Re: [users@httpd] mod_remoteip and ErrorLogFormat

2024-10-20 Thread Daniel Ferradal Márquez 



On 19/10/24 11:50, Gretton, Liam wrote:

httpd 2.4.57-11 on Rocky 9 here.

I've been trying to get ErrorLogFormat to log the client IP address rather than 
that of my proxy's, but it doesn't seem to work. For LogFormat it is working as 
expected.

My suspicion is that mod_remoteip doesn't actually modify core's %a format 
string, yet the documentation for ErrorLogFormat specifically mentions it:

https://httpd.apache.org/docs/2.4/mod/core.html#errorlogformat

%{c}a   Underlying peer IP address and port of the connection (see the 
mod_remoteip module)

mod_remoteip's documentation also states that it modifies core's %a directive.

I know I can use the connection ID (%L) to provide a marker for matching error 
log entries with access log entries, but just being able to see the client IP 
would be much more helpful.

Here are my sanitised log entries, access log then error log. 333.444.555.666 
is the client IP, coming through the proxy 192.168.1.100.

J69TyXBo7cc vhost.local 333.444.555.666 - - 2024-10-19_10:10:09 "GET /favicon.ico 
HTTP/1.1" 404 266 https://referer.local "Firefox/131.0"

J69TyXBo7cc vhost.local 192.168.1.100:39838 2024-10-19 10:10:09.766591 info 
15282 core core.c(4920):] [AH00128: File does not exist: /path/to/favicon.ico

...and my log formats:

LogFormat "%L %v %a %l %u %{%F_%T}t \"%r\" %>s %b \"%{Referer}i\" 
\"%{User-Agent}i\"" log_vhost

ErrorLogFormat "%-L %-v %-a %-{cu}t %-l %-P %-m %-F: %-E %-M"

Is there something I'm doing incorrectly or does mod_remoteip not actually work 
for ErrorLogFormat's %a specifier?


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org


What is your "RemoteIpHeader" setting? You have to specify it for mod_remoteip 
to work.

Have you made sure you are getting that header from the front-end with the 
correct client ip?

---
Daniel
Help at #httpd in Libera.chat


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache start up error after compiling OpenSSL and PHP8.1.29

2024-10-16 Thread Daniel Ferradal Márquez 

On 14/10/24 12:48, Jack Swale wrote:
httpd: Syntax error on line 150 of /usr/local/apache2/conf/httpd.conf: 
Cannot load modules/libphp.so into server: ld.so.1: httpd: fatal: 
relocation error: file /usr/local/apache2/modules/libphp.so: symbol 
EVP_md2: referenced symbol not found


/usr/local/apache2/modules

garnet(150) $ ldd libphp.so

libresolv.so.2 =>/usr/lib/libresolv.so.2

librt.so.1 =>/usr/lib/librt.so.1

libldap-2.4.so.2 =>/usr/local/lib/libldap-2.4.so.2

libiconv.so.2 =>/usr/local/lib/libiconv.so.2

libm.so.2 =>/usr/lib/libm.so.2

libnsl.so.1 =>/usr/lib/libnsl.so.1

libsocket.so.1 =>/usr/lib/libsocket.so.1

libpthread.so.1 =>/usr/lib/libpthread.so.1

libssl.so.1.0.0 =>/usr/local/ssl/lib/libssl.so.1.0.0

libcrypto.so.1.0.0 =>/usr/local/ssl/lib/libcrypto.so.1.0.0

libz.so =>/usr/local/lib/libz.so

libxml2.so.2 =>/usr/local/lib/libxml2.so.2

libgcc_s.so.1 =>/usr/local/gcc4/lib/libgcc_s.so.1

libc.so.1 =>/usr/lib/libc.so.1

libaio.so.1 =>/lib/libaio.so.1

libmd.so.1 =>/lib/libmd.so.1

liblber-2.4.so.2 =>/usr/local/lib/liblber-2.4.so.2

libgen.so.1 =>/usr/lib/libgen.so.1

libsasl2.so.3 =>/usr/local/lib/libsasl2.so.3

libmp.so.2 =>/lib/libmp.so.2

libscf.so.1 =>/lib/libscf.so.1

libdl.so.1 =>/lib/libdl.so.1

libdoor.so.1 =>/lib/libdoor.so.1

libuutil.so.1 =>/lib/libuutil.so.1

/lib/libm/libm_hwcap1.so.2

/platform/sun4v/lib/libc_psr.so.1

/platform/sun4v/lib/libmd_psr.so.1

garnet(220) $ strings libcrypto.so.1.0.0 | grep EVP

EVP part of OpenSSL 1.0.2zi1 Aug 2023



You probably need to include (in envvars file or similar) the path in 
LD_LIBRARY_PATH to the correct openssl libs those php libs were compiled 
against.



--
-Daniel
Find help at #httpd in Libera.chat


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Strange change in behavior of web page

2024-10-09 Thread Daniel Ferradal Márquez 

On 9/10/24 17:59, Freek de Kruijf wrote:



httpd does not interfere with your content.  Perhaps the issue lies with
https://, and some resources not being loaded.

In any case, asking a web/css/design forum/mailing list would yield better
results.


I also tried to use Microsoft Edge and it also displays the page wrongly. As I
wrote the content I see in the page in the browser in both cases is the same.
So why does the browser display things differently when the only obvious
difference is http instead of https?

Could it be that a certain apache module needs to be loaded for this to work?
Some time ago, could be half a year, it did work properly. Any idea which
module?



html/css is interpreted client side, so whatever your html/css code is, 
it doesn´t matter which http server serves it.


--
-Daniel
Find help at #httpd in Libera.chat


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] mod_proxy_hcheck with Istio

2024-10-04 Thread Daniel Ferradal Márquez 

On 30/9/24 10:50, Stanislav Samek wrote:

Hi,

I don't think that there is an issue with ssl. We have SSLProxyEngine 
turned on and also a backend name match with CN. In attachment you can 
find output from the curl command.


Thank you




What I would make sure in your case is SSLProtocols set up in the 
configuration.


Worth to also try to see if it works without the mod_proxy_hcheck 
related parameters.


In any case, if connection works without relevant hcheck parameters I 
would place them again and use LogLevel with trace to see what is going on.


If it still does not work there should be something in the error log 
either way I would start using Loglevel anyways, with proxy or ssl 
accordingly.


--
-Daniel
Find help at #httpd in Libera.chat


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] RewriteMap and combining RewriteRules

2024-09-28 Thread Daniel Ferradal Márquez 



On 14/7/24 19:56, Dave Wreski wrote:
The problem is that it appears RewriteMap must consider ALL 
possibilities. It doesn't then fall back to actually see if the URL is 
valid or another RewriteRule exists. 


As I see it, you must define other patterns that will not fall into the 
rewritemap first, or place conditions in order for rewriterule using the 
rewritemap to be skipped.

--
-Daniel
Find help at #httpd in Libera.chat


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Tomcat anibm semeru

2024-09-28 Thread Daniel Ferradal Márquez 


On 23/9/24 16:52, andreas.moro...@wobi.bz.it wrote:

Hello,

we would like to use tomcat with ibm semeru as jre.
I searched the web, but found no documentation.

Is this combination supported and is there documentation on how to 
configure it?


Greetings
Andreas


Although this is the user list for HTTPD not Tomcat, Tomcat does not support a 
specific java vendor, rather specific java versions,
as you can see at:https://tomcat.apache.org/whichversion.html

Also checkhttps://cwiki.apache.org/confluence/display/TOMCAT/Specifications  
for servlet specifications.

--
-Daniel
Find help at #httpd in Libera.chat

Re: [users@httpd] mod_proxy_hcheck with Istio

2024-09-28 Thread Daniel Ferradal Márquez 



On 24/9/24 8:25, Stanislav Samek wrote:

...
Probably it will be a problem that Istio is exposing endpoints in 
HTTP/2 revision. Don't you have a problem with this?


Here is part of our configuration:

  ProxyPassMatch ^/foobar/v1/(.*)$  balancer://application/api/$1
  ProxyPassReverse ^/foobar/v1/(.*)$  balancer://application/api/$1

  ProxyHCExpr checker {%{REQUEST_STATUS} =~ /^[234]/}

  
    BalancerMember https://foobar-a.stage.cloud addressttl=3600 
hcexpr=checker
    BalancerMember https://foobar-b.stage.cloud addressttl=3600 
hcexpr=checker


    # Optional: Load balancing method
    ProxySet lbmethod=byrequests

  

Thank you



SSLProxyEngine should be set to on. Make sure you have it.

Also certificate provided by backend should match name in its CN or 
AltName to the FQDN you are pointing in your BalancerMember directives, 
otherwise you must set SSLProxyCheckPeerName off of fix certificates in 
backend.


You could also try "curl --http1.1 -v https://foobar-a.stage.cloud"; to 
check what you get exactly.


--
-Daniel
Find help at #httpd in Libera.chat


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Flexible Worker Configuration for Dynamic Shared Object (DSO) Deployment

2024-04-27 Thread Daniel Ferradal Márquez 

On 18/04/2024 16:50, Sarkar Tarun Kumar (ETAS-SEC/XPC-Bo1) wrote:

Hello,
...

My requirement is treating one of the services, specifically Service4, 
differently.


Apache should only spawn a single instance of Service4 and refrain from 
terminating the process until Apache server restarts.


Meanwhile, the remaining three services should continue behaving as 
before, initially spawning five instances and adjusting based on load.


My question is whether it is feasible to achieve this mixed treatment 
within a single Apache server through configuration changes.

>...

Only achievable with two different service instances, as in an Apache Farm.


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] RewriteMap and patterns

2024-03-15 Thread Daniel Ferradal Márquez 

On 12/03/2024 20:45, Dave Wreski wrote:



If I understood correctly you want the resulting path to be loaded by 
your php-fpm backend.


Do you have a fallbackresource, such as:
"FallbackResource /index.php" or similar?

If not, then you may want to add it.


Yes, that's correct, I'm using php-fpm. I don't currently have a 
fallbackresource. I'll add it, if necessary, but I'd also like to 
identify the actual source reason why it's happening in the first place. 
How do I troubleshoot this further?


Thanks,
Dave






What I would do is RewriteRule with just [L] tag for internal 
redirection or [R,L] if you don't mind the redirection to be external.


Since I haven't seen the whole configuration my guess is you don't have 
the proper handler defined for the resulting url and that's why you get 
a 404, and in those cases a is when fallbackresource is ideal, to hand 
those requests to where they must end.


Generally when I use passthrough [PT] is because the end url will be 
dealt with the appropiate handler, but you don't seem to have a rule for 
the destination to be handled in php, so how come you expect anything 
else other than a 404?


That is briefly what I would do:

First make the proper redirections:

  RewriteEngine on
  RewriteMap lsv2ids "txt:/etc/httpd/conf.d/linuxsecurity-lsv2ids.map"
  RewriteRule "/content/view/(.*)" "${lsv2ids:$1}" [R,L]

Define the fallback for requests not ending in PHP but for which I hand 
the php handler to deal them.

  FallbackResource /index.php

Define the handler for php file requests

  SetHandler "proxy:unix:/run/php-fpm/linuxsecurity.sock|fcgi://localhost"


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org