> From: Erik Thuning
[...]
> I have an apache server running as reverse proxy for a tomcat
> application using mod_proxy_ajp. An external application pulling data
> from mine has a hard requirement to get a content-length header in the
> response and won't accept transfer-encoding=chunked. Tomcat
On Fri, Feb 7, 2025 at 5:10 PM ohaya wrote:
>
> [FYI, I am seeing a response on the Apache list website, but I am NOT
> receiving the response here in my Yahoo email :( !! So I will respond here]
>
> Here is the 'ldd webgate.so'
>
> [orcladmin@localhost lib]$ ldd
> /apps/Oracle/Middleware/Oracl
On Fri, Feb 7, 2025 at 9:26 AM ohaya wrote:
>
> Hi,
>
> I am trying to get the "httpd -t" test to work but am getting an "undefined
> symbol" message.
>
> The Apache is 2.4.39 version that I built from source on a CENTOS 8.5 machine.
>
> Here's what I am running:
>
> export
> LD_LIBRARY_PATH=/ap
On Thu, Jan 16, 2025 at 11:28 AM Marc wrote:
>
> I have currently some abuse page that notifies the ip is blocked. I am
> generating this page with php because I want to display the ip adres on this
> page. Is there a more efficient way to generate a page with one line of text
> and the blocked
On Wed, Jan 8, 2025 at 7:41 PM Eric Covener wrote:
>
> On Wed, Jan 8, 2025 at 1:27 PM Rainer Canavan
> wrote:
> >
> > Hi,
> >
> > I'd like to short-circuit certain requests that contain no session
> > cookie with a HTTP 403, an ErrorDocument and a
Hi,
I'd like to short-circuit certain requests that contain no session
cookie with a HTTP 403, an ErrorDocument and a few response headers.
The following almost works:
RewriteCond %{REQUEST_METHOD} !OPTIONS
RewriteCond %{HTTP_COOKIE} !session=
RewriteRule ^/foo - [E=FOO:FOO,R=403,L]
Header alwa
On Wed, Nov 6, 2024 at 8:16 AM Rathore, Rajendra
wrote:
>
> Hi Team,
>
> We are using below host header validation rule in Apache Http configuration,
> that was working fine with 2.4.59 Apache server, when we migrate to 2.4.62
> below rule is not working. It will ignore the host name validation
On Thu, Oct 31, 2024 at 2:12 PM Marc wrote:
>
[...]
> > If you're using ip tables, you can re-route the request to a different
> > TCP port and configure a vhost that serves the chosen document for any
> > request to any path.
[...]
> Yes this is probably the most efficient. I a
On Tue, Oct 29, 2024 at 5:11 PM Marc wrote:
>
> >
> >
> > I am blocking most of amazon,google,azure clouds with ipsets. I also seem
> > to have added (automatically) ranges that were abusive from apple safe
> > browsing (or so?)
> >
> > I would like to remove these ip addresses of apple safe brows
On Tue, Jul 2, 2024 at 6:54 PM Dominic Humphries
wrote:
>
> As per
> https://httpd.apache.org/docs/current/mod/mod_log_config.html#format-notes we
> see special characters getting represented in our logs by their hexadecimal
> representation - \xhh
>
> However, we output our logs in a json form
On Tue, May 14, 2024 at 6:07 PM Gavin Spomer wrote:
>
> Hello,
>
> I recently migrated my Apache web server from FreeBSD to Ubuntu Server and
> found an issue with URLs that point to a directory, but don't include the
> trailing slash, when going through our institution's load balancer. If I
>
On Thu, May 16, 2024 at 1:15 AM Dave Wreski
wrote:
>
> Hi,
>
[...]
> The staging site is even protected with a RequireAll statement for the
> DocumentRoot based on the IP, which then results in a 404 and other errors in
> GSC.
That sound wrong. If your RequireAll was working as advertised, shou
On Tue, Nov 14, 2023 at 3:24 PM Luigi Bellio wrote:
>
> Hi Eric,
>
> thanks for your feedback ... I just tried, nothing is changed ...
> moreover as documented the "always" directive should apply to all
> response codes not only "on success".
You're missing one important issue the documenta
On Tue, Oct 24, 2023 at 5:32 AM Frank Gingras wrote:
>
> Perhaps the libtool version is older/different - what happens when you remove
> the space?
>
> On Fri, Oct 20, 2023 at 12:19 PM Daga, Navin (Navin) wrote:
>>
>> I'm trying to build Apache httpd RPM from the source tarball as mentioned in
On Fri, Oct 20, 2023 at 5:31 PM Marc wrote:
[...]
> >ServerAlias test.*.*
[...]
> >
> > A trivial and safe way if you need a solution asap might involve declaring
> > a for each host.
>
> I would like to have single access/error log for all these serveralias
> matches.
That's no proble
On Wed, Apr 12, 2023 at 1:49 AM Chris me wrote:
>
> Basically I am trying to run a later version of apache that supports the
> newer TLS alongside a much older version. I know it is better to upgrade the
> server, etc. but that is not an option for the legacy server.
>
> I basically need a compl
On Sat, Apr 8, 2023 at 11:22 PM Chris me wrote:
>
> Right. Is there an option to compile Apache using a non-standard location for
> dynamic libs? IE instead of /usr/lib it could use /usr/lib/custom
>
> I was not able to find anything other than using an ELF patcher to try and
> change the paths
On Wed, May 18, 2022 at 11:53 PM Frank Gingras wrote:
>
> Not sure if you saw the other answer on the other email:
>
> // If you can't use a SAN, then you need to configure all your vhosts as
> IP:443, whereas one vhost uses a separate IP, and the remainder uses the
> second IP.
That sounds wro
On Sun, Mar 13, 2022 at 8:08 PM Walter Hop wrote:
[...]
> I’m confused where the DH 3072 comes from. My question is, what should I
> configure so that DH 4096 is sent?
Your problem is in step 2) generate DH params - internet.nl explicitly
states that "Self-generated groups are 'Insufficient'".
On Thu, Oct 28, 2021 at 1:18 AM Rich Barron wrote:
>
> We are doing a security audit. The software saw the unpatched version in the
> MacOS and flagged it as a violation – so that is what needs to be patched.
I don't know how Apple handles bundled software. Are you sure that
this is not a false
On Tue, Oct 19, 2021 at 1:44 PM Mason Hayes wrote:
>
> Hi, All
>
> When Apache is accessed via a CDN (Akamai), I would like to record the IP of
> the accessing client in the Apache logs.
> In order to display the True-Client-IP header sent by Akamai in the access
> log like X-Forward-For, do I h
On Mon, Aug 23, 2021 at 10:45 AM Scott Trakker
wrote:
[...]
> The certificate for the subdomain 'nextcloud.jeroenverhoeckx.com' is
> installed correctly:
No. Having a certificate and actually using it on the https server
listening on port 443 are two entirely different things.
Try https://www.s
[...]
> But does not work if it's PHP - in this case, the content is compressed
> with "gzip":
>
> $ curl -v -H "Accept-Encoding: gzip, deflate, br"
> https://server.tld/pp.php 2>&1 | grep content-encoding
> < content-encoding: gzip
>
> Curiously, it does work with PHP if I specify "br" as the only
On Wed, Feb 24, 2021 at 6:01 PM Hildegard Meier wrote:
[...]
> Could it be possible another way to give clients of a specific vHost
> different SSLCipherSuite's depending on their IP address? (cipher of first
> handshake, no renegotiation)
You can work around this by setting up a separate vhost
On Mon, Nov 2, 2020 at 4:17 PM Gabriele Bulfon
wrote:
>
> Thanks, I configured and ran server-status after stopping/starting apache.
> Top output is:
>
[...]
> What should I check?
> Also, when system blocks I won't be able to see server-status, as it will be
> not responding.
> Should I check i
On Mon, Nov 2, 2020 at 11:13 AM Gabriele Bulfon
wrote:
>[...]
> Recently we built version 2.4.43 and installed on a test machine.
> Here, we are experiencing a problem where almost once a week we have to
> restart apache, which is no more responding.
> Threads are there, but none is answering on
[...]
> FilterProvider COMPRESSDEFLATE "%{Content_Type} =
> 'text\/html.*$'"
I don't think you can use regular expressions with just '=', you'll
have to use '=~'
search 'regex' in the documentation at
https://httpd.apache.org/docs/2.4/expr.html for the exact syntax
required.
r
On Fri, Jul 31, 2020 at 9:01 PM eika from Ru-Board
wrote:
>
> Hi folks!
>
> I come across with issue I can't fix. I have Apache/2.4.43 OpenSSL/1.1.1g
> with mod_autoindex (showing directory listings instead of index.html) and
> with mod_deflate.
>
> I was able to get content gzipped, but only if t
> Dear Apache enthusiasts ...
>
> My application is a very simple https-only apache (2.4.43) server with
> mod_ssl (openssl 1.1.1g) in Linux (crux distribution 3.5).
[...]
> ./configure --enable-layout=CRUX \
> --with-apr=/usr \
> --with-apr-util=/usr \
>
On Thu, Jun 11, 2020 at 3:13 PM Jason Keltz wrote:
[...]
> The URL that I would like to limit looks like this:
>
> https://example.com/#/?key=KJKJHjkdflkjsdflkjJhdsfjhf
[...]
> I want to only apply authentication when the QUERY_STRING includes "?key".
In the URL you have given above, "key" is not
On Fri, Jun 12, 2020 at 5:02 AM Niranjan Rao wrote:
> [...] Example could be
>
> https://myserver/uat/app1
> https://myserver/qa/app1
>
>
> Earlier I have tried just https://myserver/app1 and it works correctly.
> But now I want to add environment to it. Applications don't know they
> are proxied
On Wed, May 6, 2020 at 11:04 AM JK Pard0x wrote:
> Looking at the mod_remoteip source code for httpd 2.4.6 [1], it appears
> the directive RemoteIPProxyProtocol does not exist anymore. I'm not sure
> to understand how the versioning works.
And indeed, it looks like versioning works differently t
On Wed, Jul 31, 2019 at 1:39 AM Nigel B. Peck wrote:
>
> Thanks for the answers, great to have more insight on this.
>
> Is this a bug? Shouldn't it set up the linking correctly itself when
> the library has been specified using `--with-ssl`, as it does for
> `--with-pcre`? I'm considering submitt
On Tue, Jul 30, 2019 at 7:15 AM Nigel B. Peck wrote:
>
> Hi,
>
> Having some trouble compiling Apache with non-system OpenSSL, any help
> appreciated. Looked at many threads online but no answers so far.
[...]
> Is there any way I can resolve this without having to add the location
> to LD_LIBRAR
On Sun, Jun 16, 2019 at 12:21 PM rexkogit...@gmx.at wrote:
[...]
>
> In HTTP 1.1, the caching is a simple HTTP header field, see section 14.9 here:
>
> https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
The current RFC would be https://tools.ietf.org/html/rfc7234, but
https://tools.ietf.org/
On Thu, May 23, 2019 at 12:15 AM Jeff Cauhape wrote:
>
> Yehuda,
>
> But how do you tell if the Apache thread-safe module is included?
>
> I’ve already wasted more than enough time on this task, and I’d like
>
> some way to determine I’m not just wasting more time.
It's in the FAQ, a single mouse
On Thu, May 2, 2019 at 11:57 AM Supun Abeysinghe wrote:
>
> Hi all,
>
> I'm working on a project to dynamically tune the parameters of the Apache web
> server. I'm particularly looking at changing MaxRequestWorkers (formerly
> known as MaxClients) parameter by looking at runtime characteristics.
On Wed, Apr 3, 2019 at 10:18 AM LuKreme wrote:
>
> On Apr 3, 2019, at 02:05, Hajo Locke wrote:
> > Is apache 2.2 exploitable by CVE-2019-0211 ?
> > Description says that first affected version is 2.4.17, but may be 2.2 was
> > not analyzed.
>
> “Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38”
On Wed, Jun 13, 2018 at 2:27 PM MOKRANI Rachid wrote:
> I have URL like below (with ? and =)
> http://myserver/?s=about
>
> What’s the correct syntax to allow only some IP.
>
> Require ip 127.0.0.1
>
only matches the path part of the URL, not the query string
(i.e. the part after the ?).
The
On Wed, Apr 18, 2018 at 9:29 PM, Eric Covener wrote:
> On Wed, Apr 18, 2018 at 3:18 PM, Hemant Chaudhary
> wrote:
>> Thanks Eric
>>
>> It means thread are using lock so that one thread/process can write a time.
> I believe it's unlocked, I think posix promises they will not be
> interleaved if wr
On Wed, Apr 11, 2018 at 5:54 PM, Absonworld . wrote:
> Hi All ,
[...]
> a) Input file : text1 text2 text3
>
> b) URL :- {{BaseURL}}/apps/{{ApplId}}/courses/search?query={{random text
> from input file }}
>
> I would like to hit this search URL with different/random texts present in
> the input fi
On Tue, Nov 28, 2017 at 1:47 PM, chetan jain wrote:
> Hi All,
>
> As apache 2.2.x is EOL, I need to upgrade to httpd 2.4.x version but I am
> not able to verify anywhere if it is supported/tested configuration with
> Centos 6 OS?
If your requirement is that you are only allowed to run supported s
On Fri, Nov 10, 2017 at 6:41 PM, Douglas Duckworth
wrote:
> Hi
>
> I am running old PHP under Apache httpd-2.4.
[...]
> Though, ever few weeks, we see sudden increase in workers who never seem to
> retire:
>
> [Fri Nov 10 02:43:20.019924 2017] [mpm_prefork:error] [pid 13584] AH00161:
> server rea
[...]
> But, I don’t just need to know if a module is available: once the module is
> loaded, its available for all virtualhosts. I need to know if the SSLEngine
> has been enabled within a virtualhost so I can do something like the
> following:
mod_ssl sets the environment variable HTTPS to "
[...]
> [Wed Aug 02 23:57:17.644430 2017] [http:error] [pid 23461910:tid 4627]
> [client 10.140.66.12:50843] AH02429: Response header name 'P3P:
> policyref="/w3c/p3p.xml"' contains invalid characters, aborting request
>
The header name may not contain : or space. You have to assemble them
as sepa
On Wed, Jun 21, 2017 at 8:16 AM, Hemant Chaudhary
wrote:
> Hi
>
> Can mod_backtrace is available to support apache-2.4.25. I want to support
> it on HPE Non-stop.
> If no then order module which can work as backtrace.
You can enable core dumps and use a cron job to automatically generate
backtrac
On Tue, May 23, 2017 at 8:45 PM, Ken Mycock wrote:
> Eric
>
> It seems to make sense that REMOTE_USER wasn't set when the rule I tried in
> htaccess ran, as that would explain RU not being set.
>
> But, REMOTE_USER must be set by Apache, even if it is late in the sequence,
> so where/how can I get
On Tue, May 23, 2017 at 2:10 PM, Ken Mycock wrote:
[...]
> Hence, we need to allow authentication of either form of number but to strip
> leading zeros from the number stored in REMOTE_USER.
>
> I've tried various combinations of:
> RewriteCond %{REMOTE_USER} ^0*([1-9][0-9]+)
> RewriteRule ^0*([1
On Thu, Apr 20, 2017 at 2:05 AM, Wilmer Arambula
wrote:
>
> If that domain points to your servers external IP, it will be handled by the
> first *:443 virtualhost:
>
> Ok, Perfect thanks a lot for your answer, is there any way to prevent it from
> redirecting to the first *: 443 virtualhost, wit
[...]
>> SetEnvIf X-HTTPS "on" SERVER_PORT=443
>>
>> The above results in:
[...]
>> $_SERVER[SERVER_PORT]; => 80
We had the same problem a few years ago, and went with a
workaround in the end. We're simply setting and evaluating a
different variable instead of SERVER_PORT, e.g.
OVERRIDE_SERVER_P
> Now, we require something like opening an IFrame on the Server, and provide
> virtual access to the HTTP-Server (via Intermediatary), something like what
> Teamviewer does. We have the ability to modify to Server and Intermediatary,
> but not HTTP-Server in the general case.
>
> It would be great
On Wed, Mar 22, 2017 at 3:29 AM, John Iliffe wrote:
> Just in case anyone is thinking about this, I managed to resolve it, more
> by luck than by any plan.
>
> Basically, I just added links in the httpd/lib directory to everything that
> it claimed it couldn't find. Some are actually links to lin
On Tue, Feb 21, 2017 at 3:53 PM, Yann Ylavic wrote:
> On Tue, Feb 21, 2017 at 3:19 PM, Rainer Canavan
> wrote:
[...]
>> If you know where the .pid file is, you can read that and check if the
>> process is
>> running, e.g. via ps --pid `cat /var/run/apache2.pid`
>
&g
On Tue, Feb 21, 2017 at 2:53 PM, Tom Browder wrote:
> I need to programatically determine whether httpd is running or not, whether
> I'm root or not. The only reliable way I have found is to use the system
> command 'ps -C httpd' and grep the results.
>
> Is there a better way?
If you know where
> sudo apache2 -M
>
> writes spurious lines like this:
>
> [Wed Jan 18 03:32:29.510875 2017] [core:warn] [pid 11564] AH00111: Config
> variable ${APACHE_LOG_DIR} is not defined
>
> even though the mentioned variable *is* defined in /etc/apache2/envvars
apache2 is the binary - you're not really sup
On Fri, Dec 2, 2016 at 6:08 AM, Hemant Chaudhary
wrote:
>> > "unresolved reference to ap_getword_nulls".
> After "make install", I started my apache server, but it was not running
> because it was unable to recognize .so file. Hence I planned to convert .a
> into .so file.
>
> I am porting apache
On Thu, Nov 17, 2016 at 4:08 PM, @lbutlr wrote:
> On Nov 17, 2016, at 3:56 AM, Nick Kew wrote:
>> On Wed, 2016-11-16 at 12:12 -0700, @lbutlr wrote:
>>> When launching apache 2.4 I get a core dump. Nothing is logged to the
>>> http-error log. I’ve tried rebuilding it to no avail. Ideas?
>>>
>> At
[...]
> But I have a HTML form which calls doctechnique.example.com like this
[...]
> redirection to http://doctechnique.exemple.com is OK but I cannot retrieve
> the variable Hqsdf218regTYH414 in the PHP code of doctechnique.example.com
> (variable POST).
If by redirect you mean a 301 or 302 redi
On Wed, Oct 5, 2016 at 6:26 PM, Joe Muller wrote:
> From the looks of it I would say it is targeting servers running SSL. Are
> you serving up HTTP or HTTPS ?
I don't think that that is valid SSL, unless your httpd discards the
first few bytes.
There was a SANS handler diary entry just yesterday
On Mon, Sep 12, 2016 at 7:37 PM, Marat Khalili wrote:
> On 12/09/16 18:47, Rainer Canavan wrote:
>> The obvious ones I can come up with would be Alias, ScriptAlias,
>> FastCGIExternalServer,
>> Action and RewriteRule. All those can be defined in the global context
>> (i
On Mon, Sep 12, 2016 at 3:21 PM, Marat Khalili wrote:
> On 12/09/16 15:25, Rainer Canavan wrote:
>>
>>
>> However, in this example, you'd add a virtualhost that may expose
>> globally configured resources without the individual access controls of
>>
[...]
>> Additionally, if you bind any further vhosts to specific IP addresses, e.g.
>> , then that virtualhost will have precedence for
>> requests to 192.0.2.1:80 over the *:80 virtualhost.
>
> In this case you'll have create separate default deny configuration for each
> IP address, right?
>
>>
>>
>> ServerName default
>>
>>
>> AllowOverride none
>> Order Allow,Deny
>> Require all denied
>>
>>
[...]
I'm not 100% sure, but that may not deny access to absolutely everything,
in case you have global
directives such as cgi aliases or proxy constructs, p
On Wed, Jul 13, 2016 at 10:16 AM, Theo Sweeny wrote:
> Thank you Daniel.
>
>
>
> At the moment it is set to –
>
>
>
> STATUSURL="http://localhost:80/server-status";
>
>
>
> Should it be configured like so when there are multiple sites?
>
>
>
> STATUSURL="http://www.site1.com:80/server-status;
> ht
On Thu, Jun 30, 2016 at 11:37 PM, Rose, John B wrote:
> Single host.
If you haven't already, make sure that your LogFormat contains %v:%p
_and_ host:\"%{host}i\"
and check both if the problem reappears.
Is there any good reason why you still have the default vhost
configured at all, much less as
On Mon, Apr 18, 2016 at 10:47 AM, Виталий Фадеев wrote:
> Hello!
> We want to show different page for users that come with SSL3 or TLS/1.0
> Is this possible?
> For example, by creating two virtual servers with different
> SSLProtocols. DirectoryRoot, and the same ServerName?
I don't think that w
On Fri, Apr 15, 2016 at 9:14 AM, Ben RUBSON wrote:
> Hello,
>
> I already do it with a RewriteMap Perl script, but perhaps a faster (in terms
> of performance) solution exists.
> Let's assume an incoming request contains a username, is there a way to get
> the system UID of this username string
On Fri, Apr 8, 2016 at 6:02 PM, Christopher Schultz
wrote:
[...]
> I'm speaking from a position of ignorance, here, but can a dynamic
> library modify the main process's search path? If only mod_ssl is
> compiled with the static-path to OpenSSL but httpd is not (and it's
> not clear to me that htt
On Fri, Apr 8, 2016 at 12:31 AM, Yann Ylavic wrote:
> On Thu, Apr 7, 2016 at 5:21 PM, Poggenpohl, Daniel
> wrote:
>>
>> LDFLAGS="-L$OPENSSLDIR/lib -R $OPENSSLDIR/lib"
>
> I don't know which compiler you are using, but gcc's -R is not working
> correctly (on Linux at least), whereas "-Wl,-rpath,$O
On Tue, Feb 16, 2016 at 3:42 PM, Curtis Maurand wrote:
>
>
> On 2/16/2016 5:37 AM, @lbutlr wrote:
>
> On Feb 16, 2016, at 2:02 AM, Aravin wrote:
>
> Before we upgrade the apache 2.4 the below image url can be viewable through
> browsers. but after upgraded the apache we are not able to view this
Hi,
we've got an obscure problem with the apache httpd that was shipped
with CentOS 7.2. We perform automatic builds and updates via cron,
and, since the update to CentOS 7.2. The update script is triggered by
cron and stops, yum updates and starts the httpd. When the next cron
job that is run as
2015-12-16 17:56 GMT+01:00 Christian Georg :
> Hi all,
>
>
> I am looking for a solution to masquerade/anonymize data I am writing to the
> acccess log on my proxy. For debugging purposes we need to trace data based
> on the x-auth header. As this header contains critical data I do not want to
> en
2015-07-27 6:33 GMT+02:00 deva seetharam :
> hello
>
> we are running debian linux stable (Jessie) with apache 2.4.10 and mod_wsgi
> 4.3.0-1 on a x86_64 machine.
> our application is written in python 2.7 and django 1.8.
>
> the list of modules as reported by apachectl -M are:
> Loaded Modules:
[..
>> Remove etags (Header unset Etag/FileETag None)
> Won't this disable conditional requests, ex. If-None-Match and friends? Is
> your recomendation because of the header overhead or am I missing something?
Just if-None-Match. If-Modified-Since would still work. I believe
people recommend disabli
2015-05-12 10:03 GMT+02:00 Luc Andre :
> Thanks for your reply.
>
> We did a test on a powerful server with
>
> StartServers 20
> MinSpareServers 5
> MaxSpareServers 20
>
> And we still have the issue...
>
To ensure that you don't hit the child spin up issue, you'l
2015-05-01 16:00 GMT+02:00 David A. Cobb :
[...]
> However, if I click the URL file in a "Directory List" served from Apache, I
> get the plain text file displayed. I can go to the target with one or two
> extra steps, but it's a PITA.
It's a text file, so that's the expected result, since there
76 matches
Mail list logo
