Re: Determining Apache version uppon compilation of module ?
Xavier Beaudouin schreef: Hello, I am trying to find a portable way to find what is the version of apache during compilation of a third party module. In include/ap_release.h, the macros AP_SERVER_MAJORVERSION_NUMBER, AP_SERVER_MINORVERSION_NUMBER and AP_SERVER_PATCHLEVEL_NUMBER are defined. Joost
Re: Limiting response body length
Dziugas Baltrunas schreef: Hi list, I'm wondering if there any plans to implement implement a response body length limitation inside mod_proxy? Output filter which checks the size and returns an error when it's larger than a predefined size? Joost
Re: Some authorisation clarification
The config looks like this: # Password protect bugzilla with native LDAP plugin Location /bugzilla AuthType Basic AuthName User principal name AuthLDAPEnabled on AuthLDAPBindDN zzz AuthLDAPBindPassword zzz AuthLDAPURL ldap://zzz:3268/?userPrincipalName,mail,cn?sub AuthLDAPAuthoritative on require valid-user Satisfy all /Location # Password protect this entire website using Redhat LDAP plugin Location / AuthName Username AuthzLDAPMethod ldap AuthzLDAPAuthoritative on AuthzLDAPServer zzz:3268 AuthzLDAPUserBase zzz AuthzLDAPUserKey sAMAccountName AuthzLDAPUserScope subtree AuthzLDAPBindDN zzz AuthzLDAPBindPassword zzz AuthType basic require valid-user Order allow,deny Allow from 127.0.0.1/32 10.182.227.16 Satisfy Any /Location Untested (don't have an LDAP server at hand to test) : Create two aliases with AuthnProviderAlias, and use AuthBasicProvider with the alias names in the Location containers. Joost
Re: info about testing tool
Tenivella Enrico schreef: Hi all. I read about tests tool for apache, I'm searching a script that read from access.log and perform the same request (GET and POST) at the same time No idea how good this is, but: http://www.cs.virginia.edu/~rz5b/software/software.htm Joost
Re: Memory usage in apache
Once you load something like mod_python or mod_perl, it's not really Apache memory that's your problem. Philippe Chiasson gave a really interesting talk at ApacheCon Europe about memory management for mod_perl. His slides are online somewhere, but I can't find the URL right now. Perhaps someone else has them? Joost
Question about NameVirtualHost
Hello, Should a check be added to add_name_vhost_config() to see if it's a duplicate NameVirtualHost? At the moment, you can have multiple 'NameVirtualHost *:80', which will result in an odd message 'NameVirtualHost *:80 has no virtualhosts'. Joost
Re: Question about NameVirtualHost
Paul Querna wrote: Joost de Heer wrote: Hello, Should a check be added to add_name_vhost_config() to see if it's a duplicate NameVirtualHost? At the moment, you can have multiple 'NameVirtualHost *:80', which will result in an odd message 'NameVirtualHost *:80 has no virtualhosts'. I think its reasonable to check. What should it do, throw an error (seems reasonable) or silently drop the second occurrence :) ? I'd prefer an unsilent info-drop (something like 'Duplicate NameVirtualHost in [configfile]:[line] ignored' on INFO level?), since it's really just a silly configuration, not an error (things will work with duplicate NVH's, even if you don't drop it, or at least, that's how I can see it atm). Joost
Re: mod_proxy_xxxxx last resort fallback redirect ?
DocumentRoot /opt/apache/htdocs
ProxyPass / balancer://group1/ timeout=5 maxattempts=3
fallback-redirect=fallthrough:/holding.html
Would this work?
RewriteCond %{REQUEST_URI} !-U
RewriteRule /.* http://fallback.server/notworking.html
Joost
Re: Knocking items off the plate, one by one
http://archives.apache.org/dist/httpd is always out there ;-) Not strictly a dev subject, but: Speaking of archives, I noticed there are no pre-1.3 sources there. For a real archive, it'd be nice to have them there. I have placed Apache httpd 1.1.1 and 1.1.3 on http://sanguis.xs4all.nl/apache/ and I'm sure there are people here who have other old (pre-1.3) stuff too. Joost
Re: Knocking items off the plate, one by one
Joost de Heer wrote: http://archives.apache.org/dist/httpd is always out there ;-) Not strictly a dev subject, but: Speaking of archives, I noticed there are no pre-1.3 sources there. For a real archive, it'd be nice to have them there. Okay, I just noticed that there are a few 1.2 sources in the 'beta' subdirectory Joost
Re: PR 39673 revealed a problem with NTLM and mod_proxy
Ruediger Pluem wrote: PR 39673 revealed a problem with NTLM and mod_proxy_http. Actually NTLM does not work any longer with proxied backends doing NTLM authentication. Microsoft themselves have said that NTLM authentication via a proxy probably won't work: http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/iis/reskit/iischp9.mspx Integrated Windows authentication has the following limitations: * It cannot be performed through a firewall via a proxy. So I'm a bit surprised that it used to work. Joost
Re: [STATUS] (httpd-2.1) Wed May 3 23:53:24 2006
Could someone change the subject of this status mail?
Re: Standard MSIE tweaks for Apache
IE is still a pretty popular browser, it's relatively important to handle it well ;) Shouldn't that read: IE is still a pretty popular browser, it's relatively important that it handles things well.? Joost
Re: Large file support in 2.0.56?
hmmm...that doesn't help me much. I'm more interested in large files in mod_dav. Right now I can't upload anything much bigger than 700MB. IMO, that's not something a webserver should be used for anyway. Joost
Re: Large file support in 2.0.56?
Colm MacCarthaigh wrote: On Sun, Apr 16, 2006 at 10:28:10PM +0200, Joost de Heer wrote: hmmm...that doesn't help me much. I'm more interested in large files in mod_dav. Right now I can't upload anything much bigger than 700MB. IMO, that's not something a webserver should be used for anyway. I do it all of the time. We have users who upload DVD iso's to their DAV shares. Can't see any reason why DAV shouldn't be capable of such things. There's a difference between 'being capable of' and 'being the proper tool for'. Joost
Re: [VOTE] Release 2.2.1 as GA
Steffen wrote: So far I have two reports that mod_ssl is given issues. Strange, I tried it on three XP boxes and all is fine. The report is: error c005 at 6FD0F220 (mod_ssl). c005 is 'access violation'. Using FileMon, this appears to get triggered when trying to read in a server certificate. I removed the SSL portion of one virtual host and it then errored in trying to read the certificate for the first virtual host. You have odd NTFS rights on the certificate files? Joost
Re: Embedded echo server into the Apache-2.0.54
Arshad Ahamad wrote: Hi all, I am working on Linux(SuSe, MACHTYPE=i686-suse-linux). I have two server Apache-2.0.54 webserver and an existing server i.e echo server(TCP/IP not webserver) which is accessible by netcat(client) by sending a string and get echo back that string. Now I wants to embedded echo server into the Apache-2.0.48 so that I can access this echo string functionality through Apache by using netcat(client) without loosing functionality of any server. So How can I achieve this work? Can any one help me. Thanks in advance Arashad Ahamad http://httpd.apache.org/docs/2.0/mod/mod_echo.html
Re: Proxy Http and Https
William A. Rowe, Jr. wrote: William wrote: With Apache running as a forward proxy server whenever I go to an HTTPS webpage I get a denied acess page, how can I enable the proxy to work with HTTPS along with HTTP. You have a client problem not a server problem, how did you configure HTTPS/SSL proxy settings, if at all. If you are trying to go thru the same server, make sure you have enabled mod_proxy_connect. And don't forget AllowCONNECT. Joost
Re: Execute apache or php as different user per virtualhost.
Mathijs van Veluw wrote: Hello there, I want to execute apache and/or php as different user per virtualhost. SuExec. This should be on the users list, not on the developers list, by the way. Joost
Re: Execute apache or php as different user per virtualhost.
I want to execute apache and/or php as different user per virtualhost. SuExec. This should be on the users list, not on the developers list, by the way. SuExec needs CGI, so that isn't an option. The PerChild MPM has AssignUserID. And AFAIK, with suexec you can run a vhost under its own ID, no need for CGI. Joost
Re: ProxyPass does not work inside LocationMatch
Is there a solution to this problem? This doesn't work:
DirectoryIndex index.cgir index.php index.html
FilesMatch \.(cgi|cgir|php3|php)$
RewriteRule ^/(.*)$ proxy:http://www-modperl:/$1
/FilesMatch
Something like
RewriteCond %{REQUEST_URI} \.(cgi|cgir|php3|php)$
RewriteRule ^/(.*) http://www-modperl:/$1 [P]
Joost
Re: Does mod_jk compatible with httpd2.2
Kanagasabai Sriskanthaverl wrote: Hi, Could any one please let me know whether I can use mod_jk with httpd2.2. If so, is it same as with httpd2.0 or different. please guide me to setup it. I am aware that, there is mod_ajp which can connect tomcat with httpd2.2. Are there things that mod_jk can do which you can't do with mod_proxy_ajp? Joost
Re: how does this get changed?
Uhh... Please don't remove docs on something that is still in the server. And it should be removed at 3.0. We shouldn't be breaking config files in minor releases. Already happened between 2.0 and 2.2, when mod_access was changed to mod_authz_host. That is a change to ./configure command line options and possibly LoadModule directives, but not really a direct change in the config file syntax. 'Breaking a config file' is IMO that you can't just copy your 2.0 config file and it works. And the new mod_auth(n|z) structure just did that: A 2.0 config file needed changes to work in 2.2. Joost
Re: how does this get changed?
Uhh... Please don't remove docs on something that is still in the server. And it should be removed at 3.0. We shouldn't be breaking config files in minor releases. Already happened between 2.0 and 2.2, when mod_access was changed to mod_authz_host. Joost
Re: AW: Support for ProxyPreserveHost with mod_proxy_balancer?
ProxyPassReverse / balancer://tiles_live_cluster/ This looks wrong, shouldn't this be http://reverse.proxy.host/ ? Joost
Re: [STATUS] (httpd-2.1) Wed Jan 25 23:50:06 2006
APACHE 2.3 STATUS: -*-text-*-
Last modified at [$Date: 2005-12-16 16:06:45 -0500 (Fri, 16 Dec 2005) $]
It would be nice to have the STATUS file from 2.2.x also sent to docs@ and dev@
... and to have the subject of this status mail changed to [STATUS]{httpd-2.3}
Joost
Re: Ignore all filters except ssl one
[EMAIL PROTECTED] wrote: Hi, I need to create a tunnel between client and backend server through Apache just like CONNECT call does but cant turn forward proxying. Are you bound by using Apache? If not, might I suggest rinetd (http://www.boutell.com/rinetd/) for this purpose? It's really easy to configure, and does exactly what you want to do. Joost
Re: mod_proxy_ajp
Fenlason, Josh wrote: With the new proxy_ajp module it doesn't seem possible to only pass dynamic content to the servlet engine as was possible with mod_jk. I discovered another method today: I had to install a tomcat connector today, and found the following in the documentation (http://tomcat.apache.org/connectors-doc/howto/apache.html): Starting with mod_jk 1.2.6, and under Apache 2.0, it's possible to exclude some URL/URI from jk processing by setting the env var no-jk, for example with the SetEnvIf Directive. So something like SetEnvIf Request_URI !.*\.jsp no-jk=true should do the trick. Joost
Re: Apache 2.2.0 for Windows
Fenlason, Josh wrote: Would anyone be able to tell me what the status of Apache 2.2.0 for Windows is? There is no official source for win32. There is a rev2 zip file, which is fine to play with, but even that isn't really 2.2.0. It still builds to Apache21 (not a big deal but I thought I'd mention it). Also, there is no project for mod_authn_alias. Is that on the radar? Thanks for the hard work getting Apache 2.2.0 out the door. Apachelounge has a binary available, which you can download after registering. This isn't an official build however. Joost
Re: Apache 2.2.0 for Windows
Apachelounge has a binary available, which you can download after registering. This isn't an official build however. The binary at the Apachelounge is build with the official sources. And includes mod_authn_alias and mod_ssl My interpretation is that there is a difference between 'an official build' and 'a build from the official sources'. Joost
Re: Apache 2.2.0 for Windows
My interpretation is that there is a difference between 'an official build' and 'a build from the official sources'. There's no such thing as an official build, only the sources are official releases :) I consider binary releases which can be downloaded from httpd.apache.org (or one of its mirrors) to be 'official', or at least 'more official than third party builds'. Joost
Re: What do you want in HTTPD 2.4/3.0/X/GREEN?
That could be external to httpd. Just have a monitor (or in cfengine, or whatever) that when the config changes it issues a graceful restart. Simple and straight-forward. Oops, I made a typo, and pressed save. poof there goes my website! IMO, it's a bad idea to automagically restart when the config changes. Joost
Re: svn commit: r354141 - /httpd/httpd/branches/authz-dev/modules/aaa/mod_auth.h
This was one of the question that I had when I added the AUTHZ_* status types. I couldn't decide whether AUTHZ_DECLINED made sense or AUTHZ_DENIED. To me AUTHZ_DENIED means no matter what, that we are done checking and authorization is denied. While AUTH_DECLINED means that the provider checked and it can't authorize the user so continue down the list to see if something else can. Perhaps 'AUTH_NEGATIVE'? That implies that the authorisation check gave a negative answer, and the reason for it (unable to authorise because this user can't be authorised with this provider, or the provider said 'no, this user isn't authorised', or...) is irrelevant. Joost
Re: What do you want in HTTPD 2.4/3.0/X/GREEN?
This applies to processes forked off from Apache children servicing requests, not the Apache children themselves. So not exactly what I proposed, unless I am understanding that wrong? If you want to limit the children themselves, then you want the standard ulimit controls available in your shell or whatnot. -- justin Because I want other processes to be able to grow larger than 20 MB. Would be a rather useless database if it was limited to 20 MB memory Joost
Re: mod_proxy error, segmentation fault
RewriteRule (.*)
http://uxdev14.sofinco.fr:8080%{REQUEST_URI}; [P,L]
Try without the around the second argument?
Joost
Re: What do you want in HTTPD 2.4/3.0/X/GREEN?
An idea, although I have no idea whether this can be done at all, or whether this has been discussed before: MaxMemoryPerChild. Especially with things like PHP, occasionally a child process can 'explode' and grow very large. As far as I'm aware, the only way to limit child processes is currently the number of requests. But since it's rather hard to predict when a child can grow very large (it theoretically could happen in the first request), I'd rather have a memory limit: Once a child process grows beyond that limit, kill the child (after the current request finishes of course). I've had boxes where the average child was 12 MB, but once in a while, a child would grow upto 140MB. Normally, MaxClients of 70 would be quite safe, but with the growing children, even that was too high. But if I could set MaxMemoryPerChild 20 MB, this would be no problem, as these children would be killed before they grew too large. Joost
Re: What do you want in HTTPD 2.4/3.0/X/GREEN?
Justin Erenkrantz wrote: --On December 3, 2005 11:57:08 PM +0100 Joost de Heer [EMAIL PROTECTED] wrote: An idea, although I have no idea whether this can be done at all, or whether this has been discussed before: MaxMemoryPerChild. http://httpd.apache.org/docs/2.2/mod/core.html#rlimitmem This applies to processes forked off from Apache children servicing requests, not the Apache children themselves. So not exactly what I proposed, unless I am understanding that wrong? Joost
Re: [vote] 2.2.0 tarballs
Win32 is not special. It's a second-class citizen if anything because it gets so little developer attention. And how many people compile the thing on Windows anyway, except the msi builder? My guess is that I need about 2 hands to count them Joost
Re: Suggest renaming mod_authz_host to mod_access_host
access control: is this request permitted, based on where it is being made from In other words, is the host from which the request comes, authorised to make this request? Hence mod_authz_host. Joost
Re: pgp trust for https?
Personally, I feel this role belongs in the government. Whose government? I don't even trust my own government, so why should I trust a foreign government? Joost
Re: NameVirtualHosts SSL
The one-virtual-host-per-ip limitation is imposed by SSL, it has nothing to do with the webserver. nitpick one-virtual-host-per-ip-and-port /nitpick There is an exception - if you use a wildcard certificate, you can run multiple virtual hosts on condition all the virtual hosts match the wildcard certificate. Another exception is if you don't care about the popup warning, and only use certificates for encryption, and not for identification of the webserver. Joost
Re: APR version of support/logresolve.c
Looks good; some nits: - odd style in places, some if(/while( without enough whitespace and declarations with too much whitespace: apr_file_t * etc; Is there an indent command line overview for 'ASF approved coding'? Joost
Re: Apache 2.0.55 w/ SSL
Paul Risenhoover wrote: Where can I pick up a Win32 build of Apache 2.0.55 w/ SSL? http://hunter.campbus.com/
Strange mod_rewrite behaviour?
In the mod_rewrite examples page the following can be found:
RewriteEngine on
RewriteCond %{REQUEST_URI} !-U
RewriteRule ^(.*) http://webserverB.dom/$1
[Not related comment: shouldn't this be ^/(.*)]
A request for http://localhost/foo/bar results in the following log:
127.0.0.1 - - [16/Oct/2005:17:34:06 +0200]
[windows.joost.localnet/sid#46a8b0][rid#4b1900/initial] (2) init rewrite
engine with requested uri /foo/bar
127.0.0.1 - - [16/Oct/2005:17:34:06 +0200]
[windows.joost.localnet/sid#46a8b0][rid#4b1900/initial] (3) applying pattern
'^(.+)' to uri '/foo/bar'
127.0.0.1 - - [16/Oct/2005:17:34:06 +0200]
[windows.joost.localnet/sid#46a8b0][rid#4c7a48/subreq] (2) init rewrite engine
with requested uri /foo/bar
127.0.0.1 - - [16/Oct/2005:17:34:06 +0200]
[windows.joost.localnet/sid#46a8b0][rid#4c7a48/subreq] (3) applying pattern
'^(.+)' to uri '/foo/bar'
127.0.0.1 - - [16/Oct/2005:17:34:06 +0200]
[windows.joost.localnet/sid#46a8b0][rid#4c7a48/subreq] (4) RewriteCond:
input='/foo/bar' pattern='!-U' = matched
127.0.0.1 - - [16/Oct/2005:17:34:06 +0200]
[windows.joost.localnet/sid#46a8b0][rid#4c7a48/subreq] (2) rewrite /foo/bar -
http://webserverB.dom//foo/bar
127.0.0.1 - - [16/Oct/2005:17:34:06 +0200]
[windows.joost.localnet/sid#46a8b0][rid#4c7a48/subreq] (2) implicitly forcing
redirect (rc=302) with http://webserverB.dom//foo/bar
127.0.0.1 - - [16/Oct/2005:17:34:06 +0200]
[windows.joost.localnet/sid#46a8b0][rid#4c7a48/subreq] (1) escaping
http://webserverB.dom//foo/bar for redirect
127.0.0.1 - - [16/Oct/2005:17:34:06 +0200]
[windows.joost.localnet/sid#46a8b0][rid#4c7a48/subreq] (1) redirect to
http://webserverB.dom//foo/bar [REDIRECT/302]
127.0.0.1 - - [16/Oct/2005:17:34:06 +0200]
[windows.joost.localnet/sid#46a8b0][rid#4b1900/initial] (5) RewriteCond URI
(-U) check: path=/foo/bar - status=302
127.0.0.1 - - [16/Oct/2005:17:34:06 +0200]
[windows.joost.localnet/sid#46a8b0][rid#4b1900/initial] (4) RewriteCond:
input='/foo/bar' pattern='!-U' = not-matched
127.0.0.1 - - [16/Oct/2005:17:34:06 +0200]
[windows.joost.localnet/sid#46a8b0][rid#4b1900/initial] (1) pass through /foo/bar
So instead of getting redirected, the -U seems to get applied again, sees the
request resulted in a 302 redirect, and decides that it's a valid URL after
all, so it's passed through, leading to a 404 error, instead of the redirect.
Am I misinterpreting the results, is the example wrong, or is something weird
going on in mod_rewrite with -U?
Joost
Re: Strange mod_rewrite behaviour?
André Malo wrote:
* Joost de Heer wrote:
In the mod_rewrite examples page the following can be found:
RewriteEngine on
RewriteCond %{REQUEST_URI} !-U
RewriteRule ^(.*) http://webserverB.dom/$1
A request for http://localhost/foo/bar results in the following log:
[windows.joost.localnet/sid#46a8b0][rid#4b1900/initial] (3) applying
pattern '^(.+)' to uri '/foo/bar'
This cannot be. (.+ vs .*)
Because I typo'd the RewriteRule, it's (.+).
Which version are we talking about anyway?
2.0.55 on Windows
Joost
Re: Getting perl to core via mod_cgi
I found the docs on how to convince httpd to dump core if httpd crashes, but I have yet to find something that explains how to get _perl_ (or any process run from mod_cgi) to dump core if it crashes. Does anybody have any ideas? What's 'ulimit -c' (bash, under tcsh it's 'limit -c', other shells may differ) for the user under which httpd runs? Joost
Re: Getting perl to core via mod_cgi
I can see nothing obvious in the bash man page to make ulimit work for anything other than the current shell, unless I am looking in the wrong place. You can set it worldwide in /etc/initscript. Joost
Re: Apache HTTP Server 1.3.34 prerelease tarballs
Jim Jagielski wrote: Look for the Apache HTTP Server 1.3.34 prerelease tarballs in: http://httpd.apache.org/dev/dist/ Please test :) If someone tells me how to run tests, I can check this on HPUX 11i. Joost
Re: [PATCH] mod_smtpd_queue_smtp
But as far as I can tell, this code is all about SMTP forwarding (not even relaying per-se). Confuses me anyway :) I.e. smarthosting. Which might be a better name for the whole thing. Joost
Re: asking mod_ssl for client certificates from another module
Daniel Risacher wrote:
I've been trying to figure out if there is a way to ask mod_ssl to
require client certificates from another module before the response
phase. (I think the answer is 'no'.)
In more detail, I'm prototyping an access handler that would allow
requests from certain client IP addresses, and require client
certificates from all others. It seems like mod_ssl API does not have
a hook for requesting a renegotiation; and that this can only be done
on a per directory basis at configure time.
Can someone who understands mod_ssl comment on how to dynamically
force client authentication? Would it be feasible to make such an
extension to the mod_ssl API?
Dan
Untested:
SSLVerifyClient optional
SSLRequire REMOTE_ADDR =~ pattern or %{SSL_CLIENT_S_DN_O} eq Your
Organisation
Joost
Re: SSL downloads faster than non SSL?
Phillip Susi wrote: I decided to do some informal benchmark comparisons between using windows SMBFS and apache/webdav for file transfers. I ended up finding that apache is actually faster at sending files over an SSL connection than a plain connection. I downloaded a ~600 meg test file from the server using windows explorer webfolders, IE, and firefox. Firefox downloads the file in the 4000-5000 KB/s range when using an SSL connection. IE gets over 10,000 KB/s downloading over the secure connection. Both only are able to download at 300-600 KB/s using the non SSL connection though. This is, of course, all done over a 100 Mbps ethernet network that is minimally loaded, and I repeated the test a few times, clearing the browsers caches each time. Did you restart Apache too, to clear the memory cache of the OS? Joost
