apache port knobs - WITH_APACHE2 deprecated?
This is (I hope) a quick and easy question. I want to ensure that any ports which depend on Apache will depend on 2.0 rather than try to bring in 1.3. I used to do this by putting WITH_APACHE2 in /etc/make.conf. bsd.apache.mk says WITH_APACHE2 is deprecated. What is it deprecated in favour of, or is that a secret? (Sorry for the snarky tone but I've spent most of today trying to find a clear answer). Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: apache port knobs - WITH_APACHE2 deprecated?
Jonathan McKeown wrote: > This is (I hope) a quick and easy question. > > I want to ensure that any ports which depend on Apache will depend on 2.0 > rather than try to bring in 1.3. > > I used to do this by putting WITH_APACHE2 in /etc/make.conf. > > bsd.apache.mk says WITH_APACHE2 is deprecated. $ grep apache /etc/make.conf APACHE_PORT=www/apache22 -- Philip M. Gollucci ([EMAIL PROTECTED]) o:703.549.2050x206 Senior System Admin - Riderway, Inc. http://riderway.com / http://ridecharge.com 1024D/EC88A0BF 0DE5 C55C 6BF3 B235 2DAB B89E 1324 9B4F EC88 A0BF Work like you don't need the money, love like you'll never get hurt, and dance like nobody's watching. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
apache: you don't have acess to /
I just rsync'd a bunch of directories from an old backup on top of my web root, which was functional a minute ago. Ok, so I admit that was stupid. Suddenly, 'no acess to / on this server'. No problem, I just chmod -R 775, right? Only that didn't work, now I'm pretty much stuck Best, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: apache-2.2.6 not installing [solved]
response in line below Jason Bourne wrote: Noah wrote: Hi List, Not receive good support on the ports mail list so I will post here now. Might somebody please explain to me why apache-2.2.6 is not install from /usr/ports ? I am attempting to complile with mod_ldap and a bunch of modules - nothing that should be causing a fuss, though. All shell output is below including error message. Help please, Noah [snip] Installing configuration files Installing HTML documents *** Error code 1 Stop in /usr/ports/www/apache22/work/httpd-2.2.6. *** Error code 1 Stop in /usr/ports/www/apache22/work/httpd-2.2.6. *** Error code 1 Stop in /usr/ports/www/apache22. *** Error code 1 Stop in /usr/ports/www/apache22. Sorry to reply by email but I'm not subscribed. I had this problem last night. This is a workaround and not a true fix, but it's quick. After doing make and prior to make install navigate to and open with an editor: /usr/ports/www/apache22/work/httpd-2.2.6/Makefile Look for line 126: install-htdocs: # @echo Installing HTML documents ; \ # $(MKINSTALLDIRS) $(DESTDIR)$(htdocsdir) ; \ # test -d $(htdocs-srcdir) && (cd $(htdocs-srcdir) && cp -rp index.html #$(DESTDIR)$(EXAMPLESDIR)) && \ # ( [ ! -f $(DESTDIR)$(htdocsdir)/index.html ] && cp -p #$(DESTDIR)$(EXAMPLESDIR)/index.html $(DESTDIR)$(htdocsdir)/index.html) Comment out the lines like above and then make install will skip over this and complete. thanks Jason - please respond to the list in the future so other can see the fixture. I suppose commenting out brokenness is a solution. Cheers, Noah -Jason ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
apache-2.2.6 not installing
Hi List, Not receive good support on the ports mail list so I will post here now. Might somebody please explain to me why apache-2.2.6 is not install from /usr/ports ? I am attempting to complile with mod_ldap and a bunch of modules - nothing that should be causing a fuss, though. All shell output is below including error message. Help please, Noah Table of contents 1) uname -a 2) cat Makefile.options from /usr/ports/www/apache22 3) cat /etc/make.conf 4) make install clean from /usr/ports/www/apache22 with errors at the end - but complete output # uname -a FreeBSD 6.2-RELEASE-p5 FreeBSD 6.2-RELEASE-p5 #1: Sun Aug 12 14:27:32 PDT 2007 root@:/usr/obj/usr/src/sys/SMP i386 # cat Makefile.options OPTIONS+= \ AUTH_BASIC "Enable mod_auth_basic" ON \ AUTH_DIGEST "Enable mod_auth_digest" ON \ AUTHN_FILE "Enable mod_authn_file" ON \ AUTHN_DBD "Enable mod_authn_dbd" OFF \ AUTHN_DBM "Enable mod_authn_dbm" ON \ AUTHN_ANON "Enable mod_authn_anon" ON \ AUTHN_DEFAULT "Enable mod_authn_default" ON \ AUTHN_ALIAS "Enable mod_authn_alias" ON \ AUTHZ_HOST "Enable mod_authz_host" ON \ AUTHZ_GROUPFILE "Enable mod_authz_groupfile" ON \ AUTHZ_USER "Enable mod_authz_user" ON \ AUTHZ_DBM "Enable mod_authz_dbm" ON \ AUTHZ_OWNER "Enable mod_authz_owner" ON \ AUTHZ_DEFAULT "Enable mod_authz_default" ON \ CACHE "Enable mod_cache" ON \ DISK_CACHE "Enable mod_disk_cache" ON \ FILE_CACHE "Enable mod_file_cache" ON \ MEM_CACHE "Enable mod_mem_cache" OFF \ DAV "Enable mod_dav" ON \ DAV_FS "Enable mod_dav_fs" ON \ BUCKETEER "Enable mod_bucketeer" OFF \ CASE_FILTER "Enable mod_case_filter" OFF \ CASE_FILTER_IN "Enable mod_case_filter_in" OFF \ EXT_FILTER "Enable mod_ext_filter" OFF \ LOG_FORENSIC "Enable mod_log_forensic" OFF \ OPTIONAL_HOOK_EXPORT "Enable mod_optional_hook_export" OFF \ OPTIONAL_HOOK_IMPORT "Enable mod_optional_hook_import" OFF \ OPTIONAL_FN_IMPORT "Enable mod_optional_fn_import" OFF \ OPTIONAL_FN_EXPORT "Enable mod_optional_fn_export" OFF \ LDAP "Enable mod_ldap" OFF \ AUTHNZ_LDAP "Enable mod_authnz_ldap" OFF \ ACTIONS "Enable mod_actions" ON \ ALIAS "Enable mod_alias" ON \ ASIS "Enable mod_asis" ON \ AUTOINDEX "Enable mod_autoindex" ON \ CERN_META "Enable mod_cern_meta" ON \ CGI "Enable mod_cgi" ON \ CHARSET_LITE "Enable mod_charset_lite" ON \ DBD "Enable mod_dbd" OFF \ DEFLATE "Enable mod_deflate" ON \ DIR "Enable mod_dir" ON \ DUMPIO "Enable mod_dumpio" ON \ ENV "Enable mod_env" ON \ EXPIRES "Enable mod_expires" ON \ HEADERS "Enable mod_headers" ON \ IMAGEMAP "Enable mod_imagemap" ON \ INCLUDE "Enable mod_include" ON \ INFO "Enable mod_info" ON \ LOG_CONFIG "Enable mod_log_config" ON \ LOGIO "Enable mod_logio" ON \ MIME "Enable mod_mime" ON \ MIME_MAGIC "Enable mod_mime_magic" ON \ NEGOTIATION "Enable mod_negotiation" ON \ REWRITE "Enable mod_rewrite" ON \ SETENVIF "Enable mod_setenvif" ON \ SPELING "Enable mod_speling" ON \ STATUS "Enable mod_status" ON \ UNIQUE_ID "Enable mod_unique_id" ON \ USERDIR "Enable mod_userdir" ON \ USERTRACK "Enable mod_usertrack" ON \ VHOST_ALIAS "Enable mod_vhost_alias" ON \ FILTER "Enable mod_filter" ON \ VERSION "Enable mod_version" ON \ PROXY "Enable mod_proxy" OFF \ PROXY_CONNECT "Enable mod_proxy_connect" OFF \ PROXY_FTP "Enable mod_proxy_ftp" OFF \ PROXY_HTTP "Enable mod_proxy_http" OFF \ PROXY_AJP "Enable mod_proxy_ajp" OFF \ PROXY_BALANCER "Enable mod_proxy_balancer" OFF \ SSL "Enable mod_ssl" ON \ SUEXEC "Enable mod_suexec" OFF \ CGID "Enable mod_cgid" OFF \ # cat /etc/make.conf # $FreeBSD: src/etc/defaults/make.conf,v 1.97.2.80 2003/02/15 16:34:56 trhodes Exp $ # # NOTE: Please would any committer updating th
apache finds mod_perl.so garbled
Hi there, this is a FreebSD machine and I've built apache, perl, and mod_perl all from /usr/ports what could be wrong - and How do I fix it? Cheers, Noah access1# /usr/local/etc/rc.d/apache22 start Performing sanity check on apache22 configuration: httpd: Syntax error on line 54 of /usr/local/etc/apache22/httpd.conf: API module structure 'perl_module' in file /usr/local/libexec/apache2/mod_perl.so is garbled - expected signature 41503232 but saw 41503230 - perhaps this is not an Apache module DSO, or was compiled for a different Apache version? Starting apache22. httpd: Syntax error on line 54 of /usr/local/etc/apache22/httpd.conf: API module structure 'perl_module' in file /usr/local/libexec/apache2/mod_perl.so is garbled - expected signature 41503232 but saw 41503230 - perhaps this is not an Apache module DSO, or was compiled for a different Apache version? access1# uname -a FreeBSD access1 6.2-RELEASE-p6 FreeBSD 6.2-RELEASE-p6 #1: Wed Aug 1 22:59:54 PDT 2007 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/LOCAL i386 access1# pkg_info | grep apache apache-2.2.6_2 Version 2.2 of Apache web server with prefork MPM. apache-tomcat-6.0.13_1 Open-source Java web server by Apache, 6.x branch ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
wrong architecture used for apache build
Hi, I am trying to figure out why the wrong architecture when I am building apache. Any clues where I can correct this information? Cheers, Noah access1# uname -a FreeBSD access1.pslab.juniper.net 6.2-RELEASE-p6 FreeBSD 6.2-RELEASE-p6 #1: Wed Aug 1 22:59:54 PDT 2007 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/LOCAL i386 ===> Cleaning for apache-2.2.6_2 To enable a module category: WITH__MODULES To disable a module category: WITHOUT__MODULES Per default categories are: AUTH AUTHN AUTHZ DAV CACHE MISC Categories available: AUTH AUTHN AUTHZ CACHE DAV EXPERIMENTAL LDAP MISC PROXY SSL SUEXEC THREADS To see all available knobs, type make show-options To see all modules in different categories, type make show-categories You can check your modules configuration by using make show-modules ===> Vulnerability check disabled, database not found ===> Found saved configuration for apache-2.2.6_2 ===> Extracting for apache-2.2.6_2 => MD5 Checksum OK for apache22/httpd-2.2.6.tar.bz2. => SHA256 Checksum OK for apache22/httpd-2.2.6.tar.bz2. ===> apache-2.2.6_2 depends on file: /usr/local/bin/perl5.8.8 - found ===> Patching for apache-2.2.6_2 ===> apache-2.2.6_2 depends on file: /usr/local/bin/perl5.8.8 - found ===> Applying FreeBSD patches for apache-2.2.6_2 ===> apache-2.2.6_2 depends on file: /usr/local/lib/libcrypto.so.5 - found ===> apache-2.2.6_2 depends on file: /usr/local/bin/perl5.8.8 - found ===> apache-2.2.6_2 depends on file: /usr/local/bin/autoconf-2.61 - found ===> apache-2.2.6_2 depends on file: /usr/local/bin/libtool - found ===> apache-2.2.6_2 depends on shared library: expat.6 - found ===> apache-2.2.6_2 depends on shared library: db-4.2 - found ===> apache-2.2.6_2 depends on shared library: ldap-2.3.2 - found ===> apache-2.2.6_2 depends on shared library: iconv.3 - found ===> Configuring for apache-2.2.6_2 found apr source: srclib/apr found apr-util source: srclib/apr-util rebuilding srclib/apr/configure buildconf: checking installation... buildconf: autoconf version 2.61 (ok) buildconf: libtool version 1.5.24 (ok) Copying libtool helper files ... buildconf: Using libtool15.m4 at /usr/local/share/aclocal/libtool.m4. Creating include/arch/unix/apr_private.h.in ... Errno architecture (i386-freebsd-64int-6.2-release) does not match executable architecture (i386-freebsd-64int-6.2-release-p6) at /usr/local/lib/perl5/site_perl/5.8.8/Errno.pm line 11. Compilation failed in require at /usr/local/share/autoconf-2.61/Autom4te/XFile.pm line 90. BEGIN failed--compilation aborted at /usr/local/share/autoconf-2.61/Autom4te/XFile.pm line 90. Compilation failed in require at /usr/local/bin/autoheader-2.61 line 48. BEGIN failed--compilation aborted at /usr/local/bin/autoheader-2.61 line 48. Creating configure ... Errno architecture (i386-freebsd-64int-6.2-release) does not match executable architecture (i386-freebsd-64int-6.2-release-p6) at /usr/local/lib/perl5/site_perl/5.8.8/Errno.pm line 11. Compilation failed in require at /usr/local/share/autoconf-2.61/Autom4te/XFile.pm line 90. BEGIN failed--compilation aborted at /usr/local/share/autoconf-2.61/Autom4te/XFile.pm line 90. Compilation failed in require at /usr/local/bin/autom4te-2.61 line 44. BEGIN failed--compilation aborted at /usr/local/bin/autom4te-2.61 line 44. rebuilding rpm spec file rebuilding srclib/apr-util/configure Looking for apr source in /usr/ports/www/apache22/work/httpd-2.2.6/srclib/apr Creating include/private/apu_config.h ... Errno architecture (i386-freebsd-64int-6.2-release) does not match executable architecture (i386-freebsd-64int-6.2-release-p6) at /usr/local/lib/perl5/site_perl/5.8.8/Errno.pm line 11. Compilation failed in require at /usr/local/share/autoconf-2.61/Autom4te/XFile.pm line 90. BEGIN failed--compilation aborted at /usr/local/share/autoconf-2.61/Autom4te/XFile.pm line 90. Compilation failed in require at /usr/local/bin/autoheader-2.61 line 48. BEGIN failed--compilation aborted at /usr/local/bin/autoheader-2.61 line 48. ./buildconf failed for apr-util *** Error code 1 Stop in /usr/ports/www/apache22. *** Error code 1 Stop in /usr/ports/www/apache22. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: apache mod_ssl chroot problem
On Wed, 2007-10-17 at 13:38 +0100, Daniel Bye wrote: > On Wed, Oct 17, 2007 at 08:46:01PM +0700, Muhammad Reza wrote: > > Dear List. > > > > I have problem running apache in chroot mode with ssl enable. > > Apache in chroot mode running fine without ssl enable, but when i try to > > start with mod_ssl enable, error occured with this message. > > > > beastie#chroot /chroot/httpd /usr/local/apache2/bin/httpd > > Apache/2.2.6 mod_ssl/2.2.6 (Pass Phrase Dialog) > > Some of your private key files are encrypted for security reasons. > > In order to read them you have to provide the pass phrases. > > > > Server beastie.mra.co.id:443 (RSA) > > Enter pass phrase:Apache:mod_ssl:Error: Private key not found. > > **Stopped > > > > and with error log > > > > [Wed Oct 17 13:37:25 2007] [error] Init: Private key not found > > [Wed Oct 17 13:37:25 2007] [error] SSL Library Error: 218710120 > > error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag > > [Wed Oct 17 13:37:25 2007] [error] SSL Library Error: 218529960 > > error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag > > [Wed Oct 17 13:37:25 2007] [error] SSL Library Error: 218595386 > > error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error > > [Wed Oct 17 13:37:25 2007] [error] SSL Library Error: 218734605 > > error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib > > [Wed Oct 17 13:38:32 2007] [error] Init: Private key not found > > [Wed Oct 17 13:38:32 2007] [error] SSL Library Error: 218710120 > > error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag > > [Wed Oct 17 13:38:32 2007] [error] SSL Library Error: 218529960 > > error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag > > [Wed Oct 17 13:38:32 2007] [error] SSL Library Error: 218595386b > > error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error > > [Wed Oct 17 13:38:32 2007] [error] SSL Library Error: 218734605 > > error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib > > > > If i escape from chrooted enviroment, apache with mod_ssl work fine > > > > beastie# /usr/local/apache2/bin/httpd > > Apache/2.2.6 mod_ssl/2.2.6 (Pass Phrase Dialog) > > Some of your private key files are encrypted for security reasons. > > In order to read them you have to provide the pass phrases. > > > > Server www.example.com:443 (RSA) > > Enter pass phrase: > > > > OK: Pass Phrase Dialog successful. > > > > Is there something missing here, please enlight me. > > The first thing that comes to mind - are your keys inside the chroot area > you want to run apache in? > the key is in /chroot/httpd/usr/local/apache2/conf/ with 400 mode owner by root and the path in htppd-ssl.conf is SSLCertificateKeyFile "/usr/local/apache2/conf/server.key" Is there anyway to test that my key is visible by chroot program ?? regards Reza ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: apache mod_ssl chroot problem
On Wed, 2007-10-17 at 08:29 -0600, James wrote: > > > Server beastie.mra.co.id:443 (RSA) > > Enter pass phrase:Apache:mod_ssl:Error: Private key not found. > > **Stopped > > > Isn't the private key the one on the local machine? If so, is the > private key visible with the chroot environment? > ___ the key is in /chroot/httpd/usr/local/apache2/conf/ with 400 mode owner by root and the path in htppd-ssl.conf is SSLCertificateKeyFile "/usr/local/apache2/conf/server.key" Is there anyway to test that my key is visible by chroot program ?? regards Reza ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: apache mod_ssl chroot problem
> Server beastie.mra.co.id:443 (RSA) > Enter pass phrase:Apache:mod_ssl:Error: Private key not found. > **Stopped Isn't the private key the one on the local machine? If so, is the private key visible with the chroot environment? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: apache mod_ssl chroot problem
On Wed, Oct 17, 2007 at 08:46:01PM +0700, Muhammad Reza wrote: > Dear List. > > I have problem running apache in chroot mode with ssl enable. > Apache in chroot mode running fine without ssl enable, but when i try to > start with mod_ssl enable, error occured with this message. > > beastie#chroot /chroot/httpd /usr/local/apache2/bin/httpd > Apache/2.2.6 mod_ssl/2.2.6 (Pass Phrase Dialog) > Some of your private key files are encrypted for security reasons. > In order to read them you have to provide the pass phrases. > > Server beastie.mra.co.id:443 (RSA) > Enter pass phrase:Apache:mod_ssl:Error: Private key not found. > **Stopped > > and with error log > > [Wed Oct 17 13:37:25 2007] [error] Init: Private key not found > [Wed Oct 17 13:37:25 2007] [error] SSL Library Error: 218710120 > error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag > [Wed Oct 17 13:37:25 2007] [error] SSL Library Error: 218529960 > error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag > [Wed Oct 17 13:37:25 2007] [error] SSL Library Error: 218595386 > error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error > [Wed Oct 17 13:37:25 2007] [error] SSL Library Error: 218734605 > error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib > [Wed Oct 17 13:38:32 2007] [error] Init: Private key not found > [Wed Oct 17 13:38:32 2007] [error] SSL Library Error: 218710120 > error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag > [Wed Oct 17 13:38:32 2007] [error] SSL Library Error: 218529960 > error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag > [Wed Oct 17 13:38:32 2007] [error] SSL Library Error: 218595386b > error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error > [Wed Oct 17 13:38:32 2007] [error] SSL Library Error: 218734605 > error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib > > If i escape from chrooted enviroment, apache with mod_ssl work fine > > beastie# /usr/local/apache2/bin/httpd > Apache/2.2.6 mod_ssl/2.2.6 (Pass Phrase Dialog) > Some of your private key files are encrypted for security reasons. > In order to read them you have to provide the pass phrases. > > Server www.example.com:443 (RSA) > Enter pass phrase: > > OK: Pass Phrase Dialog successful. > > Is there something missing here, please enlight me. The first thing that comes to mind - are your keys inside the chroot area you want to run apache in? -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpi9bMgoI0Uh.pgp Description: PGP signature
apache mod_ssl chroot problem
Dear List. I have problem running apache in chroot mode with ssl enable. Apache in chroot mode running fine without ssl enable, but when i try to start with mod_ssl enable, error occured with this message. beastie#chroot /chroot/httpd /usr/local/apache2/bin/httpd Apache/2.2.6 mod_ssl/2.2.6 (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. In order to read them you have to provide the pass phrases. Server beastie.mra.co.id:443 (RSA) Enter pass phrase:Apache:mod_ssl:Error: Private key not found. **Stopped and with error log [Wed Oct 17 13:37:25 2007] [error] Init: Private key not found [Wed Oct 17 13:37:25 2007] [error] SSL Library Error: 218710120 error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag [Wed Oct 17 13:37:25 2007] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Wed Oct 17 13:37:25 2007] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error [Wed Oct 17 13:37:25 2007] [error] SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib [Wed Oct 17 13:38:32 2007] [error] Init: Private key not found [Wed Oct 17 13:38:32 2007] [error] SSL Library Error: 218710120 error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag [Wed Oct 17 13:38:32 2007] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Wed Oct 17 13:38:32 2007] [error] SSL Library Error: 218595386b error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error [Wed Oct 17 13:38:32 2007] [error] SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib If i escape from chrooted enviroment, apache with mod_ssl work fine beastie# /usr/local/apache2/bin/httpd Apache/2.2.6 mod_ssl/2.2.6 (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. In order to read them you have to provide the pass phrases. Server www.example.com:443 (RSA) Enter pass phrase: OK: Pass Phrase Dialog successful. Is there something missing here, please enlight me. regards Reza ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
problem with apache
hi all I had a problem with my apache22. I had install it fropm the port but accidently I install it again and I got the message to deinstall if I want to uninstall. I enable upon boot up the apache into rc.d. After I reboot I got the message that my apache cannot run into localhost. I had install php5 port, php5-pgsql and postgresql 8.0 Is that anything that I missed on the configuration part to enable the php and postgresql to run together on my apache? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Getting coredumps from Apache
Hello! I have apache22 (with standard prefork mpm) and php5 (Apache module) installed from ports. I'm noticing a lot of httpd children dying with signal 11 messages and would like to get a coredump in order to diagnose the problem. However, I can't get any coredumps from Apache. I created a directory for coredumps: # ls -ld /var/apache drwxrwxrwx 2 www wheel 512 Oct 12 14:12 /var/apache Added this to httpd.conf: CoreDumpDirectory /var/apache and set sysctl kern.sugid_coredump=1 Made sure there are no process limits applied to Apache. Restarted Apache Signal 11 errors continue, but nothing gets recorded to /var/amanda. What am I missing? -- Toomas Aas ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
OpenSSL/PHP/Apache problem
Any time I compile PHP 4.4.7 with --with-ssl my apache 1.3.39 server core dumps on start up on my FreeBSD 6.1 dual core AMD X2 box (in 32 bit mode). Anyone have a work around for this or suggestions where to look/try? I was having a similar problem with Curl, but once I told curl where the OpenSSL home dir was and re-built it that solved that problem. The location of my openSSL is /usr/local, so it's in the 'default' location. I ran the core through gdb, and that is what prompted me to isolate the problem to --with-ssl. Here's my build options/script for php: ./configure \ --with-apxs \ --with-gd \ --with-gd-dir=/usr/local \ --with-gettext \ --with-jpeg-dir=/usr/local/lib \ --with-mcrypt \ --with-mhash \ --with-mysql=/usr/local/mysql \ --with-pear \ --with-png-dir=/usr/local/lib \ --with-xml \ --with-zlib \ --with-zlib-dir=/usr/local/lib \ --with-zip \ --enable-bcmath \ --enable-calendar \ --enable-ftp \ --enable-magic-quotes \ --enable-sockets \ --enable-track-vars \ --enable-mbstring \ --with-curl \ --with-curl-dir=/usr/local/lib \ --with-imap=/usr/local/imap-2000e \ --with-imap-ssl \ --with-openssl \ --enable-memory-limit ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Apache 2.2.4 with mod_ssl start up problem
Apache 2.2.4 with mod_ssl start up problem I have the same problem when trying to start Apache 2.0.61 and Openssl 0.9.8 Did you ever get a response or figure out what the problem was? Dan Parks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Is Apache rotatelogs efficienct for real world use?
Olivier Nicole wrote: Is Apache rotatelogs suitable for handling large volumes of access logs, i.e. around 50K requests per hour at _peak_ time which is 1.2M requests per day. According to Apache website (http://httpd.apache.org/docs/1.3/logs.html#rotation) this becomes about 120MB in size per day. In another setting (few hits, buts hundreds of sites, rotatelogs means one process per site, while newsyslog is only one process when it is needed. The last log to rotate sending the appropriate signale to Apache. That's a fine point to mention. However, if you're running a bunch of domains using virtual hosts on one Apache instance, then you can just combine them into a single output logfile, have just one rotatelogs instance, feed that through rDNS lookups, and then feed them into a splitter per site or just use a webanalyser which is vhosts-aware and generates separate reports for each vhost -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Apache port OPTIONs support
All, Recently, the apache port changed as per the note in /usr/ports/UPDATING below. I used to build apache with the proxy modules: make WITH_PROXY_MODULES=yes install I've now tried: make WITHOUT_APACHE_OPTIONS=YES WITH_PROXY_MODULES=yes install This builds the proxy modules, but leaves out at least SSL modules, so I'm assuming there is a preferred way to specify specific options, but can't figure out how. Thanks for any help, Barry - From the /usr/ports/UPDATING file - By popular request, OPTIONS support has been added. When enabled (default), these knobs are ignored: * WITH__MODULES * WITHOUT__MODULES * WITH_CUSTOM_ * WITH_MODULES * WITHOUT_MODULES * WITH_STATIC_MODULES However, you can disable OPTIONS by defining WITHOUT_APACHE_OPTIONS. Previous ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Is Apache rotatelogs efficienct for real world use?
> Is Apache rotatelogs suitable for handling large volumes of > access logs, i.e. around 50K requests per hour at _peak_ time which is > 1.2M requests per day. According to Apache website > (http://httpd.apache.org/docs/1.3/logs.html#rotation) this becomes > about 120MB in size per day. In another setting (few hits, buts hundreds of sites, rotatelogs means one process per site, while newsyslog is only one process when it is needed. The last log to rotate sending the appropriate signale to Apache. Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Is Apache rotatelogs efficienct for real world use?
On 2007-10-01 Eric Crist wrote: > On Oct 1, 2007, at 2:43 PMOct 1, 2007, Bahman M. wrote: > > > Hi all, > > > > Is Apache rotatelogs suitable for handling large volumes of > > access logs, i.e. around 50K requests per hour at _peak_ time which > > is 1.2M requests per day. According to Apache website > > (http://httpd.apache.org/docs/1.3/logs.html#rotation) this becomes > > about 120MB in size per day. > > > > Does somebody have similar experience with rotatelogs? Would you > > direct me to the proper tool in case it's not efficient enough ? > > > > TIA, > > > > Bahman > > I would recommend letting syslog handle the rotation. While we > don't have that many hits, it's always worked well. > Absolutely agree however I'm looking for a non-native solution to logging as the configuration will be migrated to a Windoze 2003 server in the end -just testing on FreeBSD. Sorry, should have already stated this at the start of thread. Thanks, Bahman ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Is Apache rotatelogs efficienct for real world use?
On Oct 1, 2007, at 3:43 PM, Bahman M. wrote: Is Apache rotatelogs suitable for handling large volumes of access logs, i.e. around 50K requests per hour at _peak_ time which is 1.2M requests per day. According to Apache website (http://httpd.apache.org/docs/1.3/logs.html#rotation) this becomes about 120MB in size per day. Does somebody have similar experience with rotatelogs? Absolutely-- rotatelogs did just fine with one of the sites I used to admin which was getting between 1 and 2.5 million hits a day, depending on the day of the week it was. Storing the logfiles and doing analysis on them afterwards started getting pretty challenging, however: even doing reverse DNS lookups took a fair amount of work, and once you started piling up a year or so's worth, doing things like analog or webalyzer or Unison started taking close to 24-hours to finish running and produce a report. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Is Apache rotatelogs efficienct for real world use?
> > Hi all, > > Is Apache rotatelogs suitable for handling large volumes of > access logs, i.e. around 50K requests per hour at _peak_ time which is > 1.2M requests per day. According to Apache website > (http://httpd.apache.org/docs/1.3/logs.html#rotation) this becomes > about 120MB in size per day. > > Does somebody have similar experience with rotatelogs? Would you > direct me to the proper tool in case it's not efficient enough ? > > TIA, > > Bahman > We've used /usr/ports/sysutils/cronolog pretty much since the author first wrote it. Something to consider. Tuc/TBOH ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Is Apache rotatelogs efficienct for real world use?
On Oct 1, 2007, at 2:43 PMOct 1, 2007, Bahman M. wrote: Hi all, Is Apache rotatelogs suitable for handling large volumes of access logs, i.e. around 50K requests per hour at _peak_ time which is 1.2M requests per day. According to Apache website (http://httpd.apache.org/docs/1.3/logs.html#rotation) this becomes about 120MB in size per day. Does somebody have similar experience with rotatelogs? Would you direct me to the proper tool in case it's not efficient enough ? TIA, Bahman I would recommend letting syslog handle the rotation. While we don't have that many hits, it's always worked well. HTH - Eric F Crist Secure Computing Networks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Is Apache rotatelogs efficienct for real world use?
Hi all, Is Apache rotatelogs suitable for handling large volumes of access logs, i.e. around 50K requests per hour at _peak_ time which is 1.2M requests per day. According to Apache website (http://httpd.apache.org/docs/1.3/logs.html#rotation) this becomes about 120MB in size per day. Does somebody have similar experience with rotatelogs? Would you direct me to the proper tool in case it's not efficient enough ? TIA, Bahman ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Apache 2.0.61 and SSL start
Thanks Dave, I tried that, no luck. Tim Dave wrote: Hello, Try adding the line: apache2ssl_enable="YES" to /etc/rc.conf that should do it. Hth Dave. - Original Message - From: "Tim Kellers" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, September 09, 2007 8:27 PM Subject: Apache 2.0.61 and SSL start I portupgraded my apache 2.0.59 to 61 today with no errors, but on restart, SSL wasn't loaded. /usr/local/etc/rc.d/apache2 start starts the server (I have apache2enable="YES" in /etc/rc.conf), but ssl isn't loaded. apachectl -k start -DSSL prompts me for my sslcert passphrase, and, after I enter it, allows https access on port 443. When started with /usr/local/etc/rc.d/apache2 www# ps -waux | grep http root 61279 6.3 6.3 25624 15928 ?? Ss8:23PM 0:00.80 /usr/local/sbin/httpd www 61280 0.0 6.3 25624 15944 ?? S 8:23PM 0:00.00 /usr/local/sbin/httpd www 61281 0.0 6.3 25624 15944 ?? S 8:23PM 0:00.01 /usr/local/sbin/httpd www 61282 0.0 6.3 25624 15944 ?? S 8:23PM 0:00.00 /usr/local/sbin/httpd www 61283 0.0 6.3 25624 15944 ?? S 8:23PM 0:00.00 /usr/local/sbin/httpd www 61284 0.0 6.3 25624 15944 ?? S 8:23PM 0:00.00 /usr/local/sbin/httpd root 61286 0.0 0.1 372 216 p2 R+8:23PM 0:00.00 grep http When started with apachectl -k start -DSSL www# ps -waux | grep http root 61310 12.1 6.4 25868 16304 ?? Ss8:25PM 0:01.00 /usr/local/sbin/httpd -k start -DSSL www 61311 0.0 6.4 25868 16312 ?? S 8:25PM 0:00.01 /usr/local/sbin/httpd -k start -DSSL www 61312 0.0 6.4 25868 16312 ?? S 8:25PM 0:00.00 /usr/local/sbin/httpd -k start -DSSL www 61313 0.0 6.4 25868 16312 ?? S 8:25PM 0:00.00 /usr/local/sbin/httpd -k start -DSSL www 61314 0.0 6.4 25868 16312 ?? S 8:25PM 0:00.00 /usr/local/sbin/httpd -k start -DSSL www 61315 0.0 6.4 25868 16312 ?? S 8:25PM 0:00.00 /usr/local/sbin/httpd -k start -DSSL root 61317 0.0 0.1 372 216 p2 R+8:25PM 0:00.00 grep http Any ideas where I am going wrong? Tim Kellers ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Apache 2.0.61 and SSL start
I portupgraded my apache 2.0.59 to 61 today with no errors, but on restart, SSL wasn't loaded. /usr/local/etc/rc.d/apache2 start starts the server (I have apache2enable="YES" in /etc/rc.conf), but ssl isn't loaded. apachectl -k start -DSSL prompts me for my sslcert passphrase, and, after I enter it, allows https access on port 443. When started with /usr/local/etc/rc.d/apache2 www# ps -waux | grep http root 61279 6.3 6.3 25624 15928 ?? Ss8:23PM 0:00.80 /usr/local/sbin/httpd www 61280 0.0 6.3 25624 15944 ?? S 8:23PM 0:00.00 /usr/local/sbin/httpd www 61281 0.0 6.3 25624 15944 ?? S 8:23PM 0:00.01 /usr/local/sbin/httpd www 61282 0.0 6.3 25624 15944 ?? S 8:23PM 0:00.00 /usr/local/sbin/httpd www 61283 0.0 6.3 25624 15944 ?? S 8:23PM 0:00.00 /usr/local/sbin/httpd www 61284 0.0 6.3 25624 15944 ?? S 8:23PM 0:00.00 /usr/local/sbin/httpd root 61286 0.0 0.1 372 216 p2 R+8:23PM 0:00.00 grep http When started with apachectl -k start -DSSL www# ps -waux | grep http root 61310 12.1 6.4 25868 16304 ?? Ss8:25PM 0:01.00 /usr/local/sbin/httpd -k start -DSSL www 61311 0.0 6.4 25868 16312 ?? S 8:25PM 0:00.01 /usr/local/sbin/httpd -k start -DSSL www 61312 0.0 6.4 25868 16312 ?? S 8:25PM 0:00.00 /usr/local/sbin/httpd -k start -DSSL www 61313 0.0 6.4 25868 16312 ?? S 8:25PM 0:00.00 /usr/local/sbin/httpd -k start -DSSL www 61314 0.0 6.4 25868 16312 ?? S 8:25PM 0:00.00 /usr/local/sbin/httpd -k start -DSSL www 61315 0.0 6.4 25868 16312 ?? S 8:25PM 0:00.00 /usr/local/sbin/httpd -k start -DSSL root 61317 0.0 0.1 372 216 p2 R+8:25PM 0:00.00 grep http Any ideas where I am going wrong? Tim Kellers ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: (error) Your apache does not support DSO modules
I've since updated my ports tree again with the same error, so even though portupgrade says " ! lang/php5 (php5-5.2.3_1) (Makefile broken)" I think it's more likely that something else is wrong. Are there other things I might try? The DSO apache docs seem to be based on someone compiling by hand without the ports tree or something similar. I think it's something simple I'm missing but I don't really have much of a clue. Thanks for any help! Anthony On Aug 27, 2007, at 9:15 AM, Anthony Philipp wrote: Thanks for the quick response. I thought I had tried that link earlier and it hadn't worked. I must have mistyped something. In any case I was running "portupgrade -aRR" in an attempt to update my system. While running it quit with this error. I reupdated my ports tree to see if that was the issue, and tried again, but got the same error. Thanks for your help! Anthony On Mon, Aug 27, 2007 at 10:00:02AM -0400, Bob Johnson <[EMAIL PROTECTED]> wrote: http://httpd.apache.org/docs/2.2/dso.html What is it that you are actually trying to accomplish? What was the command that resulted in these errors? - Bob On 8/27/07, Anthony Philipp <[EMAIL PROTECTED]> wrote: Hi, When I searched for DSO modules I found this page: http://httpd.apache.org/docs/1.3/dso but it doesn.t seem to have a similar page for the 2.2.x series of Apache. Am I hunting down the correct path? I also checked /usr/ports/UPDATING but unable to find anything of relevance there. I.ve included the error below. Any help is appreciated. Regards, Anthony ---> Cleaning out obsolete shared libraries [Updating the pkgdb in /var/db/pkg ... - 848 packages found (-0 +1) . done] ** Makefile possibly broken: lang/php5: /usr/local/sbin/apxs: not found "/usr/ports/Mk/bsd.apache.mk", line 278: warning: "/usr/local/sbin/apxs -q MPM_NAME" returned non-zero status /usr/local/sbin/apxs: not found "/usr/ports/Mk/bsd.apache.mk", line 278: warning: "/usr/local/sbin/apxs -q MPM_NAME" returned non-zero status php5-5.2.3_1 : Your apache does not support DSO modules ---> Skipping 'security/php5-mcrypt' (php5-mcrypt-5.2.3_1) because a requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) ---> Skipping 'www/punbb' (punbb-1.2.15) because a requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) ---> Skipping 'converters/php5-iconv' (php5-iconv-5.2.3_1) because a requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) ---> Skipping 'textproc/php5-ctype' (php5-ctype-5.2.3_1) because a requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) ---> Skipping 'graphics/php5-gd' (php5-gd-5.2.3_1) because a requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) ---> Skipping 'net/php5-ldap' (php5-ldap-5.2.3_1) because a requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) ---> Skipping 'textproc/php5-xml' (php5-xml-5.2.3_1) because a requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) ---> Skipping 'www/php5-session' (php5-session-5.2.3_1) because a requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) ---> Skipping 'ftp/php5-curl' (php5-curl-5.2.3_1) because a requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) ---> Skipping 'databases/php5-mysql' (php5-mysql-5.2.3_1) because a requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) ---> Skipping 'devel/php5-pcre' (php5-pcre-5.2.3_1) because a requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) ** Detected a package name change: gpdf (graphics/evince) -> 'evince' (graphics/evince) ** No need to upgrade 'gpdf-2.10.0_5' (>= evince-0.8.3). (specify -f to force) ---> Skipping 'textproc/php5-simplexml' (php5-simplexml-5.2.3_1) because a requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) ---> Skipping 'devel/php5-spl' (php5-spl-5.2.3_1) because a requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) ---> Skipping 'textproc/php5-dom' (php5-dom-5.2.3_1) because a requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) ---> Skipping 'security/php5-mhash' (php5-mhash-5.2.3_1) because a requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) ** Listing the failed packages (*:skipped / !:failed) ! lang/php5 (php5-5.2.3_1)
Re: (error) Your apache does not support DSO modules
Thanks for the quick response. I thought I had tried that link earlier and it hadn't worked. I must have mistyped something. In any case I was running "portupgrade -aRR" in an attempt to update my system. While running it quit with this error. I reupdated my ports tree to see if that was the issue, and tried again, but got the same error. Thanks for your help! Anthony On Mon, Aug 27, 2007 at 10:00:02AM -0400, Bob Johnson <[EMAIL PROTECTED]> wrote: > http://httpd.apache.org/docs/2.2/dso.html > > What is it that you are actually trying to accomplish? What was the > command that resulted in these errors? > > - Bob > > > On 8/27/07, Anthony Philipp <[EMAIL PROTECTED]> wrote: > > Hi, > > > > When I searched for DSO modules I found this page: > > http://httpd.apache.org/docs/1.3/dso but it doesn.t seem to have a similar > > page for the 2.2.x series of Apache. Am I hunting down the correct path? I > > also checked /usr/ports/UPDATING but unable to find anything of relevance > > there. I.ve included the error below. Any help is appreciated. > > > > Regards, > > > > Anthony > > > > > > ---> Cleaning out obsolete shared libraries > > [Updating the pkgdb in /var/db/pkg ... - 848 packages > > found (-0 +1) . done] > > ** Makefile possibly broken: lang/php5: > > /usr/local/sbin/apxs: not found > > "/usr/ports/Mk/bsd.apache.mk", line 278: warning: > > "/usr/local/sbin/apxs -q MPM_NAME" returned non-zero status > > /usr/local/sbin/apxs: not found > > "/usr/ports/Mk/bsd.apache.mk", line 278: warning: > > "/usr/local/sbin/apxs -q MPM_NAME" returned non-zero status > > php5-5.2.3_1 > > : Your apache does not support DSO modules > > > > ---> Skipping 'security/php5-mcrypt' (php5-mcrypt-5.2.3_1) because a > > requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) > > ---> Skipping 'www/punbb' (punbb-1.2.15) because a requisite package > > 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) > > ---> Skipping 'converters/php5-iconv' (php5-iconv-5.2.3_1) because a > > requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) > > ---> Skipping 'textproc/php5-ctype' (php5-ctype-5.2.3_1) because a > > requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) > > ---> Skipping 'graphics/php5-gd' (php5-gd-5.2.3_1) because a requisite > > package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) > > ---> Skipping 'net/php5-ldap' (php5-ldap-5.2.3_1) because a requisite > > package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) > > ---> Skipping 'textproc/php5-xml' (php5-xml-5.2.3_1) because a requisite > > package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) > > ---> Skipping 'www/php5-session' (php5-session-5.2.3_1) because a requisite > > package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) > > ---> Skipping 'ftp/php5-curl' (php5-curl-5.2.3_1) because a requisite > > package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) > > ---> Skipping 'databases/php5-mysql' (php5-mysql-5.2.3_1) because a > > requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) > > ---> Skipping 'devel/php5-pcre' (php5-pcre-5.2.3_1) because a requisite > > package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) > > ** Detected a package name change: gpdf (graphics/evince) -> 'evince' > > (graphics/evince) > > ** No need to upgrade 'gpdf-2.10.0_5' (>= evince-0.8.3). (specify -f to > > force) > > ---> Skipping 'textproc/php5-simplexml' (php5-simplexml-5.2.3_1) because a > > requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) > > ---> Skipping 'devel/php5-spl' (php5-spl-5.2.3_1) because a requisite > > package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) > > ---> Skipping 'textproc/php5-dom' (php5-dom-5.2.3_1) because a requisite > > package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) > > ---> Skipping 'security/php5-mhash' (php5-mhash-5.2.3_1) because a > > requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) > > ** Listing the failed packages (*:skipped / !:failed) > &g
Re: (error) Your apache does not support DSO modules
http://httpd.apache.org/docs/2.2/dso.html What is it that you are actually trying to accomplish? What was the command that resulted in these errors? - Bob On 8/27/07, Anthony Philipp <[EMAIL PROTECTED]> wrote: > Hi, > > When I searched for DSO modules I found this page: > http://httpd.apache.org/docs/1.3/dso but it doesn.t seem to have a similar > page for the 2.2.x series of Apache. Am I hunting down the correct path? I > also checked /usr/ports/UPDATING but unable to find anything of relevance > there. I.ve included the error below. Any help is appreciated. > > Regards, > > Anthony > > > ---> Cleaning out obsolete shared libraries > [Updating the pkgdb in /var/db/pkg ... - 848 packages > found (-0 +1) . done] > ** Makefile possibly broken: lang/php5: > /usr/local/sbin/apxs: not found > "/usr/ports/Mk/bsd.apache.mk", line 278: warning: > "/usr/local/sbin/apxs -q MPM_NAME" returned non-zero status > /usr/local/sbin/apxs: not found > "/usr/ports/Mk/bsd.apache.mk", line 278: warning: > "/usr/local/sbin/apxs -q MPM_NAME" returned non-zero status > php5-5.2.3_1 > : Your apache does not support DSO modules > > ---> Skipping 'security/php5-mcrypt' (php5-mcrypt-5.2.3_1) because a > requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) > ---> Skipping 'www/punbb' (punbb-1.2.15) because a requisite package > 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) > ---> Skipping 'converters/php5-iconv' (php5-iconv-5.2.3_1) because a > requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) > ---> Skipping 'textproc/php5-ctype' (php5-ctype-5.2.3_1) because a > requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) > ---> Skipping 'graphics/php5-gd' (php5-gd-5.2.3_1) because a requisite > package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) > ---> Skipping 'net/php5-ldap' (php5-ldap-5.2.3_1) because a requisite > package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) > ---> Skipping 'textproc/php5-xml' (php5-xml-5.2.3_1) because a requisite > package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) > ---> Skipping 'www/php5-session' (php5-session-5.2.3_1) because a requisite > package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) > ---> Skipping 'ftp/php5-curl' (php5-curl-5.2.3_1) because a requisite > package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) > ---> Skipping 'databases/php5-mysql' (php5-mysql-5.2.3_1) because a > requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) > ---> Skipping 'devel/php5-pcre' (php5-pcre-5.2.3_1) because a requisite > package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) > ** Detected a package name change: gpdf (graphics/evince) -> 'evince' > (graphics/evince) > ** No need to upgrade 'gpdf-2.10.0_5' (>= evince-0.8.3). (specify -f to > force) > ---> Skipping 'textproc/php5-simplexml' (php5-simplexml-5.2.3_1) because a > requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) > ---> Skipping 'devel/php5-spl' (php5-spl-5.2.3_1) because a requisite > package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) > ---> Skipping 'textproc/php5-dom' (php5-dom-5.2.3_1) because a requisite > package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) > ---> Skipping 'security/php5-mhash' (php5-mhash-5.2.3_1) because a > requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) > ** Listing the failed packages (*:skipped / !:failed) > ! lang/php5 (php5-5.2.3_1) (Makefile broken) > * security/php5-mcrypt (php5-mcrypt-5.2.3_1) > * www/punbb (punbb-1.2.15) > * converters/php5-iconv (php5-iconv-5.2.3_1) > * textproc/php5-ctype (php5-ctype-5.2.3_1) > * graphics/php5-gd (php5-gd-5.2.3_1) > * net/php5-ldap (php5-ldap-5.2.3_1) > * textproc/php5-xml (php5-xml-5.2.3_1) > * www/php5-session (php5-session-5.2.3_1) > * ftp/php5-curl (php5-curl-5.2.3_1) > * databases/php5-mysql (php5-mysql-5.2.3_1) > * devel/php5-pcre (php5-pcre-5.2.3_1) > * textproc/php5-simplexml (php5-simplexml-5.2.3_1) > * devel/php5-spl (php5-spl-5.2.3_1) > * textproc/php5-dom (php5-dom-5.2.3_1) > * security/php5-mhash (php5-mhash-5.2.3_1) > ---> Packages processed: 7 done, 825 ignored, 15 skipped and 1 failed > > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
(error) Your apache does not support DSO modules
Hi, When I searched for DSO modules I found this page: http://httpd.apache.org/docs/1.3/dso but it doesn.t seem to have a similar page for the 2.2.x series of Apache. Am I hunting down the correct path? I also checked /usr/ports/UPDATING but unable to find anything of relevance there. I.ve included the error below. Any help is appreciated. Regards, Anthony ---> Cleaning out obsolete shared libraries [Updating the pkgdb in /var/db/pkg ... - 848 packages found (-0 +1) . done] ** Makefile possibly broken: lang/php5: /usr/local/sbin/apxs: not found "/usr/ports/Mk/bsd.apache.mk", line 278: warning: "/usr/local/sbin/apxs -q MPM_NAME" returned non-zero status /usr/local/sbin/apxs: not found "/usr/ports/Mk/bsd.apache.mk", line 278: warning: "/usr/local/sbin/apxs -q MPM_NAME" returned non-zero status php5-5.2.3_1 : Your apache does not support DSO modules ---> Skipping 'security/php5-mcrypt' (php5-mcrypt-5.2.3_1) because a requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) ---> Skipping 'www/punbb' (punbb-1.2.15) because a requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) ---> Skipping 'converters/php5-iconv' (php5-iconv-5.2.3_1) because a requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) ---> Skipping 'textproc/php5-ctype' (php5-ctype-5.2.3_1) because a requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) ---> Skipping 'graphics/php5-gd' (php5-gd-5.2.3_1) because a requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) ---> Skipping 'net/php5-ldap' (php5-ldap-5.2.3_1) because a requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) ---> Skipping 'textproc/php5-xml' (php5-xml-5.2.3_1) because a requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) ---> Skipping 'www/php5-session' (php5-session-5.2.3_1) because a requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) ---> Skipping 'ftp/php5-curl' (php5-curl-5.2.3_1) because a requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) ---> Skipping 'databases/php5-mysql' (php5-mysql-5.2.3_1) because a requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) ---> Skipping 'devel/php5-pcre' (php5-pcre-5.2.3_1) because a requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) ** Detected a package name change: gpdf (graphics/evince) -> 'evince' (graphics/evince) ** No need to upgrade 'gpdf-2.10.0_5' (>= evince-0.8.3). (specify -f to force) ---> Skipping 'textproc/php5-simplexml' (php5-simplexml-5.2.3_1) because a requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) ---> Skipping 'devel/php5-spl' (php5-spl-5.2.3_1) because a requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) ---> Skipping 'textproc/php5-dom' (php5-dom-5.2.3_1) because a requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) ---> Skipping 'security/php5-mhash' (php5-mhash-5.2.3_1) because a requisite package 'php5-5.2.3_1' (lang/php5) failed (specify -k to force) ** Listing the failed packages (*:skipped / !:failed) ! lang/php5 (php5-5.2.3_1) (Makefile broken) * security/php5-mcrypt (php5-mcrypt-5.2.3_1) * www/punbb (punbb-1.2.15) * converters/php5-iconv (php5-iconv-5.2.3_1) * textproc/php5-ctype (php5-ctype-5.2.3_1) * graphics/php5-gd (php5-gd-5.2.3_1) * net/php5-ldap (php5-ldap-5.2.3_1) * textproc/php5-xml (php5-xml-5.2.3_1) * www/php5-session (php5-session-5.2.3_1) * ftp/php5-curl (php5-curl-5.2.3_1) * databases/php5-mysql (php5-mysql-5.2.3_1) * devel/php5-pcre (php5-pcre-5.2.3_1) * textproc/php5-simplexml (php5-simplexml-5.2.3_1) * devel/php5-spl (php5-spl-5.2.3_1) * textproc/php5-dom (php5-dom-5.2.3_1) * security/php5-mhash (php5-mhash-5.2.3_1) ---> Packages processed: 7 done, 825 ignored, 15 skipped and 1 failed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Problem: Apache chroots but MySQL doesn't
Hi all, I've got an unusual problem with my server. It just restarted after a power cut. Everything came back up apart from MySQL. The server refuses to chroot it. %sudo /uetc/rc.d/mysql-server start Password: [: chroot: unexpected operator Starting mysql. %chroot: /jail/mysql: Operation not permitted The first error is normal. It doesn't seem to cause a problem. It's the 'Operation not permitted' error that bothers me. I've tried a manual chroot: %sudo chroot /jail/mysql /bin/sash Stand-alone shell (version 3.7) > exit % No problem there. The startup script is the one installed by the mysql51-server port, except for the 'command' line which now reads: command="chroot /jail/mysql mysqld_safe" It looks as if the script isn't running as root. It must be though, because when I change the command variable to "chroot /home/`whoami`", it throws an error because /home/root doesn't exist. I don't think the chroot binary itself is a problem as it started Apache just fine. So, I'm out of ideas. Help please? TiA, Adam J Richardson ps. I always forget this bit: %uname -a FreeBSD my.server.com 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri Jan 12 10:40:27 UTC 2007 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 % ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: apache problems
Reinhold wrote: On Thu, August 16, 2007 20:16, Hugo Silva wrote: Reinhold wrote: Hi I am having some problems with apache22 on my box. What happens is, when I'm viewing loads and loads of pages, apache will stop responding untill I restart it again. This normally happens when the free memory shown by top gets to about +- 100MB. Here is my dmesg output: Copyright (c) 1992-2007 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 6.2-STABLE #0: Thu Aug 2 12:32:26 CEST 2007 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/MYKERN module_register: module accf_data already exists! Module accf_data failed to register: 17 module_register: module accf_http already exists! Module accf_http failed to register: 17 ACPI APIC Table: Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Dual Core AMD Opteron(tm) Processor 165(1808.34-MHz K8-class CPU) Origin = "AuthenticAMD" Id = 0x20f32 Stepping = 2 Features=0x178bfbff Features2=0x1 AMD Features=0xe2500800 AMD Features2=0x3 Cores per package: 2 real memory = 2147418112 (2047 MB) avail memory = 2065465344 (1969 MB) FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 ioapic0: Changing APIC ID to 2 ioapic0 irqs 0-23 on motherboard kbd1 at kbdmux0 module_register_init: MOD_LOAD (accf_data, 0x802d0f90, 0x807120c0) error 17 module_register_init: MOD_LOAD (accf_http, 0x802d0f90, 0x80713720) error 17 acpi0: on motherboard acpi0: Power Button (fixed) Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000 acpi_timer0: <24-bit timer at 3.579545MHz> port 0x4008-0x400b on acpi0 cpu0: on acpi0 cpu1: on acpi0 acpi_button0: on acpi0 pcib0: port 0xcf8-0xcff on acpi0 pci0: on pcib0 pci0: at device 0.0 (no driver attached) isab0: at device 1.0 on pci0 isa0: on isab0 pci0: at device 1.1 (no driver attached) ohci0: mem 0xfe02f000-0xfe02 irq 21 at device 2.0 on pci0 ohci0: [GIANT-LOCKED] usb0: OHCI version 1.0, legacy support usb0: on ohci0 usb0: USB revision 1.0 uhub0: nVidia OHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 10 ports with 10 removable, self powered ehci0: mem 0xfeb0-0xfeb000ff irq 22 at device 2.1 on pci0 ehci0: [GIANT-LOCKED] usb1: EHCI version 1.0 usb1: companion controller, 4 ports each: usb0 usb1: on ehci0 usb1: USB revision 2.0 uhub1: nVidia EHCI root hub, class 9/0, rev 2.00/1.00, addr 1 uhub1: 10 ports with 10 removable, self powered atapci0: port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xe000-0xe00f at device 6.0 on pci0 ata0: on atapci0 ata1: on atapci0 atapci1: port 0x9f0-0x9f7,0xbf0-0xbf3,0x970-0x977,0xb70-0xb73,0xcc00-0xcc0f mem 0xfe02b000-0xfe02bfff irq 23 at device 7.0 on pci0 ata2: on atapci1 ata3: on atapci1 atapci2: port 0x9e0-0x9e7,0xbe0-0xbe3,0x960-0x967,0xb60-0xb63,0xb800-0xb80f mem 0xfe02a000-0xfe02afff irq 21 at device 8.0 on pci0 ata4: on atapci2 ata5: on atapci2 pcib1: at device 9.0 on pci0 pci1: on pcib1 rl0: port 0xac00-0xacff mem 0xfdfff000-0xfdfff0ff irq 17 at device 7.0 on pci1 miibus0: on rl0 rlphy0: on miibus0 rlphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto rl0: Ethernet address: 00:0e:2e:08:44:e4 pcib2: at device 11.0 on pci0 pci2: on pcib2 pcib3: at device 12.0 on pci0 pci3: on pcib3 pcib4: at device 13.0 on pci0 pci4: on pcib4 pcib5: at device 14.0 on pci0 pci5: on pcib5 pci5: at device 0.0 (no driver attached) acpi_tz0: on acpi0 fdc0: port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on acpi0 fdc0: [FAST] fd0: <1440-KB 3.5" drive> on fdc0 drive 0 sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0 sio0: type 16550A ppc0: port 0x378-0x37f,0x778-0x77b irq 7 on acpi0 ppc0: Generic chipset (NIBBLE-only) in COMPATIBLE mode ppbus0: on ppc0 plip0: on ppbus0 lpt0: on ppbus0 lpt0: Interrupt-driven port ppi0: on ppbus0 orm0: at iomem 0xc-0xcefff on isa0 atkbdc0: at port 0x60,0x64 on isa0 atkbd0: irq 1 on atkbdc0 kbd0 at atkbd0 atkbd0: [GIANT-LOCKED] sc0: at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> sio1: configured irq 3 not in bitmap of probed irqs 0 sio1: port may not be enabled vga0: at port 0x3c0-0x3df iomem 0xa-0xb on isa0 Timecounters tick every 1.000 msec ad0: 29312MB at ata0-master UDMA100 acd0: CDRW at ata1-master UDMA33 acd1: DVDROM at ata1-slave UDMA66 ad4: 238475MB at ata2-master SATA150 ad6: 238475MB at ata3-master SATA150 ad8: 76324MB at ata4-master SATA150 SMP: AP CPU #1 Launched! I'm also getting this error when I do a gracful restart of apache [Thu Aug 16 05:12:16 2007] [warn] (22)Invalid argument: Failed to enable the 'httpready' Accept Filter [Thu Aug 16 05:12:16 2007] [warn] (22)Invalid argument: Failed to enable the 'httpready' Accept Filter
Re: apache problems
On Thu, August 16, 2007 20:16, Hugo Silva wrote: > Reinhold wrote: > >> Hi >> >> >> I am having some problems with apache22 on my box. What happens is, >> when I'm viewing loads and loads of pages, apache will stop responding >> untill I restart it again. This normally happens when the free memory >> shown by top gets to about +- 100MB. >> >> Here is my dmesg output: >> Copyright (c) 1992-2007 The FreeBSD Project. >> Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 >> The Regents of the University of California. All rights reserved. >> FreeBSD is a registered trademark of The FreeBSD Foundation. >> FreeBSD 6.2-STABLE #0: Thu Aug 2 12:32:26 CEST 2007 >> [EMAIL PROTECTED]:/usr/obj/usr/src/sys/MYKERN >> module_register: module accf_data already exists! >> Module accf_data failed to register: 17 >> module_register: module accf_http already exists! >> Module accf_http failed to register: 17 >> ACPI APIC Table: >> Timecounter "i8254" frequency 1193182 Hz quality 0 >> CPU: Dual Core AMD Opteron(tm) Processor 165(1808.34-MHz K8-class >> CPU) >> Origin = "AuthenticAMD" Id = 0x20f32 Stepping = 2 >> >> >> Features=0x178bfbff> E,MCA,CMOV,PAT,PSE36,CLFLUSH,MMX,FXSR,SSE,SSE2,HTT> >> Features2=0x1 >> AMD Features=0xe2500800 >> AMD Features2=0x3 >> Cores per package: 2 >> real memory = 2147418112 (2047 MB) avail memory = 2065465344 (1969 MB) >> FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs >> cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 ioapic0: Changing APIC ID >> to 2 ioapic0 irqs 0-23 on motherboard kbd1 at kbdmux0 >> module_register_init: MOD_LOAD (accf_data, 0x802d0f90, >> 0x807120c0) error 17 >> module_register_init: MOD_LOAD (accf_http, 0x802d0f90, >> 0x80713720) error 17 >> acpi0: on motherboard >> acpi0: Power Button (fixed) >> Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000 >> acpi_timer0: <24-bit timer at 3.579545MHz> port 0x4008-0x400b on acpi0 >> cpu0: on acpi0 >> cpu1: on acpi0 >> acpi_button0: on acpi0 >> pcib0: port 0xcf8-0xcff on acpi0 >> pci0: on pcib0 >> pci0: at device 0.0 (no driver attached) >> isab0: at device 1.0 on pci0 >> isa0: on isab0 >> pci0: at device 1.1 (no driver attached) >> ohci0: mem 0xfe02f000-0xfe02 irq 21 >> at device 2.0 on pci0 ohci0: [GIANT-LOCKED] >> usb0: OHCI version 1.0, legacy support >> usb0: on ohci0 >> usb0: USB revision 1.0 >> uhub0: nVidia OHCI root hub, class 9/0, rev 1.00/1.00, addr 1 >> uhub0: 10 ports with 10 removable, self powered >> ehci0: mem 0xfeb0-0xfeb000ff irq >> 22 >> at device 2.1 on pci0 ehci0: [GIANT-LOCKED] >> usb1: EHCI version 1.0 >> usb1: companion controller, 4 ports each: usb0 >> usb1: on ehci0 >> usb1: USB revision 2.0 >> uhub1: nVidia EHCI root hub, class 9/0, rev 2.00/1.00, addr 1 >> uhub1: 10 ports with 10 removable, self powered >> atapci0: port >> 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xe000-0xe00f at device 6.0 on pci0 >> ata0: on atapci0 >> ata1: on atapci0 >> atapci1: port >> 0x9f0-0x9f7,0xbf0-0xbf3,0x970-0x977,0xb70-0xb73,0xcc00-0xcc0f mem >> 0xfe02b000-0xfe02bfff irq 23 at device 7.0 on pci0 >> ata2: on atapci1 >> ata3: on atapci1 >> atapci2: port >> 0x9e0-0x9e7,0xbe0-0xbe3,0x960-0x967,0xb60-0xb63,0xb800-0xb80f mem >> 0xfe02a000-0xfe02afff irq 21 at device 8.0 on pci0 >> ata4: on atapci2 >> ata5: on atapci2 >> pcib1: at device 9.0 on pci0 >> pci1: on pcib1 >> rl0: port 0xac00-0xacff mem >> 0xfdfff000-0xfdfff0ff irq 17 at device 7.0 on pci1 >> miibus0: on rl0 >> rlphy0: on miibus0 >> rlphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto >> rl0: Ethernet address: 00:0e:2e:08:44:e4 >> pcib2: at device 11.0 on pci0 >> pci2: on pcib2 >> pcib3: at device 12.0 on pci0 >> pci3: on pcib3 >> pcib4: at device 13.0 on pci0 >> pci4: on pcib4 >> pcib5: at device 14.0 on pci0 >> pci5: on pcib5 >> pci5: at device 0.0 (no driver attached) >> acpi_tz0: on acpi0 >> fdc0: port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on >> acpi0 fdc0: [FAST] >> fd0: <1440-KB 3.5" drive> on fdc0 drive 0 >> sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on >> acpi0 sio0: type 16550A >> ppc0: port 0x378-0x37f,0x778-0x77b irq >> 7 >> on acpi0 ppc0: Generic chipset (NIBBLE-only) in COMPATIBLE mode >> ppbus0: on ppc0 &g
Re: apache problems
Thanks I'll switch back to 4BSD and see what happens On Thu, August 16, 2007 20:09, Philip M. Gollucci wrote: > Kris Kennaway wrote: > >> On Thu, Aug 16, 2007 at 02:02:09PM -0400, Philip M. Gollucci wrote: >> options SCHED_ULE >>> I would stick with 4BSD in 6.x series until 7.0-r then use SCHED_SMP >>> >> >> You mean SCHED_ULE. >> >> >>> Thats not your problem though. >>> > Right, I forgot the name changed back. > > > > -- > > Philip M. Gollucci ([EMAIL PROTECTED]) 323.219.4708 > Senior System Admin - Riderway, Inc. http://riderway.com > 1024D/EC88A0BF 0DE5 C55C 6BF3 B235 2DAB B89E 1324 9B4F EC88 A0BF > > > Work like you don't need the money, > love like you'll never get hurt, and dance like nobody's watching. > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" > > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: apache problems
Reinhold wrote: Hi I am having some problems with apache22 on my box. What happens is, when I'm viewing loads and loads of pages, apache will stop responding untill I restart it again. This normally happens when the free memory shown by top gets to about +- 100MB. Here is my dmesg output: Copyright (c) 1992-2007 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 6.2-STABLE #0: Thu Aug 2 12:32:26 CEST 2007 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/MYKERN module_register: module accf_data already exists! Module accf_data failed to register: 17 module_register: module accf_http already exists! Module accf_http failed to register: 17 ACPI APIC Table: Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Dual Core AMD Opteron(tm) Processor 165(1808.34-MHz K8-class CPU) Origin = "AuthenticAMD" Id = 0x20f32 Stepping = 2 Features=0x178bfbff Features2=0x1 AMD Features=0xe2500800 AMD Features2=0x3 Cores per package: 2 real memory = 2147418112 (2047 MB) avail memory = 2065465344 (1969 MB) FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 ioapic0: Changing APIC ID to 2 ioapic0 irqs 0-23 on motherboard kbd1 at kbdmux0 module_register_init: MOD_LOAD (accf_data, 0x802d0f90, 0x807120c0) error 17 module_register_init: MOD_LOAD (accf_http, 0x802d0f90, 0x80713720) error 17 acpi0: on motherboard acpi0: Power Button (fixed) Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000 acpi_timer0: <24-bit timer at 3.579545MHz> port 0x4008-0x400b on acpi0 cpu0: on acpi0 cpu1: on acpi0 acpi_button0: on acpi0 pcib0: port 0xcf8-0xcff on acpi0 pci0: on pcib0 pci0: at device 0.0 (no driver attached) isab0: at device 1.0 on pci0 isa0: on isab0 pci0: at device 1.1 (no driver attached) ohci0: mem 0xfe02f000-0xfe02 irq 21 at device 2.0 on pci0 ohci0: [GIANT-LOCKED] usb0: OHCI version 1.0, legacy support usb0: on ohci0 usb0: USB revision 1.0 uhub0: nVidia OHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 10 ports with 10 removable, self powered ehci0: mem 0xfeb0-0xfeb000ff irq 22 at device 2.1 on pci0 ehci0: [GIANT-LOCKED] usb1: EHCI version 1.0 usb1: companion controller, 4 ports each: usb0 usb1: on ehci0 usb1: USB revision 2.0 uhub1: nVidia EHCI root hub, class 9/0, rev 2.00/1.00, addr 1 uhub1: 10 ports with 10 removable, self powered atapci0: port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xe000-0xe00f at device 6.0 on pci0 ata0: on atapci0 ata1: on atapci0 atapci1: port 0x9f0-0x9f7,0xbf0-0xbf3,0x970-0x977,0xb70-0xb73,0xcc00-0xcc0f mem 0xfe02b000-0xfe02bfff irq 23 at device 7.0 on pci0 ata2: on atapci1 ata3: on atapci1 atapci2: port 0x9e0-0x9e7,0xbe0-0xbe3,0x960-0x967,0xb60-0xb63,0xb800-0xb80f mem 0xfe02a000-0xfe02afff irq 21 at device 8.0 on pci0 ata4: on atapci2 ata5: on atapci2 pcib1: at device 9.0 on pci0 pci1: on pcib1 rl0: port 0xac00-0xacff mem 0xfdfff000-0xfdfff0ff irq 17 at device 7.0 on pci1 miibus0: on rl0 rlphy0: on miibus0 rlphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto rl0: Ethernet address: 00:0e:2e:08:44:e4 pcib2: at device 11.0 on pci0 pci2: on pcib2 pcib3: at device 12.0 on pci0 pci3: on pcib3 pcib4: at device 13.0 on pci0 pci4: on pcib4 pcib5: at device 14.0 on pci0 pci5: on pcib5 pci5: at device 0.0 (no driver attached) acpi_tz0: on acpi0 fdc0: port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on acpi0 fdc0: [FAST] fd0: <1440-KB 3.5" drive> on fdc0 drive 0 sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0 sio0: type 16550A ppc0: port 0x378-0x37f,0x778-0x77b irq 7 on acpi0 ppc0: Generic chipset (NIBBLE-only) in COMPATIBLE mode ppbus0: on ppc0 plip0: on ppbus0 lpt0: on ppbus0 lpt0: Interrupt-driven port ppi0: on ppbus0 orm0: at iomem 0xc-0xcefff on isa0 atkbdc0: at port 0x60,0x64 on isa0 atkbd0: irq 1 on atkbdc0 kbd0 at atkbd0 atkbd0: [GIANT-LOCKED] sc0: at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> sio1: configured irq 3 not in bitmap of probed irqs 0 sio1: port may not be enabled vga0: at port 0x3c0-0x3df iomem 0xa-0xb on isa0 Timecounters tick every 1.000 msec ad0: 29312MB at ata0-master UDMA100 acd0: CDRW at ata1-master UDMA33 acd1: DVDROM at ata1-slave UDMA66 ad4: 238475MB at ata2-master SATA150 ad6: 238475MB at ata3-master SATA150 ad8: 76324MB at ata4-master SATA150 SMP: AP CPU #1 Launched! I'm also getting this error when I do a gracful restart of apache [Thu Aug 16 05:12:16 2007] [warn] (22)Invalid argument: Failed to enable the 'httpready' Accept Filter [Thu Aug 16 05:12:16 2007] [warn] (22)Invalid argument: Failed to enable the 'httpready' Accept Filter and in my /boot/loader.conf I have added accf_data_
Re: apache problems
Kris Kennaway wrote: > On Thu, Aug 16, 2007 at 02:02:09PM -0400, Philip M. Gollucci wrote: >>> options SCHED_ULE >> I would stick with 4BSD in 6.x series until 7.0-r then use SCHED_SMP > > You mean SCHED_ULE. > >> Thats not your problem though. Right, I forgot the name changed back. -- Philip M. Gollucci ([EMAIL PROTECTED]) 323.219.4708 Senior System Admin - Riderway, Inc. http://riderway.com 1024D/EC88A0BF 0DE5 C55C 6BF3 B235 2DAB B89E 1324 9B4F EC88 A0BF Work like you don't need the money, love like you'll never get hurt, and dance like nobody's watching. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: apache problems
On Thu, Aug 16, 2007 at 02:02:09PM -0400, Philip M. Gollucci wrote: > > options SCHED_ULE > I would stick with 4BSD in 6.x series until 7.0-r then use SCHED_SMP You mean SCHED_ULE. > Thats not your problem though. It could be, it's too broken to use in 6.x and only fixed in 7.0. Kris pgpZGzuEOaJOc.pgp Description: PGP signature
Re: apache problems
> options SCHED_ULE I would stick with 4BSD in 6.x series until 7.0-r then use SCHED_SMP Thats not your problem though. -- Philip M. Gollucci ([EMAIL PROTECTED]) 323.219.4708 Senior System Admin - Riderway, Inc. http://riderway.com 1024D/EC88A0BF 0DE5 C55C 6BF3 B235 2DAB B89E 1324 9B4F EC88 A0BF Work like you don't need the money, love like you'll never get hurt, and dance like nobody's watching. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
apache problems
Hi I am having some problems with apache22 on my box. What happens is, when I'm viewing loads and loads of pages, apache will stop responding untill I restart it again. This normally happens when the free memory shown by top gets to about +- 100MB. Here is my dmesg output: Copyright (c) 1992-2007 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 6.2-STABLE #0: Thu Aug 2 12:32:26 CEST 2007 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/MYKERN module_register: module accf_data already exists! Module accf_data failed to register: 17 module_register: module accf_http already exists! Module accf_http failed to register: 17 ACPI APIC Table: Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Dual Core AMD Opteron(tm) Processor 165(1808.34-MHz K8-class CPU) Origin = "AuthenticAMD" Id = 0x20f32 Stepping = 2 Features=0x178bfbff Features2=0x1 AMD Features=0xe2500800 AMD Features2=0x3 Cores per package: 2 real memory = 2147418112 (2047 MB) avail memory = 2065465344 (1969 MB) FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 ioapic0: Changing APIC ID to 2 ioapic0 irqs 0-23 on motherboard kbd1 at kbdmux0 module_register_init: MOD_LOAD (accf_data, 0x802d0f90, 0x807120c0) error 17 module_register_init: MOD_LOAD (accf_http, 0x802d0f90, 0x80713720) error 17 acpi0: on motherboard acpi0: Power Button (fixed) Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000 acpi_timer0: <24-bit timer at 3.579545MHz> port 0x4008-0x400b on acpi0 cpu0: on acpi0 cpu1: on acpi0 acpi_button0: on acpi0 pcib0: port 0xcf8-0xcff on acpi0 pci0: on pcib0 pci0: at device 0.0 (no driver attached) isab0: at device 1.0 on pci0 isa0: on isab0 pci0: at device 1.1 (no driver attached) ohci0: mem 0xfe02f000-0xfe02 irq 21 at device 2.0 on pci0 ohci0: [GIANT-LOCKED] usb0: OHCI version 1.0, legacy support usb0: on ohci0 usb0: USB revision 1.0 uhub0: nVidia OHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 10 ports with 10 removable, self powered ehci0: mem 0xfeb0-0xfeb000ff irq 22 at device 2.1 on pci0 ehci0: [GIANT-LOCKED] usb1: EHCI version 1.0 usb1: companion controller, 4 ports each: usb0 usb1: on ehci0 usb1: USB revision 2.0 uhub1: nVidia EHCI root hub, class 9/0, rev 2.00/1.00, addr 1 uhub1: 10 ports with 10 removable, self powered atapci0: port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xe000-0xe00f at device 6.0 on pci0 ata0: on atapci0 ata1: on atapci0 atapci1: port 0x9f0-0x9f7,0xbf0-0xbf3,0x970-0x977,0xb70-0xb73,0xcc00-0xcc0f mem 0xfe02b000-0xfe02bfff irq 23 at device 7.0 on pci0 ata2: on atapci1 ata3: on atapci1 atapci2: port 0x9e0-0x9e7,0xbe0-0xbe3,0x960-0x967,0xb60-0xb63,0xb800-0xb80f mem 0xfe02a000-0xfe02afff irq 21 at device 8.0 on pci0 ata4: on atapci2 ata5: on atapci2 pcib1: at device 9.0 on pci0 pci1: on pcib1 rl0: port 0xac00-0xacff mem 0xfdfff000-0xfdfff0ff irq 17 at device 7.0 on pci1 miibus0: on rl0 rlphy0: on miibus0 rlphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto rl0: Ethernet address: 00:0e:2e:08:44:e4 pcib2: at device 11.0 on pci0 pci2: on pcib2 pcib3: at device 12.0 on pci0 pci3: on pcib3 pcib4: at device 13.0 on pci0 pci4: on pcib4 pcib5: at device 14.0 on pci0 pci5: on pcib5 pci5: at device 0.0 (no driver attached) acpi_tz0: on acpi0 fdc0: port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on acpi0 fdc0: [FAST] fd0: <1440-KB 3.5" drive> on fdc0 drive 0 sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0 sio0: type 16550A ppc0: port 0x378-0x37f,0x778-0x77b irq 7 on acpi0 ppc0: Generic chipset (NIBBLE-only) in COMPATIBLE mode ppbus0: on ppc0 plip0: on ppbus0 lpt0: on ppbus0 lpt0: Interrupt-driven port ppi0: on ppbus0 orm0: at iomem 0xc-0xcefff on isa0 atkbdc0: at port 0x60,0x64 on isa0 atkbd0: irq 1 on atkbdc0 kbd0 at atkbd0 atkbd0: [GIANT-LOCKED] sc0: at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> sio1: configured irq 3 not in bitmap of probed irqs 0 sio1: port may not be enabled vga0: at port 0x3c0-0x3df iomem 0xa-0xb on isa0 Timecounters tick every 1.000 msec ad0: 29312MB at ata0-master UDMA100 acd0: CDRW at ata1-master UDMA33 acd1: DVDROM at ata1-slave UDMA66 ad4: 238475MB at ata2-master SATA150 ad6: 238475MB at ata3-master SATA150 ad8: 76324MB at ata4-master SATA150 SMP: AP CPU #1 Launched! I'm also getting this error when I do a gracful restart of apache [Thu Aug 16 05:12:16 2007] [warn] (22)Invalid argument: Failed to enable the 'httpready' Accept Filter [Thu Aug 16 05:12:16 2007] [warn] (22)Invalid argument: Failed to enable the 'httpready' Accept Filter and in my /boot/loader.conf I have added accf_data_load="YES&qu
Re: trouble with php4, apache, egroupware, memory allocation
On Wed, 25 Jul 2007 22:10:24 -0700 (PDT) Mark Busby <[EMAIL PROTECTED]> wrote: > I'm running apache-1.3.37_4, php4-4.4.7, and eGroupWare-1.2.106_1. > Apache error file is returning the following error when trying to access > the calendar. > PHP Fatal error: Allowed memory size of 16777216 bytes exhausted (tried to > allocate 23040 bytes) I've searched but have not found a working fix. > Any Ideas?? > You have 16 MB of memory per PHP process/script allowed in php.ini. Change the memory_limit setting in /usr/local/etc/php.ini . If the file doesn't exist, copy the default distribution one as php.ini. You can choose /usr/local/etc/php.ini-recommended for production sites, or /usr/local/etc/php.ini-dist for a default which is not really that good. You can set your PHP settings with a simple php script with the following content : Good luck, _ {Beto|Norberto|Numard} Meijome "Have the courage to take your own thoughts seriously, for they will shape you." Albert Einstein I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
trouble with php4, apache, egroupware, memory allocation
I'm running apache-1.3.37_4, php4-4.4.7, and eGroupWare-1.2.106_1. Apache error file is returning the following error when trying to access the calendar. PHP Fatal error: Allowed memory size of 16777216 bytes exhausted (tried to allocate 23040 bytes) I've searched but have not found a working fix. Any Ideas?? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD 6.2-STABLE && apache 2.2.4 = bad performance. Help!
On Wed, 18 Jul 2007 23:12:57 +0100 "Michael Vaughn" <[EMAIL PROTECTED]> mentioned: > Hello everyone, > > I am contacting -performance, -questions, and -hackers in the hope someone > helps me troubleshoot a problem with FreeBSD 6.2 and apache 2.2.4 > Try to run truss(1) on any of apache processes and look what it's doing. -- Stanislav Sedov ST4096-RIPE pgptZ0CEO7yv2.pgp Description: PGP signature
Re: FreeBSD 6.2-STABLE && apache 2.2.4 = bad performance. Help!
On Wed, 18 Jul 2007 23:12:57 +0100 "Michael Vaughn" <[EMAIL PROTECTED]> wrote: > Hello everyone, > > I am contacting -performance, -questions, and -hackers in the hope someone > helps me troubleshoot a problem with FreeBSD 6.2 and apache 2.2.4 [ responding in questions - removed unnecessary lists] can you please make your php.ini, httpd.conf , enabled extras/* and Include/* available please? what's the output of httpd -V and httpd -l Do you use anything outside of the normal? Any networked file system ? [...] > The problem: > > Right after starting apache, the loads on the server will climb to 10-40's > and the application will become unacceptably slow. This will go on until few > users are using the said application. (note: other servers running older > FreeBSD versions on dual cpus running the same code don't exhibit this > system% problem) top shows more than 60% of the CPU time is spent on system: I would first try to determine if the problem is with your application OR apache+OS+configuration combo you have here. - get rid of your application altogether - does apache behave the same way (without clients hitting it)? If yes, dont worry about your app at all for now - apache shouldn't load your system like this. - If load with no-own-app-and-no-clients is ok, use ab to generate some load on the server , on plain html pages. what happens then? - I am not sure what would the best way to test PHP load...but there may be out there some test framework / standard php applications that can be used as a point of reference... - you can run ktrace httpd -X and start using your app, and see if you get anything interesting in the output > I had to lower MaxClients on apache substancially from 128 to 32, or loads > would quickly go to 40+. (Other servers with dual cpus instead of quad and > apache 1.3 on freebsd 6.0 don't have this problem) something is fishy here , I've had (have? ) Apache boxen (i386 though ) with several hundred children allowed (well, big enough that i had to change the build defaults ), and it works fine. (i am not comparing apps, of course, but the server behaviour is what is interesting) HIH, B _ {Beto|Norberto|Numard} Meijome "The freethinking of one age is the common sense of the next." Matthew Arnold I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD 6.2-STABLE && apache 2.2.4 = bad performance. Help!
On 7/19/07, Chuck Swiger <[EMAIL PROTECTED]> wrote: On Jul 18, 2007, at 4:15 PM, Michael Vaughn wrote: >> Your Apache processes are huge; mine typically stay under 20MB in >> VSIZE even with PHP loaded (this is Apache-2.0.59 + PHP 4.4.7 or PHP >> 5.2.x). I suspect your PHP app(s) are leaking memory or otherwise >> have some significant problems with the way they are coded. > > The SIZE is huge; What they really use is about 20-30Mb as would be > expected. I tend to see 20MB VSIZE and 15-18 MB RES; 140MB VSIZE and 20MB RES means 120MB is either swapped out, allocated but never referenced, or in "inactive" memory state. With apache 1.3 I see about 80K size and 35-40K RES (on a 6.2-STABLE server as of Mon Feb 26 02:46:31 UTC 2007, dual cpu i386). That memory profile of your apache is surprising and resembles only a few cases I ran into, where people were writing huge Perl+DBD/DBI scripts via mod_perl that inflated RAM usage significantly and caused similar problems until some sanity checking and limiting of result sets was implemented in their code. 60M come from pecl-APC (apc.shm_size = 60), which I've tried setting at 30, and disabling via apc.enabled=0 , both to no avail. I have, as mentioned before, disabled all the apache modules I did not need (a quick grep ^LoadModule and ^#LoadModule shows 35 enabled vs 16 disabled) . > I had to lower MaxClients on apache substancially from 128 to 32, >> > or loads would quickly go to 40+. (Other servers with dual cpus >> instead of >> > quad and apache 1.3 on freebsd 6.0 don't have this problem) >> >> The fact that your server starts dogging out around 40 processes is >> not surprising-- 40 * ~140MB per httpd child = 5600 MB, which exceeds >> the available physical memory in the system, at which point you start >> swapping excessively and the performance is going to plummet. > > Swap: 8000M Total, 8000M Free OK-- was this under your 30+ simultaneous clients load where you start seeing problems, or was this at a point where the system was closer to idle? CPU states: 15.6% user, 0.0% nice, 79.2% system, 0.8% interrupt, 4,4% idleSwap: 8000M Total, 8000M Free Taken right now, with a load of 10.18 and 34 apache processes. Swap was the first thing I checked, it *never* gets used at all. Compare with the other server on 6.2-STABLE/i386 apache 1.3: CPU states: 15.4% user, 0.0% nice, 21.3% system, 2.1% interrupt, 61.2% idle Huge difference, and the server that's performing well is more loaded than the one with problems, running on inferior hardware (2cpu vs 4cpu). > Am I the only one getting terrible performance with apache2 on >> > FreeBSD 6 ? >> >> Apache-2.0 + PHP does just fine for me; I'm not sure that Apache-2.2 >> + PHP5 has been as well tested or is as lightweight in resources as >> the older Apache 1.3 or 2.0 flavors are. It might be worth >> downgrading to an older Apache to test things out, but it really does >> sound like the web app you've got is the problem more than FreeBSD 6 >> or the rest of your infrastructure > > I might give 2.0 a go; I felt this was worth mentioning because > most of the cpu time is spent on system, even with just 32 MaxClients. > > Do note I mentioned the same app runs on inferior, with loads of > 0-4 (not optimal, but there is no noticeable slowdown there) on > FreeBSD 6.0/i386 apache 1.3 (this is 6.2-STABLE/amd64 apache > 2.2.4), and that is also part of the reason I went ahead and mailed > the list. It doesn't make sense that a server with twice the ram, > twice the processors and a recent OS version is spending 70% of the > time in system% whereas the old servers running for 400+ days spend > about 25% in system%. True enough. There's a fair difference in memory profile between the 32-bit x86 flavor of FreeBSD and the AMD64 flavor, although I wouldn't expect it to result in such an extreme difference. It'd be interesting to see how the 32-bit version of 6.2 does and whether it makes a noticable change, if you get a chance to switch out for testing... I can't trash this server and install the i386 version on it. Tthe closer I have is the 6.2-STABLE server (exact date mentioned above) which runs on a dual xeon with 4GB ram, on i386. That one is way more loaded and the load is usually around 1-4, without noticeable slowdowns. Mark ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD 6.2-STABLE && apache 2.2.4 = bad performance. Help!
On Jul 18, 2007, at 4:15 PM, Michael Vaughn wrote: Your Apache processes are huge; mine typically stay under 20MB in VSIZE even with PHP loaded (this is Apache-2.0.59 + PHP 4.4.7 or PHP 5.2.x). I suspect your PHP app(s) are leaking memory or otherwise have some significant problems with the way they are coded. The SIZE is huge; What they really use is about 20-30Mb as would be expected. I tend to see 20MB VSIZE and 15-18 MB RES; 140MB VSIZE and 20MB RES means 120MB is either swapped out, allocated but never referenced, or in "inactive" memory state. That memory profile of your apache is surprising and resembles only a few cases I ran into, where people were writing huge Perl+DBD/DBI scripts via mod_perl that inflated RAM usage significantly and caused similar problems until some sanity checking and limiting of result sets was implemented in their code. > I had to lower MaxClients on apache substancially from 128 to 32, > or loads would quickly go to 40+. (Other servers with dual cpus instead of > quad and apache 1.3 on freebsd 6.0 don't have this problem) The fact that your server starts dogging out around 40 processes is not surprising-- 40 * ~140MB per httpd child = 5600 MB, which exceeds the available physical memory in the system, at which point you start swapping excessively and the performance is going to plummet. Swap: 8000M Total, 8000M Free OK-- was this under your 30+ simultaneous clients load where you start seeing problems, or was this at a point where the system was closer to idle? > Am I the only one getting terrible performance with apache2 on > FreeBSD 6 ? Apache-2.0 + PHP does just fine for me; I'm not sure that Apache-2.2 + PHP5 has been as well tested or is as lightweight in resources as the older Apache 1.3 or 2.0 flavors are. It might be worth downgrading to an older Apache to test things out, but it really does sound like the web app you've got is the problem more than FreeBSD 6 or the rest of your infrastructure I might give 2.0 a go; I felt this was worth mentioning because most of the cpu time is spent on system, even with just 32 MaxClients. Do note I mentioned the same app runs on inferior, with loads of 0-4 (not optimal, but there is no noticeable slowdown there) on FreeBSD 6.0/i386 apache 1.3 (this is 6.2-STABLE/amd64 apache 2.2.4), and that is also part of the reason I went ahead and mailed the list. It doesn't make sense that a server with twice the ram, twice the processors and a recent OS version is spending 70% of the time in system% whereas the old servers running for 400+ days spend about 25% in system%. True enough. There's a fair difference in memory profile between the 32-bit x86 flavor of FreeBSD and the AMD64 flavor, although I wouldn't expect it to result in such an extreme difference. It'd be interesting to see how the 32-bit version of 6.2 does and whether it makes a noticable change, if you get a chance to switch out for testing... -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Fwd: FreeBSD 6.2-STABLE && apache 2.2.4 = bad performance. Help!
On 7/19/07, Chuck Swiger <[EMAIL PROTECTED]> wrote: On Jul 18, 2007, at 3:12 PM, Michael Vaughn wrote: > Hello everyone, Hi-- > I am contacting -performance, -questions, and -hackers in the hope > someone > helps me troubleshoot a problem with FreeBSD 6.2 and apache 2.2.4 Please don't cross-post between multiple FreeBSD lists; pick the most appropriate one. [ ... ] > Right after starting apache, the loads on the server will climb to > 10-40's > and the application will become unacceptably slow. This will go on > until few > users are using the said application. (note: other servers running > older > FreeBSD versions on dual cpus running the same code don't exhibit this > system% problem) top shows more than 60% of the CPU time is spent > on system: > > CPU states: 19.9% user, 0.0% nice, 73.7% system, 1.7% interrupt, > 4.7% idle > Mem: 398M Active, 2226M Inact, 253M Wired, 202M Cache, 214M Buf, > 567M Free > > The apache processes look like: > PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND > 56882 www 1 103 0 139M 17516K select 0 0:03 12.66% httpd > 56862 www 1 100 0 139M 21168K CPU2 6 0:06 11.87% httpd > 56830 www 1 99 0 138M 19684K select 2 0:09 10.76% httpd > 56887 www 1 105 0 139M 17488K select 6 0:01 10.49% httpd [ ... ] Your Apache processes are huge; mine typically stay under 20MB in VSIZE even with PHP loaded (this is Apache-2.0.59 + PHP 4.4.7 or PHP 5.2.x). I suspect your PHP app(s) are leaking memory or otherwise have some significant problems with the way they are coded. The SIZE is huge; What they really use is about 20-30Mb as would be expected. I had to lower MaxClients on apache substancially from 128 to 32, > or loads > would quickly go to 40+. (Other servers with dual cpus instead of > quad and > apache 1.3 on freebsd 6.0 don't have this problem) The fact that your server starts dogging out around 40 processes is not surprising-- 40 * ~140MB per httpd child = 5600 MB, which exceeds the available physical memory in the system, at which point you start swapping excessively and the performance is going to plummet. Swap: 8000M Total, 8000M Free You will have to find a way to make those httpd children smaller or else reduce the max number you run to 30 or less. I have tried disabling pecl-APC and I already have most of the modules commented out on httpd.conf. Nothing special running, other than php & extensions, and mod_security2. The least I got was 70Mb per child. Now this web application isn't the best code out there, but this is > a quad > cpu server and it's performing a lot worse than some servers I have > running > with 6.0 with apache 1.3 for over 400 days. > > Am I the only one getting terrible performance with apache2 on > FreeBSD 6 ? Apache-2.0 + PHP does just fine for me; I'm not sure that Apache-2.2 + PHP5 has been as well tested or is as lightweight in resources as the older Apache 1.3 or 2.0 flavors are. It might be worth downgrading to an older Apache to test things out, but it really does sound like the web app you've got is the problem more than FreeBSD 6 or the rest of your infrastructure I might give 2.0 a go; I felt this was worth mentioning because most of the cpu time is spent on system, even with just 32 MaxClients. Do note I mentioned the same app runs on inferior, with loads of 0-4 (not optimal, but there is no noticeable slowdown there) on FreeBSD 6.0/i386 apache 1.3 (this is 6.2-STABLE/amd64 apache 2.2.4), and that is also part of the reason I went ahead and mailed the list. It doesn't make sense that a server with twice the ram, twice the processors and a recent OS version is spending 70% of the time in system% whereas the old servers running for 400+ days spend about 25% in system%. Thanks for your reply. Also -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD 6.2-STABLE && apache 2.2.4 = bad performance. Help!
On Jul 18, 2007, at 3:12 PM, Michael Vaughn wrote: Hello everyone, Hi-- I am contacting -performance, -questions, and -hackers in the hope someone helps me troubleshoot a problem with FreeBSD 6.2 and apache 2.2.4 Please don't cross-post between multiple FreeBSD lists; pick the most appropriate one. [ ... ] Right after starting apache, the loads on the server will climb to 10-40's and the application will become unacceptably slow. This will go on until few users are using the said application. (note: other servers running older FreeBSD versions on dual cpus running the same code don't exhibit this system% problem) top shows more than 60% of the CPU time is spent on system: CPU states: 19.9% user, 0.0% nice, 73.7% system, 1.7% interrupt, 4.7% idle Mem: 398M Active, 2226M Inact, 253M Wired, 202M Cache, 214M Buf, 567M Free The apache processes look like: PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND 56882 www 1 103 0 139M 17516K select 0 0:03 12.66% httpd 56862 www 1 100 0 139M 21168K CPU2 6 0:06 11.87% httpd 56830 www 1 99 0 138M 19684K select 2 0:09 10.76% httpd 56887 www 1 105 0 139M 17488K select 6 0:01 10.49% httpd [ ... ] Your Apache processes are huge; mine typically stay under 20MB in VSIZE even with PHP loaded (this is Apache-2.0.59 + PHP 4.4.7 or PHP 5.2.x). I suspect your PHP app(s) are leaking memory or otherwise have some significant problems with the way they are coded. I had to lower MaxClients on apache substancially from 128 to 32, or loads would quickly go to 40+. (Other servers with dual cpus instead of quad and apache 1.3 on freebsd 6.0 don't have this problem) The fact that your server starts dogging out around 40 processes is not surprising-- 40 * ~140MB per httpd child = 5600 MB, which exceeds the available physical memory in the system, at which point you start swapping excessively and the performance is going to plummet. You will have to find a way to make those httpd children smaller or else reduce the max number you run to 30 or less. Now this web application isn't the best code out there, but this is a quad cpu server and it's performing a lot worse than some servers I have running with 6.0 with apache 1.3 for over 400 days. Am I the only one getting terrible performance with apache2 on FreeBSD 6 ? Apache-2.0 + PHP does just fine for me; I'm not sure that Apache-2.2 + PHP5 has been as well tested or is as lightweight in resources as the older Apache 1.3 or 2.0 flavors are. It might be worth downgrading to an older Apache to test things out, but it really does sound like the web app you've got is the problem more than FreeBSD 6 or the rest of your infrastructure -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
FreeBSD 6.2-STABLE && apache 2.2.4 = bad performance. Help!
Hello everyone, I am contacting -performance, -questions, and -hackers in the hope someone helps me troubleshoot a problem with FreeBSD 6.2 and apache 2.2.4 uname: FreeBSD 6.2-STABLE Fri Jun 22 12:17:03 UTC 2007 amd64 installed php modules: php5-5.2.3 PHP Scripting Language (Apache Module and CLI) php5-gd-5.2.3 The gd shared extension for php php5-mysql-5.2.3 The mysql shared extension for php php5-pcre-5.2.3 The pcre shared extension for php php5-session-5.2.3 The session shared extension for php php5-simplexml-5.2.3 The simplexml shared extension for php php5-tokenizer-5.2.3 The tokenizer shared extension for php php5-xml-5.2.3 The xml shared extension for php apache version: apache-2.2.4_2 Version 2.2 of Apache web server with prefork MPM. system: real memory = 5100273664 (4864 MB) avail memory = 4120178688 (3929 MB) CPU: Intel(R) Xeon(TM) CPU 2.66GHz (2666.78-MHz K8-class CPU) Logical CPUs per core: 2 FreeBSD/SMP: Multiprocessor System Detected: 8 CPUs The problem: Right after starting apache, the loads on the server will climb to 10-40's and the application will become unacceptably slow. This will go on until few users are using the said application. (note: other servers running older FreeBSD versions on dual cpus running the same code don't exhibit this system% problem) top shows more than 60% of the CPU time is spent on system: CPU states: 19.9% user, 0.0% nice, 73.7% system, 1.7% interrupt, 4.7% idle Mem: 398M Active, 2226M Inact, 253M Wired, 202M Cache, 214M Buf, 567M Free The apache processes look like: PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND 56882 www 1 103 0 139M 17516K select 0 0:03 12.66% httpd 56862 www 1 100 0 139M 21168K CPU2 6 0:06 11.87% httpd 56830 www 1 99 0 138M 19684K select 2 0:09 10.76% httpd 56887 www 1 105 0 139M 17488K select 6 0:01 10.49% httpd 56852 www 1 99 0 138M 20352K select 4 0:06 10.26% httpd 56889 www 1 106 0 139M 17548K select 6 0:01 10.04% httpd 56894 www 1 109 0 139M 17024K select 6 0:01 9.79% httpd 56839 www 1 99 0 138M 21216K select 6 0:06 9.36% httpd 56866 www 1 99 0 138M 17664K select 6 0:04 9.36% httpd 56890 www 1 108 0 138M 16180K select 4 0:01 9.29% httpd 56848 www 1 99 0 138M 20460K select 2 0:06 9.27% httpd 56865 www 1 99 0 138M 18920K select 2 0:05 9.23% httpd 56883 www 1 102 0 138M 16744K select 4 0:02 8.99% httpd 56870 www 1 100 0 139M 18440K select 2 0:03 8.86% httpd 56850 www 1 98 0 138M 21284K select 6 0:05 8.84% httpd 56860 www 1 99 0 138M 19584K select 0 0:05 8.70% httpd 56864 www 1 99 0 139M 18028K select 2 0:04 8.23% httpd 56854 www 1 99 0 138M 20696K select 6 0:05 8.23% httpd 56853 www 1 98 0 138M 19564K select 4 0:06 8.11% httpd 56835 www 1 98 0 139M 20276K CPU6 4 0:07 8.10% httpd 56849 www 1 98 0 138M 19532K select 0 0:05 7.95% httpd 56851 www 1 98 0 139M 20252K select 4 0:05 7.35% httpd 56888 www 1 4 0 139M 17100K sbwait 6 0:01 7.31% httpd 56869 www 1 100 0 139M 18632K select 4 0:02 6.75% httpd 56861 www 1 98 0 139M 18404K select 0 0:04 6.58% httpd 56863 www 1 98 0 139M 20220K select 2 0:03 6.40% httpd 56867 www 1 99 0 138M 17452K select 6 0:03 6.39% httpd 56868 www 1 99 0 138M 18376K select 0 0:03 6.20% httpd 56893 www 1 107 0 138M 12964K select 0 0:00 5.62% httpd 56878 www 1 100 0 138M 16732K select 6 0:02 5.27% httpd 56881 www 1 100 0 138M 16288K select 6 0:01 2.18% httpd I had to lower MaxClients on apache substancially from 128 to 32, or loads would quickly go to 40+. (Other servers with dual cpus instead of quad and apache 1.3 on freebsd 6.0 don't have this problem) vmstat 1: procs memory page disks faults cpu r b w avm fre flt re pi po fr sr ad4 ad6 in sy cs us sy id 0 1 0 1380860 787212 1365 0 0 0 1312 1 0 0 486 559 842 13 22 65 1 1 0 1384588 787128 2724 0 0 0 2581 0 0 88 3038 82956 48776 19 38 43 4 1 0 1399232 782936 3328 0 0 0 2112 0 0 97 3592 101093 66497 24 50 26 0 1 2 1400200 781628 3726 0 0 0 2910 0 0 99 3529 100289 81531 23 58 19 19 1 0 1404000 778556 2263 0 0 0 1141 0 0 62 2964 73572 101432 19 76 5 15 1 1 1402452 776800 2499 0 0 0 1714 0 7 74 2965 68441 102276 19 78 3 15 1 0 1401548 777112 2213 0 0 0 2103 0 0 42 2491 105584 109418 15 79 6 8 1 1 1403324 778856 2606 0 0 0 2748 0 0 84 2996 75288 91676 22 76 2 0 1 3 1396864 781344 2764 0 0 0 3010 0 0 86 3393 90765 85952 25 70 5 1 2 0 1395520 782604 2774 0 0 0 2978 0 0 79 3195 88251 92623 20 63 17 6 1 0 1396096 781832 2641 0 0 0 2195 0 1 82 3347 96322 55942 21 42 37 iostat 1: tty ad4 ad6 ad8 cpu tin tout KB/t tps MB/s KB/t tps MB/s KB/t tps MB/s us ni sy in id 0 28 13.94 4 0.06 16.13 48 0.75 13.94 4 0.06 13 0 21 1 65 0 231 0.00 0 0.00 16.00 68 1.06 0.00 0 0.00 19 0 74 1 5 0 77 0.00 0 0.00 16.00 90 1.40 0.00 0 0.00 17 0 77 2 4 0 77 0.50 1 0.00 16.00 46 0.72 0.50 1 0.00 14 0 82 1 4 0 77 0.00 0 0.00 16.00 83 1.30 0.00 0 0.00 21 0 65 2 12 0 77 0.00 0 0.00 16.00 37 0.58 0.00 0 0.00 18 0 76 1 5 0 77 0.00 0 0.00 16.00 82 1.28 0.00 0 0.00 20 0 74 2 4 0 77 0.00 0 0.00 16.00 68 1.06 0.00 0 0.00 21 0 47 2 30 0 77 0.00 0 0.00 16.00 61 0.95
RE: stopping "connect" attacks in apache (solution)
>>On Jun 15, 2007, at 7:49 PM, Bob wrote: >> Every time my apache server slows down or has denial of service the >> access >> log is full this >> >> 61.228.122.220 - "CONNECT 66.196.97.250:25 HTTP/1.0" 200 7034 "-" "-" >> 61.228.122.220 - "CONNECT 216.39.53.3:25 HTTP/1.0" 200 7034 "-" "-" >> 61.228.122.220 - "CONNECT 216.39.53.1:25 HTTP/1.0" 200 7034 "-" "-" >> 61.228.122.220 - "CONNECT 168.95.5.155:25 HTTP/1.0" 200 7034 "-" "-" >> 61.228.122.220 - "CONNECT 168.95.5.157:25 HTTP/1.0" 200 7034 "-" "-" >> 61.228.122.220 - "CONNECT 168.95.5.159:25 HTTP/1.0" 200 7034 "-" "-" >> >IP 61.228.122.220 is using the HTTP CONNECT method to relay spam to >port 25 on the targets via your Apache server. > >This almost certainly indicates that you've got mod_proxy loaded or >something similar via mod_perl/mod_php/whatever, as the CONNECT >attack would get a "405 Method not allowed" error otherwise. > >Check http://your_webserver/server-info for details. mod_proxy is commented out but am using php5. Tried putting this statement http.allowed_methods = GET & POST into /usr/local/etc/php.inibut it had no effect. The best solution was to add an location declarative with a limitexcept. The location in the httpd-conf where to place this is very important. First find this in the conf file # # Each directory to which Apache has access, can be configured with respect # to which services and features are allowed and/or disabled in that # directory (and its subdirectories). # # First, we configure the "default" to be a very restrictive set of # permissions for directories. # Options FollowSymLinks AllowOverride None Order allow,deny Deny from all Then add the following right after it and restart apache to activate. # Second, we configure the "default" Location to restrict the methods allowed # to stop CONNECT method attacks. # Order allow,deny Deny from all All CONNECT requests from this point on will get a status code of 403 Forbidden for both perl and php CONNECT attacks. Just posting this as best solution for the archives. Good luck all. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Help getting apache 22 working
On 6/27/07, Norberto Meijome <[EMAIL PROTECTED]> wrote: accf_http is not compulsory for apache to work. Ah, ok. That's good to know, though I did put the module to autoload in my loader.conf file. > > However, the server still isn't working as a "lynx localhost" is > denied and sockstat doesn't show any listening sockets on port 80. > What else needs to be done to get apache 22 working? did you add the enabling line in /etc/rc.conf? For version 2.2 it should be apache22_enable="YES" Not yet. I was just trying to start it via "/usr/local/sbin/apachectl". ( you actually need to check the startup script at /usr/local/etc/rc.d/, in this case /usr/local/etc/rc.d/apache22 to see what _enable line is needed ) then you start the webserver with /usr/local/etc/rc.d/apache22 start ( or 'forcestart' instead of start if you don't have the _enable line in rc.conf) Also, make sure you have no firewall in place stopping the traffic. Thanks for the info. I actually found that, apparently, apache 22 is much more of a stickler for an IP address to hostname than is apache 1.3. I did a little bit of slight of hand in /etc/hosts and then started apache and it actually started for me. I didn't think this was the problem because on my personal machine I'm running 1.3 and I get this same error, but the server still starts. Thanks everybody. Andy ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Help getting apache 22 working
On Wed, 27 Jun 2007 19:42:11 -0600 "Andrew Falanga" <[EMAIL PROTECTED]> wrote: > Hi, > > I've installed apache 22 on my churches web server and am having some > difficulty getting it working. I've figured out that I need something > call accept filters accept_filter(9) for this as the server was > complaining about a missing file named "httpready" (or something like > this). I found from the Apache site linked in the handbook that I > need to have a kernel module named accf_http loaded, which I have > done. This has actually eliminated that error. accf_http is not compulsory for apache to work. > > However, the server still isn't working as a "lynx localhost" is > denied and sockstat doesn't show any listening sockets on port 80. > What else needs to be done to get apache 22 working? did you add the enabling line in /etc/rc.conf? For version 2.2 it should be apache22_enable="YES" ( you actually need to check the startup script at /usr/local/etc/rc.d/, in this case /usr/local/etc/rc.d/apache22 to see what _enable line is needed ) then you start the webserver with /usr/local/etc/rc.d/apache22 start ( or 'forcestart' instead of start if you don't have the _enable line in rc.conf) Also, make sure you have no firewall in place stopping the traffic. _ {Beto|Norberto|Numard} Meijome Q. How do you make God laugh? A. Tell him your plans. I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Help getting apache 22 working
Hi, I've installed apache 22 on my churches web server and am having some difficulty getting it working. I've figured out that I need something call accept filters accept_filter(9) for this as the server was complaining about a missing file named "httpready" (or something like this). I found from the Apache site linked in the handbook that I need to have a kernel module named accf_http loaded, which I have done. This has actually eliminated that error. However, the server still isn't working as a "lynx localhost" is denied and sockstat doesn't show any listening sockets on port 80. What else needs to be done to get apache 22 working? Andy ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Permanent apache patch
This seems to be the case... with csup at least... I would imagine portsnap might bust it though. Thanks :) Lowell Gilbert wrote: Roland Smith [1]<[EMAIL PROTECTED]> writes: Unfortunately most port update tools will delete files that are not in the master tree. In the cases I know of, this will only happen if the same tool had previously known about the file. So just make sure you don't use a filename that was ever in the tree in that particular directory. References 1. mailto:[EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Permanent apache patch
I just changed suexec.c so that it does does not need the cgi script it is executing to be owned by the user that it will run it as. This is because I am running php as a cgi, and I need a wrapper script, and I dont want to have the virtual host owner to be able to change the file to run something else. Grant Peel wrote: Curious, what does the patch do? - Original Message - From: [1]Josh To: [EMAIL PROTECTED] Sent: Monday, June 25, 2007 5:01 AM Subject: Permanent apache patch Gidday there, I have my own change to suexec in apache 2.0 from ports. What I want to know is the best way to have my patch applied each time I compile apache, without too much effort from me? Eg, say for the sake of example my patch is in /usr/local/src/foopatch/ How would I get the ports system to apply it each time I compiled apache? Thanks, Josh ___ [EMAIL PROTECTED] mailing list [4]http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" __ Total Control Panel [6]Login To: [EMAIL PROTECTED] [8]Block messages from this sender (blacklist) From: [EMAIL PROTECTED] [10]Remove this sender from my whitelist You received this message because the sender is on your whitelist. References 1. mailto:[EMAIL PROTECTED] 2. mailto:freebsd-questions@freebsd.org 3. mailto:freebsd-questions@freebsd.org 4. http://lists.freebsd.org/mailman/listinfo/freebsd-questions 5. mailto:[EMAIL PROTECTED] 6. https://asp-0.reflexion.net/login?domain=thenetnow.com 7. https://asp-0.reflexion.net/address-properties?aID=10398309&wiz=1 8. https://asp-0.reflexion.net/FooterAction?rID=10398309&aID=10398772&type=g&unexemptDomain=1 9. https://asp-0.reflexion.net/address-properties?aID=10398772&wiz=1 10. https://asp-0.reflexion.net/FooterAction?rID=10398309&aID=10398772&type=g&unexemptDomain=1 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Permanent apache patch
Roland Smith <[EMAIL PROTECTED]> writes: > Unfortunately most port update tools will delete files that are not in > the master tree. In the cases I know of, this will only happen if the same tool had previously known about the file. So just make sure you don't use a filename that was ever in the tree in that particular directory. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Permanent apache patch
On Mon, Jun 25, 2007 at 09:01:21PM +1200, Josh wrote: > Gidday there, > > I have my own change to suexec in apache 2.0 from ports. > > What I want to know is the best way to have my patch applied each time I > compile apache, without too much effort from me? The best way is to get the patch added into the port, if the maintainer is willing. :-) > Eg, say for the sake of example my patch is in /usr/local/src/foopatch/ > > How would I get the ports system to apply it each time I compiled apache? Just put it in the files subdirectory under the port directory, just before you build the port. Look at other patches to see from which directory they are applied, and make yours match. Unfortunately most port update tools will delete files that are not in the master tree. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgp6XFJOmUOUZ.pgp Description: PGP signature
Permanent apache patch
Gidday there, I have my own change to suexec in apache 2.0 from ports. What I want to know is the best way to have my patch applied each time I compile apache, without too much effort from me? Eg, say for the sake of example my patch is in /usr/local/src/foopatch/ How would I get the ports system to apply it each time I compiled apache? Thanks, Josh ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Apache, php?
On Wed, 20 Jun 2007, Jack Barnett wrote: doug wrote: On Tue, 19 Jun 2007, Jack Barnett wrote: FreeBSD 6.2 Apache 1.3.37 (from ports) php 5.2.3 (from ports) on the command line doing `php index.php` works. But if I use it though a web browser it just displays the php code. I installed it like this (extensions to) http://www.mydigitallife.info/2006/04/14/installing-web-server-in-freebsd-60-with-apache-22-mysql-50-and-php-5-part-5/ The only difference is that I'm using 1.3 and not 2.x of Apache. Apache config below Installing 2.x isn't an option yet (test server, still need 1.3) fire2# grep -i php * httpd.conf:AddType application/x-httpd-php .php httpd.conf:AddType application/x-httpd-php-source .phps httpd.conf: httpd.conf: httpd.conf:DirectoryIndex index.php index.php3 index.html httpd.conf: httpd.conf:DirectoryIndex index.php3 index.html httpd.conf: httpd.conf: httpd.conf:DirectoryIndex index.php index.html httpd.conf: httpd.conf: httpd.conf: AddType application/x-httpd-php3 .php3 httpd.conf: AddType application/x-httpd-php3-source .php3s httpd.conf: httpd.conf: AddType application/x-httpd-php .php httpd.conf: AddType application/x-httpd-php-source .phps httpd.conf: AddType application/x-httpd-php .php httpd.conf: AddType application/x-httpd-php-source .phps I just installed this combination, among the changes to httpd.conf I change pph4-->php5 (see below). You are not getting an index file. If you have 'Options +Indexes' browsing will get you an index listing but will not run index.php. # # This may also be "None", "All", or any combination of "Indexes", @@ -452,18 +454,18 @@ # - + DirectoryIndex index.php index.php3 index.html - + DirectoryIndex index.php3 index.html - + DirectoryIndex index.php index.html - + DirectoryIndex index.html hrm... no I don't think that's it. I put this in: DirectoryIndex index.php index.html I have php5 install I created this file: test.php \n"); ?> But that doesn't work either. Is mod_layout screwing it up? I don't understand what is wrong with it? `php test.php` works fine. Also there is no Module Load/Add in the httpd.conf for php. I can't even find the libraries! But /usr/local/bin/ has php and php-cgi (both executables). Do I need to tell apache how to execute .php files? Not sure you may also be missing the additions to the load and add modules sections. This setup was specifically to run SquirrelMail. I had a working test install and I wanted to add SSL. My first shot was to just reinstall apache-modssl. This required recompiling a single php module. I never got that done so I removed apache, php and squirrel mail and installed (order is important): apache-modssl squirrelmail and let the build for squirrelmail pull in php. In this order I got all the necessary mods to httpd.conf and the php module I needed was rebuilt. If you are facile with make all this can be skipped but I found it quicker to do it this way. Here are the php relate directive in my httpd.conf: : LoadModule php5_modulelibexec/apache/libphp5.so : AddModule mod_php5.c : DirectoryIndex index.php index.php3 index.html DirectoryIndex index.php3 index.html DirectoryIndex index.php index.html DirectoryIndex index.html : AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps : #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire SSLOptions +StdEnvVars This last one only if you have SSL (of course). _ Douglas Denault http://www.safeport.com [EMAIL PROTECTED] Voice: 301-469-8766 Fax: 301-469-0601 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Apache, php?
Jack Barnett wrote: [LoN]Kamikaze wrote: Jack Barnett wrote: Jack Barnett wrote: Eric Crist wrote: On Jun 20, 2007, at 8:56 PMJun 20, 2007, Jack Barnett wrote: Ivan Carey wrote: I don't have libphp5.so anywhere in /usr/local (did a find for it). the php5 port is broken? Or do I have to reinstall apache after php5? You need to enable build of the php5 apache extension when you build the port - it's not enabled by default. HTH Eric Crist thanks. do you know how to do that off hand? :) :) disregarding... rebuilding now, I edited the Makefile Ouch. Just for the record: # cd /usr/ports/lang/php5 # make config Select the APACHE option. # make build deinstall reinstall clean Yea, for some reason it's not giving me that menu... to configure it. Most ports used to have any option... to configure stuff... in that nice text based interface. I got BATCH=YES in make.conf so that's probably why! Anyways, I manually edited the Makefile and recompiled. That is WORKING :) Manually fooling around with that file will probably bust something up down the road if I have to reinstall, but for now I'm happy. It's all working. Thanks everyone for your help. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" . Jack, When I want a system with Apache PHP and MySQL. I install them in the following order. 1. Install Apache 2. Install PHP via /usr/lang/php5-extensions (select the extensions you want, this will install php5 and add the required lines to the httpd.conf) 3. Install MySQL Regards, Ivan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Apache, php?
[LoN]Kamikaze wrote: Jack Barnett wrote: Jack Barnett wrote: Eric Crist wrote: On Jun 20, 2007, at 8:56 PMJun 20, 2007, Jack Barnett wrote: Ivan Carey wrote: I don't have libphp5.so anywhere in /usr/local (did a find for it). the php5 port is broken? Or do I have to reinstall apache after php5? You need to enable build of the php5 apache extension when you build the port - it's not enabled by default. HTH Eric Crist thanks. do you know how to do that off hand? :) :) disregarding... rebuilding now, I edited the Makefile Ouch. Just for the record: # cd /usr/ports/lang/php5 # make config Select the APACHE option. # make build deinstall reinstall clean Yea, for some reason it's not giving me that menu... to configure it. Most ports used to have any option... to configure stuff... in that nice text based interface. I got BATCH=YES in make.conf so that's probably why! Anyways, I manually edited the Makefile and recompiled. That is WORKING :) Manually fooling around with that file will probably bust something up down the road if I have to reinstall, but for now I'm happy. It's all working. Thanks everyone for your help. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Apache, php?
Jack Barnett wrote: Ivan Carey wrote: Jack Barnett wrote: FreeBSD 6.2 Apache 1.3.37 (from ports) php 5.2.3 (from ports) on the command line doing `php index.php` works. But if I use it though a web browser it just displays the php code. I installed it like this (extensions to) http://www.mydigitallife.info/2006/04/14/installing-web-server-in-freebsd-60-with-apache-22-mysql-50-and-php-5-part-5/ The only difference is that I'm using 1.3 and not 2.x of Apache. Apache config below Installing 2.x isn't an option yet (test server, still need 1.3) fire2# grep -i php * httpd.conf:AddType application/x-httpd-php .php httpd.conf:AddType application/x-httpd-php-source .phps httpd.conf: httpd.conf: httpd.conf:DirectoryIndex index.php index.php3 index.html httpd.conf: httpd.conf:DirectoryIndex index.php3 index.html httpd.conf: httpd.conf: httpd.conf:DirectoryIndex index.php index.html httpd.conf: httpd.conf: httpd.conf: AddType application/x-httpd-php3 .php3 httpd.conf: AddType application/x-httpd-php3-source .php3s httpd.conf: httpd.conf: AddType application/x-httpd-php .php httpd.conf: AddType application/x-httpd-php-source .phps httpd.conf: AddType application/x-httpd-php .php httpd.conf: AddType application/x-httpd-php-source .phps ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" . Hello Jack, I have 2 servers running one with php4 and one with php5 In the php4 httpd.conf I have: LoadModule php4_module libexec/apache/libphp4.so AddModule mod_php4.c # DirectoryIndex: Name of the file or files to use as a pre-written HTML # directory index. Separate multiple entries with spaces. # DirectoryIndex index.php index.php3 index.html DirectoryIndex index.php3 index.html DirectoryIndex index.php index.html DirectoryIndex index.html # LanguagePriority allows you to give precedence to some languages # in case of a tie during content negotiation. # # Just list the languages in decreasing order of preference. We have # more or less alphabetized them here. You probably want to change this. # LanguagePriority en da nl et fr de el it ja kr no pl pt pt-br ru ltz ca es sv tw AddType application/x-httpd-php3 .php3 AddType application/x-httpd-php3-source .php3s AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps In the Apache2 using php5 I have in the httpd.conf LoadModule php5_module libexec/apache2/libphp5.so # If the AddEncoding directives above are commented-out, then you # probably should define those extensions to indicate media types: # AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps I hope this helps you with your configuration, Regards, Ivan I don't have libphp5.so anywhere in /usr/local (did a find for it). the php5 port is broken? Or do I have to reinstall apache after php5? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" . Jack, When I want a system with Apache PHP and MySQL. I install them in the following order. 1. Install Apache 2. Install PHP via /usr/lang/php5-extensions (select the extensions you want, this will install php5 and add the required lines to the httpd.conf) 3. Install MySQL Regards, Ivan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Apache, php?
Jack Barnett wrote: > Jack Barnett wrote: >> Eric Crist wrote: >> >>> On Jun 20, 2007, at 8:56 PMJun 20, 2007, Jack Barnett wrote: >>> >>> >>>> Ivan Carey wrote: >>>> I don't have libphp5.so anywhere in /usr/local (did a find for >>>> it). >>>> the php5 port is broken? Or do I have to reinstall apache after php5? >>>> >>>> >>> You need to enable build of the php5 apache extension when you build >>> the port - it's not enabled by default. >>> >>> HTH >>> >>> Eric Crist >>> >> >> thanks. >> >> do you know how to do that off hand? :) :) >> >> >> >> > > disregarding... rebuilding now, I edited the Makefile Ouch. Just for the record: # cd /usr/ports/lang/php5 # make config Select the APACHE option. # make build deinstall reinstall clean ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Apache, php?
Jack Barnett wrote: Eric Crist wrote: On Jun 20, 2007, at 8:56 PMJun 20, 2007, Jack Barnett wrote: Ivan Carey wrote: I don't have libphp5.so anywhere in /usr/local (did a find for it). the php5 port is broken? Or do I have to reinstall apache after php5? You need to enable build of the php5 apache extension when you build the port - it's not enabled by default. HTH Eric Crist thanks. do you know how to do that off hand? :) :) disregarding... rebuilding now, I edited the Makefile ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Apache, php?
Eric Crist wrote: > On Jun 20, 2007, at 8:56 PMJun 20, 2007, Jack Barnett wrote: > >> Ivan Carey wrote: > >> I don't have libphp5.so anywhere in /usr/local (did a find for it). >> the php5 port is broken? Or do I have to reinstall apache after php5? >> > > You need to enable build of the php5 apache extension when you build > the port - it's not enabled by default. > > HTH > > Eric Crist thanks. do you know how to do that off hand? :) :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Apache, php?
On Jun 20, 2007, at 8:56 PMJun 20, 2007, Jack Barnett wrote: Ivan Carey wrote: I don't have libphp5.so anywhere in /usr/local (did a find for it). the php5 port is broken? Or do I have to reinstall apache after php5? You need to enable build of the php5 apache extension when you build the port - it's not enabled by default. HTH Eric Crist ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Apache, php?
Ivan Carey wrote: Jack Barnett wrote: FreeBSD 6.2 Apache 1.3.37 (from ports) php 5.2.3 (from ports) on the command line doing `php index.php` works. But if I use it though a web browser it just displays the php code. I installed it like this (extensions to) http://www.mydigitallife.info/2006/04/14/installing-web-server-in-freebsd-60-with-apache-22-mysql-50-and-php-5-part-5/ The only difference is that I'm using 1.3 and not 2.x of Apache. Apache config below Installing 2.x isn't an option yet (test server, still need 1.3) fire2# grep -i php * httpd.conf:AddType application/x-httpd-php .php httpd.conf:AddType application/x-httpd-php-source .phps httpd.conf: httpd.conf: httpd.conf:DirectoryIndex index.php index.php3 index.html httpd.conf: httpd.conf:DirectoryIndex index.php3 index.html httpd.conf: httpd.conf: httpd.conf:DirectoryIndex index.php index.html httpd.conf: httpd.conf: httpd.conf: AddType application/x-httpd-php3 .php3 httpd.conf: AddType application/x-httpd-php3-source .php3s httpd.conf: httpd.conf: AddType application/x-httpd-php .php httpd.conf: AddType application/x-httpd-php-source .phps httpd.conf: AddType application/x-httpd-php .php httpd.conf: AddType application/x-httpd-php-source .phps ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" . Hello Jack, I have 2 servers running one with php4 and one with php5 In the php4 httpd.conf I have: LoadModule php4_module libexec/apache/libphp4.so AddModule mod_php4.c # DirectoryIndex: Name of the file or files to use as a pre-written HTML # directory index. Separate multiple entries with spaces. # DirectoryIndex index.php index.php3 index.html DirectoryIndex index.php3 index.html DirectoryIndex index.php index.html DirectoryIndex index.html # LanguagePriority allows you to give precedence to some languages # in case of a tie during content negotiation. # # Just list the languages in decreasing order of preference. We have # more or less alphabetized them here. You probably want to change this. # LanguagePriority en da nl et fr de el it ja kr no pl pt pt-br ru ltz ca es sv tw AddType application/x-httpd-php3 .php3 AddType application/x-httpd-php3-source .php3s AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps In the Apache2 using php5 I have in the httpd.conf LoadModule php5_module libexec/apache2/libphp5.so # If the AddEncoding directives above are commented-out, then you # probably should define those extensions to indicate media types: # AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps I hope this helps you with your configuration, Regards, Ivan I don't have libphp5.so anywhere in /usr/local (did a find for it). the php5 port is broken? Or do I have to reinstall apache after php5? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Apache, php?
doug wrote: On Tue, 19 Jun 2007, Jack Barnett wrote: FreeBSD 6.2 Apache 1.3.37 (from ports) php 5.2.3 (from ports) on the command line doing `php index.php` works. But if I use it though a web browser it just displays the php code. I installed it like this (extensions to) http://www.mydigitallife.info/2006/04/14/installing-web-server-in-freebsd-60-with-apache-22-mysql-50-and-php-5-part-5/ The only difference is that I'm using 1.3 and not 2.x of Apache. Apache config below Installing 2.x isn't an option yet (test server, still need 1.3) fire2# grep -i php * httpd.conf:AddType application/x-httpd-php .php httpd.conf:AddType application/x-httpd-php-source .phps httpd.conf: httpd.conf: httpd.conf:DirectoryIndex index.php index.php3 index.html httpd.conf: httpd.conf:DirectoryIndex index.php3 index.html httpd.conf: httpd.conf: httpd.conf:DirectoryIndex index.php index.html httpd.conf: httpd.conf: httpd.conf: AddType application/x-httpd-php3 .php3 httpd.conf: AddType application/x-httpd-php3-source .php3s httpd.conf: httpd.conf: AddType application/x-httpd-php .php httpd.conf: AddType application/x-httpd-php-source .phps httpd.conf: AddType application/x-httpd-php .php httpd.conf: AddType application/x-httpd-php-source .phps I just installed this combination, among the changes to httpd.conf I change pph4-->php5 (see below). You are not getting an index file. If you have 'Options +Indexes' browsing will get you an index listing but will not run index.php. # # This may also be "None", "All", or any combination of "Indexes", @@ -452,18 +454,18 @@ # - + DirectoryIndex index.php index.php3 index.html - + DirectoryIndex index.php3 index.html - + DirectoryIndex index.php index.html - + DirectoryIndex index.html hrm... no I don't think that's it. I put this in: DirectoryIndex index.php index.html I have php5 install I created this file: test.php \n"); ?> But that doesn't work either. Is mod_layout screwing it up? I don't understand what is wrong with it? `php test.php` works fine. Also there is no Module Load/Add in the httpd.conf for php. I can't even find the libraries! But /usr/local/bin/ has php and php-cgi (both executables). Do I need to tell apache how to execute .php files? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Apache, php?
On Tue, 19 Jun 2007, Jack Barnett wrote: FreeBSD 6.2 Apache 1.3.37 (from ports) php 5.2.3 (from ports) on the command line doing `php index.php` works. But if I use it though a web browser it just displays the php code. I installed it like this (extensions to) http://www.mydigitallife.info/2006/04/14/installing-web-server-in-freebsd-60-with-apache-22-mysql-50-and-php-5-part-5/ The only difference is that I'm using 1.3 and not 2.x of Apache. Apache config below Installing 2.x isn't an option yet (test server, still need 1.3) fire2# grep -i php * httpd.conf:AddType application/x-httpd-php .php httpd.conf:AddType application/x-httpd-php-source .phps httpd.conf: httpd.conf: httpd.conf:DirectoryIndex index.php index.php3 index.html httpd.conf: httpd.conf:DirectoryIndex index.php3 index.html httpd.conf: httpd.conf: httpd.conf:DirectoryIndex index.php index.html httpd.conf: httpd.conf: httpd.conf: AddType application/x-httpd-php3 .php3 httpd.conf: AddType application/x-httpd-php3-source .php3s httpd.conf: httpd.conf: AddType application/x-httpd-php .php httpd.conf: AddType application/x-httpd-php-source .phps httpd.conf: AddType application/x-httpd-php .php httpd.conf: AddType application/x-httpd-php-source .phps I just installed this combination, among the changes to httpd.conf I change pph4-->php5 (see below). You are not getting an index file. If you have 'Options +Indexes' browsing will get you an index listing but will not run index.php. # # This may also be "None", "All", or any combination of "Indexes", @@ -452,18 +454,18 @@ # - + DirectoryIndex index.php index.php3 index.html - + DirectoryIndex index.php3 index.html - + DirectoryIndex index.php index.html - + DirectoryIndex index.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Apache access log shows these attack requests
The replies to my post came back saying that apache defaults to denying CONNECT requests which I was not able to verify. That mod_proxy was causing it. I have mod-proxy commented out. That the CONNECT request is some how being spoofed through php which I was not able to verify. My reading of php5 says it accepts all valid methods that apache hands it. To me this indicates that apache is not denying CONNECT requests by default. Reading a book I have titled 'Maximum Apache Security' it said to gain explicit control over the "Methods" use the or declaratives with the 'Require valid-user' in the default definition in the http-conf file. So in apache http-conf around line 340 I added the Declarative like this to the default directory definition so it looks like this. Options FollowSymLinks AllowOverride None Order allow,deny Allow from all Require valid-user Now the access log shows this 61.228.120.228 - - [17/Jun/2007:22:42:49 -0400] "CONNECT 66.196.97.250:25 HTTP/1.0" 500 602 "-" "-" And the error.log shows this [Sun Jun 17 22:42:49 2007] [crit] [client 61.228.120.228] configuration error: couldn't perform authentication. AuthType not set!: / As you can see the CONNECT request is now being denied with a 500. The CONNECT requests have been stopped from attacking others. I post this solution so others can find it in the questions archives. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: stopping "connect" attacks in apache
On Jun 15, 2007, at 7:49 PM, Bob wrote: > Every time my apache server slows down or has denial of service the > access > log is full this > > 61.228.122.220 - "CONNECT 66.196.97.250:25 HTTP/1.0" 200 7034 "-" "-" > 61.228.122.220 - "CONNECT 216.39.53.3:25 HTTP/1.0" 200 7034 "-" "-" > 61.228.122.220 - "CONNECT 216.39.53.1:25 HTTP/1.0" 200 7034 "-" "-" > 61.228.122.220 - "CONNECT 168.95.5.155:25 HTTP/1.0" 200 7034 "-" "-" > 61.228.122.220 - "CONNECT 168.95.5.157:25 HTTP/1.0" 200 7034 "-" "-" > 61.228.122.220 - "CONNECT 168.95.5.159:25 HTTP/1.0" 200 7034 "-" "-" >IP 61.228.122.220 is using the HTTP CONNECT method to relay spam to >port 25 on the targets via your Apache server. >This almost certainly indicates that you've got mod_proxy loaded or >something similar via mod_perl/mod_php/whatever, as the CONNECT >attack would get a "405 Method not allowed" error otherwise. >-Chuck ___ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Chuck Swiger Sent: Monday, June 18, 2007 1:02 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] ORG Subject: Re: stopping "connect" attacks in apache The replies to my post came back saying that apache defaults to denying CONNECT requests which I was not able to verify. That mod_proxy was causing it. I have mod-proxy commented out. That the CONNECT request is some how being spoofed through php which I was not able to verify. My reading of php5 says it accepts all valid methods that apache hands it. To me this indicates that apache is not denying CONNECT requests by default. Reading a book I have titled 'Maximum Apache Security' it said to gain explicit control over the "Methods" use the or declaratives with the 'Require valid-user' in the default definition in the http-conf file. So in apache http-conf around line 340 I added the Declarative like this to the default directory definition so it looks like this. Options FollowSymLinks AllowOverride None Order allow,deny Allow from all Require valid-user Now the access log shows this 61.228.120.228 - - [17/Jun/2007:22:42:49 -0400] "CONNECT 66.196.97.250:25 HTTP/1.0" 500 602 "-" "-" And the error.log shows this [Sun Jun 17 22:42:49 2007] [crit] [client 61.228.120.228] configuration error: couldn't perform authentication. AuthType not set!: / As you can see the CONNECT request is now being denied with a 500. The CONNECT requests have been stopped from attacking others. I post this solution so others can find it in the questions archives. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Apache, php?
Jack Barnett wrote: FreeBSD 6.2 Apache 1.3.37 (from ports) php 5.2.3 (from ports) on the command line doing `php index.php` works. But if I use it though a web browser it just displays the php code. I installed it like this (extensions to) http://www.mydigitallife.info/2006/04/14/installing-web-server-in-freebsd-60-with-apache-22-mysql-50-and-php-5-part-5/ The only difference is that I'm using 1.3 and not 2.x of Apache. Apache config below Installing 2.x isn't an option yet (test server, still need 1.3) fire2# grep -i php * httpd.conf:AddType application/x-httpd-php .php httpd.conf:AddType application/x-httpd-php-source .phps httpd.conf: httpd.conf: httpd.conf:DirectoryIndex index.php index.php3 index.html httpd.conf: httpd.conf:DirectoryIndex index.php3 index.html httpd.conf: httpd.conf: httpd.conf:DirectoryIndex index.php index.html httpd.conf: httpd.conf: httpd.conf: AddType application/x-httpd-php3 .php3 httpd.conf: AddType application/x-httpd-php3-source .php3s httpd.conf: httpd.conf: AddType application/x-httpd-php .php httpd.conf: AddType application/x-httpd-php-source .phps httpd.conf: AddType application/x-httpd-php .php httpd.conf: AddType application/x-httpd-php-source .phps ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" . Hello Jack, I have 2 servers running one with php4 and one with php5 In the php4 httpd.conf I have: LoadModule php4_module libexec/apache/libphp4.so AddModule mod_php4.c # DirectoryIndex: Name of the file or files to use as a pre-written HTML # directory index. Separate multiple entries with spaces. # DirectoryIndex index.php index.php3 index.html DirectoryIndex index.php3 index.html DirectoryIndex index.php index.html DirectoryIndex index.html # LanguagePriority allows you to give precedence to some languages # in case of a tie during content negotiation. # # Just list the languages in decreasing order of preference. We have # more or less alphabetized them here. You probably want to change this. # LanguagePriority en da nl et fr de el it ja kr no pl pt pt-br ru ltz ca es sv tw AddType application/x-httpd-php3 .php3 AddType application/x-httpd-php3-source .php3s AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps In the Apache2 using php5 I have in the httpd.conf LoadModule php5_module libexec/apache2/libphp5.so # If the AddEncoding directives above are commented-out, then you # probably should define those extensions to indicate media types: # AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps I hope this helps you with your configuration, Regards, Ivan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Apache, php?
On Tue, 19 Jun 2007 00:04:03 -0500 Jack Barnett <[EMAIL PROTECTED]> wrote: > on the command line doing `php index.php` works. > But if I use it though a web browser it just displays the php code. enable mod_status and/or mod_info in Apache and double check that the php module is loaded, and what its name is. I recall there beeing a version where it wasn't mod_php4, so the IfModule directives wouldn't match and not load the right configuration. once you have the correct module name, change the ifModule lines accordingly and reload apache. _ {Beto|Norberto|Numard} Meijome Without vision you may find that you make your way through life by bumping into things. I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Apache, php?
FreeBSD 6.2 Apache 1.3.37 (from ports) php 5.2.3 (from ports) on the command line doing `php index.php` works. But if I use it though a web browser it just displays the php code. I installed it like this (extensions to) http://www.mydigitallife.info/2006/04/14/installing-web-server-in-freebsd-60-with-apache-22-mysql-50-and-php-5-part-5/ The only difference is that I'm using 1.3 and not 2.x of Apache. Apache config below Installing 2.x isn't an option yet (test server, still need 1.3) fire2# grep -i php * httpd.conf:AddType application/x-httpd-php .php httpd.conf:AddType application/x-httpd-php-source .phps httpd.conf: httpd.conf: httpd.conf:DirectoryIndex index.php index.php3 index.html httpd.conf: httpd.conf:DirectoryIndex index.php3 index.html httpd.conf: httpd.conf: httpd.conf:DirectoryIndex index.php index.html httpd.conf: httpd.conf: httpd.conf: AddType application/x-httpd-php3 .php3 httpd.conf: AddType application/x-httpd-php3-source .php3s httpd.conf: httpd.conf: AddType application/x-httpd-php .php httpd.conf: AddType application/x-httpd-php-source .phps httpd.conf: AddType application/x-httpd-php .php httpd.conf: AddType application/x-httpd-php-source .phps ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: stopping "connect" attacks in apache
On Jun 15, 2007, at 7:49 PM, Bob wrote: Every time my apache server slows down or has denial of service the access log is full this 61.228.122.220 - "CONNECT 66.196.97.250:25 HTTP/1.0" 200 7034 "-" "-" 61.228.122.220 - "CONNECT 216.39.53.3:25 HTTP/1.0" 200 7034 "-" "-" 61.228.122.220 - "CONNECT 216.39.53.1:25 HTTP/1.0" 200 7034 "-" "-" 61.228.122.220 - "CONNECT 168.95.5.155:25 HTTP/1.0" 200 7034 "-" "-" 61.228.122.220 - "CONNECT 168.95.5.157:25 HTTP/1.0" 200 7034 "-" "-" 61.228.122.220 - "CONNECT 168.95.5.159:25 HTTP/1.0" 200 7034 "-" "-" IP 61.228.122.220 is using the HTTP CONNECT method to relay spam to port 25 on the targets via your Apache server. This almost certainly indicates that you've got mod_proxy loaded or something similar via mod_perl/mod_php/whatever, as the CONNECT attack would get a "405 Method not allowed" error otherwise. Check http://your_webserver/server-info for details. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
stopping "connect" attacks in apache
Every time my apache server slows down or has denial of service the access log is full this 61.228.122.220 - "CONNECT 66.196.97.250:25 HTTP/1.0" 200 7034 "-" "-" 61.228.122.220 - "CONNECT 216.39.53.3:25 HTTP/1.0" 200 7034 "-" "-" 61.228.122.220 - "CONNECT 216.39.53.1:25 HTTP/1.0" 200 7034 "-" "-" 61.228.122.220 - "CONNECT 168.95.5.155:25 HTTP/1.0" 200 7034 "-" "-" 61.228.122.220 - "CONNECT 168.95.5.157:25 HTTP/1.0" 200 7034 "-" "-" 61.228.122.220 - "CONNECT 168.95.5.159:25 HTTP/1.0" 200 7034 "-" "-" I think I can stop this by adding this to my httpd-config SetEnvIf THE_REQUEST CONNECT* drop order allow,deny allow from all deny from env=drop Am I on the correct solutions here? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Apache access log shows these attack requests
On Thu, 14 Jun 2007, Norberto Meijome wrote: > On Wed, 13 Jun 2007 10:50:20 -0400 > "Bob" <[EMAIL PROTECTED]> wrote: > > Hi Bob, please learn how to quote in a reply to a message - it's pretty hard > to > figure out who's written what otherwise. So much so, it's easier to respond to Bob via yours :) > > I checked with ls -l command and I have no pages 7036 in size. > > (hmm... does those bytes include the headers et al ? if they do, then u > should > be looking for something else other than 7036 in the filesystem...anyway... Static pages do show the actual file size, checking here, but of course any dynamic content (php or whatever) makes size indeterminate. Bob, check the size shown as served for your ordinary "/" page requests? > > My question > > is why is apache servicing a request for "\x04\x01", this is not a valid > > request in first place. > > maybe if you show us your apache config it would be easier to figure out what > you allow or not. To make it simpler, the DEFAULT config in apache (with no > mod_proxy) is quite secure wrt access to / . If not too much modified, a 'diff apache.conf.installed apache.conf' might be less wieldy and easier to grok .. You do and will regularly see all sorts of tricks tried, aimed at various vulnerabilities, mostly on M$ systems, and life's too short to get too bothered by the 'background radiation' .. trust the security teams (both apache and freebsd) to post about and deal with new vulns. > > You wrote "because I disallow 'no referrer' > > plus 'no browser' ("-" "-") connects from non-local addresses, blocking > > heaps of rogue robots" > > Could you give me a example of the httpd.config coding you used for this? > > These denied requests get logged in the access.log, I would think they > > should be logged in the error.log. > > well, they are not an error from apache's POV, are they? they get served OK > :) > therefore, access. (the fact that you dont like it doenst make it less > "correct" > for Apache ;) Yeah. Anything invoking a 40[0-9] response, among other things, makes it to the error log, but even errors usually send some sort of response, and if in doubt (eg on would-be proxy requests) apache will serve "/" For Bob and the other fellow asking: it's all in the Fine Manual apache installed for you of course, but for simple illustration something like: BrowserMatchNoCase "Yet Another Illbehaved Robot" go_away SetEnvIfNoCase Referer nastysukkas\.biz go_away BrowserMatch "Windows 98\) XX" go_away SetEnvIf Remote_Addr 254.231.132.* go_away [..] # we only want to exclude those with neither (no_ref being usually ok) # meanwhile, till finding out how .. just 'no browser' is disallowed # SetEnvIf Referer "^$" no_ref=1 SetEnvIf User-Agent "^$" no_bro=1 # (I never did work out how to express 'no_bro AND no_ref' ?) SetEnvIf no_bro 1 go_away # except of course allow local "-" "-" requests - add more friendlies .. SetEnvIf Remote_Addr my.ip.adr.ess !go_away [..] Options Indexes FollowSymLinks AllowOverride AuthConfig # 18Mar02 - always allow, even for otherwise denied bots order allow,deny allow from all # Controls who can get stuff from this server. order allow,deny allow from all deny from env=go_away Cheers, Ian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: apache deining robots.txt 404
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Bob wrote: > I just moved FBSD 6.2 / apache-1.3.37.1 into production. > In the httpd-access,log I see all the search engines requests for robots.txt > getting a 404 code. > > The previous production world was FBSD 6.0 /apache-1.3.33_2 and all the > search engines requests for robots.txt got a 200 code. > > I use the same httpd-conf in both. So the only thing changed is the version > of FBSD and apache. > Has anybody else noticed this? > How can I allow robots.txt to be handled like before?? After [1]: % 10.4.5 404 Not Found % % The server has not found anything matching the Request-URI [...] It means you just don't have robots.txt in www root directory. HTH, Karol [1] http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html - -- Karol Kwiatkowski OpenPGP 0x06E09309 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGcUb+ezeoPAwGIYsRCBSDAJ9eYxO81wc4a/QopZnexGXEklpL2QCfWixR zb1Zh0Dlg533kpipNrgWswM= =TmMc -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
apache deining robots.txt 404
I just moved FBSD 6.2 / apache-1.3.37.1 into production. In the httpd-access,log I see all the search engines requests for robots.txt getting a 404 code. The previous production world was FBSD 6.0 /apache-1.3.33_2 and all the search engines requests for robots.txt got a 200 code. I use the same httpd-conf in both. So the only thing changed is the version of FBSD and apache. Has anybody else noticed this? How can I allow robots.txt to be handled like before?? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Apache access log shows these attack requests
Hello; I have not understood what the request for "-" "-" meant. Thank you, this as shed a lot of light on it. I have seen that fairly frequently in my Apache logs. But on one of my machines that serves as secondary name server I also had Apache running to serve a place holder site. It was attacked but voluminous request for that, so much so that it was causing Apache to kill processes for lack of memory. The machine does not have a lot of RAM at its disposal, so it was not too surprising. I do not run Apache on this machine, now, because of that. I would like to know how do you disallow 'no referrer' and 'no browser'? Is this a server configuration issue? I have not seen mention of this in texts on Apache, nor the manual. And queries of the Apache mailing list yielded indistinct results. I am not running a proxy on the public server. I have shell and ftp access blocked from out side. I am using php as application server. I am running several machines with FreeBSD 6.0 and 6.2 as web servers. Only one serves my public addresses. I am using Apache 1.3.x. Thanks in advance for guidance. Jeff K 220.137.74.222 - - [12/Jun/2007:02:07:08 +1000] "CONNECT msa-mx10.hinet.net:25 HTTP/1.0" 403 272 "-" "-" 403 = Permission denied. In this case, because I disallow 'no referrer' plus 'no browser' ("-" "-") connects from non-local addresses blocking heaps of rogue robots, but CONNECT requests don't work anyway in apache 1.3 in default configuration .. older logs show 405 responses to these. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Apache access log shows these attack requests
On Wed, 13 Jun 2007 10:50:20 -0400 "Bob" <[EMAIL PROTECTED]> wrote: Hi Bob, please learn how to quote in a reply to a message - it's pretty hard to figure out who's written what otherwise. > I checked with ls -l command and I have no pages 7036 in size. (hmm... does those bytes include the headers et al ? if they do, then u should be looking for something else other than 7036 in the filesystem...anyway... > My question > is why is apache servicing a request for "\x04\x01", this is not a valid > request in first place. maybe if you show us your apache config it would be easier to figure out what you allow or not. To make it simpler, the DEFAULT config in apache (with no mod_proxy) is quite secure wrt access to / . > You wrote "because I disallow 'no referrer' > plus 'no browser' ("-" "-") connects from non-local addresses, blocking > heaps of rogue robots" > Could you give me a example of the httpd.config coding you used for this? > These denied requests get logged in the access.log, I would think they > should be logged in the error.log. well, they are not an error from apache's POV, are they? they get served OK :) therefore, access. (the fact that you dont like it doenst make it less "correct" for Apache ;) B _ {Beto|Norberto|Numard} Meijome "The whole problem with the world is that fools and fanatics are always so certain of themselves, but wiser people so full of doubts." Bertrand Russell I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Apache access log shows these attack requests
On Tue, 12 Jun 2007 16:54:47 -0400 "Bob" <[EMAIL PROTECTED]> wrote: > Running FBSD 6.2 + apache 13. In the apache access log I see these log > records. > To me it looks like my apache server is servicing connect requests and get > requests to other URL's. > Is there some configuration option I can turn on to stop my server from > servicing these bogus requests? > > 122-124-129-27.dynamic.hinet.net - - [04/May/2007:04:38:18 -0400] "CONNECT > 220.1 [..] > 122-124-129-55.dynamic.hinet.net - - [10/May/2007:18:29:39 -0400] "CONNECT > 220.1 > kaista.fi - - [03/May/2007:01:35:44 -0400] "GET http://pro_xy.t35.com/AZ.php > HTT > kaista.fi - - [03/May/2007:01:35:45 -0400] "GET http://pro_xy.t35.com/AZ.php > H [..] > r - - [10/May/2007:09:42:40 -0400] "\x04\x01\x1a\vE\x10\xac\"" 400 - "-" "-" > r - - [10/May/2007:09:42:50 -0400] "\x05\x01" 200 7036 "-" "- > 89.196.37.169 - - [15/May/2007:02:50:21 -0400] "GET > http://www.internetsec.org/a > 89.196.37.169 - - [15/May/2007:02:50:37 -0400] "\x04\x01" 200 7036 "-" "-" > 89.196.37.169 - - [15/May/2007:02:50:52 -0400] "\x05\x01" 200 7036 "-" "-" What Chuck said about disabling|securing mod_proxy and PHP, for sure .. But in most cases you chopped off the most important information; the HTTP code indicating apache's response to the request. On those last two, 200 indicates apache served a page of 7036 bytes. If that's the served size of your home "/" page then you've little to worry about. 40x responses indicate refusal; page not found, permission denied etc. Here at least weekly I see such as: 220.137.74.222 - - [12/Jun/2007:02:07:08 +1000] "CONNECT msa-mx10.hinet.net:25 HTTP/1.0" 403 272 "-" "-" 403 = Permission denied. In this case, because I disallow 'no referrer' plus 'no browser' ("-" "-") connects from non-local addresses, blocking heaps of rogue robots, but CONNECT requests don't work anyway in apache 1.3 in default configuration .. older logs show 405 responses to these. 222.141.50.175 - - [21/May/2007:23:46:01 +1000] "GET http://www.baidu.com/ HTTP/1.1" 200 3847 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows NT)" In this case, apache served (200 response) *my* home page (3847 bytes) on all such would-be proxy requests. Not a problem. > 122-124-129-55.dynamic.hinet.net - - [10/May/2007:18:29:38 -0400] "CONNECT > 220.1 FWIW, nearly every CONNECT request here for the last 2 years has been for or from some hinet.net host or other. They're well up in the top 10 spam sources too, so I won't see any mail from [EMAIL PROTECTED] complaining! Cheers, Ian ___ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ian Smith Sent: Wednesday, June 13, 2007 1:09 AM To: Bob Cc: freebsd-questions@freebsd.org Subject: Re: Apache access log shows these attack requests Sorry about cutting off the end of the record. > 89.196.37.169 - - [15/May/2007:02:50:37 -0400] "\x04\x01" 200 7036 "-" "-" > 89.196.37.169 - - [15/May/2007:02:50:52 -0400] "\x05\x01" 200 7036 "-" "-" You wrote "On these two, 200 indicates apache served a page of 7036 bytes. If that's the served size of your home "/" page then you've little to worry about." I checked with ls -l command and I have no pages 7036 in size. My question is why is apache servicing a request for "\x04\x01", this is not a valid request in first place. You wrote "because I disallow 'no referrer' plus 'no browser' ("-" "-") connects from non-local addresses, blocking heaps of rogue robots" Could you give me a example of the httpd.config coding you used for this? These denied requests get logged in the access.log, I would think they should be logged in the error.log. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Apache access log shows these attack requests
On Tue, 12 Jun 2007 16:54:47 -0400 "Bob" <[EMAIL PROTECTED]> wrote: > Running FBSD 6.2 + apache 13. In the apache access log I see these log > records. > To me it looks like my apache server is servicing connect requests and get > requests to other URL's. > Is there some configuration option I can turn on to stop my server from > servicing these bogus requests? > > 122-124-129-27.dynamic.hinet.net - - [04/May/2007:04:38:18 -0400] "CONNECT > 220.1 [..] > 122-124-129-55.dynamic.hinet.net - - [10/May/2007:18:29:39 -0400] "CONNECT > 220.1 > kaista.fi - - [03/May/2007:01:35:44 -0400] "GET http://pro_xy.t35.com/AZ.php > HTT > kaista.fi - - [03/May/2007:01:35:45 -0400] "GET http://pro_xy.t35.com/AZ.php > H [..] > r - - [10/May/2007:09:42:40 -0400] "\x04\x01\x1a\vE\x10\xac\"" 400 - "-" "-" > r - - [10/May/2007:09:42:50 -0400] "\x05\x01" 200 7036 "-" "- > 89.196.37.169 - - [15/May/2007:02:50:21 -0400] "GET > http://www.internetsec.org/a > 89.196.37.169 - - [15/May/2007:02:50:37 -0400] "\x04\x01" 200 7036 "-" "-" > 89.196.37.169 - - [15/May/2007:02:50:52 -0400] "\x05\x01" 200 7036 "-" "-" What Chuck said about disabling|securing mod_proxy and PHP, for sure .. But in most cases you chopped off the most important information; the HTTP code indicating apache's response to the request. On those last two, 200 indicates apache served a page of 7036 bytes. If that's the served size of your home "/" page then you've little to worry about. 40x responses indicate refusal; page not found, permission denied etc. Here at least weekly I see such as: 220.137.74.222 - - [12/Jun/2007:02:07:08 +1000] "CONNECT msa-mx10.hinet.net:25 HTTP/1.0" 403 272 "-" "-" 403 = Permission denied. In this case, because I disallow 'no referrer' plus 'no browser' ("-" "-") connects from non-local addresses, blocking heaps of rogue robots, but CONNECT requests don't work anyway in apache 1.3 in default configuration .. older logs show 405 responses to these. 222.141.50.175 - - [21/May/2007:23:46:01 +1000] "GET http://www.baidu.com/ HTTP/1.1" 200 3847 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Windows NT)" In this case, apache served (200 response) *my* home page (3847 bytes) on all such would-be proxy requests. Not a problem. > 122-124-129-55.dynamic.hinet.net - - [10/May/2007:18:29:38 -0400] "CONNECT > 220.1 FWIW, nearly every CONNECT request here for the last 2 years has been for or from some hinet.net host or other. They're well up in the top 10 spam sources too, so I won't see any mail from [EMAIL PROTECTED] complaining! Cheers, Ian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Apache access log shows these attack requests
On Jun 12, 2007, at 2:58 PM, Bob wrote: I all ready have Apache mod_proxy commented out in httpd.conf and there is no php stuff installed in system. Your logfile lines seemed to be oddly truncated, so it's a bit hard to tell, but it sure seemed like some of the requests you showed were getting 200 success responses. I assume you aren't IPs 89.196.37.169 or 122.124.129.55? The requests for AZ.php or azenv.php are trying to reference scripts used to control and "rate" lists of "anonymous" proxies that tend to run either on hacked systems or systems configured to permit the world to use the proxy (generally because of a lack of admin clue rather than by intent). See: http://web.freerk.com/proxyjudge/azenv.htm ...and: http://forum.my-proxy.com/index.php?topic=48.0 ...which actually lists this "http://pro_xy.t35.com/AZ.php"; host... -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Apache access log shows these attack requests
On Jun 12, 2007, at 1:54 PM, Bob wrote: > Running FBSD 6.2 + apache 13. In the apache access log I see these log > records. To me it looks like my apache server is servicing connect > requests and get > requests to other URL's. Is there some configuration option I can > turn on to stop my server from > servicing these bogus requests? If you have the Apache mod_proxy enabled, either configure it securely or disable it entirely. Also, double-check your use of PHP-based stuff-- the security of PHP is sufficiently bad that it's pretty common for sites to get hacked if they aren't careful about securing it and updating to the latest versions as new security holes in PHP-based stuff are exploited. You might want to run portaudit... -- -Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Chuck Swiger Sent: Tuesday, June 12, 2007 5:21 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] ORG Subject: Re: Apache access log shows these attack requests I all ready have Apache mod_proxy commented out in httpd.conf and there is no php stuff installed in system. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Apache access log shows these attack requests
On Jun 12, 2007, at 1:54 PM, Bob wrote: Running FBSD 6.2 + apache 13. In the apache access log I see these log records. To me it looks like my apache server is servicing connect requests and get requests to other URL's. Is there some configuration option I can turn on to stop my server from servicing these bogus requests? If you have the Apache mod_proxy enabled, either configure it securely or disable it entirely. Also, double-check your use of PHP-based stuff-- the security of PHP is sufficiently bad that it's pretty common for sites to get hacked if they aren't careful about securing it and updating to the latest versions as new security holes in PHP-based stuff are exploited. You might want to run portaudit... -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Apache access log shows these attack requests
Running FBSD 6.2 + apache 13. In the apache access log I see these log records. To me it looks like my apache server is servicing connect requests and get requests to other URL's. Is there some configuration option I can turn on to stop my server from servicing these bogus requests? 122-124-129-27.dynamic.hinet.net - - [04/May/2007:04:38:18 -0400] "CONNECT 220.1 122-124-129-27.dynamic.hinet.net - - [04/May/2007:04:38:19 -0400] "CONNECT 220.1 122-124-129-27.dynamic.hinet.net - - [04/May/2007:04:38:20 -0400] "CONNECT 220.1 122-124-129-55.dynamic.hinet.net - - [10/May/2007:18:29:38 -0400] "CONNECT 220.1 122-124-129-55.dynamic.hinet.net - - [10/May/2007:18:29:38 -0400] "CONNECT 220.1 122-124-129-55.dynamic.hinet.net - - [10/May/2007:18:29:39 -0400] "CONNECT 220.1 kaista.fi - - [03/May/2007:01:35:44 -0400] "GET http://pro_xy.t35.com/AZ.php HTT kaista.fi - - [03/May/2007:01:35:45 -0400] "GET http://pro_xy.t35.com/AZ.php H 12.40.60.226 - - [04/May/2007:05:30:14 -0400] "GET http://www2.andrews.edu/~bidw 12.40.60.226 - - [04/May/2007:05:30:15 -0400] "GET http://www.anonymitytest.com/ 217.194.139.131 - - [08/May/2007:05:22:03 -0400] "GET http://pro_xy.t35.com/AZ.p 217.194.139.131 - - [08/May/2007:05:22:12 -0400] "GET http://pro_xy.t35.com/AZ.p 62.159.66.106 - - [09/May/2007:23:57:42 -0400] "GET http://pro_xy.t35.com/AZ.php 62.159.66.106 - - [09/May/2007:23:57:42 -0400] "GET http://pro_xy.t35.com/AZ.php r - - [10/May/2007:09:42:40 -0400] "\x04\x01\x1a\vE\x10\xac\"" 400 - "-" "-" r - - [10/May/2007:09:42:50 -0400] "\x05\x01" 200 7036 "-" "- 89.196.37.169 - - [15/May/2007:02:50:21 -0400] "GET http://www.internetsec.org/a 89.196.37.169 - - [15/May/2007:02:50:37 -0400] "\x04\x01" 200 7036 "-" "-" 89.196.37.169 - - [15/May/2007:02:50:52 -0400] "\x05\x01" 200 7036 "-" "-" 89.196.21.158 - - [21/May/2007:06:17:46 -0400] "GET http://thecric.free.fr/AZenv 89.196.21.158 - - [21/May/2007:06:18:02 -0400] "\x04\x01" 200 7036 "-" "-" 89.196.21.158 - - [21/May/2007:06:18:17 -0400] "\x05\x01" 200 7036 "-" "-" host37.kaisha.co.uk - - [10/Jun/2007:15:27:52 -0400] "GET http://pro_xy.t35.com/ host37.kaisha.co.uk - - [10/Jun/2007:15:27:53 -0400] "GET http://pro_xy.t35.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [freebsd-questions] Best way to add SSL to Apache 1.3.37
Olivier Nicole wrote: [snip] configuration? If both options are possible, is one better than the other? I'd prefer not to have to re-do my apache install, but if there's some compelling reason I should, I'm interested in knowing it. You would have to modify the httpd.conf to activate SSL anyway. Have you a lot of things in the config yet? Just what I needed to get our webmail server running. Initially tried Horde, but ended up running into some problems with that, now trying Squirrelmail. Also, when I've got it, I want users to have the option to use it, not be forced to (tinkering with a Squirrelmail webmail server here), so any information on that would be more than welcome. Any reason why you don't want to force your user to go SSL. They will be exchanging password over the network, better it is crypted, don't you think? Yes, absolutely, that's why I want the option to use SSL. However, we have some users that travel a lot, and sometime they absolutely need to be able to get to their email. SSL introduces another layer of complexity, and thus possibility for failure, into checking their email. While I prefer the security of SSL, if it's a choice between no email access for our travellers and access without SSL, my boss has been pretty clear that access, however it's achieved, is the key issue. If it is a matter of not purchasing a certificate, you can put up a page on the way to install the certificate once for all so the users are not requested again to accept the certificate. While that's not really the issue for me, I'm interested in this idea anyway, as it saves some money and keeps us a little more self sufficient. If you'd care to explain this in further detail, or just point me at a doc somewhere that does, it would be much appreciated. Usual configuration of Apache normally allows you to set-up two servers, one on port 80 that is not crypted and one on port 443 that is using SSL. Both services can share the same web pages, giving acces both with and without SSL. I guess now I need to hit Google and find out how to do this on FreeBSD, as it sounds just like what I want, thanks! Regards, -- Patrick Baldwin Systems Administrator Studsvik Scandpower, Inc. 1087 Beacon St. Newton, MA 02459 1-617-965-7455 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [freebsd-questions] Best way to add SSL to Apache 1.3.37
Norberto Meijome wrote: On Thu, 07 Jun 2007 12:03:31 -0400 Patrick Baldwin <[EMAIL PROTECTED]> wrote: Hi, I'm running 6.2-RELEASE-p4, and Apache 1.3.37. I'd like to add SSL support, but I'm not sure of the best way to go about it. may I ask why are you using Apache 1.3.x ? I think Apache 2 has shown itself to be pretty good and reliable by now Using 1.3.x because I'm trying to set up a webmail server, and most of the docs I could find were written with 1.3.x in mind. Also, I'm more familiar with 1.3.x In: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-apache.html Specifically section 27.7.5.1, it mentions you can add ssl support with mod_ssl, but I don't see it in my ports tree. I also found this: http://www.bsdguides.org/guides/freebsd/webserver/apache_ssl_php_mysql.php Which seems to suggest that I'd need to have installed the apache port /usr/ports/www/apache13-modssl instead of the package apache-1.3.37_3. Indeed. So, do I need to remove the apache-1.3.37_3 package (presumably with pkg_delete, as I think that's the cleanest way, please correct me if I'm wrong), pkg_deinstall apache-1.3* Excellent, thanks. I hadn't seen pkg_deinstall before, but checking out the man page seems to suggest I really should have been using it instead of pkg_delete; understanding wildcards and being able to recurse through dependencies seems very helpful. and re-install from the apache13-modssl port, or is there in fact some way to just get mod_ssl and add to my existing Apache configuration? There may be, i haven't touched the 1.3 apache stuff for several years. If you install www/apache22, it builds the SSL components by default. If both options are possible, is one better than the other? You cannot have, by default (ie, withouth tinkering and knowing what you are doing) both apache13 and apache13-mod_ssl. they are listed conflicts.( in the Makefile for the port, search for the CONFLICTS line) OK, I saw that, and then went and checked it for apache2: webmail# pwd /usr/ports/www/apache22 webmail# cat Makefile | grep CONFLICTS CONFLICTS= apache+mod_ssl-1.* apache+mod_ssl+ipv6-1.* apache+mod_ssl+modsnmp-1.* \ CONFLICTS+= apr-1.* This seems to me that I can have apache13 (without any SSL) and apache22 both installed, which would be great for me as I could work on building an SSL capable webmail server while users can still use the old webmail while the new one is in progress. I'd prefer not to have to re-do my apache install, but if there's some compelling reason I should, I'm interested in knowing it. if you want ssl... Then I'm going to need to re-do apache some way, whether it be re-install and add SSL support to apache13, or move to apache22, got it. Also, when I've got it, I want users to have the option to use it, not be forced to (tinkering with a Squirrelmail webmail server here), so any information on that would be more than welcome. Not sure what you mean by this. Your users will use HTTPS if they so request it, or HTTP if they point it to http://yourserver/ I want my users to have the option to use SSL, but if they're having problems with it (browser issues, etc.) I still want them to be able to read their email, as sometime it's absolutely essential that they be able to keep up with email while on the road. -- Patrick Baldwin Systems Administrator Studsvik Scandpower, Inc. 1087 Beacon St. Newton, MA 02459 1-617-965-7455 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Does any verson of Freebsd includes the apache package?
On Mon, Jun 11, 2007 at 09:54:07AM +0800, goole blowfish wrote: > Dear friends, > > I have download the freebsd FreeBSD 6.2-RELEASE. > > When I install, I can't find the apache package in this installtion package. > > > Does any verson of Freebsd includes the apache package? One more thing that can be helpful, since a lot of stuff can scroll up the screen when doing a build and install, you might want to use script(1) to make a record of it you can go back and look at for any error messages or additional instructions. Basically type: script /tmp/apache.build (Any file name will do for apache.build) [make configure] if needed make make install make clean if you want exit (or CTRO-D is your shell is Bourne style, FreeBSD uses csh/tcsh) jerry > > > > > Best Regards, > FredZhang > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Does any verson of Freebsd includes the apache package?
On Mon, Jun 11, 2007 at 09:54:07AM +0800, goole blowfish wrote: > Dear friends, > > I have download the freebsd FreeBSD 6.2-RELEASE. > > When I install, I can't find the apache package in this installtion package. > > > Does any verson of Freebsd includes the apache package? First, learn about the FreeBSD ports system from the online handbook or other documentation or books about FreeBSD. Then, go to /usr/local/ports/www/apache22 type make make install You might also want to run a make configure before the first make but I used the defaults and didn't need to. After you do the make install, then edit the /usr/local/etc/apache22/httpd.conf file to set up your web site[s] configuration[s]. Finally, go to /usr/local/etc/rc.d and make sure apache22.sh has execute permission.(in the most recent versions it might not have the '.sh' on it). Then Apache will start at boot. You can manually start it with'apachectl start' or stop it with 'apachectl stop' Note, that in FreeBSD almost everything beyond the basic OS is in the ports and generally can be installed by doing a make make install. jerry > > Best Regards, > FredZhang > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Does any verson of Freebsd includes the apache package?
On Mon, 11 Jun 2007 09:54:07 +0800 "goole blowfish" <[EMAIL PROTECTED]> wrote: > Dear friends, > > I have download the freebsd FreeBSD 6.2-RELEASE. > > When I install, I can't find the apache package in this installtion package. > > > Does any verson of Freebsd includes the apache package? > Something tells me that you are used to OpenBSD? :-) Apache is not part of FreeBSD baseinstall. You have to install it via pkg_add or via the ports collection. FreeBSD has more than one version of Apache as well. > > > Best Regards, > FredZhang > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Does any verson of Freebsd includes the apache package?
On Jun 10, 2007, at 8:54 PMJun 10, 2007, goole blowfish wrote: Dear friends, I have download the freebsd FreeBSD 6.2-RELEASE. When I install, I can't find the apache package in this installtion package. Does any verson of Freebsd includes the apache package? In a manner of speaking, yes. If you installed the ports tree during installation, simply perform the following commands when you're logged in as the root user: # cd /usr/ports/www/apache22 # make install clean Follow any instructions you see on the screen at the end of the installation - you may need to scroll up a bit to catch them all. You can scroll up by pressing Scroll-Lock and then the up/down arrows. HTH Eric Crist ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Does any verson of Freebsd includes the apache package?
On Mon, Jun 11, 2007 at 09:54:07AM +0800, goole blowfish wrote: > Dear friends, > > I have download the freebsd FreeBSD 6.2-RELEASE. > > When I install, I can't find the apache package in this installtion package. > > > Does any verson of Freebsd includes the apache package? Every version of FreeBD includes it in the ports collection. Kris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Does any verson of Freebsd includes the apache package?
Dear friends, I have download the freebsd FreeBSD 6.2-RELEASE. When I install, I can't find the apache package in this installtion package. Does any verson of Freebsd includes the apache package? Best Regards, FredZhang ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Php5 port and Apache Module
Miroslav Lachman wrote: I guess that mod_php5 depends on Apache and maintainer don't want this big dependency. The second is - if it will depends on Apache of some version (eg. 1.3) it will be broken with another version (2.0 and 2.2). It apply for binary packages. If somebody is compiling ports himself, then can check option "with apache" or add WITH_APACHE in to /etc/make.conf That makes sense almost to the point of justifying the existence of a mod_php5 port for those people who want apache+mod_php5. However given the fact that this would double the workload on the maintainer I understand. Thanks -- Chris -- __o "All I was doing was trying to get home from work." _`\<,_ -Rosa Parks ___(*)/_(*)___ Christopher Sean Hilton pgp key: D0957A2D/f5 30 0a e1 55 76 9b 1f 47 0b 07 e9 75 0e 14 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Php5 port and Apache Module
On Sun, 10 Jun 2007, Matthew Seaman wrote: > Ian Smith wrote: > > > Anyway, water under the bridge; phpMyAdmin 2.9.1 works fine, and I soon > > have another big upgrade to do (patiently awaiting xorg 7 packages :) > > I take it you are aware of: > > http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-1 > http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-2 > http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-3 > http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-4 I am now, thanks. > and have taken steps to secure your phpMyAdmin installation. Wrapping > phpMyAdmin inside HTTP Basic Auth is a good idea. Even better if you > can also serve it via HTTPS. Upgrading to the latest released version > (2.10.1) is certainly recommended. I'm only running it on localhost currently for local database work, not externally accessible, but your warnings are well appreciated. Frankly I don't have much confidence in PHP's security generally, let alone for complex applications like phpMyAdmin using lots of javascript and such, yet find pma the most useful thing for working with Mysql databases. > This isn't excessive paranoia -- there are webcrawlers in the wild > hunting for phpMyAdmin installations by trying all the common URLs > that PMA gets installed as, including what I recommend in the port. Indeed it's not excessive; noticed here on Saturday on several sites on a public server that's NOT running phpMyAdmin (all from this IP, fwiw): 87.106.25.69 - - [09/Jun/2007:18:05:44 +1000] "GET /phpmyadmin/main.php HTTP/1.0" 404 287 "-" "pmafind" 87.106.25.69 - - [09/Jun/2007:18:05:44 +1000] "GET /PMA/main.php HTTP/1.0" 404 280 "-" "pmafind" 87.106.25.69 - - [09/Jun/2007:18:05:45 +1000] "GET /mysql/main.php HTTP/1.0" 404 282 "-" "pmafind" 87.106.25.69 - - [09/Jun/2007:18:05:45 +1000] "GET /admin/main.php HTTP/1.0" 401 471 "-" "pmafind" 87.106.25.69 - - [09/Jun/2007:18:05:46 +1000] "GET /db/main.php HTTP/1.0" 404 279 "-" "pmafind" 87.106.25.69 - - [09/Jun/2007:18:05:46 +1000] "GET /dbadmin/main.php HTTP/1.0" 404 284 "-" "pmafind" 87.106.25.69 - - [09/Jun/2007:18:05:47 +1000] "GET /web/phpMyAdmin/main.php HTTP/1.0" 404 291 "-" "pmafind" 87.106.25.69 - - [09/Jun/2007:18:05:47 +1000] "GET /admin/pma/main.php HTTP/1.0" 401 471 "-" "pmafind" Cheers, Ian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Php5 port and Apache Module
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ian Smith wrote: > Anyway, water under the bridge; phpMyAdmin 2.9.1 works fine, and I soon > have another big upgrade to do (patiently awaiting xorg 7 packages :) I take it you are aware of: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-1 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-2 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-3 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-4 and have taken steps to secure your phpMyAdmin installation. Wrapping phpMyAdmin inside HTTP Basic Auth is a good idea. Even better if you can also serve it via HTTPS. Upgrading to the latest released version (2.10.1) is certainly recommended. This isn't excessive paranoia -- there are webcrawlers in the wild hunting for phpMyAdmin installations by trying all the common URLs that PMA gets installed as, including what I recommend in the port. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.3 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGbAQO8Mjk52CukIwRCDTBAJ0Yt6J0uDfwO8AZQJD2avYSTGjg0ACffbqW YahKpz0N617yWWbANwHsepc= =r04R -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Php5 port and Apache Module
On Sun, 10 Jun 2007, Matthew Seaman wrote: > Ian Smith wrote: > > > Around 6.0 may have been the timeline for this change, but it affected > > users of 5.4 and 5.5 too; one 5.5-STABLE here. I ran into this updating > > phpMyAdmin last year, which also enforced upgrading from php4 to php5 - > > unnecessarily, according to the phpMyAdmin specs - and made it no longer > > possible to install php5 (thus eg phpMyAdmin) from the packages .. > > That is incorrect. The phpMyAdmin port works perfectly well with php4. > The *default* version of php that the port would cause to be installed > as a dependency if there was no previously installed php on the system > - -- that changed from 4 to 5 a while back, but that was actually a result > of system-wide changes in /usr/ports/Mk/bsd.php.mk To be fair, that was on a huge portupgrade from 5.4-R to 5-STABLE last December involving most ports including xorg and kde, and upgrading the installed php4 to php5 (as a consequence of the _then_ dependency tree) was the only thing that proved problematic, and that using using every prefetched package that portupgrade -anPP could find first. At the time, after a couple of days' struggle, I relented and went with php5, and after the aforementioned making config then installing the php5 port, all was plain sailing. As I recall it may have been a dependency of phpMyAdmin, pecl-pdflib, that kept insisting on php5? Anyway, water under the bridge; phpMyAdmin 2.9.1 works fine, and I soon have another big upgrade to do (patiently awaiting xorg 7 packages :) > Note that there is not a lot of point installing phpMyAdmin from > packages. The phpMyAdmin port does not compile anything -- all it > does it pull down the dist files and copy them into place. Essentially > what the package does, except that the port gives you immensely greater > flexibility in fitting in with alternate dependencies. On a 300MHz laptop with a 'fast' 5400rpm drive, packages are the go wherever possible, but I'll try remembering that. It's a nice port. Thanks Matthew, Cheers, Ian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Php5 port and Apache Module
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ian Smith wrote: > Around 6.0 may have been the timeline for this change, but it affected > users of 5.4 and 5.5 too; one 5.5-STABLE here. I ran into this updating > phpMyAdmin last year, which also enforced upgrading from php4 to php5 - > unnecessarily, according to the phpMyAdmin specs - and made it no longer > possible to install php5 (thus eg phpMyAdmin) from the packages .. That is incorrect. The phpMyAdmin port works perfectly well with php4. The *default* version of php that the port would cause to be installed as a dependency if there was no previously installed php on the system - -- that changed from 4 to 5 a while back, but that was actually a result of system-wide changes in /usr/ports/Mk/bsd.php.mk Note that there is not a lot of point installing phpMyAdmin from packages. The phpMyAdmin port does not compile anything -- all it does it pull down the dist files and copy them into place. Essentially what the package does, except that the port gives you immensely greater flexibility in fitting in with alternate dependencies. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.3 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGa7Zn8Mjk52CukIwRCK2YAJ0ZaUx7KmDopyaLLtb6HeV0A4HlTQCdHEP8 kUKvXN9SrbwxmRFxspGRqhY= =vw6Q -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Php5 port and Apache Module
On Sat, 09 Jun 2007 21:45:03 -0400 Christopher Hilton <[EMAIL PROTECTED]> wrote: > Jonathan Horne wrote: > >> Bob wrote: > >>> The php4 & php5 port apache module used to be default before FBSD 6.0. Around 6.0 may have been the timeline for this change, but it affected users of 5.4 and 5.5 too; one 5.5-STABLE here. I ran into this updating phpMyAdmin last year, which also enforced upgrading from php4 to php5 - unnecessarily, according to the phpMyAdmin specs - and made it no longer possible to install php5 (thus eg phpMyAdmin) from the packages .. > >>> Many people before you on this list have wanted the php4/5 apache module > >>> turned back on as default but so far the port maintainer has not done > >>> anything > >>> in any way of justifying removing the apache module from the default > >>> setting > >>> or re-enable it as the default. > > [snip] > > > > > seems like it was removed from the default config of lang/php5 for security > > reasons. many people who do build php5 do not need the apache module, so > > no > > sense building it if its not needed. I may be wrong of course, but my observation is that the majority of people (who mention) installing php do so for use as an apache module. > > cd /usr/ports/lang/php5 > > make config > > (edit your choices) > > make deinstall > > make reinstall > > > > its just one of those things that you learn to live with after a while. Mmmm. I don't see how it would hurt people who do want to use PHP as a CLI language, or for CGI, if mod_php5 were to be built by default also, making the php package useful again. libphp5.so is under 3MB. > Everyone seems to be misunderstanding my question. I'm aware of how to > build mod_php5. I'm curious about why the default configuration builds > php5 as a standalone CLI and CGI rather than as an apache module. I'm > assuming that there is some good engineering behind this decision but > I'd like to know a little more about that engineering. Is there some > advantage to running php as a Fast CGI process? > > -- Chris > > P.S. Sorry Bob, I've scanned the commit logs for the port and there is > no mention of security problems with mod_php5.so. To tell the truth I > cannot imagine that there would be any security issues in mod_php5.so > that didn't also exist in /usr/local/bin/php-cgi. I could be wrong here > though and then I would have the answer to my question. Colour me curious too. It appears more like a personal preference than engineering as such. It might also reflect the relative disrepute that installing from packages has fallen into, as those having leading edge hardware tend to forget the convenience and speed of packages compared to especially large compilations on sub-GHz boxes. And of CDROM sets. That said, I'm thankful to developers that it even exists as a port :) Cheers, Ian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"