Apache - bandwidth usage limit per vhost

[Ozgur Kazancci]

Hello everyone,

I'd like to set a (monthly) bandwidth quota limit to my Apache virtualhosts.
For instance, domain.com would have an amount of 10G/Month bandwidth limit
(and in case of exceeding the limit, it'd get redirected to a "Bandwidth limit
exceeded" alert page.)

Apache doesn't come with such a feature. I tried mod_cband. It was quite
unstable, has too many bugs, issues. (Dozens of unfixed security issues, bugs
since few years: http://sourceforge.net/tracker/?group_id=154335&atid=791368
), there is no more development for that module and it is abandoned by its
developer. I tried some other modules such as mod_bandwidth, mod_curb, mod_bw,
but no luck. Pretty old and 'expired' modules.

Neither using PF w/ ALTQ helped, because I'm using name-based virtual hosts.
(Multiple domains on a single shared IP address).

The system is OpenBSD 4.6 with Apache 1.3 (the default chroot'd one).

Any advice would be greatly appreciated.
Thanks in advance.
Kind Regards.

--
CzgC

Re: Apache - bandwidth usage limit per vhost

[Ozgur Kazancci]

Thanks a lot for the suggestions.

> Then what you need is exactly mod_throttle.
> mod_throttle project is discontinued but the latest version works just fine 
> and does it job very well.
> I use it with stock Apache since OpenBSD 3.4 and never had problems with it.

Could you tell me the version of your mod_throttle, please? I've downloaded the 
3.1.2 one (mod_throttle312.tgz), tried to compile, but got the following errors:

mod_throttle.c:726: error: redefinition of `union semun'
mod_throttle.c: In function `access_handler':
mod_throttle.c:2814: error: structure has no member named `sin_addr'
mod_throttle.c: In function `log_handler':
mod_throttle.c:3188: error: structure has no member named `sin_addr'
apxs:Break: Command failed with rc=1
*** Error code 1

Stop in /root/mod_throttle-3.1.2 (line 24 of Makefile).

Then, I opened the mod_throttle.c file and changed the following line:
defined(__FreeBSD__) || defined(__NetBSD__)
with
defined(__FreeBSD__) || defined(__NetBSD__)  || defined(__OpenBSD__)

& compiled it again. The first error (redefinition of union semun) did not 
appear anymore. The others remained and i couldn't go more far..

Any ideas for "structure has no member named `sin_addr'" error? 

Many thanks,
Best Regards.

// Ozgur Kazancci

Re: Apache - bandwidth usage limit per vhost

[Ozgur Kazancci]

Mr. Coppa,
Thank you very much for the patch.

It compiles without any error and it works ok but I've noticed that if the 
mod_throttle is loaded, apache doesn't want to restart with 'apachectl restart' 
anymore. You should manually 'apachectl stop' and 'apachectl start' it;

A demonstration:

# apachectl start
/usr/sbin/apachectl start: httpd started
# apachectl restart
/usr/sbin/apachectl restart: httpd restarted <-- (httpd stopped but did not 
start again)
# apachectl stop
/usr/sbin/apachectl stop: httpd (pid 947?) not running 

# apachectl start
/usr/sbin/apachectl start: httpd started

Do you have any suggestions?

Kind Regards.

---
Ozgur Kazancci

Re: Apache - bandwidth usage limit per vhost

[Ozgur Kazancci]

Oh, my mistake.. I forgot that it was a jailed httpd.

There was a "File Not Found: /usr/lib/apache/modules/mod_throttle.so" message 
in the error_log, but the file was already there (out of chroot path). So, I 
copied the mod_throttle.so file into /var/www/conf/modules and changed the path 
of LoadModule throttle_module in httpd.conf.

'apachectl restart' is working again.

Thanks.

// Ozgur

apachectl restart bug?

[Ozgur Kazancci]

When apachectl issuing a restart, it sends a SIGHUP signal to httpd,
and when httpd receives this signal, it doesn't exit from its chroot.
So, "apachectl restart" becomes unfunctional when you have external
modules via LoadModule in your httpd.conf.

I have the following line in my httpd.conf:

LoadModule throttle_module  /usr/lib/apache/modules/mod_throttle.so

When you have such a line, (and the module file exists there) apache
doesn't want to restart (apachectl restart) anymore.

After executing apachectl restart command, error_log file receives:
Syntax error on line 276 of /conf/httpd.conf: Cannot load
/usr/lib/apache/modules/mod_throttle.so into server: File not found
But the file is already there.
So i should manually 'apachectl stop' and 'apachectl start' to restart httpd;

A demonstration:

# apachectl start
/usr/sbin/apachectl start: httpd started
# apachectl restart
/usr/sbin/apachectl restart: httpd restarted  <--httpd stopped but didn't start 
again
# apachectl stop
/usr/sbin/apachectl stop: httpd (pid 947?) not running

# apachectl start
/usr/sbin/apachectl start: httpd started

System: OpenBSD 4.6-stable with the stock httpd (Apache/1.3.29)

Regards.

-- 
Ozgur Kazancci

Re: Apache - bandwidth usage limit per vhost

[Ozgur Kazancci]

> Just curious..   did 'apachectl graceful' tell you anything about that
missing file when testing?
--

No, 'apachectl graceful' did not give any error.

Re: Apache - bandwidth usage limit per vhost

[Ozgur Kazancci]

> > Just curious..   did 'apachectl graceful' tell you anything about that
> > missing file when testing?
> > That's my first and favorite debug command for apache esp. in production
> > env.
> >
> >
> >
> Sorry!!  I meant to ask about 'apachectl configtest'. THAT is my
> favorite
--
No error.

# apachectl configtest
Processing config directory: /var/www/conf/modules/*.conf
 Processing config file: /var/www/conf/modules/host.conf
Syntax OK

errata46.html update

[Ozgur Kazancci]

Same name, two different files:

http://www.openbsd.org/errata46.html
$OpenBSD: errata46.html,v 1.9 2010/03/12 14:51:33 jasper Exp $ 

http://openbsd.org/errata46.html
$OpenBSD: errata46.html,v 1.7 2010/03/08 21:53:37 deraadt Exp $ 

Am i missing something?

Regards.

-- 
Ozgur Kazancci

Hardening OpenBSD : Just delete!

[Ozgur Kazancci]

Hello.
Is this a joke?

(Removing OpenBSD unnecessary and/or dangerous files)

http://geodsoft.com/howto/harden/OpenBSD/remove.txt

( http://geodsoft.com/howto/harden/OpenBSD/remove_files.htm )

--
Ozgur

Re: Hardening OpenBSD : Just delete!

[Ozgur Kazancci]

- Matthias Kilian  wrote:
> On Sun, Mar 14, 2010 at 08:51:05PM +0100, Otto Moerbeek wrote:
> > > > ( http://geodsoft.com/howto/harden/OpenBSD/remove_files.htm )
> > > 
> > > He forgot to remove sh(1), unvis(1) and chmod(1).
> > 
> > and getty(8), login(8), and /bsd
> 
> Better remove the mainboard. That's way more secure and takes less
> effort.

lol indeed!! :)

-
ozzy

Re: Abnormally slow and unstable cvs process

[Ozgur Kazancci]

Thanks a lot for the suggestions.

The NIC was trying to auto negotiate, and it was ending up in half duplex.
And that was the reason why the cvs checkout took 12 hours!

I've fixed the problem by doing;

ifconfig bge0 media 10baseT/UTP mediaopt full-duplex

and then i added that to /etc/hostname.bge0

Regards.

-- 
Ozgur Kazancci



- Ozgur Kazancci  wrote:
> Hello.
> 
> I have a new computer that i'll control remotely, (a Dell PowerEdge 860)
> it has a newly installed OpenBSD 4.6.
> 
> When i try to get the src source via cvs, the progress goes extremely slow,
> it always stops for ~30 seconds,
> sometimes even few minutes pass almost at every file during the fetching.
> 
> The same slowness happened also when i pkg_add'ed a package.
> 
> (I use the nearest cvs mirror - i tried different mirrors as well)
> 
> for example,
> 
> U src/gnu/usr.bin/binutils/ld/NEWS
> (waiting too long, then)
> U src/gnu/usr.bin/binutils/ld/README
> (again wait few minutes)
> U src/gnu/usr.bin/binutils/ld/TODO
> again..
> 
> The current cvs process is running since ~12 hours.
> 
> I guess it's not because of my computer's internet speed,
> at least it's not that slow, of course.
> Not a DNS problem.
> 
> I suspect the NIC. Broadcom BCM5721. Its driver maybe?
> 
> Here is the dmesg output:
> 
> http://openbsd.pastebin.ca/CDtZiOel
> 
> Would gratefully appreciate any suggestions.
> 
> Many thanks in advance for your time!

- Gregory Edigarov  wrote:
> try disabling ACPI in the first place.

- Otto Moerbeek  wrote:
> I would suspect some fragmentation issue here. Check you firewall settings.

httpd segmentation fault

[Ozgur Kazancci]

Hello.

My PhpMyAdmin was stopping the requests randomly,
and all i was getting was a blank page.

I checked the error_log, lots of Segmentation Faults were there;

error_log
[Wed Mar 31 10:04:11 2010] [notice] child pid 9954 exit signal Segmentation 
fault (11)
[Wed Mar 31 10:04:11 2010] [notice] child pid 6811 exit signal Segmentation 
fault (11)
[Wed Mar 31 10:04:12 2010] [notice] child pid 25005 exit signal Segmentation 
fault (11)
[Wed Mar 31 10:04:40 2010] [notice] child pid 9148 exit signal Segmentation 
fault (11)
[Wed Mar 31 10:04:41 2010] [notice] child pid 5246 exit signal Segmentation 
fault (11)
[Wed Mar 31 10:04:43 2010] [notice] child pid 31849 exit signal Segmentation 
fault (11)
[Wed Mar 31 10:04:45 2010] [notice] child pid 28004 exit signal Segmentation 
fault (11)
[Wed Mar 31 10:04:45 2010] [notice] child pid 23883 exit signal Segmentation 
fault (11)

After a long googleing, as a workaround,
I have added suhosin.session.encrypt = Off to php.ini
which seems to stop the error.

But;
I've seen some replies in the mailling list related to this issue;

"-stable ports has a newer version of PHP and the Suhosin patchset
where this problem and some security-related bugs are fixed." (2009.11.01)

another message says: you need to upgrade php to 5.2.11, from -stable, 

Mine is PHP 5.2.10 with Suhosin-Patch 0.9.7.
I don't see 5.2.11 from -stable tree of 4.6.
Both 4.6 packages and ports have php5 version 5.2.10.

Am i missing something? 

Packages:

phpMyAdmin-3.2.0
php5-core-5.2.10
php5-curl-5.2.10
php5-gd-5.2.10-no_x11
php5-mbstring-5.2.10
php5-mcrypt-5.2.10
php5-mhash-5.2.10
php5-mysql-5.2.10
php5-mysqli-5.2.10
mysql-server-5.0.83

stock Apache.

Best Regards.
-- 
Ozgur

Re: httpd segmentation fault

[Ozgur Kazancci]

- Toni Mueller  wrote:
> Hi,
> 
> On Wed, 31.03.2010 at 14:03:06 -0400, Devin Ceartas  
> wrote:
> > I suppose it should be "5.2.11 or later" my machine running 4.6
> > stable has 5.2.12 installed from ports
> 
> looking into CVS, it turns out that 5.2.10 is in 4.6-release, while
> 5.2.12 is in 4.6-stable.
> 

Hi.

5.2.12 in 4.6-stable? Weird. I've fetched the stable ports few minutes ago;
cd /usr
cvs -d$CVSROOT checkout -r OPENBSD_4_6 -P ports

but;

# make search name=php5-core
Port:   php5-core-5.2.10

Still 5.2.10.. Might be an outdated cvs server, maybe?
It is; anon...@obsd.cec.mtu.edu:/cvs.

Regards.

// Ozzy

pkg_add -F update downgrades the packages

[Ozgur Kazancci]

Hello.

pkg_add -nui -F update -F updatedepends
downgrades packages to their lower versions.

output:
Candidates for updating mysql-client-5.0.89 -> mysql-client-5.0.83
Candidates for updating mysql-server-5.0.89 -> mysql-server-5.0.83
Candidates for updating p5-DBD-mysql-4.010 -> p5-DBD-mysql-4.010
Candidates for updating php5-core-5.2.12 -> php5-core-5.2.10
Candidates for updating php5-curl-5.2.12 -> php5-curl-5.2.10
Candidates for updating php5-gd-5.2.12 -> php5-gd-5.2.10
Candidates for updating php5-mbstring-5.2.12 -> php5-mbstring-5.2.10
Candidates for updating php5-mcrypt-5.2.12 -> php5-mcrypt-5.2.10
Candidates for updating php5-mysql-5.2.12 -> php5-mysql-5.2.10
Candidates for updating php5-mysqli-5.2.12 -> php5-mysqli-5.2.10
...

Using OpenBSD 4.6-stable & stable branch for the 4.6 release.

Best Regards.
--
Ozi

weird maildirmake problem

[Ozgur Kazancci]

Hi,

I've a strange problem;

I installed an OpenBSD mail server last day with Postfix, Courier-Imap..etc

Everything was working fine, until i wanted to re-create an e-mail account.

Now, when i'm trying to make user's directory,
(as root) /usr/local/bin/maildirmake -q 1000S /var/vmail/domain.com/user

Maildirmake does not response the command. It just waits for forever,
cursor waits, no output (just like when you simply run 'cat' without pointing 
to a file)
till i interrupt with CTRL+C.

I thought its maybe because of the permissions,
But neither chown -R vmail:vmail /var/vmail did not solve that.

details:

OpenBSD 4.6-stable

#which maildirmake
/usr/local/bin/maildirmake

# ls -al /usr/local/bin/maildirmake
-r-xr-xr-x  1 root  bin  30504 Jul  2  2009 /usr/local/bin/maildirmake

i've created a ktrace.out file with ktrace -p $maildirmakepid while maildirmake 
was waiting,
kdump'd the ktrace.out file, got such messages:

14969 maildirmake NAMI  
"/var/vmail/domain.com/info/tmp/1271783205.14969_NeWmAiLdIrSiZe.hostname.server.com"
14969 maildirmake RET   stat -1 errno 2 No such file or directory
14969 maildirmake CALL  open(0x80b30600,0x20e,0x1a4)
14969 maildirmake NAMI  
"/var/vmail/domain.com/info/tmp/1271783205.14969_NeWmAiLdIrSiZe.hostname.server.com"
4969 maildirmake RET   open -1 errno 2 No such file or directory
...

Of course, there is no such 'domain.com' or 'domain.com/user' directory in 
/var/vmail.

maildirmake creates them, just like how it did last day.

Same command, same permissions, same path, not working.

Any idea?

Thanks.