Re: [users@httpd] Re: mod_rewrite: Conditionally set RemoteIPHeader

2025-06-12 Thread Eric Covener
On Wed, Jun 11, 2025 at 6:48 PM wrote: > > Does anyone know of a way to conditionally set the RemoteIPHeader > directive for mod_remoteip? I've tried a few things; a simple if/else > says "RemoteIPHeader is not allowed here." And trying to set my own > request header that I can point "RemoteIPHead

[users@httpd] Re: mod_rewrite: Conditionally set RemoteIPHeader

2025-06-11 Thread apache
Does anyone know of a way to conditionally set the RemoteIPHeader directive for mod_remoteip? I've tried a few things; a simple if/else says "RemoteIPHeader is not allowed here." And trying to set my own request header that I can point "RemoteIPHeader" to doesn't seem to work; no matter how I o

Re: [users@httpd] Re: dns/web server setup guru

2025-05-14 Thread Frank Gingras
On Wed, May 14, 2025 at 4:00 PM bruce wrote: > hi. > > think u miss my primary issue. to completely walk through/setup web > domain/server. > > ie, purchase url name, apply that to remote server/instance. setup > subdomains for different test apps, etc.. > > > On Wed, May 14, 2025, 3:38 PM bruc

[users@httpd] Re: dns/web server setup guru

2025-05-14 Thread bruce
hi. think u miss my primary issue. to completely walk through/setup web domain/server. ie, purchase url name, apply that to remote server/instance. setup subdomains for different test apps, etc.. On Wed, May 14, 2025, 3:38 PM bruce wrote: > Hi. > > Working on a few test web projects/apps. N

[users@httpd] Re: [EXTERNAL] [BULK] Re: [users@httpd] apache/mod_ssl block IP connection attempt?

2025-03-04 Thread Schuler, Laurence (GSFC-606.4)[ADNET SYSTEMS INC]
I have that line in my ssl.conf file. It was initially set to "off", but even after I changed it to "on" I get the same results. I actually don't think this is an apache issue exactly. I'm going to check with the openssl group, I think that is where the refusal should come into play. Thanks, --La

Re: [users@httpd] Re: How to migrate letsencrypt together with the apache server?

2025-03-02 Thread Paul
On 2025-03-02 09:43, Bo Berglund wrote: On Sat, 1 Mar 2025 19:07:09 -0500, Frank Gingras wrote: Side note here, avoid using other folks' domain names, it's a bit rude. Use example.tld if you have munge the domain names. I did not know that mydomain was a real domain It looks like what I

[users@httpd] Re: How to migrate letsencrypt together with the apache server?

2025-03-02 Thread Bo Berglund
On Sat, 1 Mar 2025 19:07:09 -0500, Frank Gingras wrote: >Side note here, avoid using other folks' domain names, it's a bit rude. >Use example.tld if you have munge the domain names. I did not know that mydomain was a real domain It looks like what I thought it was, a placeholder. -- Bo Ber

Re: [users@httpd] Re: How to migrate letsencrypt together with the apache server?

2025-03-01 Thread Frank Gingras
On Sat, Mar 1, 2025 at 6:26 PM Bo Berglund wrote: > On Fri, 28 Feb 2025 10:30:51 -0500, Frank Gingras > wrote: > > >Moving to a modern mod_md approach might be better then, or alternatively, > >if you want to keep using the third party letsencrypt tools, asking your > >distro's support venues mi

[users@httpd] Re: How to migrate letsencrypt together with the apache server?

2025-03-01 Thread Bo Berglund
On Fri, 28 Feb 2025 10:30:51 -0500, Frank Gingras wrote: >Moving to a modern mod_md approach might be better then, or alternatively, >if you want to keep using the third party letsencrypt tools, asking your >distro's support venues might work. I don't want to move to a different method right now

[users@httpd] Re: Why is our RewriteMap usage working for some URLs & not others?

2025-03-01 Thread Tony Olekshy
Tony Olekshy wrote, on 2025-02-24 at 11:32 MST: > > Our Apache httpd.conf is configured to include these lines for > blocking requests from a list of IP addresses without logging > them — in this order and mixed with other lines — yet some such > requests are logged anyway: > > CustomLog logs/

Re: [users@httpd] Re: How to migrate letsencrypt together with the apache server?

2025-02-28 Thread Frank Gingras
On Fri, Feb 28, 2025 at 5:28 AM Bo Berglund wrote: > On Wed, 26 Feb 2025 11:30:12 -0500, Frank Gingras > wrote: > > > > > > >Nowadays, you should use mod_md: > > > >https://httpd.apache.org/docs/current/mod/mod_md.html > > Strange, one would assume that mod-md is a way to tell Apache to render >

Re: [users@httpd] Re: How to migrate letsencrypt together with the apache server?

2025-02-28 Thread Frank Gingras
On Fri, Feb 28, 2025 at 10:25 AM Bo Berglund wrote: > On Fri, 28 Feb 2025 10:07:48 -0500, Frank Gingras > wrote: > > >On Fri, Feb 28, 2025 at 5:28?AM Bo Berglund > wrote: > > > >> Anyway, since I have moved/copied everything related to letsencrypt from > >> the old > >> to the new server, how c

[users@httpd] Re: How to migrate letsencrypt together with the apache server?

2025-02-28 Thread Bo Berglund
On Fri, 28 Feb 2025 10:07:48 -0500, Frank Gingras wrote: >On Fri, Feb 28, 2025 at 5:28?AM Bo Berglund wrote: > >> Anyway, since I have moved/copied everything related to letsencrypt from >> the old >> to the new server, how can I disable letsencrypt renewals on the old >> server and >> enable on

[users@httpd] Re: How to migrate letsencrypt together with the apache server?

2025-02-28 Thread Bo Berglund
On Wed, 26 Feb 2025 11:30:12 -0500, Frank Gingras wrote: > > >Nowadays, you should use mod_md: > >https://httpd.apache.org/docs/current/mod/mod_md.html Strange, one would assume that mod-md is a way to tell Apache to render MarkDown documents (filename.md), rather than handling renewal of letsen

[users@httpd] Re: Followup to "Re: I am getting "undefined symbol: slts_runmode" when I try to run "httpd -t" test. Is there any way to work around this?"

2025-02-07 Thread o haya
I wanted to followup on testing using LD_PRELOAD: - Using LD_PRELOAD I was able to get past the "httpd -t" test. I had to add both the libclntsh.so and the libclntshcore.so to the LD_PRELOAD because after I added just libclngshcore.so, another undefined symbol appeared, and that other symbol is

Re: [users@httpd] Re: I am getting "undefined symbol: slts_runmode" when I try to run "httpd -t" test. Is there any way to work around this?

2025-02-07 Thread Rainer Canavan
On Fri, Feb 7, 2025 at 5:10 PM ohaya wrote: > > [FYI, I am seeing a response on the Apache list website, but I am NOT > receiving the response here in my Yahoo email :( !! So I will respond here] > > Here is the 'ldd webgate.so' > > [orcladmin@localhost lib]$ ldd > /apps/Oracle/Middleware/Oracl

[users@httpd] Re: I am getting "undefined symbol: slts_runmode" when I try to run "httpd -t" test. Is there any way to work around this?

2025-02-07 Thread ohaya
I am attaching the output from the strace. Jim On Friday, February 7, 2025 at 11:09:51 AM EST, ohaya wrote: [FYI, I am seeing a response on the Apache list website, but I am NOT receiving the response here in my Yahoo email :( !!  So I will respond here] Here is the 'ldd webgate.so

[users@httpd] Re: I am getting "undefined symbol: slts_runmode" when I try to run "httpd -t" test. Is there any way to work around this?

2025-02-07 Thread ohaya
[FYI, I am seeing a response on the Apache list website, but I am NOT receiving the response here in my Yahoo email :( !!  So I will respond here] Here is the 'ldd webgate.so' [orcladmin@localhost lib]$ ldd /apps/Oracle/Middleware/Oracle_Home/webgate/ohs/lib/webgate.so        linux-vdso.so.1 (0

Re: [users@httpd] RE: proxy urlmapping outside of the path

2025-02-02 Thread Daniel Ferradal Márquez
On 1/2/25 0:24, Marc wrote: I have a config and actually only want to allow access to a specific path xxx of the proxied host nothing else. However that path on the proxied host is refering to files eg in the root ProxyPreserveHost Off ProxyAddHeaders On SetOutputFilter proxy-h

[users@httpd] RE: proxy urlmapping outside of the path

2025-01-31 Thread Marc
> > I have a config and actually only want to allow access to a specific > path xxx of the proxied host nothing else. However that path on the > proxied host is refering to files eg in the root > > ProxyPreserveHost Off > ProxyAddHeaders On > SetOutputFilter proxy-html > ProxyHT

Re: [users@httpd] Re: off topic - how to secure httpd

2024-12-04 Thread gene heskett
On 12/4/24 20:46, Jonesy wrote: On Wed, 4 Dec 2024 18:09:06 -0500, gene heskett wrote: On 12/4/24 09:20, Marc wrote: Having these ipv6 so abundantly available made me also think about how I have currently arranged my abuse mitigation. Currently I am having ipsets for different subments and use

[users@httpd] Re: off topic - how to secure httpd

2024-12-04 Thread Jonesy
On Wed, 4 Dec 2024 18:09:06 -0500, gene heskett wrote: > On 12/4/24 09:20, Marc wrote: >> >> Having these ipv6 so abundantly available made me also think about >> how I have currently arranged my abuse mitigation. Currently I am >> having ipsets for different subments and use a sort of honeypot

[users@httpd] Re: ML-KEM in TLS 1.3 triggers SSL Protocol error in certain Apache servers

2024-11-25 Thread frank picabia
I suspect the problem is in our firewall: https://community.fortinet.com/t5/FortiGate/Technical-Tip-ERR-SSL-PROTOCOL-ERROR-when-using-Flow-based-Deep/ta-p/357555 On Mon, Nov 25, 2024 at 2:44 PM frank picabia wrote: > I've been struggling with this issue on a couple of our Apache servers, > but

Re: [users@httpd] RE: regression in mod rewrite rule while migrating from 2.4.59 to 2.4.62

2024-11-07 Thread Rainer Canavan
On Wed, Nov 6, 2024 at 8:16 AM Rathore, Rajendra wrote: > > Hi Team, > > We are using below host header validation rule in Apache Http configuration, > that was working fine with 2.4.59 Apache server, when we migrate to 2.4.62 > below rule is not working. It will ignore the host name validation

[users@httpd] RE: regression in mod rewrite rule while migrating from 2.4.59 to 2.4.62

2024-11-05 Thread Rathore, Rajendra
Hi All, If anyone have any idea abt this, I need to block the request if host header value is not matched with configured one. Any suggestions will help a lot. Thanks and Regards, Rajendra Rathore 9922701491 From: Rathore, Rajendra Sent: Tuesday, November 5, 2024 7:43 PM To: users@httpd.apache.

RE: [users@httpd] RE: how to redirect ip ranges to warning page

2024-10-31 Thread Marc
> [...] > > > If you're using ip tables, you can re-route the request to a > different > > > TCP port and configure a vhost that serves the chosen document > for any > > > request to any path. > [...] > > Yes this is probably the most efficient. I am surprised this seems to > work

RE: [users@httpd] RE: how to redirect ip ranges to warning page

2024-10-31 Thread Marc
> > > I am testing with this now. Only thing I probably am stuck with is > having this in GlobalLog. > > you can turn off your GlobalLog if you add an > [env=[!]environment-variable] statement and > setenv that environment-variable in your new vhost. > https://httpd.apache.org/docs/2.4/mod/mod_lo

RE: [users@httpd] RE: how to redirect ip ranges to warning page

2024-10-31 Thread Marc
> > > I prefer to return there everything with 4xx return code, but can't get > this for / > > Use an empty directory as the documentroot, disable mod_autoindex. Use > a highish debug level to check I am for now sticking to virtualhost only configs as I don't want to change global settings. So

Re: [users@httpd] RE: how to redirect ip ranges to warning page

2024-10-31 Thread Rainer Canavan
On Thu, Oct 31, 2024 at 2:12 PM Marc wrote: > [...] > > If you're using ip tables, you can re-route the request to a different > > TCP port and configure a vhost that serves the chosen document for any > > request to any path. [...] > Yes this is probably the most efficient. I a

RE: [users@httpd] RE: how to redirect ip ranges to warning page

2024-10-31 Thread Marc
> > > > > > > > > > > I am blocking most of amazon,google,azure clouds with ipsets. I > also seem > > > to have added (automatically) ranges that were abusive from > apple safe > > > browsing (or so?) > > > > > > I would like to remove these ip addres

Re: [users@httpd] RE: how to redirect ip ranges to warning page

2024-10-29 Thread Frank Gingras
On Tue, Oct 29, 2024 at 12:25 PM Rainer Canavan wrote: > On Tue, Oct 29, 2024 at 5:11 PM Marc wrote: > > > > > > > > > > > I am blocking most of amazon,google,azure clouds with ipsets. I also > seem > > > to have added (automatically) ranges that were abusive from apple safe > > > browsing (or s

Re: [users@httpd] RE: how to redirect ip ranges to warning page

2024-10-29 Thread Rainer Canavan
On Tue, Oct 29, 2024 at 5:11 PM Marc wrote: > > > > > > > I am blocking most of amazon,google,azure clouds with ipsets. I also seem > > to have added (automatically) ranges that were abusive from apple safe > > browsing (or so?) > > > > I would like to remove these ip addresses of apple safe brows

[users@httpd] RE: how to redirect ip ranges to warning page

2024-10-29 Thread Marc
> > > I am blocking most of amazon,google,azure clouds with ipsets. I also seem > to have added (automatically) ranges that were abusive from apple safe > browsing (or so?) > > I would like to remove these ip addresses of apple safe browsing from the > tcp filter, but I want httpd to redirect al

[users@httpd] Re: Apache 2.4.62 - ongoing proxy issue/regression with AddHandler and uwsgi

2024-10-10 Thread Jan Ingvoldstad
To clarify a bit regarding what exactly the regression is: This works in earlier Apache 2.4 versions: AddHandler proxy:unix:/run/sockets/uwsgi-fcgi.sock|uwsgi:// .php But with 2.4.60 and newer, this results in an error message: AH10097: error parsing URL //: Invalid host/port If one then tries

[users@httpd] Re: Helpful and Friendly Mailing List Replies [WAS: Re: [users@httpd] Update Apache httpd to the latest version 2.4.62]

2024-09-03 Thread Jonesy
On Tue, 3 Sep 2024 01:04:13 -0400, Yehuda Katz wrote: > > I have been asked by a number of friends/colleagues why I am still on the > HTTPD users list when people are so unfriendly. > While this response is technically correct, and supporting a Ubuntu > packaged version of httpd is potentially not

[users@httpd] Re: node/apache -- reverse proxy subfolder

2024-08-23 Thread bruce
Hi. This is a follow up to the issue I posted earlier with the Github app/https://github.com/berat/waitlist-landing-page. The app is a node app that I wanted to display via Apache/ubuntu. I'm posting this here as a dat apoint to anyone who might search for node/pm2/apache/reverse proxy! There a

[users@httpd] Re: Problem Configuring httpd 2.4 to allow expired client certficates

2024-08-13 Thread J Harri
I have since found this link: https://stackoverflow.com/questions/72020602/how-to-set-ld-preload-in-systemd The difficulties getting LD_PRELOAD to work with systemd is discussed there, and it said the wrapper approach was the solution. I had already tried the other approaches discussed, with no

[users@httpd] Re: mod_proxy health check custom header

2024-08-12 Thread Aaron Rosenzweig
Does anyone have advice for me regarding custom headers in mod_proxy health check? Thank you :-) On Wed, Aug 7, 2024 at 2:31 PM Aaron Rosenzweig wrote: > We have mod_proxy doing balancing and working great with the exception of > one thing, the health check. I'm talking about the heartbeat inter

[users@httpd] Re: [External] : Re: [users@httpd] DirectoryIndex broken in Apache 2.4.60?

2024-07-01 Thread Jack Swan
thank you everyone. Changes made and they work. Point taken about being invalid for 15 years. I inherited an old application/setup. Again, thank you all. From: Frank Gingras Sent: Monday, July 1, 2024 3:03 PM To: users@httpd.apache.org Subject: [External] : R

[users@httpd] RE: output buffer php ProxySet

2024-06-22 Thread Marc
> I am experimenting a bit with output buffering with php-fpm[1]. In my > default setup I can't get this to work. Currently I am only getting this > to work when I add this to my virtualhost config: > > > ProxySet enablereuse=on flushpackets=on > > > I assume this will impact the rest of th

[users@httpd] Re: Authentication in Location blocks for reverse proxy seems to take precedence in routes

2024-06-14 Thread M Foster
I forgot to add I'm using Docker image http:2.4.59. On Fri, Jun 14, 2024 at 11:41 AM M Foster wrote: > Hello, > > I'm struggling a bit with an issue when using Apache as a reverse proxy > when needing to use differing Authentication. I've searched for a couple of > days now, but nothing matching

[users@httpd] Re: How to Perform stateless restarts with checkpointing enabled

2024-05-09 Thread Kartikey Pant
Please ignore this thread, I wanted to post this to a different Apache mailing list. Apologies. On Thu, May 9, 2024 at 2:49 PM Kartikey Pant wrote: > We have a source/sink mechanism which uses checkpoints for persistence and > can operate in a minor data loss scenario. Is there a method to use >

[users@httpd] RE: proxypass to next proxy

2024-05-06 Thread Marc
> > > On some production environment I am using this: > > > ProxyPass http://test.example.com/test > > ProxyRemote "http://test.example.com/test " "http://proxy.local.net:5000"; ProxyPass http://test.example.com/test

RE: [users@httpd] RE: pipe logs to somethings that resembles a curl post

2024-04-10 Thread Marc
> > > > [1] > > https://httpd.apache.org/docs/current/mod/mod_log_config.html > > > > [2] > > https://httpd.apache.org/docs/current/mod/mod_log_config.html#formats > > You could also use > https://httpd.apache.org/docs/current/mod/mod_lua.html#luahooklog to > split up your logs or discard/silence

Re: [users@httpd] RE: pipe logs to somethings that resembles a curl post

2024-04-10 Thread Daniel Gruno
On 4/10/24 07:22, Marc wrote: Oops I was mislead by some old posts. GlobalLog[1] does this for everything. However I have not found what value[2] has the requested virtual host name. [1] https://httpd.apache.org/docs/current/mod/mod_log_config.html [2] https://httpd.apache.org/docs/current/mo

[users@httpd] RE: pipe logs to somethings that resembles a curl post

2024-04-10 Thread Marc
%v sorry for polluting this list PS. If it is any consolation, I have registered myself at a retirement home > -Original Message- > From: Marc > Sent: Wednesday, 10 April 2024 14:22 > To: users@httpd.apache.org > Subject: [users@httpd] RE: pipe logs to somethings that r

[users@httpd] RE: pipe logs to somethings that resembles a curl post

2024-04-10 Thread Marc
Oops I was mislead by some old posts. GlobalLog[1] does this for everything. However I have not found what value[2] has the requested virtual host name. [1] https://httpd.apache.org/docs/current/mod/mod_log_config.html [2] https://httpd.apache.org/docs/current/mod/mod_log_config.html#formats

[users@httpd] RE: pipe logs to somethings that resembles a curl post

2024-04-10 Thread Marc
Currently I have modified some rust application that does this to satisfaction. But piping to a 60MB binary for quite a few virtual hosts does not really seem efficient to me. Is there not some apache module that can offer a "global" access to logging and 'clones' all logging to some tcp socket

RE: [users@httpd] Re: Apache server v2.4.58 - suexec issue

2024-04-08 Thread j...@k6ccc.org
2.4.59 was released a few days ago to address these... Jim -Original Message- From: "Christophe JAILLET" Sent: Monday, April 8, 2024 13:26 To: users@httpd.apache.org, "Abdullah Adnan" Subject: [users@httpd] Re: Apache server v2.4.58 - suexec issue Le 07/04/20

[users@httpd] Re: Apache server v2.4.58 - suexec issue

2024-04-08 Thread Christophe JAILLET
Le 07/04/2024 à 19:55, Abdullah Adnan a écrit : Good day dears, Recently we have installed Apache server v2.4.58 in our CentOS 9, when make vulnerability scan with Nessus on the server the Nessus shows this vulnerability: The remote host appears to be running Apache and is potentially affec

[users@httpd] RE: virtualhost environment setting for proxy

2024-03-26 Thread Marc
> I have currently this in my virtual host config > > SetEnvIf Host test\.example\.com CODE=123 > > > How should I change this line for when this website is being access via > ProxyPass and ProxyPassReverse? > SetEnvIf X-Forwarded-Server

[users@httpd] Re: Apache Not Starting via XAMPP.

2024-03-09 Thread webadmin
There had been a different issue (extremely slow internet browsing speeds) that forced me to ultimately reinstall Windows 11 and all my apps from scratch. Afterward, in XAMPP, MySQL started crashing. I tried to change the MySQL port. Now it works, though, oddly, it appears to still be using the s

[users@httpd] Re: mod_fcgid problem in chroot: (38)Function not implemented

2024-02-05 Thread Robbie Roerbak
Dear all, To reply to myself: I resolved the problem by doing: mount --rbind /dev /chroot/apache/dev/ Kind regards, Robbie From: Robbie Roerbak Sent: 31 January 2024 17:45 To: users@httpd.apache.org Subject: [users@httpd] mod_fcgid problem in chroot: (38)Functi

Re: [users@httpd] Re: Issues with test framework against OpenSSL 3.2

2024-01-26 Thread Eric Covener
> > The key here is the "unknown ca", failing the handshake, either because > > the trust chain is broken somehow or the certs need to be generated now > > in a different way with OpenSSL 3.2. I looked at ./t/conf/ssl/ca/asf/certs/ca.crt on the last system I ran the framework on, and it seems to b

[users@httpd] Re: Issues with test framework against OpenSSL 3.2

2024-01-26 Thread David Anes
Hi all, I finally found a solution that passes all tests, but this should really be revised by someone else. Apache::Test module expects x509v1 certificates to be created by default. As of OpenSSL 3.2, the parameter/app "-x509" generates v3 certificates and this makes the testsuite to fail. Th

[users@httpd] Re: Issues with test framework against OpenSSL 3.2

2024-01-26 Thread David Anes
Hello everyone, After fighting the tests, I can confirm that the issue is certificates are not being verified correctly. For example, for t/protocol/echo.t, I was able to make it pass by updating vhost_socket in TestRequest.pm by bypassing cert verification: Index: httpd-2.4.58/httpd-fram

[users@httpd] Re: Apache/php Compression not enabled

2024-01-25 Thread Franciscus van Meelis
Hi I dug around to find the webserver logging, and found that it's not logging to apache2, it's logging to nginx. So I think apache compression doesn't work because we're not using apache. Sorry, My bad :( On 2024/01/24 17:21, Franciscus van Meelis wrote: Hi Apologies, I'm figuring this ou

Re: [users@httpd] Re: users Digest 11 Dec 2023 01:09:34 -0000 Issue 6525

2023-12-12 Thread Antony Stone
On Tuesday 12 December 2023 at 21:10:37, Michael B. Harris wrote: > I use Apache2 version 2.4.52 on Ubuntu server > > Apache2 is not running due to error encountered after last upgrade: > > AH00534: Apache2: Configuration error: No MPM loaded > > Does anyone have a fix for this? I am s

[users@httpd] Re: users Digest 11 Dec 2023 01:09:34 -0000 Issue 6525

2023-12-12 Thread Michael B. Harris
I use Apache2 version 2.4.52 on Ubuntu server Apache2 is not running due to error encountered after last upgrade:    AH00534: Apache2: Configuration error: No MPM loaded    Does anyone have a fix for this?  I am stumped. On 12/10/23 19:09, users-digest-h...@httpd.apache.org wrote: users Dig

Re: [users@httpd] RE: [External][users@httpd] Building 32-bit Apache-httpd

2023-11-28 Thread Frank Gingras
On Tue, Nov 28, 2023 at 12:11 PM Daga, Navin (Navin) wrote: > On Tue, Nov 28, 2023 at 9:19 AM Will Fatherley > wrote: > > > > >> Any help on this? How to build 32-bit Apache httpd on a 64-bit server? > > I am unsure of recommended workarounds as I usually have my package > manager build httpd di

RE: [users@httpd] RE: [External][users@httpd] Building 32-bit Apache-httpd

2023-11-28 Thread Daga, Navin (Navin)
On Tue, Nov 28, 2023 at 9:19 AM Will Fatherley mailto:wefather...@gmail.com>> wrote: >> Any help on this? How to build 32-bit Apache httpd on a 64-bit server? I am unsure of recommended workarounds as I usually have my package manager build httpd directly from that OSs package index. That said,

Re: [users@httpd] RE: [External][users@httpd] Building 32-bit Apache-httpd

2023-11-28 Thread Frank Gingras
On Tue, Nov 28, 2023 at 9:19 AM Will Fatherley wrote: > > >> >> Any help on this? How to build 32-bit Apache httpd on a 64-bit server? >> > I am unsure of recommended workarounds as I usually have my package > manager build httpd directly from that OSs package index. That said, a > container or V

Re: [users@httpd] RE: [External][users@httpd] Building 32-bit Apache-httpd

2023-11-28 Thread Will Fatherley
> >> Any help on this? How to build 32-bit Apache httpd on a 64-bit server? > I am unsure of recommended workarounds as I usually have my package manager build httpd directly from that OSs package index. That said, a container or VM might be a possibility.

[users@httpd] RE: [External][users@httpd] Building 32-bit Apache-httpd

2023-11-28 Thread Daga, Navin (Navin)
[External Sender] I'm trying to build Apache httpd RPM from the source tarball as mentioned in https://httpd.apache.org/docs/2.4/install.html

Re: [users@httpd] Re: users Digest 18 Nov 2023 20:42:58 -0000 Issue 6519

2023-11-18 Thread John
No, that was the immediate problem and someone else suggested it So I imported mod_ssl but at the moment that just moved the error elsewhere. The default Rocky Apache installation breaks everything up into little pieces in separate files and they aren't always compatible, certainly not with th

[users@httpd] Re: users Digest 18 Nov 2023 20:42:58 -0000 Issue 6519

2023-11-18 Thread Aditya Shastri
May not fix your problem, but I'm curious if mod_ssl was imported? On Sat, Nov 18, 2023 at 12:43 PM wrote: > > > users Digest 18 Nov 2023 20:42:58 - Issue 6519 > > Topics (messages 122954 through 122954) > > SSLEngine error > 122954 by: John > > Administrivia: > >

[users@httpd] Re: Weird issue with "H2Push" combined with FilesMatch

2023-10-25 Thread Jose Stefan
Hello, I decided to re-create the problem on a fresh install. I used 2 win64 releases provided by apachelounge.com * httpd-2.4.54-win64-VC15.zip * httpd-2.4.58-win64-VS17.zip I configured only the bare minimum needed to re-create the problem. They are both configured the same, and they

Re: [users@httpd] Re: Apache2 certificate authentication

2023-09-04 Thread Landon
On Tue, Jul 25, 2023 at 2:46 PM Daniel Ferradal wrote: > > > > >>> [Mon Jul 10 03:20:37.629596 2023] [ssl:error] [pid 2410] [client >>> 192.168.0.5:64817] AH10158: cannot perform post-handshake authentication >>> [Mon Jul 10 03:20:37.629633 2023] [ssl:error] [pid 2410] SSL Library >>> Error: erro

[users@httpd] Re: mod_dav how to configure DavLockDB in a clustered infrastructure and NFS

2023-08-31 Thread Lothar Webmin
Dears, we have several apache instances running each on its dedicated machines as a cluster. Therefore we specified DavLockDB on a nfs, so that all instances could access it. There where some Issues with the LockDB and we found this info: DavLockDB should not be on an NFS-mounted partition.

[users@httpd] Re: Can supply multiple group names within a single Require ldap-group directive

2023-08-26 Thread Daniel Gruno
On 2023-08-24 10:39, Prabhu Kondarangi wrote: Dear Team, I am looking for the possibility of supplying multiple group names within a single Require ldap-group directive. Is it possible even? Module: mod_authnz_ldap Directive: Require

Re: [users@httpd] RE: *****SPAM***** [users@httpd] How can I force a server nameheader?

2023-08-02 Thread John Iliffe
Thanks Marc. That might be difficult to do due to some technical limitations. I will try it out as soon as I get a working workstation. John == On Wednesday 02/08/2023 at 3:03 am, Marc wrote: I'm trying to test a new server located at internal IP 192.168.1.5. The production ser

[users@httpd] RE: *****SPAM***** [users@httpd] How can I force a server name header?

2023-08-02 Thread Marc
> > I'm trying to test a new server located at internal IP 192.168.1.5. The > production server lives at IP 192.168.1.7 on the same network. > > How can I force the browser to connect to the correct server? If I try > "http://192.168.1.5"; the redirect on the first (alphabetically) virtual > se

Re: [users@httpd] Re: Apache2 certificate authentication

2023-07-25 Thread Daniel Ferradal
>> [Mon Jul 10 03:20:37.629596 2023] [ssl:error] [pid 2410] [client >> 192.168.0.5:64817] AH10158: cannot perform post-handshake authentication >> [Mon Jul 10 03:20:37.629633 2023] [ssl:error] [pid 2410] SSL Library >> Error: error:0A000117:SSL routines::extension not received >> > This has nothing

Re: [users@httpd] Re: Apache2 certificate authentication

2023-07-09 Thread Florian Schwalm
I'm not sure if this command for signing the client certificate is correct as I don't see your corresponding openssl config and if it sets the correct keyUsage and extensions: sign client CSR openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt

[users@httpd] Re: Apache2 certificate authentication

2023-07-09 Thread Jiangsu Kumquat
I just tried accessing the "/secure/" directory in Edge and got the same error message after importing my pkcs12 certificate. I forgot to include the Apache2 error logs... [Mon Jul 10 03:20:37.629596 2023] [ssl:error] [pid 2410] [client 192.168.0.5:64817] AH10158: cannot perform post-handshake au

[users@httpd] RE: config - how are multiple VirtualHost directives for the same address handled?

2023-06-30 Thread Marc
> > > > How does apache httpd 2.4 handle multiple VirtualHost directives for > > the same address ? > > > > For example: > > > > > > SSLCertificateFile "${SRVROOT}/conf/server.crt" > ># ... > > > > > > > > DocumentRoot "/www/docs/host.example.com" > > # ... > > > > > > Are the setting

[users@httpd] RE: config - how are multiple VirtualHost directives for the same address handled?

2023-06-30 Thread David Balazic
From: Marc Sent: Friday, 30 June 2023 13:00 > > How does apache httpd 2.4 handle multiple VirtualHost directives for > the same address ? > > For example: > > > SSLCertificateFile "${SRVROOT}/conf/server.crt" ># ... > > > > DocumentRoot "/www/docs/host.example.com" > # ... > > > Are

[users@httpd] RE: config - how are multiple VirtualHost directives for the same address handled?

2023-06-30 Thread Marc
> > How does apache httpd 2.4 handle multiple VirtualHost directives for the > same address ? > > For example: > > > SSLCertificateFile "${SRVROOT}/conf/server.crt" ># ... > > > > DocumentRoot "/www/docs/host.example.com" > # ... > > > Are the settings merged, as if written like

[users@httpd] Re: Using MD for letsencrypt cert rotation

2023-06-16 Thread Tom Browder
On Fri, Jun 16, 2023 at 13:07 Tom Browder wrote: > Is Debian's certbot package required for MD use? Or does it interfere with > it? > > I suspect the latter. > Suspicion confirmed. -Tom

Re: [users@httpd] Re: Need help understanding mod_rewrite and redirect

2023-05-03 Thread Frank Gingras
In a non-directory context, just anchor your target, and you can skip the RewriteBase altogether. Redirect requires two parameters in the vhost/server context. On Wed, May 3, 2023 at 6:57 PM Jim Weill wrote: > On Wed, May 3, 2023 at 3:45 PM Frank Gingras wrote: > >> 1) Avoid rewriting from

Re: [users@httpd] Re: Need help understanding mod_rewrite and redirect

2023-05-03 Thread Jim Weill
On Wed, May 3, 2023 at 3:45 PM Frank Gingras wrote: > 1) Avoid rewriting from or blocks. > RewriteBase says it cannot be called outside , is that not the case...? > 2) Avoid using mod_alias (redirect) from that context as well > I tried putting the redirect outside the and it would not red

Re: [users@httpd] Re: Need help understanding mod_rewrite and redirect

2023-05-03 Thread Frank Gingras
1) Avoid rewriting from or blocks. 2) Avoid using mod_alias (redirect) from that context as well 3) Provide more than one rewrite log line, context matters 4) This can be replaced with FallbackResource /index.php: RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRul

[users@httpd] Re: Need help understanding mod_rewrite and redirect

2023-05-03 Thread Jim Weill
The logs say something of the form: input=full.website.base.URL pattern=hostname.fq.dn not matched Where am I going wrong here? jim On Wed, May 3, 2023 at 9:55 AM Jim Weill wrote: > We have a website that has been in use for a project for years, which > someone else took up and would like the

Re: [users@httpd] Re: [EXTERNAL] Re: [users@httpd] OCSP Stapling Configuration Setup

2023-05-03 Thread Quintin Ash
Nothing that I could find in the documentation says that the OCSP stapling does anything outside of that. The OCSP server will add that status to the handshake / response. I guess is there a way to check that OCSP response status in Apache and manually block this based on it? —

Re: [users@httpd] Re: [EXTERNAL] Re: [users@httpd] OCSP Stapling Configuration Setup

2023-04-24 Thread Eric Covener
> > I have added tracing and see that the OCSP is revoked. I guess my question > is, if the certificate is revoked, should Apache deny access to the > website? Because it is still allowing access even though the OCSP server > mentions that it's revoked. > Is there anything in the docs that implies

Re: [users@httpd] Re: [EXTERNAL] Re: [users@httpd] OCSP Stapling Configuration Setup

2023-04-24 Thread Quintin Ash
Thanks Daniel! I have that enabled. Here are all relevant settings below: SSLVerifyClient require SSLVerifyDepth 10 SSLOCSPEnable on SSLOCSPDefaultResponder http://x.x.x.x:41233 SSLPassPhraseDialog builtin SSLSessionCache "dbm:/xx/logs/ssl_scache" SSLSessionCacheTimeout 300 SSLStaplingCache "dbm:/x

Re: [users@httpd] Re: [EXTERNAL] Re: [users@httpd] OCSP Stapling Configuration Setup

2023-04-18 Thread Daniel Ferradal
El lun, 17 abr 2023 a las 21:19, Quintin Ash () escribió: > Yes I have that as well > SSLVerifyClient require > SSLVerifyDepth 10 > > I also have FIPS enabled (not sure if that matters). > > > >> Well, it should be working if everything is in the right place. Increase debug level to trace7 and ch

[users@httpd] Re: [EXTERNAL] Re: [users@httpd] OCSP Stapling Configuration Setup

2023-04-17 Thread Quintin Ash
Yes I have that as well SSLVerifyClient require SSLVerifyDepth 10 I also have FIPS enabled (not sure if that matters). —— Quintin Ash | Senior Software Engineer Tenable Network Security 7021 Columbia Gateway Drive, Suite 500 Columbia, MD 21046 q...@tenable.com W:

Re: [users@httpd] Re: Cron job for Apache managed Letsencrypt TLS certs

2023-03-25 Thread Ruben Safir
On 3/24/23 21:53, Tom Browder wrote: > On Fri, Mar 24, 2023 at 20:26 Ruben Safir wrote: > >> On 3/24/23 20:53, Sean Conner wrote: >>> /usr/local/apache2/bin/apachectl graceful >> >> that might not work if systemd is superving > > > What would you recommend? > > -Tom > I perfer apachctl becaus

Re: [users@httpd] Re: Cron job for Apache managed Letsencrypt TLS certs

2023-03-24 Thread Sean Conner
It was thus said that the Great Ruben Safir once stated: > On 3/24/23 20:53, Sean Conner wrote: > > /usr/local/apache2/bin/apachectl graceful > > that might not work if systemd is superving systemd is not supervising on my server, which is why I'm using apachectl. -spc

Re: [users@httpd] Re: Cron job for Apache managed Letsencrypt TLS certs

2023-03-24 Thread Tom Browder
On Fri, Mar 24, 2023 at 20:26 Ruben Safir wrote: > On 3/24/23 20:53, Sean Conner wrote: > > /usr/local/apache2/bin/apachectl graceful > > that might not work if systemd is superving What would you recommend? -Tom

Re: [users@httpd] Re: Cron job for Apache managed Letsencrypt TLS certs

2023-03-24 Thread Ruben Safir
On 3/24/23 20:53, Sean Conner wrote: > /usr/local/apache2/bin/apachectl graceful that might not work if systemd is superving -- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://ww

Re: [users@httpd] Re: Cron job for Apache managed Letsencrypt TLS certs

2023-03-24 Thread Sean Conner
It was thus said that the Great Tom Browder once stated: > On Fri, Mar 24, 2023 at 12:23 Tom Browder wrote: > > > I have all my websites using Apache's managed certs. Up to now I have been > > restarting them periodically manually as root executing "apachectl > > graceful" and then checking to se

[users@httpd] Re: Cron job for Apache managed Letsencrypt TLS certs

2023-03-24 Thread Tom Browder
On Fri, Mar 24, 2023 at 12:23 Tom Browder wrote: > I have all my websites using Apache's managed certs. Up to now I have been > restarting them periodically manually as root executing "apachectl > graceful" and then checking to see if the update happened. I have for a > long time been meaning to

[users@httpd] RE: undefined symbol: EVP_KDF_ctrl, version OPENSSL_1_1_1b - RHEL-8

2023-03-03 Thread Devendra.S.Daiya
Can anyone please response. Thanks. Regards, Devendra From: devendra.s.da...@wellsfargo.com.INVALID Sent: Thursday, March 2, 2023 10:31 PM To: users@httpd.apache.org Subject: [users@httpd] undefined symbol: EVP_KDF_ctrl, version OPENSSL_1_1_1b - RHEL-8 Hi Team, I have been facing below issu

Re: [users@httpd] Re: Apache 2.4 ops

2023-02-23 Thread Uncle Gary
Getting closer:  "  Apache service is already started. " Can you explain the operation of the " Service Monitor ? "   " Connect ? "  I'll RTFM if documented. Thanks much ! On 2/22/2023 8:21 PM, 😉 Good Guy 😉 wrote: > On 22/02/2023 16:31, Uncle Gary wrote: >> Possible additional problem: >> >>

[users@httpd] Re: Apache 2.4 ops

2023-02-22 Thread 😉 Good Guy 😉
On 22/02/2023 16:31, Uncle Gary wrote: Possible additional problem: Noticed that the 2.4 " Service " is stopped and will not start. "Â Windows could not start " etc etc. The full command to install a service is: httpd -k install Good luck.

[users@httpd] Re: Apache 2.4 ops

2023-02-22 Thread 😉 Good Guy 😉
On 22/02/2023 16:31, Uncle Gary wrote: Possible additional problem: Noticed that the 2.4 " Service " is stopped and will not start. "Â Windows could not start " etc etc. How exactly are you trying to start "service"?  Dis you install httpd as a service by typing: httpd -k You need to

Re: [users@httpd] Re: Apache 2.4 ops

2023-02-22 Thread Uncle Gary
Possible additional problem: Noticed that the 2.4 " Service " is stopped and will not start. "  Windows could not start " etc etc. On 2/21/2023 4:54 PM, 😉 Good Guy 😉 wrote: > On 21/02/2023 19:54, Uncle Gary wrote: >> Ok guys, this should be very easy: >> >> I've gotten to " /It works /" >> >

Re: [users@httpd] Re: Apache 2.4 ops

2023-02-21 Thread Uncle Gary
OKthat may be my mistake. Tnx much GGI'lll try it ! G On 2/21/2023 5:58 PM, 😉 Good Guy 😉 wrote: > On 21/02/2023 23:17, Uncle Gary wrote: >> OK GuyI'm certain that's the first line I edited, but I'll go back >> and try again ! >> >> Many thanks ! >> >> Gary >> >> >> > > After making t

  1   2   3   4   5   6   7   8   9   10   >