.net>> wrote: > > >RedirectMatch ^/foo(/)?$ /foo/someplace_specific.html >RedirectMatch ^/foo/index.html$ /foo

[users@httpd] ProxyPass + Redirect

All, I've got a reverse-proxy in front of Tomcat that I'd like to configure. When using mod_jk, we have a configuration like this: RedirectMatch ^/foo(/)?$ /foo/someplace_specific.html RedirectMatch ^/foo/index.html$ /foo/someplace_specific.html JkMount /foo/*.do myWorker This works swi

Re: [users@httpd] Is there a shell environment variable to direct httpd to a httpd.conf ?

Gary, On 11/20/15 4:44 PM, Gary M wrote: > I'm in a unique configuration dilemma where I need to place the location > of httpd.conf in a "soft" location. eg the shell environment variable. > > I did look and cannot find the answer. > > The question: "is there a shell environment variable read by

[users@httpd] Redirect[Match] behind load-balancer switching protocols

All, The docs for the Redirect directive state that a slash-prefixed replacement URL (relative) will use the current request's scheme and hostname to build the redirect URL. RedirectMatch doesn't say specifically, but what I'm observing is that: RedirectMatch permanent ^/$ /foo/ ... when reques

Re: [users@httpd] How to force browsers doesn't use cache

Pete, On 11/16/15 3:52 PM, Pete Houston wrote: > On Mon, Nov 16, 2015 at 06:19:37PM -0200, Ronaldo Luiz de Carvalho wrote: >> There are a way to setting apache in a way to force the users site browsers >> doesn't use their cache? > > You can use the Header directive to set the appropriate value o

Re: [users@httpd] php.conf and PHP-FPM

John, On 11/13/15 2:53 PM, Rose, John B wrote: > Let me rephrase my question. > > I understand the .conf file names can be anything. > > I may should have asked it this way, do the settings such as ... > > > SetHandler application/x-httpd-php > > > > > AddType text/html .php > > Etc,

Re: [users@httpd] modifying Location header

Hleb, On 10/30/15 10:24 AM, Hleb Valoshka wrote: > On 10/29/15, John Iliffe wrote: >>> Is it possible to modify Location using mod_headers? I want to replace >>> http:// with https:// but Header edit http://(.*) https://$1 does not >>> work, neither with always. unset and set don't work as well,

Re: [users@httpd] require valid-user with ldap

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Marc, On 11/27/14 2:42 AM, Tobias Adolph wrote: > do you have an other authorization modules (like mod_shib for > shibboleth-authentication)? > > We had an issue concerning require valid-user, too. I guess that if > several authorization handlers

Re: Re: [users@httpd] Trouble upgrading to 2.2.29 from 2.2.8 - mod_deflate error

e the default installed ones. Thanks again! (with-included-apr was the answer) On Sat, 01 Nov 2014 17:47:44 -0400 Yann Ylavic <ylavic@gmail.com> wrote ---- Hello Christopher, there seem to be an old APR library (< v1.3.0) installed on your system (/usr/local/apache2/incl

[users@httpd] Trouble upgrading to 2.2.29 from 2.2.8 - mod_deflate error

Hey guys! I am having trouble upgrading from Apache 2.2.8 -> 2.2.29 with the following error occurring after running 'make' /usr/local/apache2/build/libtool --silent --mode=compile gcc -g -O2 -pthread -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -I/opt/vignette/software/ap

Re: [users@httpd] Cannot get certificate chain to work.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 dE, On 10/10/14 6:30 AM, dE wrote: > On 10/09/14 23:47, Christopher Schultz wrote: De, > > On 10/7/14 11:27 PM, dE wrote: >>>> $ openssl x509 -noout -in server.pem -text Certificate: >>>> Data: Version: 1 (0x0) Se

Re: [users@httpd] Cannot get certificate chain to work.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 De, On 10/7/14 11:27 PM, dE wrote: > $ openssl x509 -noout -in server.pem -text Certificate: Data: > Version: 1 (0x0) Serial Number: 13192573755114198537 > (0xb7156feedab91609) Signature Algorithm: sha1WithRSAEncryption > Issuer: C=AU, ST=Some-St

Re: [users@httpd] httpd 2.2 and 2.4; 500 errors with no logs at all

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, Bump. Any ideas what might be causing this? Thanks, - -chris On 10/5/14 10:53 AM, Christopher Schultz wrote: > All, > > On 10/5/14 10:23 AM, Christopher Schultz wrote: >> All, > >> On 10/5/14 10:01 AM, Christophe

Re: [users@httpd] How is this possible? Apache sends HSTS on a non valid cert but user can proceed, on compatible browser

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/6/14 5:52 PM, Scott (firstclasswatches.co.uk) wrote: > Hello, > > Not strictly a httpd specific issue but nevertheless, > Chrome/Firefox should ignore the header because it is not > delivered with a valid certificate and thus there is no wa

Re: [users@httpd] httpd 2.2 and 2.4; 500 errors with no logs at all

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, On 10/5/14 10:23 AM, Christopher Schultz wrote: > All, > > On 10/5/14 10:01 AM, Christopher Schultz wrote: >> All, > >> Over the past week, I've had 4 separate httpd servers running 2.2 >> and 2.4 start

Re: [users@httpd] httpd 2.2 and 2.4; 500 errors with no logs at all

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, On 10/5/14 10:01 AM, Christopher Schultz wrote: > All, > > Over the past week, I've had 4 separate httpd servers running 2.2 > and 2.4 start failing with the generic "Internal Server Error" page > and a 50

[users@httpd] httpd 2.2 and 2.4; 500 errors with no logs at all

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, Over the past week, I've had 4 separate httpd servers running 2.2 and 2.4 start failing with the generic "Internal Server Error" page and a 500 response. The only logs generated are the access log, which of course indicates a 500-response. So,

Re: [users@httpd] mod_remoteip not setting client's ip with AWS ELB

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mike, On 10/2/14 2:27 PM, Mike Rumph wrote: > On 10/2/2014 11:07 AM, Christopher Schultz wrote: >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 >> >> Mike, >> >> Okay, using %a works when using mod_remoteip.

Re: [users@httpd] mod_remoteip not setting client's ip with AWS ELB

ses %h by default for its httpd.conf definition of "combined" log format, so I've changed that and I'm getting the logging I desire. I'll try to replicate the behavior in httpd 2.2 without mod_remoteip we well. Thanks, - -chris > On 10/2/2014 9:04 AM, Mike Rumph wrote: &

  1   2   >