[users@httpd] Serving pre-compressed static content using httpd 2.2.x

All, I've been reading a bit lately about serving pre-compressed static content with httpd, and it looks like I have a few options that have various pros and cons. I'd like to make sure I have things straight because my testing so far has left me a bit frazzled. If I'm wrong about any of the asse

Re: [users@httpd] Serving pre-compressed static content using httpd 2.2.x

All, Replying to see if I can get a response. Anyone? Thanks, -chris On 3/22/12 3:10 PM, Christopher Schultz wrote: > All, > > I've been reading a bit lately about serving pre-compressed static > content with httpd, and it looks like I have a few options that have > variou

Re: [users@httpd] Httpd 2.4.1 Compatibility with mod_jk 1.2.35

Harsimranjit, On 3/29/12 12:48 AM, Harsimranjit singh Kler wrote: > I have tested basic functionality of this combination and it works fine. > > Is there any issue or bug or i can use 1.2.35 with httpd -2.4.1 There are no issues I know of with mod_jk 1.2.35 and httpd 2.4.x, but the two previous

Re: [users@httpd] modifying Location header

Hleb, On 10/30/15 10:24 AM, Hleb Valoshka wrote: > On 10/29/15, John Iliffe wrote: >>> Is it possible to modify Location using mod_headers? I want to replace >>> http:// with https:// but Header edit http://(.*) https://$1 does not >>> work, neither with always. unset and set don't work as well,

Re: [users@httpd] php.conf and PHP-FPM

John, On 11/13/15 2:53 PM, Rose, John B wrote: > Let me rephrase my question. > > I understand the .conf file names can be anything. > > I may should have asked it this way, do the settings such as ... > > > SetHandler application/x-httpd-php > > > > > AddType text/html .php > > Etc,

Re: [users@httpd] How to force browsers doesn't use cache

Pete, On 11/16/15 3:52 PM, Pete Houston wrote: > On Mon, Nov 16, 2015 at 06:19:37PM -0200, Ronaldo Luiz de Carvalho wrote: >> There are a way to setting apache in a way to force the users site browsers >> doesn't use their cache? > > You can use the Header directive to set the appropriate value o

[users@httpd] Redirect[Match] behind load-balancer switching protocols

All, The docs for the Redirect directive state that a slash-prefixed replacement URL (relative) will use the current request's scheme and hostname to build the redirect URL. RedirectMatch doesn't say specifically, but what I'm observing is that: RedirectMatch permanent ^/$ /foo/ ... when reques

Re: [users@httpd] Is there a shell environment variable to direct httpd to a httpd.conf ?

Gary, On 11/20/15 4:44 PM, Gary M wrote: > I'm in a unique configuration dilemma where I need to place the location > of httpd.conf in a "soft" location. eg the shell environment variable. > > I did look and cannot find the answer. > > The question: "is there a shell environment variable read by

[users@httpd] ProxyPass + Redirect

All, I've got a reverse-proxy in front of Tomcat that I'd like to configure. When using mod_jk, we have a configuration like this: RedirectMatch ^/foo(/)?$ /foo/someplace_specific.html RedirectMatch ^/foo/index.html$ /foo/someplace_specific.html JkMount /foo/*.do myWorker This works swi

Re: [users@httpd] ProxyPass + Redirect

Bill, On 12/16/15 5:45 PM, William A Rowe Jr wrote: > On Wed, Dec 16, 2015 at 4:34 PM, Christopher Schultz > mailto:ch...@christopherschultz.net>> wrote: > > >RedirectMatch ^/foo(/)?$ /foo/someplace_specific.html >RedirectMatch ^/foo/index.html$ /foo

Re: [users@httpd] Uneven load distribution in Tomcat application servers proxy balanced in front end Apache httpd web server

Gaurav, On 12/22/15 11:26 AM, Gaurav Kumar wrote: > I am using 6 Apache httpd 2.2.15 which are forwarding requests to the > Tomcat application servers (version: 7.0.41). Using mod_proxy, all the > application servers are balanced with proxy balancers. Below is the > similar configuration of apache

Re: [users@httpd] ProxyPass + Redirect

Yann, On 12/17/15 3:51 AM, Yann Ylavic wrote: > On Thu, Dec 17, 2015 at 8:14 AM, Marat Khalili wrote: >> Crude, but what about: >> >> ProxyPassMatch "^/foo/(.+)$" "http://localhost:8009/foo/$1"; > > or (along the lines): > ProxyPassMatch ^/foo/((?!index\.html$).+)$ http://localhost:8009/

Re: [users@httpd] proper MPM and mod_php

Eric, On 1/7/16 5:47 PM, Eric Covener wrote: > On Thu, Jan 7, 2016 at 4:51 PM, Rose, John B wrote: >> Is using "event" MPM and mod_php ok, or should "prefork" always be used with >> mod_php? > > The conventional wisdom is prefork-only if you must use mod_php. I was just looking at this yesterda

[users@httpd] Expiring DAV file locks with mod_dav

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, I've been searching for a bit and mostly people are having the opposite problem I'm having: they are having file locks expire too early . I have a lock on a file on the DAV that looks like it's no longer valid, but LibreOffice Writer won't open

Re: [users@httpd] How to build Apache with FIPS mode capable?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rich, On 2/8/16 3:25 PM, cloud force wrote: > Hi All: > > From the mod_ssl doc, it mentioned: "If httpd was compiled against > an SSL library which did not support the FIPS_mode flag, |SSLFIPS > on| will fail." > > How do I compile apache (version 2

Re: [users@httpd] How to build Apache with FIPS mode capable?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rich, On 2/9/16 4:09 PM, cloud force wrote: > Yes I do have* *some regulatory requirement to use FIPS and I have > built the FIPS capable OpenSSL lib. Where is that library located on the disk? > I tried to add the "SSLFIPS on" parameter to the http

Re: [users@httpd] How to build Apache with FIPS mode capable?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rich, On 2/9/16 6:21 PM, cloud force wrote: > On Tue, Feb 9, 2016 at 2:59 PM, Christopher Schultz > <mailto:ch...@christopherschultz.net>> wrote: > > Rich, > > On 2/9/16 4:09 PM, cloud force wrote: >> Yes I do h

Re: [users@httpd] How to build Apache with FIPS mode capable?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rich, On 2/10/16 11:24 AM, cloud force wrote: > Hi Chris, > > Please see my comments below. > > Thanks, Rich > > On Wed, Feb 10, 2016 at 7:20 AM, Christopher Schultz > <mailto:ch...@christopherschultz.net>> wrot

Re: [users@httpd] How to build Apache with FIPS mode capable?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rich, On 2/10/16 1:12 PM, cloud force wrote: > I added the "SSLFIPS on" option to the httpd.conf as suggested in > the ssl_mod doc, and I got the following error: > > * Starting web server apache2 > > > Syntax error on line 1 of /etc/apache2/httpd.

Re: [users@httpd] How to build Apache with FIPS mode capable?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yann, On 2/10/16 6:11 PM, Yann Ylavic wrote: > Hi, > > On Wed, Feb 10, 2016 at 11:14 PM, Christopher Schultz > wrote: >> >> To those down and dirty with httpd: is there a reason not to >> UNCONDITIONALLY build again

[users@httpd] Proxy logging

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, I'm using mod_proxy_http as a reverse-proxy to another origin server. It seems that httpd doesn't record access logs for stuff going over to the proxy. Is there a way to write an access log for requests handles by mod_proxy? Or is the best pract

Re: [users@httpd] Expiring DAV file locks with mod_dav

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, Ping. Any ideas? Thanks, - -chris On 2/5/16 4:04 PM, Christopher Schultz wrote: > All, > > I've been searching for a bit and mostly people are having the > opposite problem I'm having: they are having file locks expir

Re: [users@httpd] image display error with stock icon

Douglas, On 2/14/16 9:44 PM, Douglas W. Goodall wrote: > I have written a very simple pair of cgi scripts in python that display > a toggle switch either > in the up position, or in the down position. When you click on the > switch, it toggles between > the two and switches between the images appr

Re: [users@httpd] Howto accept only one connection

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oliver, On 2/18/16 8:31 AM, Oliver Graute wrote: > is it possible to configure Apache 2.4 to accept only one > connection at time on port 443? is this something I can configure > for my Virtual Hosts? For testing, or for long-term behavior? - -chris

Re: [users@httpd] Howto accept only one connection

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oliver, On 2/19/16 10:11 AM, Oliver Graute wrote: > On 19/02/16, Aurélien Terrestris wrote: >> Hello, >> >> I'm not sure we can accept only one connection at a given time. I >> tested with the "prefork MPM", and I only achieve 1 concurrent >> request

Re: [users@httpd] apache 2.4, APR and online prefix

Raf, On 2/24/16 4:41 AM, Raf Roger wrote: > Hi > > i'm trying to create a LAMP stack that allow user to synchronize LAMP > stack files and webapps among several computers. > > Instead of reinstalling everything identically on each computer, they > could just synchronize the stack and voila. > >

Re: [users@httpd] Apache virus scanning

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John On 3/8/16 2:43 PM, Rose, John B wrote: > Looking for comments on mod_clamav, and any other alternative > antivirus software for Apache on linux Are you trying to protect your clients or your servers? - -chris -BEGIN PGP SIGNATURE- Comme

Re: [users@httpd] Apache virus scanning

John, On 3/8/16 6:02 PM, Rose, John B wrote: > I am interested in both > > Thanks > > Sent from my iPad > >> On Mar 8, 2016, at 3:27 PM, Christopher Schultz >> wrote: >> > John > >>>> On 3/8/16 2:43 PM, Rose, John B wrote: >>>

Re: [users@httpd] Apache virus scanning

in in memory to be scanned, or will it be streamed to a disk somewhere first? You don't want AV-scans to bust your memory cap. -chris > On 3/9/16 9:49 AM, "Christopher Schultz" > wrote: > >> John, >> >> On 3/8/16 6:02 PM, Rose, John B wrote: >>> I

Re: [users@httpd] Apache permissions stabs new Linux user in face with icepick. Suggestions?

Eric, On 3/9/16 8:44 PM, Eric Covener wrote: > On Wed, Mar 9, 2016 at 8:40 PM, Francis Roy > wrote: >> drwxr-x--- username > > > If you want to serve out of your home directory, it needs to be > executable by "other". Or group-owned by whatever group httpd runs under. No ownership was previ

Re: [users@httpd] Load balancing based on header value

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Niranjan, On 3/30/16 2:15 PM, Niranjan Rao wrote: > Greetings, > > My first post to this mailing list. > > I have apache2 load balancing working perfectly based on session > affinity. Traffic does get directed properly to appropriate tomcat > serve

Re: [users@httpd] Load balancing based on header value

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Niranjan, On 3/30/16 3:02 PM, Niranjan Rao wrote: > I am using AJP to connect to tomcat. > > Entry in the config file looks like > > BalancerMember ajp://myserver:8009 > route=node2 ProxySet lbmethod=bytraffic ProxySet > stickysession=JSESSIONID >

Re: [users@httpd] Self-compiled httpd and OpenSSL: Trying to start httpd without using LD_LIBRARY_PATH

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel, On 4/7/16 11:21 AM, Poggenpohl, Daniel wrote: > I'm working with Solaris 11.3 32Bit. > > I've compiled and installed OpenSSL 1.0.2g with SSLv2 support > (yeah, I know, but I can't get my setup to work without it) using: You need to fix that

Re: AW: [users@httpd] Self-compiled httpd and OpenSSL: Trying to start httpd without using LD_LIBRARY_PATH

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel, On 4/7/16 2:52 PM, Poggenpohl, Daniel wrote: > my setup is: I have a Moodle installation I need to run. So I need > Apache, PHP, OpenSSL, iconv, mbstring, curl, zip, etc. . The plan > is to have a relatively new PHP (5.6.20) and stay "new" wit

Re: [users@httpd] Self-compiled httpd and OpenSSL: Trying to start httpd without using LD_LIBRARY_PATH

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rainer, On 4/8/16 11:30 AM, Rainer Jung wrote: > Am 08.04.2016 um 10:41 schrieb Rainer Canavan: >> On Fri, Apr 8, 2016 at 12:31 AM, Yann Ylavic >> wrote: >>> On Thu, Apr 7, 2016 at 5:21 PM, Poggenpohl, Daniel >>> wrote: LDFLAGS="-L$OPENS

Re: [users@httpd] url forwarding

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 K, On 4/8/16 2:35 PM, K R wrote: > I have a need to setup a redirect for around 3000 pages which are > in below format > > http://myhost.com/index?page=content&topic=TVAR&popular=HOT-TOPIC > --> http://myhost.com/index?page=content&topic=TVAR > > a

Re: [users@httpd] url forwarding

" &popular=HOT-TOPIC > <http://myhost.com/index?page=content&topic=TVAR&popular=HOT-TOPIC> " > on the redirect You can use mod_rewrite to do just about anything. You can even mutate the URL such that you don't even need to redirect the request.

Re: [users@httpd] How to test my self-compiled Apache (overall and specifically LDAP)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel, On 4/11/16 12:11 PM, Poggenpohl, Daniel wrote: > Hello everyone, > > now that I have a self-compiled httpd, I of course would like to > test its features, or rather if all features are working right when > it is running. Is there a way to tes

Re: AW: [users@httpd] How to test my self-compiled Apache (overall and specifically LDAP)

t; HTTP authentication using an LDAP server? The answer to that question is insanely easy to find: http://httpd.apache.org/docs/2.4/mod/mod_authnz_ldap.html - -chris > -Ursprüngliche Nachricht- Von: Christopher Schultz > [mailto:ch...@christopherschultz.net] Gesendet: Montag, 11. Ap

Re: [users@httpd] Not able to make .so file during install apache-2.4.18

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hemant, On 4/12/16 6:40 AM, Yann Ylavic wrote: > Hello Hemant, > > On Tue, Apr 12, 2016 at 10:58 AM, Hemant Chaudhary > wrote: >> While installing apache-2.4.18 on Non Stop HP, I am not able to >> create .so file(shared file) which is required in

Re: [users@httpd] One page hanging entire server

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 D'arcy, On 5/9/16 2:16 PM, D'Arcy J.M. Cain wrote: > This weekend at various times my server was brought down. I saw > one process using over 99% of the CPU. No pages could be served > while this was going on. I found the culprit. It was a Wordpre

Re: [users@httpd] Apache mod_dav alternatives?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Bjoern, On 5/21/16 5:08 PM, Bjoern Voigt wrote: > I am using Apache as a web and proxy server, but I am unhappy with > Apache as a WebDAV file server. > > I am missing a good file permission or ACL configuration in Apache > mod_dav. > > My wishli

Re: [users@httpd] Secured connection between Apache Httpd and Tomcat over AJP protocol

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mohanavelu, On 5/25/16 10:16 AM, Mohanavelu Subramanian wrote: > Hi All, > > Good Morning. > > I have Httpd process and Tomcat instances both running on 2 > different machines. The communication between them happens through > AJP protocol (mod_jk) w

Re: [users@httpd] SVN checkout of latest official Apache release

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mike, On 6/8/16 12:10 PM, Mike Rumph wrote: > > On 6/7/2016 5:54 PM, Balcos, Michael wrote: >> >> Hi Mike, >> >> >> >> Thank you for the reply. I believe that I’ll have to write a >> script in order to know what is the latest official release of

Re: [users@httpd] LetsEncrypt.org with Virtual Hosting

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Filipe, On 6/14/16 3:15 PM, Filipe Cifali wrote: > Your are probably hitting the wrong cert file, check with: > > |openssl s_client -connect example.info:443 > | > > You can also try to disable the first SSL and check if you

Re: [users@httpd] find IP and PORT in use by Apache

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mahmood, On 6/21/16 2:29 PM, Mahmood N wrote: > How can I find which IP:PORT Apache web server is monitoring? There > are some network commands (netstat -pat), but they show the TCP > port in use. The machine has multiple network interfaces and the

Re: [users@httpd] find IP and PORT in use by Apache

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mahmood, On 6/21/16 2:45 PM, Mahmood N wrote: >> tcp 0 0 0.0.0.0:5666 0.0.0.0:* LISTEN 28122/xinetd Shows the >> port, 5666, the PID, 28122, and the program name, xinetd > So, you still don't know what is the IP address (network > interface)? I mean

Re: [users@httpd] find IP and PORT in use by Apache

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mahmood, On 6/21/16 2:54 PM, Mahmood N wrote: > You know, the problem is that compute nodes in Rocks distribution > use Apache web server to locate the install image. Currently, the > compute node, says Unable to retrieve > http://10.10.10.1/instal

Re: [users@httpd] find IP and PORT in use by Apache

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mahmood, On 6/21/16 5:43 PM, Christopher Schultz wrote: > Mahmood, > > On 6/21/16 2:54 PM, Mahmood N wrote: >> You know, the problem is that compute nodes in Rocks >> distribution use Apache web server to locate the instal

[users@httpd] Location location location

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, I have a long-standing configuration for a private server where all users must authenticate against our LDAP server. Something like this: AuthType Basic Require ldap-group mygroup I'm trying to use certbot to get a TLS certificate for t

Re: [users@httpd] Location location location

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Eric, On 7/18/16 2:12 PM, Eric Covener wrote: > On Mon, Jul 18, 2016 at 2:10 PM, Christopher Schultz > wrote: >> I believe by putting the exception-Location first in the >> configuration file, I should be able to

Re: [users@httpd] Is it possible to set different protocol for particular User-Agent?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Daniel, On 8/3/16 4:55 AM, Daniel wrote: > No, by the time the user agent or any actual http data gets to be > seen the protocol/cipher and complete ssl connection has already > been stablished. > > 2016-08-02 23:26 GMT+02:00 ghost

Re: [users@httpd] HTTPD asking for password after power failure

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, On 8/11/16 11:10 PM, Marat Khalili wrote: > From what I saw, this behavior of /dev/random is totally normal on > an idle Linux system. There seems to be some confusion about /dev/random on Linux systems. Yes, the behavior described here is nor

Re: [users@httpd] How to restart apache after reboot on ubuntu 16.04?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 8/17/16 4:12 PM, Dr James Smith wrote: > It may be possible to write your own auto-renewal script > relatively easily for LetsEncrypt. I have done for Apache as (a) I > don't use the standard paths and setup, (b) I wish to use HPKP on > my serve

[users@httpd] authnz_ldap with fallback to file

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, (Running Apache 2.2.22 with Debian patches) I've got some services that use LDAP for authentication. One specific service is our Nagios monitor. When the LDAP service is down, we get notifications that (duh) it's down, but because Nagios uses

Re: [users@httpd] authnz_ldap with fallback to file

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Eric, On 8/21/16 1:42 PM, Eric Covener wrote: > On Sun, Aug 21, 2016 at 1:40 PM, Christopher Schultz > wrote: >> Is there any way to combine these two authentication mechanisms >> (ldap, file) such that I can require an ldap-

Re: [users@httpd] httpd session timeout

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Roger, On 8/23/16 4:26 PM, Roger Paanini wrote: > Folks, I have tried to configure httpd with session timeout but it > does not seem to work. My httpd.conf has the following: > > Session on SessionMaxAge 1 AuthType Basic *** > > I was trying to pu

Re: [users@httpd] httpd session timeout

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Roger, On 8/24/16 9:53 AM, Roger Paanini wrote: > Chris, I am testing it by logging into the website using basic > authentication and then waiting for the time out duration and try > to access the page again. I am expecting to be challenged for > c

Re: [users@httpd] 32 bit - httpd-2.2.31 Binary distribution for linux

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Manjusha, On 8/30/16 4:09 AM, Gole, Manjusha (Manjusha) wrote: > Does anyone has a 32 bit - httpd-2.2.31 Binary distribution for > linux? Can anyone share instructions to build one? Most Linux distributions have httpd available through the package

Re: [users@httpd] questions about IPv6 and SSL

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Andreas, On 8/31/16 10:56 AM, Andreas Meyer wrote: > Just subscribed to this list because people reported my web server > is not reachable anymore. > > A few days ago I added IPv6-connectivity to the web server and > changed the Listen-directives a

Re: [users@httpd] questions about IPv6 and SSL

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Andreas, On 8/31/16 6:05 PM, Andreas Meyer wrote: > Christopher Schultz schrieb am > 31.08.16 um 17:28:04 Uhr: > >>> A few days ago I added IPv6-connectivity to the web server and >>> changed the Listen-directives

Re: [users@httpd] Apache losing its connection from Tomcat in few minutes

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 James, On 9/4/16 5:16 AM, Dr James Smith wrote: > You don't give enough information about the setup to solve any of > your problems really. > > Are the apache/tomcat/cms on the same box or different > > We have seen big problems with mod_jk when t

Re: [users@httpd] problem compiling apache

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Pavol, On 9/20/16 3:07 PM, Pavol Eisenberg wrote: > Hello > > After I've tried to upgrade my openssl 1.0.2 (ubuntu default) to > Openssl 1.1.0 I cannot compile apache with ssl anymore.I also > reverse to openssl 1.0.2 but the problem still remain.

Re: [users@httpd] Showing exact filesize in bytes instead of shortform in directory listing

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cie, On 9/30/16 5:59 AM, Cie wrote: > In Apache server 2.4, when activating the IndexOptions > +FancyIndexing in the httpd.conf, the directory listing shows the > file size of a file like in the following example: > > exported_file.pdf 2.1M > > Th

Re: [users@httpd] Fine Tuning Apache 2.4 on AWS EC2 t2.medium Instance

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Tony, On 10/1/16 4:36 PM, Tony DiLoreto wrote: > All, > > I'm at my wits end trying to simply run Apache 2.4 on my Amazon > EC2 server. There are dozens of stackoverflow and websites, but > the suggestions do not seem to work on my instance. > > *

[users@httpd] Copyright notices in httpd source files

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, Is it common to have a copyright notice in httpd C source files? Jim committed a donation of code for HAProxy's PROXY protocol in r1776076 and later. (Thanks, by the way: I've been hoping to get this in 2.4 for a while so consider me a big (ka

Re: [users@httpd] Copyright notices in httpd source files

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Nick, On 12/29/16 3:56 AM, Nick Kew wrote: > Cc: dev list. Looks like a catch? (my reply might be bounced from the dev@ list... I don't think I'm subscribed) > On Wed, 2016-12-28 at 17:44 -0500, Christopher Schultz wrote: >

Re: [users@httpd] Copyright notices in httpd source files

this discussion with a better audience. Thanks, - -chris >> On Dec 29, 2016, at 3:56 AM, Nick Kew wrote: >> >> Cc: dev list. Looks like a catch? >> >> On Wed, 2016-12-28 at 17:44 -0500, Christopher Schultz wrote: >>> All, >>> >>> Is it

[users@httpd] Configuring redirects httpd behind a TLS-terminating proxy

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, I've got an EC2 instance behind a load balancer where TLS is being terminated. I've arranged for two separate httpd (2.4.25) VirtualHosts: one for the secure connections (proxied from the lb) and another for the non-secure connections. I have

Re: [users@httpd] Configuring redirects httpd behind a TLS-terminating proxy

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Konstantin, On 1/24/17 3:53 AM, Konstantin Kolinko wrote: > 2017-01-24 1:07 GMT+03:00 Christopher Schultz > : >> >> I've got an EC2 instance behind a load balancer where TLS is >> being terminated. I've arran

Re: [users@httpd] apache 2.4.10 sslv3 not offering when tls is enabled

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Daniel, On 2/9/17 4:53 PM, Daniel wrote: > Try manually: > > SSLProtocol SSLv3 TLSv1 TLSv1.1 TLSv1.2 And, please, for the love of god, add these, too: SSLHonorServerOrder On SSLCipherSuite TLSv1.2:TLSv1.1:TLSv1:SSLv3 This will cause "better" cip

Re: [users@httpd] proxypass does'nt seem to work on apache 2.4.25

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Stéphane, On 2/17/17 11:06 AM, Stéphane Laurencelle wrote: > i try to implment the proxypass and proxypassreverse in apache 2.4 > vhost file on oel 6.8 to redirect does to tomcat apps web page but > nothing seem to work like in apache 2.2.x > > is

Re: [users@httpd] Processes starts

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hement, On 2/15/17 6:05 AM, Hemant Chaudhary wrote: > When I am stating my httpd-2.4.23 servers, sometime 6 process id's > or sometimes 7 process id's are generated. Can I edit how many > process id's I want to start. Yes. > I am assuming 1 proces

[users@httpd] DH parameter selection on httpd 2.2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, I'm running httpd 2.2.31 on Amazon Linux, and the docs for SSLCertificateFile say: " Beginning with version 2.2.30, mod_ssl makes use of standardized DH parameters with prime lengths of 2048, 3072, 4096, 6144 and 8192 bits (from RFC 3526), and

Re: [users@httpd] DH^H^H EC parameter selection on httpd 2.2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, On 3/30/17 4:32 PM, Christopher Schultz wrote: > All, > > I'm running httpd 2.2.31 on Amazon Linux, and the docs for > SSLCertificateFile say: > > " Beginning with version 2.2.30, mod_ssl makes use of standardize

Re: [users@httpd] Logs analyse

Vitthal, On Jul 26, 2013, at 7:18, wrote: > Can anyone tell me the name of apache logs analyzer tool which is free and > easily available. You could use Webalizer or its more currently-maintained fork, awffull. -chris

[users@httpd] and Satisfy in for mod_dav

All, I'm having trouble getting and Satisfy to work within a . I'm using Apache httpd 2.2.22 on Debian Wheezy. Now, "Satisfy" is not documented to work under elements, but also is not documented to work under , and seems to work without a problem. I was wondering if it's just an accident that

[users@httpd] High CPU Usage in Amazon EC2

All, I'm having a problem in production I've never seem before. We are running a pair of AWS EC2 m1.micro web servers where only one of them in really in service at any given time. The httpd instance serves some static content and forwards a great deal of traffic via stunnel to a single back-end T

Re: [users@httpd] High CPU Usage in Amazon EC2

All, I forgot to mention that most of our traffic is over SSL. OpenSSL version is OpenSSL 1.0.1e-fips 11 Feb 2013. Thanks, -chris On 4/3/14, 10:04 AM, Christopher Schultz wrote: > All, > > I'm having a problem in production I've never seem before. We are > running a pa

Re: [users@httpd] High CPU Usage in Amazon EC2

bove, wouldn't the processes be sitting idle waiting for blocking IO to return? I'm not surprised that the bytes are moving slowly, actually. I'm surprised that I'm pegging my CPU waiting for bytes to move... Thanks, -chris > On 4/3/14, 40:23 PM, Christopher Schultz wrote: &

Re: [users@httpd] High CPU Usage in Amazon EC2

few tens of times and the lowest number I ever got was 133. On systems that have truly run out of randomness, I have seen this number drop to zero (it usually happens during OpenSSL server key generation :). I'm at a loss for what to check next. Any suggestions? Thanks, -chris On 4/3/14, 10:38

Re: [users@httpd] High CPU Usage in Amazon EC2

Jason, On 4/3/14, 11:35 AM, Jason Cillo wrote: > Have you looked at OpenSSL Cookbook? It's free. I find it very > useful. (I even bought the larger book of which it is a chapter.) Did you have something in particular that you thought would be relevant from that book? -chris signature.asc Desc

Re: [users@httpd] High CPU Usage in Amazon EC2

Igor, On 4/4/14, 5:39 AM, Igor Cicimov wrote: > > On 04/04/2014 1:05 AM, "Christopher Schultz" > mailto:ch...@christopherschultz.net>> wrote: >> >> All, >> >> I'm having a problem in production I've never seem before. We are >>

Re: [users@httpd] High CPU Usage in Amazon EC2

Igor, On 4/5/14, 4:57 PM, Igor Cicimov wrote: > > On 06/04/2014 5:51 AM, "Christopher Schultz" > mailto:ch...@christopherschultz.net>> wrote: >> >> Igor, >> >> On 4/4/14, 5:39 AM, Igor Cicimov wrote: >> > >> > On 04/04/2014 1:05

Re: [users@httpd] High CPU Usage in Amazon EC2

All, On 4/8/14, 11:11 AM, Christopher Schultz wrote: > I'm not sure I can chalk-up the above difference to simply network noise > (specifically, average, max, 90% line). What I'm observing here is > certainly not the extent of the problems we are experiencing, but I have >

Re: [users@httpd] heartbleed and httpd configuration

Steven, On 4/12/14, 2:15 PM, Steven Siebert wrote: > I think it would be unlikely because the httpd configuration data > would be read into memory early on the heap (and in a very low > volatile area where that memory wouldn't often be freed up), whereas > the heartbeat would be much later in the

[users@httpd] Enabling ECDHE ciphers

All, I'm trying to enable (and prefer!) ECDHE ciphers for clients that can support them. I've done the obvious: SSLHonorCipherOrder Yes SSLProtocol ALL -SSLv2 SSLCipherSuite ECDHE:ECDH:..[other stuff] I have confirmed that, when running "openssl ciphers [stuff above]" that I get ECDHE ciphers li

Re: [users@httpd] Enabling ECDHE ciphers

Hanno, On 4/17/14, 12:29 PM, Hanno Böck wrote: > On Thu, 17 Apr 2014 12:27:37 -0400 > Christopher Schultz wrote: > >> I'm trying to enable (and prefer!) ECDHE ciphers for clients that can >> support them. I've done the obvious: > [...] >> I'm runni

Re: [users@httpd] Enabling ECDHE ciphers

Igor, On 4/17/14, 8:56 PM, Igor Cicimov wrote: > > On 18/04/2014 2:30 AM, "Hanno Böck" <mailto:ha...@hboeck.de>> wrote: >> >> On Thu, 17 Apr 2014 12:27:37 -0400 >> Christopher Schultz <mailto:ch...@christopherschultz.net>> wrote: >>

Re: [users@httpd] NameVirtualHost address is not supported

Michael, On 4/18/14, 2:16 PM, Michael Peters wrote: > I have a few sites I’d like to run on a single server with one IP on > port 80 and 443. I’ve tried several configuration examples without > success. I get error messages like this: > > > > Starting httpd: [Fri Apr 18 09:23:32 2014] [error]

Re: [users@httpd] Enabling ECDHE ciphers

John, On 4/18/14, 1:16 PM, John Iliffe wrote: > Further to my previous post, the log reports: > > [Sun Apr 13 03:20:08.591247 2014] [mpm_event:notice] [pid 11737:tid > 140478837470976] AH00489: Apache/2.4.9 (Unix) OpenSSL/1.0.1g configured -- > resuming normal operations > [Sun Apr 13 03:20:08.

Re: [users@httpd] Apache and Upgrading OpenSSL

Jeff, On 4/18/14, 12:23 PM, Cabell, Jeff wrote: > I'm working on doing some upgrade testing to mitigate the Heartbleed > issue and some other vulnerabilities. Part of that is updating > OpenSSL, but I'm a bit confused about something and am hoping that > someone can help me. I've done at least a

Re: [users@httpd] Apache and Upgrading OpenSSL

JEff, On 4/18/14, 2:59 PM, Cabell, Jeff wrote: > So you're saying that 2.2.27 and 2.4.9 are not actually current > releases for Windows...just for *nix? The httpd project no longer provides binaries of any kind. Most Linux distros directly package httpd, and anyone can compile it themselves, too.

Re: [users@httpd] Enabling ECDHE ciphers

J.Lance, On 4/18/14, 2:55 PM, J.Lance Wilkinson wrote: > Christopher Schultz wrote: > ...snip... >> >> I don't get it. Both setups (2.2.26 and 2.4.9) have 1.0.1.e and have an >> update available to 1.0.1g (I haven't read the changelogs but I'll bet >&

[users] Building apr on win32

All, I'm hoping this is the right mailing list: the apr project seems to have a "dev" list but no user one. I'm happy to move if appropriate. I'm trying to build apr on win32 from the command-line and I'm running into some resistance. I'm using Visual Studio 12 on Windows 8.1. I have installed th

[users@httpd] mod_remoteip not setting client's ip with AWS ELB

All, I'm trying to get httpd working behind an AWS ELB but still using the remote client's information whenever possible. ELB provides the X-Forwarded-For, X-Forwarded-Port, and X-Forwarded-Proto HTTP headers. My configuration looks like this: RemoteIPHeader X-Forwarded-For #RemoteIPTrus

Re: [users@httpd] mod_remoteip not setting client's ip with AWS ELB

quot; or something equivalent to only allow connections to this virtual host from the load-balancer. If that's not going to work, it's easily done at the OS or firewall level. Thanks, -chris > On 10/1/2014 11:00 AM, Christopher Schultz wrote: >> All, >> >> I'

Re: [users@httpd] mod_remoteip not setting client's ip with AWS ELB

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mike, On 10/2/14 12:04 PM, Mike Rumph wrote: > Since you are running 2.4.10, you have the latest mod_remoteip > fixes. But I think the problem is in the directives that you are > using: > > RemoteIPHeader X-Forwarded-For #RemoteIPTrustedProxy 10.0.

Re: [users@httpd] mod_remoteip not setting client's ip with AWS ELB

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mike, On 10/2/14 12:37 PM, Christopher Schultz wrote: > With my above configuration, I got a line in my (your) access log > that looks like this: > > 10.32.219.77 71.178.180.80 10.32.219.77 xf="-" - - > [02/Oct/2014:1

Re: [users@httpd] mod_remoteip not setting client's ip with AWS ELB

gt;> your proxies will not be accepted as external proxies. And your >> true client ip address will not be used. >> >> Try the following directives instead: >> >> RemoteIPHeader X-Forwarded-For RemoteIPInternalProxy 10.0.0.0/8 >> >> Let us know if this works for

  1   2   >