[EMAIL PROTECTED] Apache suddenly stops accepting request
Hi, Just recently Ive experienced something new in apache It just suddenly stop on accepting request... what I did is to restart the server and everything went to normal i did check on the logs and there's no unusual entry... im using apache 1.3.33 and php4.3.10 tia, - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] config for ldap in httpd.conf help please
On 7 Dec 2005, at 23:59, [EMAIL PROTECTED] wrote: I have finally compiled apache 2.0.55 with ldap, but now it will not authtencate from the ldap server.Here is my config in httpd.conf. Also my debug from openldap. It don't look like it's even trying to speak to the ldap server. Please help Thanks httpd.conf ldap config SetHandler ldap-status Order deny,allow Deny from all Allow from xxx.com AuthLDAPEnabled on AuthLDAPURL ldap://192.168.20.60:386/dc=xxx,dc=com?uid?one AuthLDAPAuthoritative on require valid-user Hi, you are missing some options in the Directory entry: AuthTypeBasic AuthName "Authenticated Users Only" It should complain about these in the error log, with something like: "configuration error: couldn't perform authentication. AuthType not set!" -fot - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Apache2 + userdir + suexec -- getting there :S
Sorry to reply to my own post, but I have fixed it... adding a [PT] to the end of the rewrite rule fixed the problem. thanks, Adam. From: Adam Hewitt Sent: Thursday, 8 December 2005 11:47 AMTo: users@httpd.apache.orgSubject: [EMAIL PROTECTED] Apache2 + userdir + suexec -- getting there :S Hi All, I am now one step further in diagnosing/fixing this issue that I am currently experiencing. I now have a test setup which has removed all LDAP functionality and is reading directly from the /etc/passwd file. Now, if someone browses to http://members.domainname.com.au/~username/cgi-bin/filedel.cgi I have a rewrite in place to change the ~username to [EMAIL PROTECTED], which matches the user I have in the /etc/passwd file. This works for normal html pages, but it still fails for cgi's. I have ruled out suexec as being the issue altogether. I modified the suexec code to output the arguments it was recieving from apache right at the beginning of the code, and found that if I remove the rewrite and use the full username in the URL then it works and suexec outputs to the log, but if I use the rewrite it fails and I get no output to the log file. Therefore the issue is laying somewhere inside the apache code. So, can anyone suggest a way to keep the browser from seeing any rewrite so that there is no change from ~username from the customers point of view, or sugegst any reason why this would be failing? I feel that this is an apache bug, but it may be by design...and my C skills are not high enough to be able to go through the entire apache code base to try and modify my version to get around this issue. Cheers, Adam.
[EMAIL PROTECTED] Apache2 + userdir + suexec -- getting there :S
Hi All, I am now one step further in diagnosing/fixing this issue that I am currently experiencing. I now have a test setup which has removed all LDAP functionality and is reading directly from the /etc/passwd file. Now, if someone browses to http://members.domainname.com.au/~username/cgi-bin/filedel.cgi I have a rewrite in place to change the ~username to [EMAIL PROTECTED], which matches the user I have in the /etc/passwd file. This works for normal html pages, but it still fails for cgi's. I have ruled out suexec as being the issue altogether. I modified the suexec code to output the arguments it was recieving from apache right at the beginning of the code, and found that if I remove the rewrite and use the full username in the URL then it works and suexec outputs to the log, but if I use the rewrite it fails and I get no output to the log file. Therefore the issue is laying somewhere inside the apache code. So, can anyone suggest a way to keep the browser from seeing any rewrite so that there is no change from ~username from the customers point of view, or sugegst any reason why this would be failing? I feel that this is an apache bug, but it may be by design...and my C skills are not high enough to be able to go through the entire apache code base to try and modify my version to get around this issue. Cheers, Adam.
Re: [EMAIL PROTECTED] PHP Prolem
AddType application/x-httpd-php .php DirectoryIndex index.html index.html.var index.php Add to the httpd.conf2005/12/8, Todd Hofert <[EMAIL PROTECTED]>: I just installed Apache 1.3 on local computer. I am now trying to install Zen-Cart and when I access the appropriate directory the result is a directory listing. The directions indicate that if you get a directory listing you should speak to your Hosting Site about how to setup your server to auto-detect PHP filename extensions.So since I am the host, how do I configure Apache to auto-detect PHP filename extensions?ThanksToddThis e-mail and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify thesender immediately by return e-mail, delete this e-mail and destroy anycopies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal.-The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info.To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] apache server - username and password
It was thus said that the Great Joshua Slive once stated: > > On 12/7/05, Senthil Nathan <[EMAIL PROTECTED]> wrote: > > hi all, > > > > my application running on Apache 2 on mod_perl 2 uses htaccess to > > authenticate. so i need to get the username and the password who is > > authenticated to login for passing it to a different command in the scrip= > t. > > You should probably ask on the mod_perl list. Normal cgi scripts > can't do this for security reasons, but mod_perl has access to apache > internals, so there might be a way. Well, CGI scripts are passed the authentication method (Basic or Digest) and the userid in the environment variables: AUTH_TYPE REMOTE_USER What is not passed is the password the user typed. -spc - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Is there something like an directive?
On 12/7/05, Jason Martens <[EMAIL PROTECTED]> wrote: > I want to be able to include or exclude parts of my configuration based > on whether I am in the SSL virtual host, or the regular port 80 virtual > host. Is there some way to do something like this: > SetEnv thisHost HTTP > > > Stuff > > > I know there is no directive, but is there another way to > accomplish this without it? Just put those directives inside the section for the relevant host. > > Also, what is the scope of an environment variable in apache? Per > virtual host? Per server? It depends on how the variable is set. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] PHP Prolem
I just installed Apache 1.3 on local computer. I am now trying to install Zen-Cart and when I access the appropriate directory the result is a directory listing. The directions indicate that if you get a directory listing you should speak to your Hosting Site about how to setup your server to auto-detect PHP filename extensions. So since I am the host, how do I configure Apache to auto-detect PHP filename extensions? Thanks Todd This e-mail and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this e-mail and destroy any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] apache server - username and password
On 12/7/05, Senthil Nathan <[EMAIL PROTECTED]> wrote: > hi all, > > my application running on Apache 2 on mod_perl 2 uses htaccess to > authenticate. so i need to get the username and the password who is > authenticated to login for passing it to a different command in the script. You should probably ask on the mod_perl list. Normal cgi scripts can't do this for security reasons, but mod_perl has access to apache internals, so there might be a way. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Is there something like an directive?
I want to be able to include or exclude parts of my configuration based on whether I am in the SSL virtual host, or the regular port 80 virtual host. Is there some way to do something like this: SetEnv thisHost HTTP Stuff I know there is no directive, but is there another way to accomplish this without it? Also, what is the scope of an environment variable in apache? Per virtual host? Per server? Thanks, Jason Martens - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Apache Authentication questions
I'm playing around with authentication schemes under Apache. In reading the spec [1] I notice that a server can send multiple authentication schemes. Now, Apache has support for both Basic and Digest authentication schemes, and that both the scheme and userid are included with the request, so a CGI script can determine if the request was made via the Basic scheme or Digest scheme: AUTH_TYPE=Digest [EMAIL PROTECTED] So far so good. But the Digest scheme isn't supported in all browsers, just the most recent versions. It would be nice to support both [2]. I tried the following under both Apache 1.3.33 and Apache 2.0.54: ServerNamewiki.flummux.org ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/spc/wiki/htdocs CustomLog logs/wiki.flummux.org combined # bunch of ErrorDocument directives snipped # not germane to the discussion here ... AllowOverride All Options All AuthTypeBasic AuthName"Wiki Editing" AuthUserFile/home/spc/blog/users AuthGroupfile /home/spc/blog/groups Require valid-user Require valid-user AllowOverride All Options All AuthTypeBasic AuthNameAdministration AuthUserFile/home/spc/wiki/users AuthGroupFile /home/spc/wiki/groups Require group admin AuthTypeDigest AuthNameAdministration AuthDigestFile /home/spc/wiki/digest-users AuthDigestGroupFile /home/spc/wiki/groups Require group admin (configuration is the same under both versions). The configuration works (that's not the problem), but Apache (both versions) seems to prefer the Digest method and never mentions the Basic scheme at all: Trying 66.252.224.11... Connected to wiki.flummux.org. Escape character is '^]'. GET /private/ HTTP/1.0 Host: wiki.flummux.org HTTP/1.1 401 Authorization Required Date: Wed, 07 Dec 2005 21:53:35 GMT Server: Apache/2.0.54 (Unix) DAV/2 WWW-Authenticate: Digest realm="Administration", nonce="2C4cL1wHBAA=3f5f62f8b6181df23b6f8381c8860f3001cbd877", algorithm=MD5, qop="auth" Last-Modified: Wed, 07 Dec 2005 21:20:34 GMT ETag: "a041cc-89e-b8ff4c80" Accept-Ranges: bytes Content-Length: 2206 Connection: close Content-Type: text/html I've yet to try Apache 2.2, but can Apache be configured to support mutiple authentication schemes for the same directory/location? Am I missing something? -spc (If not, oh well ... I can deal ... ) [1] RFC-2617: HTTP Authentication: Basic and Digest Access Authentication [2] Just playing around with an idea, and Digest is the preferred method, but I would like to support the Basic scheme, just a bit differently though. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] config for ldap in httpd.conf help please
I have finally compiled apache 2.0.55 with ldap, but now it will not authtencate from the ldap server.Here is my config in httpd.conf. Also my debug from openldap. It don't look like it's even trying to speak to the ldap server. Please help Thanks httpd.conf ldap config SetHandler ldap-status Order deny,allow Deny from all Allow from xxx.com AuthLDAPEnabled on AuthLDAPURL ldap://192.168.20.60:386/dc=xxx,dc=com?uid?one AuthLDAPAuthoritative on require valid-user slapd -d 9 lapd startup: initiated. backend_startup_one: starting "cn=config" backend_startup_one: starting "dc=xx,dc=com" bdb_db_open: Warning - No DB_CONFIG file found in directory /usr/local/var/openldap-data: (2) Expect poor performance for suffix dc=x,dc=com. bdb_db_open: dbenv_open(/usr/local/var/openldap-data) slapd starting daemon: added 5r daemon: added 7r daemon: added 8r daemon: select: listen=7 active_threads=0 tvp=NULL daemon: select: listen=8 active_threads=0 tvp=NULL - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] redirect
On Wed, 2005-12-07 at 12:37 -0500, mwlist wrote: > I'm setting up a system and need some advice the situation is described below. > > Currently > Machine 1 is a linux box with apache 2 serving our main site www.site.com > Machine 2 has our users personal web site data which users upload with > shell access. > Machine 1 nfs mounts machine 2 and serves the user pages at www.site.com/~user > > I would like to get rid of the NFS mount. > > So can I have apache 2 forward requests for www.site.com/~user to > machine 2 and still retain the same url? I was thinking of using > mod_alias to do this. > Redirect /~*http://machine2.com/~* > Any ideas? Mod_alias only uses paths on the local server, so that's not what you are looking for. You probably want to use mod_proxy or mod_rewrite with the [P] option for proxying. ModRewrite would probably require the least amount of apache configuration, once you get the right regular expression that is. Something like "ProxyPass /~user http://machine2.com/~user"; might work, but to avoid putting a line like that in your apache config for each user, you probably want to use a RewriteRule something like this: RewriteRule /~(.*)http://machine2.com/~$1 [P] Note, I'm not terribly good with mod_rewrite, but this should get you started. You could also use the Redirect directive, but that would point your clients to the other server so www.site.com/~user would become http://machine2.com/~user in your client's url, and I don't think that's what you want. Jason Martens - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] apache server - username and password
hi all,my application running on Apache 2 on mod_perl 2 uses htaccess to authenticate. so i need to get the username and the password who is authenticated to login for passing it to a different command in the script. i read something abt suExec, http://httpd.apache.org/docs/2.0/suexec.htmlbut the concept is not clear. so how to get the username and the password who logged in. thankssenthil
[EMAIL PROTECTED] Access Statistics
Hi List, I am searching for a simple program to show the access statistic of my few websites (12) on my Apache server. There are lots of projects around and many of them are tricky to install - this is the reason for my little survey instead of trying them out. It is also a non-profit, private server I have running here, so it should be an open source solution and not one of the commercial ones which are a kind of pricy. - just needs to show access on each single site (how many hits) - peak times for each site - best would be a text console program for my terminal, but a webbrowser gui would also do it Anybody knows about such a low demand solution?? Thanks herbs () ASCII Ribbon Campaign - against html/rtf/vCard in mail /\- against M$ attachments - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Multitail
> () ASCII Ribbon Campaign - against html/rtf/vCard in mail > /\- against M$ attachments Amen to that! - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Apache 1.3 vs Apache 2
If your using the 4.4.1 version of php you might be having problems with the bug described here http://bugs.php.net/bug.php?id=35067 I had to step up to the 4.4.1 dev version where that bug is patched. The problem was creating a situation where httpd process consumption would spike out to 100% on one of my servers. I updated to the developer snapshot of php and everything went back to normal on that server. I hope this helps. Sincerely, Adam Ossenford - Original Message - From: "Joshua Slive" <[EMAIL PROTECTED]> To: Sent: Wednesday, December 07, 2005 1:00 PM Subject: Re: [EMAIL PROTECTED] Apache 1.3 vs Apache 2 On 12/7/05, Michael Jeung <[EMAIL PROTECTED]> wrote: Yesterday afternoon, we put this new server into production and it seemed to be behaving relatively OK, with system-load of 4-5. We thought everything was going well and that this issue was wrapped up. Serves us right - today we got into the office and found that loads on our server had spiked to 150. Before we pulled the server from production, we grabbed a few snapshots of what the system was doing. After taking a look at these, I haven't been able to make much head-way. If someone with more experience in this matter could take a look, I would greatly appreciate it. You need to use tools like mod_status, your access_log, strace, and a debugger to see what those processes are actually doing. Given the amount of memory they are using, they clearly aren't serving static files, so this is likely something php or database related. Ultimately, my goal here is to get Apache to behave. Any solution that will allow Apache to run without killing the server is acceptable -- including upgrading to Apache 2. (Does Apache2 outperform Apache 1.3?) Apache 2 will outperform 1.3 in some cases because of sendfile support, among other things. But since your site looks very php/database dependent, it's unlikely changing the underlying web server will have any measurable effect. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Multitail
Hi List, I just downloaded & installed Multitail http://www.vanheusden.com/multitail/ - for the case you haven't discovered this little console program yet. Its a great tool to watch the Apache logfiles 'growing' when users access the websites. You can display a couple of logfiles on a single terminal. Very recommendable.. Cheers herbs () ASCII Ribbon Campaign - against html/rtf/vCard in mail /\- against M$ attachments - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Cannot Get Basic Auth to Work
Thanks for the reply. Here is what is there now. .htaccess - SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 This was in the file and is the only uncommented text. I am not using SSL. Iremoved everything else per your suggestion. htppd.conf -- Alias /o E:/ApacheGroup/Apache2/d/c/a AuthType Basic AuthName O Require valid-users AllowOverride AuthConfig Options AuthUserFile E:\ApacheGroup\Apache2\auth.dbm Options None Order allow,deny Allow from all I created the id/password with htdbm and restarted Apache. It still does not work. What next? Mike > -Original Message- > From: Boyle Owen [mailto:[EMAIL PROTECTED] > Sent: Wednesday, December 07, 2005 2:57 AM > To: users@httpd.apache.org > Subject: RE: [EMAIL PROTECTED] Cannot Get Basic Auth to Work > > > Your set up is a bit of a mess > > 1) You don't need (and should have) Auth directives in the main > config *and* in a .htaccess file. For simplicity, I'd recommend > all directives in the main config and only use a .htaccess file > if you really need to (if you don't know whether to use a > .htaccess file... don't use it). > > 2) You need an AuthUserFile directive to tell apache where to > find the file with the list of users and passwords (see > http://httpd.apache.org/docs/2.0/mod/mod_auth.html#authuserfile) > > 3) "Require user all" doesn't make sense unless you have a user > called "all". If you just want to restrict access to user who > have an entry in the AuthUserFile (see #2), then put "Require > valid-user" (see http://httpd.apache.org/docs/2.0/mod/core.html#require). > > Rgds, > Owen Boyle > Disclaimer: Any disclaimer attached to this message may be ignored. > > > > -Original Message- > > From: Michael Avila [mailto:[EMAIL PROTECTED] > > Sent: Mittwoch, 7. Dezember 2005 00:23 > > To: Apache - User Mailing List > > Subject:[EMAIL PROTECTED] Cannot Get Basic Auth to Work > > > > Windows XP Pro SP2 > > Apache 2.0.55 > > > > I have had basic auth working in the past and I looked at > several examples to set this up but for some reason it is not > working. It is time for me to present it to someone else as I may > not be seeing the trees because the forest is so big! > > > > Thanks for the help. > > > > Mike > > > > > > hpptd.conf > > --- > > LoadModule auth_module modules/mod_auth.so > > LoadModule auth_dbm_module modules/mod_auth_dbm.so > > > > UseCanonicalName Off <-- was on but turned it off as I > saw a post about it causing problems > > > > Alias /o E:/ApacheGroup/Apache2/d/c/a <--- > changed the names because it is wide open now > > > > AuthType Basic > > AuthName O > > Require user all > > AllowOverride AuthConfig Options > > Options None > > Order allow,deny > > Allow from all > > > > > > == > > > > .htaccess > > -- > > > <--- this already was in the .htaccesss file > > > > SetEnvIf User-Agent ".*MSIE.*" \ > > nokeepalive ssl-unclean-shutdown \ > > downgrade-1.0 force-response-1.0 > > > > > > > > AuthType Basic > > AuthName O > > Require user > > AllowOverride AuthConfig Options > > << File: ATT975377.txt >> > > > Diese E-mail ist eine private und persönliche Kommunikation. Sie > hat keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX > Gruppe. This e-mail is of a private and personal nature. It is > not related to the exchange or business activities of the SWX > Group. Le présent e-mail est un message privé et personnel, sans > rapport avec l'activité boursière du Groupe SWX. > > > This message is for the named person's use only. It may contain > confidential, proprietary or legally privileged information. No > confidentiality or privilege is waived or lost by any > mistransmission. If you receive this message in error, please > notify the sender urgently and then immediately delete the > message and any copies of it from your system. Please also > immediately destroy any hardcopies of the message. You must not, > directly or indirectly, use, disclose, distribute, print, or copy > any part of this message if you are not the intended recipient. > The sender's company reserves the right to monitor all e-mail > communications through their networks. Any views expressed in > this message are those of the individual sender, except where the > message states otherwise and the sender is authorised to state > them to be the views of the sender's company. > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] >" from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] >
Re: [EMAIL PROTECTED] environment variables and CPU usage
On 12/7/05, Ryan Hansen <[EMAIL PROTECTED]> wrote: > To minimize impact and improve performance on dynamic, db-driven apps, > the original developers designed the system to use Apache environment > variables to store information that would otherwise have been stored in > the database (file paths, file names, etc.). To accomplish this, each > Virtual Host has a separate associated include file that contains > anywhere from 10 to X Apache environment variable declarations. At > first glance, this seems like a clever way to handle some of the dynamic > data, but I've had my reservations about this method, not knowing what > the long-term side-effects would be. It is unclear exactly what you are talking about. Some actual configuration examples would be very helpful. > > I found one serious side-effect today: it seems that when you get to a > certain number of vhosts (each with it's own set of env vars), > restarting Apache takes up to 15 minutes to complete (on FC3, Dell > PowerEdge Dual Pentium III 1Ghz with 1GB memory). During restart, one > of the two procs was spiked up to 99%, but the memory was relatively > untouched. Once Apache was finally running, the CPU spike dropped > backed to normal. This problem did not exist prior to adding a few very > large web sites to the server recently. Needless to say, a 15+ minute > restart time is unacceptable. > > So, my questions are the following: > > 1- Does someone with a much lower level understanding of Apache know if > the envrionment variables could actually be the cause of this problem, > or should I look elsewhere? I'm not asking for a complete diagnostic > evaluation, just a note to say whether or not I'm barking up the wrong tree. Evaluating SetEnv directives should be quite fast. If you have many thousands of them it might start to slow things down, but I doubt it explains a 15 minute start time. > > 2- If the environment variable situation is likely the core of the > problem (as I believe), can someone give a more specific explanation as > to why, so I can convince the designers of this system that it's a > "less-effective" design? You need to give a more specific example as I mentioned above. I suggest starting "httpd -X" under strace or a debugger to see what it is actually doing for all that time. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Apache 1.3 vs Apache 2
On 12/7/05, Michael Jeung <[EMAIL PROTECTED]> wrote: > Yesterday afternoon, we put this new server into production and it > seemed to be behaving relatively OK, with system-load of 4-5. We > thought everything was going well and that this issue was wrapped > up. Serves us right - today we got into the office and found that > loads on our server had spiked to 150. > > Before we pulled the server from production, we grabbed a few > snapshots of what the system was doing. After taking a look at > these, I haven't been able to make much head-way. If someone with > more experience in this matter could take a look, I would greatly > appreciate it. You need to use tools like mod_status, your access_log, strace, and a debugger to see what those processes are actually doing. Given the amount of memory they are using, they clearly aren't serving static files, so this is likely something php or database related. > > Ultimately, my goal here is to get Apache to behave. Any solution > that will allow Apache to run without killing the server is > acceptable -- including upgrading to Apache 2. (Does Apache2 > outperform Apache 1.3?) Apache 2 will outperform 1.3 in some cases because of sendfile support, among other things. But since your site looks very php/database dependent, it's unlikely changing the underlying web server will have any measurable effect. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Apache 1.3 vs Apache 2
Good morning all, Recently, we've migrated one of our production servers from a Linux box to a FreeBSD box. We're running Apache 1.3.34, with a PHP/MySQL web application. Listed below, you can find how apache has been compiled. Yesterday afternoon, we put this new server into production and it seemed to be behaving relatively OK, with system-load of 4-5. We thought everything was going well and that this issue was wrapped up. Serves us right - today we got into the office and found that loads on our server had spiked to 150. Before we pulled the server from production, we grabbed a few snapshots of what the system was doing. After taking a look at these, I haven't been able to make much head-way. If someone with more experience in this matter could take a look, I would greatly appreciate it. Ultimately, my goal here is to get Apache to behave. Any solution that will allow Apache to run without killing the server is acceptable -- including upgrading to Apache 2. (Does Apache2 outperform Apache 1.3?) server# httpd -V Server version: Apache/1.3.34 (Unix) Server built: Nov 28 2005 12:49:01 Server's Module Magic Number: 19990320:18 Server compiled with -D EAPI -D EAPI_MM -D EAPI_MM_CORE_PATH="/var/run/httpd.mm" -D HAVE_MMAP -D USE_MMAP_SCOREBOARD -D USE_MMAP_FILES -D HAVE_FLOCK_SERIALIZED_ACCEPT -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D DYNAMIC_MODULE_LIMIT=64 -D HARD_SERVER_LIMIT=512 -D SO_ACCEPTFILTER -D ACCEPT_FILTER_NAME="httpready" -D HTTPD_ROOT="/usr/local" -D SUEXEC_BIN="/usr/local/sbin/suexec" -D DEFAULT_PIDLOG="/var/run/httpd.pid" -D DEFAULT_SCOREBOARD="/var/run/httpd.scoreboard" -D DEFAULT_LOCKFILE="/var/run/httpd.lock" -D DEFAULT_ERRORLOG="/var/log/httpd-error.log" -D TYPES_CONFIG_FILE="etc/apache/mime.types" -D SERVER_CONFIG_FILE="etc/apache/httpd.conf" -D ACCESS_CONFIG_FILE="etc/apache/access.conf" -D RESOURCE_CONFIG_FILE="etc/apache/srm.conf" This is vmstat during the problem -- note that CPU is 0% idle. server# vmstat 1 procs memory pagedisks faults cpu r b w avmfre flt re pi po fr sr da0 md0 in sy cs us sy id 56 115 0 4105968 293024 10839 6 0 0 10462 13 0 0 660 5051 423 9 9 82 43 120 0 2559320 288348 75582 14 0 0 70335 0 0 0 1874 23305 1700 74 25 0 39 126 0 3174044 281440 65374 66 0 0 60878 0 64 0 1712 23361 1646 69 31 0 24 127 0 3171440 280976 24325 229 0 0 19744 0 1 0 2202 47064 2373 74 26 0 25 128 0 3164152 288296 41649 74 0 0 39391 0 1 0 1573 34180 1600 64 36 0 21 132 0 2649152 294112 66247 272 0 0 63361 0 1 0 1595 22986 1938 64 36 0 21 129 0 1634504 282236 31834 668 0 0 28466 0 91 0 1588 58544 2087 70 30 0 23 131 0 2243500 281344 56292 21 0 0 53558 0 1 0 1356 34243 1669 58 42 0 19 133 0 2235948 285932 37381 12 0 0 36987 0 2 0 1547 30101 1784 72 28 0 32 134 0 798396 295432 34687 4 0 0 36695 0 0 0 1079 2982 246 6 94 0 31 135 0 1312772 294476 202898 0 0 0 196045 0 12 0 1357 16086 1242 21 79 0 16 138 0 1325712 285204 90288 16 0 0 85205 0 8 0 1257 19917 1297 50 50 0 16 138 0 3459864 290800 48865 10 0 0 48583 0 2 0 1365 26674 1655 62 38 0 22 135 0 1415696 282132 62415 5 0 0 57784 0 1 0 1123 36272 1230 57 43 0 22 137 0 1390288 295284 90665 8 0 0 88675 0 2 0 1800 32413 2110 50 50 0 23 135 0 3550672 289536 29287 11 0 0 21393 0 0 0 1694 21543 1810 76 24 0 Our first top output: last pid: 62787; load averages: 56.24, 105.03, 121.49 up 0+21:28:37 08:42:36 388 processes: 58 running, 314 sleeping, 16 zombie CPU states: 19.3% user, 0.0% nice, 80.4% system, 0.4% interrupt, 0.0% idle Mem: 1803M Active, 1349M Inact, 343M Wired, 124M Cache, 199M Buf, 278M Free Swap: 8000M Total, 8000M Free PID USERNAME PRI NICE SIZERES STATE C TIME WCPUCPU COMMAND 36765 httpd 63 0 507M68K RUN0 0:39 10.69% 10.69% httpd 43430 httpd 60 0 505M56K RUN0 0:40 3.27% 3.27% httpd 60922 httpd 51 0 506M 122M RUN0 0:02 2.69% 2.69% httpd 38828 httpd 51 0 507M 7152K RUN1 0:32 2.34% 2.34% httpd 51672 httpd 2 0 507M56K sbwait 0 0:19 2.10% 2.10% httpd 51040 httpd 2 0 506M88K sbwait 0 0:26 1.95% 1.95% httpd 43457 httpd 50 0 507M 15508K RUN1 0:33 1.56% 1.56% httpd 39021 httpd 2 0 505M 118M sbwait 0 0:44 1.27% 1.27% httpd 39007 httpd 46 0 507M 123M RUN0 0:49 0.93% 0.93% httpd 36636 httpd 2 0 516M 122M sbwait 0 0:42 0.93% 0.93% httpd 50650 httpd 2 0 504M56K sbwait 1 0:28 0.93% 0.93% httpd 43472 httpd 2 0 506M 122M sbwait 0 0:39 0.88% 0.88% httpd 50870 httpd 2 0 505M
[EMAIL PROTECTED] environment variables and CPU usage
Greetings, I couldn't find any specific information out there about this issue, likely because it's probably not being done by many other organizations. I'm new to this company, which is a PHP/Oracle web app firm using an ASP-type buisness model. To minimize impact and improve performance on dynamic, db-driven apps, the original developers designed the system to use Apache environment variables to store information that would otherwise have been stored in the database (file paths, file names, etc.). To accomplish this, each Virtual Host has a separate associated include file that contains anywhere from 10 to X Apache environment variable declarations. At first glance, this seems like a clever way to handle some of the dynamic data, but I've had my reservations about this method, not knowing what the long-term side-effects would be. I found one serious side-effect today: it seems that when you get to a certain number of vhosts (each with it's own set of env vars), restarting Apache takes up to 15 minutes to complete (on FC3, Dell PowerEdge Dual Pentium III 1Ghz with 1GB memory). During restart, one of the two procs was spiked up to 99%, but the memory was relatively untouched. Once Apache was finally running, the CPU spike dropped backed to normal. This problem did not exist prior to adding a few very large web sites to the server recently. Needless to say, a 15+ minute restart time is unacceptable. So, my questions are the following: 1- Does someone with a much lower level understanding of Apache know if the envrionment variables could actually be the cause of this problem, or should I look elsewhere? I'm not asking for a complete diagnostic evaluation, just a note to say whether or not I'm barking up the wrong tree. 2- If the environment variable situation is likely the core of the problem (as I believe), can someone give a more specific explanation as to why, so I can convince the designers of this system that it's a "less-effective" design? Sorry for the verbose message. Thanks to those who are smarter than I. -Ryan - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Another apache 2.2 configure question
On Wednesday 07 December 2005 17:33, Joe Orton wrote: > On Wed, Dec 07, 2005 at 06:17:46PM +0100, Alexander Stoll wrote: > > Hi there, > > the configure-option "--disable-ipv6" seems no longer properly supported, > > during build libtool fails on a undefined symbol "sock_is_ipv6" in > > "libapr-1.so". > > > > Is this a bug or is this configure option not supported anymore? > > Looks like an APR bug, can you file it in bugzilla? APR builds just fine with --disable-ipv6. From which I infer it's more an httpd build bug, and anoter example of why we shouldn't bundle APR. -- Nick Kew - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Re: Problem when mixing NameVirtualHost + non with SSL - "Oops, no RSA or DSA server certificate found?!"
On Wed, 7 Dec 2005, Joost de Heer wrote: Under this configuration, when I try to start apache, it fails with "[error] Oops, no RSA or DSA server certificate found?!". Even under Debug, it fails to tell me which certificate it hit this on. You do need to specify the SSLCertificate(Key)File in all SSL vhosts. I have them. On my NameVirtualHosts, I specify the same Certificate and Key, since it's a wildcard certificate Nick - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Proxy redirect question
Hi there, I'm running Stefam Ritt's popular elog server (just a web server for logbook postings) on a linux (FC4) box, also running Apache 2.0. I'm running this elog server on port 8082, with the following lines in my httpd.conf file: Redirect permanent /elog http://grattalab3.stanford.edu/elog ProxyPass /elog/ http://grattalab3.stanford.edu:8082/ so that when I type in http://grattalab3.stanford.edu/elog/ it brings me to the elog page. This works great, and I think this is the standard way of having Apache act as a Proxy server to handle other web servers running on the same machine. My question is the following: I have an alias for this machine (exo-elog.stanford.edu). How can I make it so that when someone types in this name, it sends them to the elog server? I know that one way to do it is to use a VirtualHost directive, and then put a redirect into the DocumentRoot area of that host, but that seems clumsy. Is there some way to directly map exo-elog.stanford.edu to this other server? thanks! Jesse Wodin -- ...o0OOO0o... Jesse Wodin Graduate Student Stanford University Physics Department (650) 723-2946 ...o0OOO0o... - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Re: Problem when mixing NameVirtualHost + non with SSL - "Oops, no RSA or DSA server certificate found?!"
> Under this configuration, when I try to start apache, it fails with > "[error] Oops, no RSA or DSA server certificate found?!". Even under > Debug, it fails to tell me which certificate it hit this on. You do need to specify the SSLCertificate(Key)File in all SSL vhosts. Joost - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Another apache 2.2 configure question
Joe Orton schrieb: > Looks like an APR bug, can you file it in bugzilla? I will do so... > You shouldn't really need --disable-ipv6 on any modern system though, > what platform are you using? Its on Linux Gentoo x86, I noticed this, because my old build script from version 2.0.X failed... Deleting this flag from script resolves this. smime.p7s Description: S/MIME Cryptographic Signature
[EMAIL PROTECTED] redirect
I'm setting up a system and need some advice the situation is described below. Currently Machine 1 is a linux box with apache 2 serving our main site www.site.com Machine 2 has our users personal web site data which users upload with shell access. Machine 1 nfs mounts machine 2 and serves the user pages at www.site.com/~user I would like to get rid of the NFS mount. So can I have apache 2 forward requests for www.site.com/~user to machine 2 and still retain the same url? I was thinking of using mod_alias to do this. Redirect /~*http://machine2.com/~* Any ideas? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Another apache 2.2 configure question
On Wed, Dec 07, 2005 at 06:17:46PM +0100, Alexander Stoll wrote: > Hi there, > the configure-option "--disable-ipv6" seems no longer properly supported, > during build libtool fails on a undefined symbol "sock_is_ipv6" in > "libapr-1.so". > > Is this a bug or is this configure option not supported anymore? Looks like an APR bug, can you file it in bugzilla? You shouldn't really need --disable-ipv6 on any modern system though, what platform are you using? joe - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Another apache 2.2 configure question
Hi there, the configure-option "--disable-ipv6" seems no longer properly supported, during build libtool fails on a undefined symbol "sock_is_ipv6" in "libapr-1.so". Is this a bug or is this configure option not supported anymore? regards, AS smime.p7s Description: S/MIME Cryptographic Signature
Re: [EMAIL PROTECTED] httpd-2.2.0 on FreeBSD 6 working... one small message, though
On Wed, Dec 07, 2005 at 11:40:05AM -0500, Joe Apache wrote: > ok I remove all traces of APR and it works! Now I have this message: > > [Wed Dec 07 12:37:09 2005] [warn] (2)No such file or directory: Failed > to enable the 'httpready' Accept Filter This is a harmless warning and should probably be an info-level error messages rather than warn-level; can you file a bug on that? joe - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] httpd-2.2.0 on FreeBSD 6 working... one small message, though
ok I remove all traces of APR and it works! Now I have this message: [Wed Dec 07 12:37:09 2005] [warn] (2)No such file or directory: Failed to enable the 'httpready' Accept Filter Any ideas? Thanks for all you help, J - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] compiling apache 2.2 with openldap on solairs 9
This didn't work anyother ideas.I do have /usr/local/lib in my ld path. Thanks Glen Joe Orton <[EMAIL PROTECTED] m> To [EMAIL PROTECTED] 12/07/2005 10:31 cc AMusers@httpd.apache.org Subject Re: [EMAIL PROTECTED] compiling apache Please respond to 2.2 with openldap on solairs 9 [EMAIL PROTECTED] e.org On Wed, Dec 07, 2005 at 09:39:49AM -0500, [EMAIL PROTECTED] wrote: ... > Configure options to Apache > > ./configure --with-ldap-sdk=openldap --enable-ssl --with-ssl=/usr/local/ssl > --enable-authnz-ldap --enable-ldap --with-ldap=/usr/local Don't pass an argument to --with-ldap, try, e.g.: --with-ldap --with-ldap-lib=/usr/local/lib \ --with-ldap-include=/usr/local/include (you may also need to set LD_LIBRARY_PATH=/usr/local/lib) joe - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Compile httpd-2.2.0 on FreeBSD 6
I downloaded and installed APR from apache.org http://apr.apache.org. Source apr-1.2.2.tar.gz How do I disable this? J - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Compile httpd-2.2.0 on FreeBSD 6
>From Sunfreeware. Colm MacCarthaigh <[EMAIL PROTECTED]> To 12/06/2005 06:23 users@httpd.apache.org PM cc Subject Please respond to Re: [EMAIL PROTECTED] Compile [EMAIL PROTECTED] httpd-2.2.0 on FreeBSD 6 e.org On Tue, Dec 06, 2005 at 06:19:28PM -0500, Joe Apache wrote: > server/.libs/libmain.a(exports.o)(.data+0xae0): undefined reference to > `apr_memcache_stats' Where did you get your version of apr from? The bundled version doesn't include apr_memcache. -- Colm MacCárthaighPublic Key: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Compile httpd-2.2.0 on FreeBSD 6
On Tue, Dec 06, 2005 at 06:59:23PM -0500, Joe Apache wrote: > > >> server/.libs/libmain.a(exports.o)(.data+0xae0): undefined reference to > >> `apr_memcache_stats' > >> > > > > Where did you get your version of apr from? The bundled version doesn't > > include apr_memcache. > > > > > I installed apr-1.2.2 from the apache.org. I wasn't able to ./configure > it (APR version was 0.9.7 it said) Please upload the output of configure and the config.log file produced somewhere. It looks like you have a patched or broken installation of APR on your system somewhere (perhaps from the ports?). joe - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] compiling apache 2.2 with openldap on solairs 9
On Wed, Dec 07, 2005 at 09:39:49AM -0500, [EMAIL PROTECTED] wrote: ... > Configure options to Apache > > ./configure --with-ldap-sdk=openldap --enable-ssl --with-ssl=/usr/local/ssl > --enable-authnz-ldap --enable-ldap --with-ldap=/usr/local Don't pass an argument to --with-ldap, try, e.g.: --with-ldap --with-ldap-lib=/usr/local/lib \ --with-ldap-include=/usr/local/include (you may also need to set LD_LIBRARY_PATH=/usr/local/lib) joe - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Tip for Apache, Tomcat on 2 differents boxes and using a separate document tree
Just a tip that I've found and wanted to share with the community, hope it might help people in the same situation. Regards, Jean-Marc. Context --- Apache is not on the same box as Tomcat, mod_jk is using a unicast socket to communicate through ajp Apache is serving a htdocs/ directory with static files only Tomcat is serving a webapp/ directory with .jsp files only Problem description --- The following rewrite rule was written to solve a problem when a directory wasn't existing on Apache but on Tomcat and the end client was requesting it via http://url/ without filename.jsp behind, Apache would return a 404 instead of trying to forward it to Tomcat, thing that would not happen if the directory was existing on the Apache side as the DirectoryIndex set with default.jsp would trigger the forward. The problematic case is you've dir1/ on the Tomcat directory tree but not on Apache, if you call GET /dir1/, Apache will return 404 without the rewrite rule. Note that this rule depends on DocumentRoot, so if you're using it within a VirtualHost, check that the DocumentRoot is set (NB: It doesn't work with the VirtualDocumentRoot directive) Solution RewriteEngine on RewriteCond %{REQUEST_URI} /$ RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d RewriteRule ^/(.*) /$1default.jsp [R] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] compiling apache 2.2 with openldap on solairs 9
Help please. I've compilied and installed openldap-2.3.11, openssl-0.9.7g one solaris 9. Now I'm trying to complie to apache 2.2.0 with ldap support. Please see the following. Configure works fine, but when I do a make I get the following error. Any help would be apprecated. env _=/usr/bin/env HZ=100 PATH=/usr/local/bin:/usr/bin:/usr/sbin:/bin:/usr/local/libexec:/usr/ccs/bin LOGNAME=root PS1=osa-app01 # LDFLAGS=-L/usr/local/ssl/lib -L/usr/local/lib -R/usr/local/ssl/lib:/usr/local/lib CC=gcc SHELL=/sbin/sh CPPFLAGS=-I/usr/local/ssl/include -I/usr/local/include HOME=/ TERM=vt100 LD_LIBRARY_PATH=/usr/local/lib:/usr/lib:/usr/local/ssl/lib PWD=/export/home/gippolit TZ=America/Indiana/Marengo Configure options to Apache ./configure --with-ldap-sdk=openldap --enable-ssl --with-ssl=/usr/local/ssl --enable-authnz-ldap --enable-ldap --with-ldap=/usr/local Make error me/gippolit/httpd-2.2.0/srclib/pcre/libpcre.la /export/home/gippolit/httpd-2.2.0/srclib/apr-util/libaprutil-1.la -ldb-4.2 /export/home/gippolit/httpd-2.2.0/srclib/apr-util/xml/expat/lib/libexpat.la -liconv /export/home/gippolit/httpd-2.2.0/srclib/apr/libapr-1.la -luuid -lsendfile -lrt -lsocket -lnsl -lpthread -ldl Undefined first referenced symbol in file ldap_first_entry modules/ldap/.libs/libmod_ldap.a(util_ldap.o) apr_ldap_info modules/ldap/.libs/libmod_ldap.a(util_ldap.o) apr_ldap_init modules/ldap/.libs/libmod_ldap.a(util_ldap.o) ldap_err2string modules/aaa/.libs/libmod_authnz_ldap.a(mod_authnz_ldap.o) ldap_msgfree modules/ldap/.libs/libmod_ldap.a(util_ldap.o) ldap_value_free modules/ldap/.libs/libmod_ldap.a(util_ldap.o) ldap_memfree modules/ldap/.libs/libmod_ldap.a(util_ldap.o) ldap_count_entries modules/ldap/.libs/libmod_ldap.a(util_ldap.o) apr_ldap_ssl_deinit modules/ldap/.libs/libmod_ldap.a(util_ldap.o) ldap_get_dn modules/ldap/.libs/libmod_ldap.a(util_ldap.o) ldap_unbind_s modules/ldap/.libs/libmod_ldap.a(util_ldap.o) apr_ldap_set_option modules/ldap/.libs/libmod_ldap.a(util_ldap.o) ldap_simple_bind_s modules/ldap/.libs/libmod_ldap.a(util_ldap.o) ldap_search_ext_s modules/ldap/.libs/libmod_ldap.a(util_ldap.o) apr_ldap_ssl_init modules/ldap/.libs/libmod_ldap.a(util_ldap.o) ldap_set_option modules/ldap/.libs/libmod_ldap.a(util_ldap.o) apr_ldap_url_parse modules/aaa/.libs/libmod_authnz_ldap.a(mod_authnz_ldap.o) ldap_get_values modules/ldap/.libs/libmod_ldap.a(util_ldap.o) ldap_compare_s modules/ldap/.libs/libmod_ldap.a(util_ldap.o) ld: fatal: Symbol referencing errors. No output written to .libs/httpd collect2: ld returned 1 exit status make[1]: *** [httpd] Error 1 make[1]: Leaving directory `/export/home/gippolit/httpd-2.2.0' make: *** [all-recursive] Error 1 - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Problem when mixing NameVirtualHost + non with SSL - "Oops, no RSA or DSA server certificate found?!"
On Wed, 7 Dec 2005, Boyle Owen wrote: I think you need to post the VH segments from your config... I'd rather not clutter up the list, I do have quite a few of them... Your set up is clearly quite complicated and it's impossible to see what the error is based just on descriptions. My interpretation so far is that you have a VH somewhere which is defined as SSL but which does not contain an SSLCertificateFile directive. They all do, and here's how I can be sure: SSL-A - virtual host on .20:443 SSL-B - virutal host on .21:443 SSL-C - virtual host on .22:443 .23:443 name virutal host SSL-D name virtual host SSL-E name virtual host SSL-A + SSL-B + SSL-C works SSL-A + SSL-B + SSL-C + SSL-D works SSL-D + SSL-E works SSL-A + SSL-B + SSL-C + SSL-D + SSL-E fails with "Oops, no RSA or DSA server certificate found?!" So each individual virtual host works on its own If no-one else has attempted anything like this, I'll put together a simple set of config files + certifcates + keys for people to play with I'm also half tempted to try and make that error message more useful. Anyone know much about that area of code, or should I just dive in? Cheers Nick - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Problem when mixing NameVirtualHost + non with SSL - "Oops, no RSA or DSA server certificate found?!"
I think you need to post the VH segments from your config... Your set up is clearly quite complicated and it's impossible to see what the error is based just on descriptions. My interpretation so far is that you have a VH somewhere which is defined as SSL but which does not contain an SSLCertificateFile directive. Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. > -Original Message- > From: Nick Burch [mailto:[EMAIL PROTECTED] > Sent: Mittwoch, 7. Dezember 2005 11:52 > To: users@httpd.apache.org > Subject: RE: [EMAIL PROTECTED] Problem when mixing NameVirtualHost + non > with SSL - "Oops, no RSA or DSA server certificate found?!" > > > On Wed, 7 Dec 2005, Axel-Stéphane SMORGRAV wrote: > > This might give you a clue as to what is happening and why > you get the > > error. > > That all shows everything as expected > > > However, again, SSL and name-based virtual hosting does not > work because > > the Host header cannot possibly be known to the server > until the SSL > > session has been established, and the SSL session needs a > certificate to > > be established and for that purpose needs to know the value > of the host > > header in order to know what certificate to use. > > Ah, but I have a wildcard certificate. So, all the SSL sites > hosted on > this one IP can work with the same certificate. > > If I setup my server with only the name based virtual hosting > for SSL, > then those sites sharing a certificate do work fine. > > The problem comes if I have one IP doing name based virtual > hosting for > SSL *with multiple sites active* and other IPs doing single > virtual host > per ip SSL. In this situation, Apache is getting all > confused, and giving > the error. > > If I have only IP virtual hosting for SSL, apache works. If I have IP > virtual hosting for SSL on most IPs, name virtual hosting on > another BUT > only 1 site active, that works. If I only have name virtual > hosting for > SSL, then that works. > > Nick > Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a private and personal nature. It is not related to the exchange or business activities of the SWX Group. Le présent e-mail est un message privé et personnel, sans rapport avec l'activité boursière du Groupe SWX. This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Problem when mixing NameVirtualHost + non with SSL - "Oops, no RSA or DSA server certificate found?!"
On Wed, 7 Dec 2005, Axel-Stéphane SMORGRAV wrote: This might give you a clue as to what is happening and why you get the error. That all shows everything as expected However, again, SSL and name-based virtual hosting does not work because the Host header cannot possibly be known to the server until the SSL session has been established, and the SSL session needs a certificate to be established and for that purpose needs to know the value of the host header in order to know what certificate to use. Ah, but I have a wildcard certificate. So, all the SSL sites hosted on this one IP can work with the same certificate. If I setup my server with only the name based virtual hosting for SSL, then those sites sharing a certificate do work fine. The problem comes if I have one IP doing name based virtual hosting for SSL *with multiple sites active* and other IPs doing single virtual host per ip SSL. In this situation, Apache is getting all confused, and giving the error. If I have only IP virtual hosting for SSL, apache works. If I have IP virtual hosting for SSL on most IPs, name virtual hosting on another BUT only 1 site active, that works. If I only have name virtual hosting for SSL, then that works. Nick - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] Problem when mixing NameVirtualHost + non with SSL - "Oops, no RSA or DSA server certificate found?!"
The combination of name-based virtual hosting and SSL cannot possibly work. Normally, in such a configuration the request will be handled by the first of the virtual hosts that match the IP:port of the request regardless of the ServerName. I believe that if you execute "apachectl configtest", or alternatively "$HTTPD -t -D DUMP_VHOSTS -f /path/to/httpd.conf", you will get an overview of all the configured virtual hosts: bash-2.03$ apachectl configtest VirtualHost configuration: 192.168.1.10:443 sweetn.sour.com (/u01/apachetest/conf/custom.conf:82) 192.168.1.11:*is a NameVirtualHost default server labelle16.toto.fr (/u01/apachetest/conf/custom.conf:20) port * namevhost labelle16.toto.fr (/u01/apachetest/conf/custom.conf:20) Syntax OK bash-2.03$ This might give you a clue as to what is happening and why you get the error. However, again, SSL and name-based virtual hosting does not work because the Host header cannot possibly be known to the server until the SSL session has been established, and the SSL session needs a certificate to be established and for that purpose needs to know the value of the host header in order to know what certificate to use. It's a catch 22... -ascs -Original Message- From: Nick Burch [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 06, 2005 7:53 PM To: users@httpd.apache.org Subject: [EMAIL PROTECTED] Problem when mixing NameVirtualHost + non with SSL - "Oops, no RSA or DSA server certificate found?!" Hi I'm having trouble when trying to combine NameVirtualHosting on one SSL IP, and per-IP virtual hosting for others. My ideal setup is: NameVirtualHost *:80 (lots of virtual hosts) NameVirtualHost 192.168.1.50:443 (2 virtual hosts, 1 wildcard certificate used for both virtual hosts) VirtualHost's on 192.168.1.51:443, 192.168.1.52:443 Under this configuration, when I try to start apache, it fails with "[error] Oops, no RSA or DSA server certificate found?!". Even under Debug, it fails to tell me which certificate it hit this on. If I run it with only one virtual host active on 192.168.1.50:443 (the SSL NameVirtualHost), everything works fine. I can access all 3 SSL sites. If I disable the SSL virtual hosts on 192.168.1.51:443 and 192.168.1.52:443, everything works fine. I can access both the SSL sites on 192.168.1.50, and the name virtual hosting behaves as expected. As soon as I try with both name and non name SSL virtual hosts, apache fails to start with: "[error] Oops, no RSA or DSA server certificate found?!" Is this a known problem? Can anyone suggest any workarounds (other than not using name virtual hosting on that one IP)? Thanks Nick - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] https problem
Plain text please... I'm sure your doing this for the best of reasons, but you are actually doing exactly what someone who was trying to spoof a site would do (see http://en.wikipedia.org/wiki/Spoofing_attack)... The point is that HTTPS provides more than just encryption of the data in transit; it also *authenticates* the website. So you can be sure that the site you are submitting your credit-card number to is really the site you typed into the browser. If you redirect to a different site, you break this. Of course, you can put a banner on a.com and b.com which says, "All our e-commerce activity is handled by c.com" and then customers have a reassurance that when they go to c.com, they are on the right site (this is basically what clients of e-commerce sites like WorldPay do). Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. -Original Message- From: Tony Di Croce [mailto:[EMAIL PROTECTED] Sent: Dienstag, 6. Dezember 2005 19:04 To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] https problem I agree it is non-optimal... But short of implementing something like user mode linux, its the best way to do what I need to do... BTW, I plan on making nice-shop.com forward information to "nasty-hacker.com" that allows nasty-hacker.com to render the page so that it looks like it came rom nice-shop.com... td On 12/6/05, Boyle Owen <[EMAIL PROTECTED]> wrote: Plain text please... >a.com and b.com https link to c.com, so the users browser URL will change, >and the certs will be registered to c.com... So I guess I don't see how >they're getting mismatched? OK - if you redirect you won't get a browser warning. But it still looks a bit fishy to a suspicious web-surfer (should be everybody). You're on a site called www.nice-shop.com and when you hit, "Go to checkout", the URL changes to www.nasty-hacker.com. OK - not really... but the fact that the URL has changed at all is discouraging. How does your customer know *definitatively* that a.com and c.com are related? The only way to be sure of the identity of a website is to check the certificate and your certificate vouchsafes c.com - not a.com... Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. -Original Message- From: Tony Di Croce [mailto: [EMAIL PROTECTED] Sent: Dienstag, 6. Dezember 2005 15:42 To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] https problem Hmm... But why would the URL in the browser not match the name in the SSL cert? They would match... a.com and b.com are port 80 VH's c.com is a port 443 VH (with SSL certs installed) a.com and b.com https link to c.com, so the users browser URL will change, and the certs will be registered to c.com... So I guess I don't see how they're getting mismatched? td On 11/24/05, Boyle Owen <[EMAIL PROTECTED]> wrote: Plain text please... Assume you set up two or more name-based VHs on port 80 (plain HTTP). Then you set up a single SSL VH on port 443. Now, HTTPS to any domain will go to the SSL VH. SSL will "work" in that you won't get an error and the session will be encrypted but you will get *warnings* that the URL in the browser doesn't match the site name in the SSL certificate. This is not very useful for e-commerce... (would you type in your credit card number on a site called "nice-shop" when the browser was warning you that the cert belonged to "nasty-hacker"?) If you try to add additional SSL VHs, apache will always use the certificate from the first SSL VH to establish a session so you still get warnings. Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. -Original Message- From: Tony Di Croce [mailto: [EMAIL PROTECTED] Sent: Donnerstag, 24. November 2005 00:43 To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] https problem I assume a.com and b.com resolve to the same IP address. If so, https to either domain will go to :443. Remember that SSL cannot use the Hostname to distinguish sites, so the two requests look the same to apache and so you get the first VH on IP:443. Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. I have been planning to build a server with multiple virtual hosts. The idea is that each host could have web stores, but when it came time to actually get credit card info, they would forward you to the one host on the box that was on port 443 (via an https link)... This page would get the card number and process the order... Of course, when they go to this page, the domain in the URL in their browser would change... but thats OK... This should work, right? -- Free Linux Technical Articles http://www.linuxtecharticles.com Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a private and personal nature. It is not related to the exchange
RE: [EMAIL PROTECTED] .htaccess problem
> -Original Message- > From: Hulya Gurer [mailto:[EMAIL PROTECTED] > Sent: Mittwoch, 7. Dezember 2005 03:34 > To: users@httpd.apache.org > Subject: Re: [EMAIL PROTECTED] .htaccess problem > > > > > Hi, > > I am still trying to make .htaccess to work. Your problem is that your homepage has some resources (images, CSS file) which are located in a password-protected realm. This is why you get the password challenge immediately - the homepage loads OK, but then the client requests all the additional resources and discovers that they are password-protected. Move all your images, CSS etc. out of the protected realm so that they are freely accessible. Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. > If I use, the > directives for > my directory that I want to set up > .htaccess password for, as > > > AllowOverride None > > > > AllowOverride All > > > where should I put it on httpd.conf file that nothing will > affect before > it's executed. And should I comment out any other > AloowOverride directive? > > Thanks much -- Hulya > > > > RELATED PART OF HTTPD. CONF FILE > > # > # This should be changed to whatever you set DocumentRoot to. > # > > > # > # Possible values for the Options directive are "None", "All", > # or any combination of: > # Indexes Includes FollowSymLinks SymLinksifOwnerMatch > ExecCGI MultiViews > # > # Note that "MultiViews" must be named *explicitly* --- "Options All" > # doesn't give it to you. > # > # The Options directive is both complicated and important. Please see > # http://httpd.apache.org/docs-2.0/mod/core.html#options > # for more information. > # > Options -Indexes FollowSymLinks > > # > # AllowOverride controls what directives may be placed in > .htaccess files. > # It can be "All", "None", or any combination of the keywords: > # Options FileInfo AuthConfig Limit Indexes > # > AllowOverride None > > > # > # Controls who can get stuff from this server. > # > Order allow,deny > Allow from all > > > > # > # UserDir: The name of the directory that is appended onto a > user's home > # directory if a ~user request is received. > # > UserDir public_html > > # > # Control access to UserDir directories. The following is an example > # for a site where these directories are restricted to read-only. > # > # > #AllowOverride FileInfo AuthConfig Limit Indexes > #Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec > # > #Order allow,deny > #Allow from all > # > # > #Order deny,allow > #Deny from all > # > # > # > # DirectoryIndex: sets the file that Apache will serve if a directory > # is requested. > # > # The index.html.var file (a type-map) is used to deliver content- > # negotiated documents. The MultiViews Option can be used for the > # same purpose, but it is much slower. > # > DirectoryIndex index.html index.html.var index.php > > # > # AccessFileName: The name of the file to look for in each directory > # for additional configuration directives. See also the AllowOverride > # directive. > # > AccessFileName .htaccess > > > # > # The following lines prevent .htaccess and .htpasswd files from being > # viewed by Web clients. > # > > Order allow,deny > Deny from all > > > # > # TypesConfig describes where the mime.types file (or equivalent) is > # to be found. > # > TypesConfig conf/mime.types > > # > # DefaultType is the default MIME type the server will use > for a document > > > > > > > > > > > Hello, > > > > > > I have apache 2.0.55 running on solaris 8, along with PHP and > > mysql. For#Order allow,deny > > > > > some reason I am getting strange responses > > > from .htaccess. > > > > > > First of all, my .htaccess file is on the second level > subdirectory but for > > > some reason, I get the password window > > > at home page, and when I click on cancel two, three > times, it shows the > > > page without the header which is SSI. > > > My home page is "index.html" and sub directory pages are > being served > > from php. > > > > > > My configuration for .htaccess is like below, which is set to > > > "AuthConfig" Is there anything else that needs to be > added / changed? > > > Is there any specific setting for serving php controlled pages? > > > >Give us some more concrete information about exactly where your > >.htaccess file, DocumentRoot, etc are, and exactly what you > see in the > >access_log and error_log. > > > >Joshua. > > > >- > >The official User-To-User support forum of the Apache HTTP > Server Project. > >See http://httpd.apache.org/userslist.html> for more info. > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >" from the digest: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > > -