[EMAIL PROTECTED] proformance problem with apache - php handles a request 5 or 10 sec too late.

[Yair Eshel]

Hi all.

I'm using Apache/2.2.4 with Php 5.2.0, installed from source on a Centos 
4.3. I'm using IP based virtualhosting, to allow multiple site handling. 
As my sites went a bit slow from time to time, I've created a test, that 
sends a request using http 1.0 , from another machine to those sites, 
and measure the time it takes to get the server response. Most of the 
time it took in less then a second, but from time to time, I got the 
reply in 5 or 10 seconds for a page. Now strange as it may seem, it, 
almost allways, was around 5 sec, or around 10 sec. Rarly 3, 4, 6 or 7.


The first thing I did was to see that my php application is not taking 
too long. To my surprise, it didn't. So, I've added a log that tells me 
when the application started handling the request. This is a rather 
normal example of a failed test:


885623055 - started on: 01-00-35
(With 885623055 being a random number assigned for this test)

Then I've looked at apache log (Combined plus %D to state when the 
request sent all it's data, and %f with mod_log_firstbyte)


 - - [30/Jan/2007:01:00:30 -0600] "GET 
/?TestId=885623055&date=01-00-30 HTTP/1.0" 200 36566 "-" "Test Bot" 
5423730 5405310


As you can see, apache got the request on 01:00:30, about the time it 
was sent, but the php script started handling it on 01-00-35. What 
happend on that 5 seconds, I cannot tell.


I have heard that 5/10 seconds could have somthing to do with hostname 
lookup (as 5 sec is, in some systems, the timeout for a dns lookup and 
it could be searching twice). At the time hostnamelookups was on, and it 
seemed reasonable. So I turned it off. As it didn't do any help, I've 
decided to monitor all the connections to the name server using tcpdump. 
Test have failed, but no reverse lookups were found during that period. 
Now I can't figure out a way to understand what apache does when it's 
taking 5 sec to answer the request.


Can anyone think of a way to found out whats wrong?
Thanks
Yair

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Query-String Access from SetEnvIf

[Bob]

tyju tiui wrote:

Hello,

Is there a way to access the query-string using regular expression from 
SetEnvIf?

[...]

I believe that the query-string is not available with Request_URI


That's right, but did you try Query_String?

--
Bob

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] virtual host shuffle

[David S .]

I have 3 web mod_python apps running on different ports.  It behaves as if it is
mixing up ports.  When I hit http://a.server.name/secure/ it redirects correctly
and https://a.server.name/secure/ looks and works fine.  Then I try
http://a.server.name:8000/ and again fine.  Then I try
https://a.server.name/secure/ again and it appears to be hitting the application
running on port 8000.  Refreshing the page sometimes resolves correctly,
sometimes not. 

Finally, I would expect that using http://the_pysical_servername/ would not
work, or would consistently go to the default virtual server but it responds as
if I used a.server.name.

I am hugely confused.  Any help is greatly appreciated. 

Peace, David S.

p.s.  I have a configuration that looks like the following:

NameVirtualHost 192.168.0.210:80

  ServerName a.server.name
  Redirect permanent /admin/ https://a.server.name/secure/
  ...


NameVirtualHost 192.168.0.210:443

  ServerName a.server.name
  SSLEngine on
  ...


NameVirtualHost 192.168.0.210:8000

  ServerName a.server.name
  ...





-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Virtual Hosts in 2.2

[tyju tiui]

Hi Jay,

I think you should change '*.haderach.net' to 'www.haderach.net'
What you are trying to accomplish with the '*.haderach.net' should actually be 
done with something called a dns wildcard. The dns wilcard is a standard setup 
for most hosting companies these days I believe, otherwise you might need to 
have your network admin setup the wildcard entry for you. Basically it just 
points all sub-domains back to the root domain unless explicitly stated 
otherwise.

Then, you can use Apache vhost config to route traffic once it arrives at your 
server based on the requesting URL (as you did with the 'mail.haderach.net' 
vhost entry).

If you don't have access to your dns setup you can also accomplish this using 
mod_rewrite (assuming you have mod_rewrite). Just put an entry in a .htaccess 
at the docroot like so:

RewriteEngine On

RewriteCond %{HTTP_HOST} mail.haderach.net
RewriteRule ^(.*)$ /usr/local/www/squirrelmail/$1

This is just an example and would probably vary a little based on your setup.
You can read more at: http://httpd.apache.org/docs/2.0/misc/rewriteguide.html

Good Luck!



- Original Message 
From: Jay Chandler <[EMAIL PROTECTED]>
To: users@httpd.apache.org
Sent: Monday, January 29, 2007 8:10:08 PM
Subject: [EMAIL PROTECTED] Virtual Hosts in 2.2

Attempting to set up my virtual hosts so that www.haderach.net goes to 
the normal DocumentRoot, and mail.haderach.net goes to my squirrelmail 
folder.

Contents of extra/httpd-vhost.conf:

 NameVirtualHost *:80


ServerName www.haderach.net
ServerAlias haderach.net *.haderach.net
DocumentRoot /usr/local/www/apache22/data



ServerName mail.haderach.net
DocumentRoot /usr/local/www/squirrelmail


Yet, my a request to mail.haderach.net goes to the documentroot for Apache.

Help?

-- 
Jay Chandler
Network Administrator, Chapman University
714.628.7249 / [EMAIL PROTECTED]
Today's Excuse: Secretary sent chain letter to all 5000 employees. 


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]








 

Do you Yahoo!?
Everyone is raving about the all-new Yahoo! Mail beta.
http://new.mail.yahoo.com

[EMAIL PROTECTED] Virtual Hosts in 2.2

[Jay Chandler]

Attempting to set up my virtual hosts so that www.haderach.net goes to 
the normal DocumentRoot, and mail.haderach.net goes to my squirrelmail 
folder.


Contents of extra/httpd-vhost.conf:

NameVirtualHost *:80


ServerName www.haderach.net
ServerAlias haderach.net *.haderach.net
DocumentRoot /usr/local/www/apache22/data



ServerName mail.haderach.net
DocumentRoot /usr/local/www/squirrelmail


Yet, my a request to mail.haderach.net goes to the documentroot for Apache.

Help?

--
Jay Chandler
Network Administrator, Chapman University
714.628.7249 / [EMAIL PROTECTED]
Today's Excuse: Secretary sent chain letter to all 5000 employees. 



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Query-String Access from SetEnvIf

[tyju tiui]

Hello,

Is there a way to access the query-string using regular expression from 
SetEnvIf?
I am trying to do some custom logging and I want to determine which format to 
use based on an item in the query-string.

I believe that the query-string is not available with Request_URI

Thanks,

Ty



__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

[EMAIL PROTECTED] RE: Enable SSL

[Tracy12]

Following error appeared in the log, What does this mean


[Tue Jan 30 09:10:49 2007] [info] SSL Library Error: 336105671
error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return
a certificate No CAs known to server for verification?



alex-250 wrote:
> 
> Anything in the Apache Error logs?
> Can we see your ssl.conf file?
> 
> -Original Message-
> From: Tracy12 [mailto:[EMAIL PROTECTED] 
> Sent: Sunday, January 28, 2007 5:55 PM
> To: users@httpd.apache.org
> Subject: [EMAIL PROTECTED] Enable SSL
> 
> 
> Hi,
> 
> I am trying to get the SSL working on Apache 2.2
> 
> We are using Fedora core 5, followed the steps to enable SSL but
> 
> when I hit a url as follows   
> 
> https://localhost
> 
> it gives the following error
> localhost has received an incorrect or unexpected message. Error Code : 
> -12227
> 
> Currently all the firewalls or disabled.
> 
> 
> -- 
> View this message in context:
> http://www.nabble.com/Enable-SSL-tf3133437.html#a8682468
> Sent from the Apache HTTP Server - Users mailing list archive at
> Nabble.com.
> 
> 
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> 
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> 
> 

-- 
View this message in context: 
http://www.nabble.com/Enable-SSL-tf3133437.html#a8699154
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] make error (embryo state user)

[herauthon]

problem solved - or no errors
did /configure without --enable-so ??


- Original Message -
From: "herauthon" <[EMAIL PROTECTED]>
To: 
Sent: Monday, January 29, 2007 8:42 PM
Subject: Re: [EMAIL PROTECTED] make error (embryo state user)


> Before i send a load of snippets with errors
> i found a few in  confdefs.h.
>
>
> >>>
> configure:25734: checking pthread.h usability
> configure:25746: gcc -c -g -O2 -DNETBSD -w conftest.c >&5
> configure:25752: $? = 0
> configure:25756: test -z
>  || test ! -s conftest.err
> configure:25759: $? = 0
> configure:25762: test -s conftest.o
> configure:25765: $? = 0
> configure:25775: result: yes
> configure:25779: checking pthread.h presence
> configure:25789: gcc -E -DNETBSD -w conftest.c
> configure:25795: $? = 0
> configure:25815: result: yes
> configure:25850: checking for pthread.h
> configure:25857: result: yes
> configure:26045: checking for CFLAGS needed for pthreads
> configure:26082: gcc -o conftest -g -O2 -DNETBSD  conftest.c -lcrypt  >&5
> <<
>
> Blunty ignore any other entries that wurry me or you..
> i send you this first..
>
>
>
>
>
>
>
>
> - Original Message -
> From: "Sander Temme" <[EMAIL PROTECTED]>
> To: 
> Sent: Monday, January 29, 2007 7:57 PM
> Subject: Re: [EMAIL PROTECTED] make error (embryo state user)
>
>
> >
> > On Jan 29, 2007, at 10:12 AM, herauthon wrote:
> >
> > >> - On what OS you are trying to compile.
> > > ** NetBSD 3.1 i386 on P-II MMX 333
> >
> > Unfortunately, I haven ever had the chance to try compiling Apache on
> > netbsd.
> >
> > >> - What options you gave the "configure" command.
> > > ** --enable-so
> >
> > When you run ./configure, it'll first do APR. Could you re-run it and
> > look for the section where it configures thread support (look for
> > "Checking for Threads..." in the output). Please paste us that
> > portion of the ./configure output.
> >
> > Also, look for the config.log file generated by APR configure (this
> > may be in srclib/apr), and search for "checking pthread.h usability".
> > Could you paste us the config.log contents from that point up to
> > where it says "checking for library containing shm_open"?
> >
> > That will allow us to investigate what is going wrong on your system.
> > Now for a potential quick fix: could you try passing --enable-
> > threads=no to ./configure and tell us if that makes your problem go
> > away?
> >
> > Thanks,
> >
> > Sander
> >
> > --
> > [EMAIL PROTECTED]http://www.temme.net/sander/
> > PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF
> >
> >
> >
>
>
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] DAV on + ssl ?

[arry]

Have anyone succeeded to set up DAV running on top of SSL ?

If so please post your configs.Thanks.

Every time I turn dav on, ssl stops!?

see you
H.Todorov



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] ProxyPass

[Joshua Slive]

On 1/29/07, Tony Heal <[EMAIL PROTECTED]> wrote:


What I would rather do if possible is for each virtual host use only 2 line
something like this



ProxyPass /$1 http://other-server/$1

ProxyPassReverse /$1 http://other-server/$1



Is this possible?
If so how?
If not is there a better alternative for what I am currently doing.


Hmmm... How exactly is the target config supposed to differ from:
ProxyPass / http://other-server/
ProxyPassReverse / http://other-server/

You can do fancy stuff with RewriteRule and the [P] flag, but it
doesn't seem necessary in this case.

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] ProxyPass

[Tony Heal]

I have configured several virtual hosts on my apache 1.3-33 system. Each host 
has several webs. What I would like to do
is simplify this a little. Here is what I have and this works fine

 

ProxyPass /web1 http://other-server/web1

ProxyPassReverse /web1 http:// other-server/web1

 

ProxyPass /web2 http://other-server/web2

ProxyPassReverse /web2http:// other-server/web2

 

ProxyPass /web3 http://other-server/web3

ProxyPassReverse /web3 http:// other-server/web3

 

What I would rather do if possible is for each virtual host use only 2 line 
something like this

 

ProxyPass /$1 http://other-server/$1

ProxyPassReverse /$1 http://other-server/$1

 

 

1.  Is this possible?
2.  If so how?
3.  If not is there a better alternative for what I am currently doing.

 

Tony

Re: [EMAIL PROTECTED] apache + ssl lock down

[Eric Covener]

On 1/29/07, Sam Carleton <[EMAIL PROTECTED]> wrote:

.  I need this very secure for a very limited number
of users, so I would like to set it up where the server requires the
client to have a specific key.


You can configure your server to request client certificates and
inspect the cert data:

http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslverifyclient
http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslrequire

--
Eric Covener
[EMAIL PROTECTED]

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] make error (embryo state user)

[herauthon]

Before i send a load of snippets with errors
i found a few in  confdefs.h.  


>>>
configure:25734: checking pthread.h usability
configure:25746: gcc -c -g -O2 -DNETBSD -w conftest.c >&5
configure:25752: $? = 0
configure:25756: test -z
 || test ! -s conftest.err
configure:25759: $? = 0
configure:25762: test -s conftest.o
configure:25765: $? = 0
configure:25775: result: yes
configure:25779: checking pthread.h presence
configure:25789: gcc -E -DNETBSD -w conftest.c
configure:25795: $? = 0
configure:25815: result: yes
configure:25850: checking for pthread.h
configure:25857: result: yes
configure:26045: checking for CFLAGS needed for pthreads
configure:26082: gcc -o conftest -g -O2 -DNETBSD  conftest.c -lcrypt  >&5
<<

Blunty ignore any other entries that wurry me or you..
i send you this first..








- Original Message - 
From: "Sander Temme" <[EMAIL PROTECTED]>
To: 
Sent: Monday, January 29, 2007 7:57 PM
Subject: Re: [EMAIL PROTECTED] make error (embryo state user)


> 
> On Jan 29, 2007, at 10:12 AM, herauthon wrote:
> 
> >> - On what OS you are trying to compile.
> > ** NetBSD 3.1 i386 on P-II MMX 333
> 
> Unfortunately, I haven ever had the chance to try compiling Apache on  
> netbsd.
> 
> >> - What options you gave the "configure" command.
> > ** --enable-so
> 
> When you run ./configure, it'll first do APR. Could you re-run it and  
> look for the section where it configures thread support (look for  
> "Checking for Threads..." in the output). Please paste us that  
> portion of the ./configure output.
> 
> Also, look for the config.log file generated by APR configure (this  
> may be in srclib/apr), and search for "checking pthread.h usability".  
> Could you paste us the config.log contents from that point up to  
> where it says "checking for library containing shm_open"?
> 
> That will allow us to investigate what is going wrong on your system.  
> Now for a potential quick fix: could you try passing --enable- 
> threads=no to ./configure and tell us if that makes your problem go  
> away?
> 
> Thanks,
> 
> Sander
> 
> -- 
> [EMAIL PROTECTED]http://www.temme.net/sander/
> PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF
> 
> 
> 


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Locating the origin of segmentation faults

[Steve Swift]

Thanks - That looks to be just what I wanted, with the added bonus that I
actually understand the instructions!

On 29/01/07, William A. Rowe, Jr. <[EMAIL PROTECTED]> wrote:


http://httpd.apache.org/dev/debugging.html#crashes

Steve Swift wrote:
> Our apache (v2.0.46-61.ent) under Linux 2.4.21-27.0.2.ELsmp is
> generating error.log entries:
>
> child pid 20355 exit signal Segmentation fault (11)
>
> We have strong circumstantial evidence that these are occurring in our
> modified basic authentication handler, but how can we find out more
> details of exactly what piece of code is faulting?
>
> --
> Steve Swift
> http://www.swiftys.org.uk

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
Steve Swift
http://www.swiftys.org.uk

Re: [EMAIL PROTECTED] make error (embryo state user)

[Sander Temme]

On Jan 29, 2007, at 10:12 AM, herauthon wrote:


- On what OS you are trying to compile.

** NetBSD 3.1 i386 on P-II MMX 333


Unfortunately, I haven ever had the chance to try compiling Apache on  
netbsd.



- What options you gave the "configure" command.

** --enable-so


When you run ./configure, it'll first do APR. Could you re-run it and  
look for the section where it configures thread support (look for  
"Checking for Threads..." in the output). Please paste us that  
portion of the ./configure output.


Also, look for the config.log file generated by APR configure (this  
may be in srclib/apr), and search for "checking pthread.h usability".  
Could you paste us the config.log contents from that point up to  
where it says "checking for library containing shm_open"?


That will allow us to investigate what is going wrong on your system.  
Now for a potential quick fix: could you try passing --enable- 
threads=no to ./configure and tell us if that makes your problem go  
away?


Thanks,

Sander

--
[EMAIL PROTECTED]http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF




smime.p7s
Description: S/MIME cryptographic signature

[EMAIL PROTECTED] Re: digest authentication with apache2.2 and mod_authn_dbd

[Jon Rosebaugh]

On 1/28/07, Jon Rosebaugh <[EMAIL PROTECTED]> wrote:

I'm trying to set up digest authentication with mod_authn_dbd by
adapting the basic authentication examples and looking at the
reference for mod_auth_digest, and I'm getting the error "No DBD Authn
configured!" Everything appears fine when the server starts, but when
I hit the protected directory, that happens. I looked at the source
for mod_authn_dbd, and there are apparently four different errors that
can trigger that message, and I have no idea which one it is.


Addendum:

It is also happening when I try the basic authentication; I've used
the example at the mod_authn_dbd page verbatim, except for changing
the directory location, the sql connection information, and the table
and column names to match my setup. So I'm guessing it is something in
the dbd setup itself, but I'm still baffled.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Status of per-user MPMs

[Bob]

Florian Lindner wrote:
Are there any MPMs (from apache or 3rd party) available that are stable for 
(very low load) systems with PHP?

(Apache 2)


May be http://mpm.metux.de/index.php/Main_Page is worth a look?

--
Bob

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Reverse proxy with cache

[Joshua Slive]

On 1/28/07, arun kumar <[EMAIL PROTECTED]> wrote:


If i request page from backend server then  i'ts not caching any content..i
found there was no files under /local/apache2/logs/cache directory.

i also set 777 permission for directory local/apache2/logs/cache but no use.

Please let me know what i done wrongly


Start by upgrading to 2.2 where many caching fixes have been included.

Then set LogLevel to debug and look in the error log.

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] .htaccess LogOn Oddity

[Bob Cohen]

On Jan 29, 2007, at 1:35 PM, Joshua Slive wrote:


I would recommend doing this:
http://wiki.apache.org/httpd/Recipes/CanonicalHostNames
which assures that you are redirected to the canonical name before any
authentication happens.  But if you are looking for an easy solution,
3 works just fine (and is the default in all recent versions of
apache).


Thanks.  I'll look into both.  I was hoping I wouldn't have to  
remember the trailing slash all the time. :-)


Bob

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] apache and php on windows

[William A. Rowe, Jr.]

Sam Carleton wrote:
> 
> I was simply thinking that if I could statically link apache and php
> so that there was simply one executable, it would make packaging and
> distribution simpler for me.  I could be wrong;)

What you save in having one binary is mitigated by the fact that pushing
out one small fix (say, a serious flaw in a specific module) goes from
a small update to the entire binary.

>From the Apache httpd side, see os/win32/modules.c for the static module
list, and add all the sources for all your desired modules (mod_alias,
mod_auth etc are probably modules you also need).  You can compile all
the sources from libhttpd, mod_FOO, etc and set httpd.dsp to depend
upon apr and aprutil instead of libapr and libaprutil.  You won't be
able to do loadable libiconv modules, but I doubt you are using those
features.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] .htaccess LogOn Oddity

[Joshua Slive]

On 1/29/07, Bob Cohen <[EMAIL PROTECTED]> wrote:


On Jan 29, 2007, at 1:07 PM, Joshua Slive wrote:

>> From the 1.3 FAQ, but applies to all versions:
> http://httpd.apache.org/docs/1.3/misc/FAQ.html#prompted-twice

Thank you very much Joshua! Three remedies are suggested:

1. Always use the trailing slash when requesting directories;
2. Change the ServerName to match the name you are using in the URL;
and/or
3. Set UseCanonicalName off.

I already verified that the trailing slash works. Which is is the
"best practices" solution?


I would recommend doing this:
http://wiki.apache.org/httpd/Recipes/CanonicalHostNames
which assures that you are redirected to the canonical name before any
authentication happens.  But if you are looking for an easy solution,
3 works just fine (and is the default in all recent versions of
apache).

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Patrick Presto is out of the office.

[Joshua Slive]

> At 12:02 PM 1/28/2007, you wrote:
>> I will be out of the office starting  01/26/2007 and will not return
>> until
>> 01/29/2007.
>>
>> I am out of the office today.  Please contact pin # 19005 for any
>> emergencies in my absence.  Thank you!



> I knew this name sounded familiar.. Can we please unsubscribe Patrick?
>
> I count 6 posts from him - All OOO replies.
>
> 3/31/2006, 8/2/2006, 12/18/2006, 12/28/2006, 1/8/2007, 1/28/2007.


Ok.  He's booted from the list now.  Please don't resubscribe unless
you can fix your broken auto-responder.

(I hope people from IBM are at least a little embarrassed about crummy
notes/domino/whatever that generates this stuff.)

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] apache and php on windows

[Sam Carleton]

On 1/29/07, William A. Rowe, Jr. <[EMAIL PROTECTED]> wrote:

Sam Carleton wrote:
> Is there any way to statically build PHP5 into any version of apache on
> Windows?

1. yes.
2. it's non-trivial.
3. it's possible to compile mod_php.c in, it's also possible to compile in
   all of mod_php.c and the php4ts.dll modules.  The definition of static
   can vary.
4. it offers no measurable performance improvement.

Is there any particular why?


I am developing a product that I am going to be selling to the average
person (those that know nothing about computers).  It is a sort of
kiosk system for events with a server that has a GUI frontend to
populate the system with data.  The viewing stations will be web
browsers.  The setup/network will be setup and broken down on at the
events by my customer.

I am trying to simplify things for my customer (so they don't have to
worry about setting up and configuring apache), so I have decided to
put only what I need of apache and php into the directory structure of
the GUI application and have the GUI application control the
startup/shutdown of apache.

I was simply thinking that if I could statically link apache and php
so that there was simply one executable, it would make packaging and
distribution simpler for me.  I could be wrong;)

Sam


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
The contents of this e-mail are intended for the named addressee only.
It contains information that may be confidential. Unless you are the
named addressee or an authorized designee, you may not copy or use it,
or disclose it to anyone else. If you received it in error please
notify us immediately and then destroy it.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] .htaccess LogOn Oddity

[Bob Cohen]

On Jan 29, 2007, at 1:07 PM, Joshua Slive wrote:


From the 1.3 FAQ, but applies to all versions:

http://httpd.apache.org/docs/1.3/misc/FAQ.html#prompted-twice


Thank you very much Joshua! Three remedies are suggested:

1. Always use the trailing slash when requesting directories;
2. Change the ServerName to match the name you are using in the URL;  
and/or

3. Set UseCanonicalName off.

I already verified that the trailing slash works. Which is is the  
"best practices" solution?


Bob Cohen
Principal, MojoTools Web Design
Blues Harmonica Lessons
Web   :   www.mojotools.com

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] make error (embryo state user)

[herauthon]

- Original Message -
From: "Krist van Besien" <[EMAIL PROTECTED]>
To: 
Sent: Monday, January 29, 2007 5:57 PM
Subject: Re: [EMAIL PROTECTED] make error (embryo state user)


> On 1/29/07, herauthon <[EMAIL PROTECTED]> wrote:
> > This happens for me after make
> 
>
> Please tell us:
> - Which version of apache you are trying to compile.
** V 2.2.4
> - On what OS you are trying to compile.
** NetBSD 3.1 i386 on P-II MMX 333
> - What compiler you are using.
** GCC
> - What options you gave the "configure" command.
** --enable-so
>
> that would be a start...
>
> Krist
>
> --
> [EMAIL PROTECTED]
> Bremgarten b. Bern, Switzerland
> --
> "...what you don't realize is that in the future Google WILL reach
> sentience, will [have had] invent[ed] a time machine, and will [have
> had] travel[ed] back in time to prevent Bill Gates... only to become
> Bill Gates by accident because of a search engine optimization
> miscalculation." (Comment on the Dilbert Blog)
>
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Status of per-user MPMs

[Joshua Slive]

On 1/29/07, Florian Lindner <[EMAIL PROTECTED]> wrote:

Hello,
what is the status of MPMs that can assign each vhost a userID and execute
request for this vhosts as this user?


Dead.


Are there any MPMs (from apache or 3rd party) available that are stable for
(very low load) systems with PHP?
(Apache 2)


Not that I know of.  For an alternative, see:
http://wiki.apache.org/httpd/Recipes/Different_UserIDs_Using_Reverse_Proxy

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] .htaccess LogOn Oddity

[Joshua Slive]

On 1/29/07, Bob Cohen <[EMAIL PROTECTED]> wrote:

Hi,

I password protect some areas on some web sites on my server
using .htaccess.  I'm currently running httpd 2.0.49 compiled from
source on a RedHat 7.3 web server.  For some reason unknown to me,
the logon screen never works on the first try.  I'll fill out
authentication dialog box, execute it, and the "Authentication
Required" box reappears.  If I re-enter the information a second
time, the authentication works.  This seems to occur on various
browsers on both the XP and Mac platforms.



From the 1.3 FAQ, but applies to all versions:

http://httpd.apache.org/docs/1.3/misc/FAQ.html#prompted-twice

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] apache and php on windows

[William A. Rowe, Jr.]

Sam Carleton wrote:
> Is there any way to statically build PHP5 into any version of apache on
> Windows?

1. yes.
2. it's non-trivial.
3. it's possible to compile mod_php.c in, it's also possible to compile in
   all of mod_php.c and the php4ts.dll modules.  The definition of static
   can vary.
4. it offers no measurable performance improvement.

Is there any particular why?

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Locating the origin of segmentation faults

[William A. Rowe, Jr.]

http://httpd.apache.org/dev/debugging.html#crashes

Steve Swift wrote:
> Our apache (v2.0.46-61.ent) under Linux 2.4.21-27.0.2.ELsmp is
> generating error.log entries:
> 
> child pid 20355 exit signal Segmentation fault (11)
> 
> We have strong circumstantial evidence that these are occurring in our
> modified basic authentication handler, but how can we find out more
> details of exactly what piece of code is faulting?
> 
> -- 
> Steve Swift
> http://www.swiftys.org.uk

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] make error (embryo state user)

[Sander Temme]

On Jan 29, 2007, at 7:45 AM, herauthon wrote:


include/apr_portable.h:46:23: #if with no expression


Looks like APR_HAVE_PTHREAD_H is not set, and it's all pear-shaped  
from there.  This should not happen as it is defined in include/ 
apr.h, which is generated from include/apr.h.in by ./configure.


To re-ask Krist's questions, which platform, which C compiler and  
what were the arguments you gave to ./configure?


Thanks,

S.

--
[EMAIL PROTECTED]http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF




smime.p7s
Description: S/MIME cryptographic signature

Re: [EMAIL PROTECTED] make error (embryo state user)

[Krist van Besien]

On 1/29/07, herauthon <[EMAIL PROTECTED]> wrote:

This happens for me after make



Please tell us:
- Which version of apache you are trying to compile.
- On what OS you are trying to compile.
- What compiler you are using.
- What options you gave the "configure" command.

that would be a start...

Krist

--
[EMAIL PROTECTED]
Bremgarten b. Bern, Switzerland
--
"...what you don't realize is that in the future Google WILL reach
sentience, will [have had] invent[ed] a time machine, and will [have
had] travel[ed] back in time to prevent Bill Gates... only to become
Bill Gates by accident because of a search engine optimization
miscalculation." (Comment on the Dilbert Blog)

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] using Apache module

[Garnier, Jeremie]

Hi all,

I want to make a C application using apache module as i want to use mod_dbd in 
order to use mod_dbd (connection pooling).
I want to perform the connection to oracle. (I have configured apache in MPM 
worker mode.)

Jérémie

-Message d'origine-
De : Sander Temme [mailto:[EMAIL PROTECTED]
Envoyé : lundi 29 janvier 2007 17:02
À : users@httpd.apache.org
Objet : Re: [EMAIL PROTECTED] using Apache module


On Jan 29, 2007, at 6:00 AM, Garnier, Jeremie wrote:

> How can I use an apache module in a C application?

Why would you want to do such a thing?

> Is it possible to use mod_dbd? Actually there are some undefined
> references (ap_hook_post_config, ap_hook_child_init...).

You would have to provide all of the functions from the Apache core
that the module calls, including all of the callback hooks.

I quickly browsed through the module, and it looks to me like a
fairly thin glue layer on top of APR's DBD. If you want DBD
functionality in your application, you're probably better off calling
APR directly.

Since the Apache code is released under the Apache license, you
should find no problem re-using some of it in your own application,
outside the context of Apache.  Note: this does not constitute legal
advice; read the Apache License  and make sure you agree to its terms.

> Why the APR/APU in srclib of httpd 2.x are old versions and not APR/
> APU 1.3?
> Thanks for your help...

Apache 2.0.x and 2.2.x use branches of APR: 0.9 and 1.2
respectively.  This is done because we require that the APR API we
use is stable.  The development trunk of Apache builds against the
trunk of APR, and when we do the next major release we will likely
use a new branch of APR.

S.


--
[EMAIL PROTECTED]http://www.temme.net/sander/
Open Source Software Consultant
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF



***
Information contained in this email message is confidential and may be 
privileged, and is intended only for use of the individual or entity named 
above. If the reader of this message is not the intended recipient, or the 
employee or agent responsible to deliver it to the intended recipient, you are 
hereby notified that any dissemination, distribution or copying of this 
communication is strictly prohibited. If you have received this communication 
in error, please immediately notify the [EMAIL PROTECTED] and destroy the 
original message.
***


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Segmentation fault after upgrade

[Paul]

Hello,

I have upgraded my Mandriva 2006 to Mandriva 2007 this weekend, and
since then Apache2 does not load anymore.

service httpd debug tells me there is a segmentation fault:

[EMAIL PROTECTED] init.d]# service httpd debug
Starting httpd (debug mode and in the foreground): /etc/init.d/httpd:
line 207: 22086 Segmentation fault  $httpd $httpdconf $debug -c
"Pidfile /tmp/httpd-debug.pid" -c "LogLevel debug" -c "ErrorLog
/dev/stdout" -c "CustomLog /dev/stdout common" $extramodules $modules
$options  (wd: /etc/init.d)

Can someone tell me how to get Apache up and running again?

Regards,
Paul

-- 
Suburbia is where the developer bulldozes out the trees
and then names the streets after them.
- Bill Vaughan.

http://www.nlpagan.net
Running on Mandriva Linux 2006 and Saucony Grid Omni 5

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] .htaccess LogOn Oddity

[Bob Cohen]

Hi,

I password protect some areas on some web sites on my server  
using .htaccess.  I'm currently running httpd 2.0.49 compiled from  
source on a RedHat 7.3 web server.  For some reason unknown to me,  
the logon screen never works on the first try.  I'll fill out  
authentication dialog box, execute it, and the "Authentication  
Required" box reappears.  If I re-enter the information a second  
time, the authentication works.  This seems to occur on various  
browsers on both the XP and Mac platforms.


Here's the directive I use to enable .htaccess


AllowOverride AuthConfig
Options Indexes FollowSymLinks Includes
Order allow,deny
Allow from all


Any insight into this would be greatly appreciated.  Thanks in  
advance for the help.


Bob Cohen
Principal, MojoTools Web Design
Blues Harmonica Lessons
Web   :   www.mojotools.com

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] using Apache module

[Sander Temme]

On Jan 29, 2007, at 6:00 AM, Garnier, Jeremie wrote:


How can I use an apache module in a C application?


Why would you want to do such a thing?

Is it possible to use mod_dbd? Actually there are some undefined  
references (ap_hook_post_config, ap_hook_child_init…).


You would have to provide all of the functions from the Apache core  
that the module calls, including all of the callback hooks.


I quickly browsed through the module, and it looks to me like a  
fairly thin glue layer on top of APR's DBD. If you want DBD  
functionality in your application, you're probably better off calling  
APR directly.


Since the Apache code is released under the Apache license, you  
should find no problem re-using some of it in your own application,  
outside the context of Apache.  Note: this does not constitute legal  
advice; read the Apache License  and make sure you agree to its terms.


Why the APR/APU in srclib of httpd 2.x are old versions and not APR/ 
APU 1.3?

Thanks for your help…


Apache 2.0.x and 2.2.x use branches of APR: 0.9 and 1.2  
respectively.  This is done because we require that the APR API we  
use is stable.  The development trunk of Apache builds against the  
trunk of APR, and when we do the next major release we will likely  
use a new branch of APR.


S.


--
[EMAIL PROTECTED]http://www.temme.net/sander/
Open Source Software Consultant
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF





smime.p7s
Description: S/MIME cryptographic signature

Re: [EMAIL PROTECTED] make error (embryo state user)

[herauthon]

This happens for me after make
___
include/apr_portable.h:46:23: #if with no expression
include/apr_portable.h:151:43: operator '&&' has no right operand
In file included from strings/apr_snprintf.c:23:
include/apr_portable.h:285: error: parse error before '*' token
include/apr_portable.h:293: error: parse error before '*' token
include/apr_portable.h:303: error: parse error before "apr_os_thread_t"
include/apr_portable.h:313: error: parse error before "apr_os_threadkey_t"
include/apr_portable.h:318: error: parse error before
"apr_os_thread_current"
include/apr_portable.h:318: warning: data definition has no type or storage
clas  s
include/apr_portable.h:325: error: parse error before "tid1"
strings/apr_snprintf.c:500: error: parse error before '*' token
strings/apr_snprintf.c: In function `conv_os_thread_t':
strings/apr_snprintf.c:503: error: parse error before "apr_os_thread_t"
strings/apr_snprintf.c:503: warning: no semicolon at end of struct or union
strings/apr_snprintf.c: At top level:
strings/apr_snprintf.c:505: warning: data definition has no type or storage
clas  s
strings/apr_snprintf.c:508: error: parse error before '.' token
strings/apr_snprintf.c:670: error: parse error before '*' token
strings/apr_snprintf.c: In function `conv_os_thread_t_hex':
strings/apr_snprintf.c:673: error: parse error before "apr_os_thread_t"
strings/apr_snprintf.c:673: warning: no semicolon at end of struct or union
strings/apr_snprintf.c: At top level:
strings/apr_snprintf.c:675: warning: data definition has no type or storage
clas  s
strings/apr_snprintf.c:678: error: parse error before '.' token
strings/apr_snprintf.c: In function `apr_vformatter':
strings/apr_snprintf.c:1174: error: `apr_os_thread_t' undeclared (first use
in t  his function)
strings/apr_snprintf.c:1174: error: (Each undeclared identifier is reported
only   once
strings/apr_snprintf.c:1174: error: for each function it appears in.)
strings/apr_snprintf.c:1174: error: `tid' undeclared (first use in this
function  )
strings/apr_snprintf.c:1176: error: parse error before "apr_os_thread_t"
strings/apr_snprintf.c:1201: error: parse error before "apr_os_thread_t"
*** Error code 1

Stop.
make: stopped in /usr/node/S/httpd-2.2.4/srclib/apr
*** Error code 1

Stop.
make: stopped in /usr/node/S/httpd-2.2.4/srclib/apr
*** Error code 1

Stop.
make: stopped in /usr/node/S/httpd-2.2.4/srclib
*** Error code 1

Stop.
make: stopped in /usr/node/S/httpd-2.2.4
uFTP: {84}

Could be a minor thing

Who knows?

Sincerely,



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] apache and php on windows

[Sam Carleton]

Is there any way to statically build PHP5 into any version of apache on Windows?

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] using Apache module

[Garnier, Jeremie]

Hi all,



How can I use an apache module in a C application?

Is it possible to use mod_dbd? Actually there are some undefined references 
(ap_hook_post_config, ap_hook_child_init...).

Why the APR/APU in srclib of httpd 2.x are old versions and not APR/APU 1.3?
Thanks for your help...



Jérémie GARNIER



***
Information contained in this email message is confidential and may be 
privileged, and is intended only for use of the individual or entity named 
above. If the reader of this message is not the intended recipient, or the 
employee or agent responsible to deliver it to the intended recipient, you are 
hereby notified that any dissemination, distribution or copying of this 
communication is strictly prohibited. If you have received this communication 
in error, please immediately notify the [EMAIL PROTECTED] and destroy the 
original message.
***

Re: [EMAIL PROTECTED] is it possible ? (ssl-tunneling)

[Krist van Besien]

On 1/26/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:


Hi,

Tnanks for the reply and the configurations.
I made a similar configuration - but just without virtualhost directive -
and it works.

But with firefox it shows the locker (ssl picture on the browser)
crossed by a line.

With IE it doesn't show the locker but everytime a connection is innitiated
it shows a message that ssl starts and then immediately it shows a
message that
ssl ends.

Does this mean that the data between the client and the reversed
proxy is in ssl?


This could be an issue with the application that you proxy to. Use a
firefox plugin like livehttpheaders to see which requests your browser
sends.

For example your webapp at http://arena.com/ could be sending a page
to the browser that contains a reload statement, with a URL that goes
directly to http://arena.com/

Krist

--
[EMAIL PROTECTED]
Bremgarten b. Bern, Switzerland
--
"...what you don't realize is that in the future Google WILL reach
sentience, will [have had] invent[ed] a time machine, and will [have
had] travel[ed] back in time to prevent Bill Gates... only to become
Bill Gates by accident because of a search engine optimization
miscalculation." (Comment on the Dilbert Blog)

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] Apache 2.0.58 + Solaris 5.9: status "...reading..." & TCP state "FIN_WAIT_2"

[Chirouze Olivier]

Hi Sander,
Thanks for your very precise comments. Below are mine...

> Chirouze,

My actual firstname is Olivier :-)

> 
> On Jan 26, 2007, at 8:41 AM, Chirouze Olivier wrote:
> 
> > Thanks for your prompt reply. We will definitively upgrade 
> soon, just
> > "to be up to date"... But because nothing is said about 
> that point in
> > docs I'm wondering if that will make any difference...
> 
> I doubt it. The Apache 2.0.x branch at this moment mainly gets  
> security fixes, and not a lot else.  The difference between  
> subsequent versions tends to be fairly small, and we tend to 
> tell you  
> what the fixes are.
> 
> You tell us that you are seeing an unusually high number of children  
> sitting in 'R' stage, which means they are attempting to read a full  
> request.  Reading requests *should* not take very long (this also  
> depends on the kind of requests you expect to get), and it may be  
> that you are under attack.  This may be deliberate or accidental.

Yes, we think some were deliberate attacks.

> 
> Do you have something like a Firewall in front of your server that  
> drops idle TCP connections?  If this happens, your Apache 
> server will  
> not notice this and keep trying to read the incoming data.
> 

Thanks for pointing to this. This exists, but the timeout is approx. 1
hour... Much higher than the Unix timeout...

> In any case, you may try to reduce the value of the Timeout 
> directive  
> in your configuration file.
> 
> The high number of FIN_WAIT_2 connections you observe may be normal,  
> but it may be the result of the situation sketched above.  Once  
> Apache is done with a connection, it'll close that and forget about  
> it.  The Apache child will then get ready to accept a new 
> connection,  
> and the kernel takes care of closing the TCP connection.  It does  
> this by sending a FIN packet to the client, who sends an ACK back.   
> Then the client is supposed to send its own FIN, and while this  
> happens the server will have that socket in FIN_WAIT_2 state.  After  
> the client sends its FIN, the server ACKnowledges and puts 
> the socket  
> into TIME_WAIT before it can be re-used.  You can see a full diagram  
> of this process in Figure 18.12 in TCP Illustrated, Volume 1 by W.  
> Richard Stevens.
> 
> If you are dealing with clients that don't bother sending their FIN,  
> or have something in-between that messes with the connection and its  
> termination, you may be stuck with this.  You can use kernel 
> tunables  
> like the ones you mention below to reduce the overhead.


Thanks for the nice explanation... That confirms what I knew ;-)
The thing is, why do I find the connections Apache describes as
"reading" in a "FIN_WAIT_2" state in Unix?
I have good hope that setting a lower value for FIN_WAIT timeout in Unix
will fix the pb, but not explain this...

> 
> Once again, Apache has nothing to do with the TCP handshake 
> process.   
> However, you may be able to reduce the effect of these 'R'  
> connections by reducing the timeout and raising the number of  
> available child processes (if your log file tells you that 
> the server  
> reached MaxClients).

What kind of timeout are you talking about here?
About the MaxClients, we did reach it but when 40 concurrent requests
over 150 are "reading", I'm feeling like the pb is on these connections,
not on the maximum...
Would anybody have an idea of a "reasonable value"? I've heard that 150
is already a pretty big value...

Thanks again!

Olivier

> 
> Regards,
> 
> Sander
> 
> > Anyway, we're providing both HTTP and HTTPS. Might be interesting  
> > to try
> > recognize if this happens on both? I will have a look at it.
> >
> > Do you think you might give me the values of the following 
> Unix params
> > on your Solaris 9 installs?
> >
> > tcp_fin_wait_2_flush_interval
> > tcp_keepalive_interval
> > tcp_ip_abort_interval
> >
> > Thanks in advance,
> >
> > Olivier
> >
> > Olivier CHIROUZE
> > I&0 Infrastructure
> > Volvo Information Technology
> >
> > -Original Message-
> > From: Richard de Vries [mailto:[EMAIL PROTECTED]
> > Sent: 26 January 2007 17:35
> > To: users@httpd.apache.org
> > Subject: Re: [EMAIL PROTECTED] Apache 2.0.58 + Solaris 5.9: status
> > "...reading..." & TCP state "FIN_WAIT_2"
> >
> > Interesting problem.
> >
> > I am running Apache 2.0.59 as a reverse proxy on multiple 
> Solaris 9  
> > and
> > AIX servers and have never encountered these types of 
> issues. Perhaps
> > you should try upgrading to 2.0.59 on one of your 
> development machines
> > and see if that makes a difference. If not, it is most likely an OS
> > and/or configuration issue.
> >
> > What other plugins are you running? Also, is this HTTP proxying, or
> > HTTPS?
> >
> > - Original Message 
> > From: Chirouze Olivier <[EMAIL PROTECTED]>
> > To: users@httpd.apache.org
> > Sent: Friday, January 26, 2007 9:56:46 AM
> > Subject: [EMAIL PROTECTED] Apache 2.0.58 + Solaris 5.9: status
> > "...reading..." & TC

[EMAIL PROTECTED] Status of per-user MPMs

[Florian Lindner]

Hello,
what is the status of MPMs that can assign each vhost a userID and execute 
request for this vhosts as this user?
Are there any MPMs (from apache or 3rd party) available that are stable for 
(very low load) systems with PHP?
(Apache 2)

Thanks,

Florian

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] apache + ssl lock down

[Sam Carleton]

Folks,

I am almost done with setting up my apache subversion server.  There
is one last thing I would like to do and I need some pointers on what
to look at.  I know the concept, but not the terms.  Right now I have
apache/ssl working in the normal way where it does the normal public
exchanging of keys with the browser, which is susceptible to man in
the middle attacks.  I need this very secure for a very limited number
of users, so I would like to set it up where the server requires the
client to have a specific key.  What is this called and can anyone
give me any pointers as to what I need to get apache, ssl, and the
client setup this way?

Sam

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] htpasswd and Windows AD auth in one config?

[goofi mon]

Is it possible to make a small group of external users authenticate
via htpasswd passwords and the rest via internal LAN Windows AD auth
with Apache on *nix?

Moreover what is the preferred method of authenticating against
Windows AD? Kerberos, LDAP, Winbind?

Thanks in advance for any useful hint.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] SSL Certificate on Intranet Virtual Host

[Chirouze Olivier]

Well, this is not supported by Apache, I admit.
But in some conditions, it works.

I should have specified that you will HAVE TO use the same SSL
certificate for all virtual hosts you're accessing through SSL on THE
SAME IP.

You can use different certificates at the condition your virtual hosts
are defined on different IPs (which wouldn't make much sense anyway!).
But on the same IP / port, you can use different virtual hosts, they
will have to use the same certificate...

Olivier


Olivier CHIROUZE
I&0 Infrastructure
Volvo Information Technology

-Original Message-
From: Jean-Yves Avenard [mailto:[EMAIL PROTECTED] 
Sent: 26 January 2007 23:41
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] SSL Certificate on Intranet Virtual Host

Hi

On 1/26/07, Chirouze Olivier <[EMAIL PROTECTED]> wrote:
> Hi,
>
> This is my first contribution to the list so please don't be too rude
if
> I'm wrong ;-)
>
> But I think we have the same situation here:
>
> Onename.server.com/
> Othername.server.com
> Somethingelse.server.com
>
That still won't work, as you can't use virtual host with SSL
certificate. Basically one port/IP address: one certificate.
As mentioned before, the SSL needs to be established before apache
http transaction gets established. So it is not aware as to which site
you're trying to get yet.

JY

-
The official User-To-User support forum of the Apache HTTP Server
Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Locating the origin of segmentation faults

[Steve Swift]

Our apache (v2.0.46-61.ent) under Linux 2.4.21-27.0.2.ELsmp is generating
error.log entries:

child pid 20355 exit signal Segmentation fault (11)

We have strong circumstantial evidence that these are occurring in our
modified basic authentication handler, but how can we find out more details
of exactly what piece of code is faulting?

--
Steve Swift
http://www.swiftys.org.uk