Re: [EMAIL PROTECTED] Apache Hangs.. Server-Status shows all Reading

2007-11-08 Thread Andrew Rosolino 

I saved the file with the full output do you want to see that.. i only took a
section from it.


Christian Folini-4 wrote:
> 
> On Thu, Nov 08, 2007 at 10:27:59AM -0800, Andrew Rosolino wrote:
>> 
>> Ok I did it but how am I suppose to read this?
> 
> That's not the interesting part. There should be more data.
> 
> Below is an example of a simple GET request
> in a local setup. You can clearly see the request.
> You can also take this into wireshark/ethereal and
> select "follow tcp stream" or so.
> 
> regs,
> 
> Christian
> 
> 07:45:47.905305 IP wcwe003u.pnet.ch.58702 > w032y7.pnet.ch.www: S
> 318106195:318106195(0) win 5840  0,nop,wscale 7>
> E..<[EMAIL PROTECTED]@.I.
> ..d
> N.P...S...
> 
>   2
> 3.
> 07:45:47.905345 IP w032y7.pnet.ch.www > wcwe003u.pnet.ch.58702: S
> 4288032982:4288032982(0) ack 318106196 win 5792  627094047 839725985,nop,wscale 7>
> E..<[EMAIL PROTECTED]@.#.
> ...
> ..d.P.N..0T...
> 
>   %`..2
> 3.
> 07:45:47.905543 IP wcwe003u.pnet.ch.58702 > w032y7.pnet.ch.www: . ack 1
> win 46 
> [EMAIL PROTECTED]@.I.
> ..d
> N.P...T..0
> 
>   2
> 3.%`..
> 07:45:47.905880 IP wcwe003u.pnet.ch.58702 > w032y7.pnet.ch.www: P
> 1:180(179) ack 1 win 46 
> [EMAIL PROTECTED]@.I.
> ..d
> N.P...T..0.P..
> 2
> 3.%`..GET /index.html HTTP/1.1
> User-Agent: curl/7.13.2 (i386-pc-linux-gnu) libcurl/7.13.2 OpenSSL/0.9.7e
> zlib/1.2.2 libidn/0.5.13
> Host: 10.226.0.220
> Pragma: no-cache
> Accept: */*
> 
>   
> 
> 07:45:47.905888 IP w032y7.pnet.ch.www > wcwe003u.pnet.ch.58702: . ack 180
> win 54 
> [EMAIL PROTECTED]@...
> ...
> ..d.P.N..06.K.
> 
>   %`..2
> 3.
> 07:45:47.906504 IP w032y7.pnet.ch.www > wcwe003u.pnet.ch.58702: P
> 1:245(244) ack 180 win 54 
> E..([EMAIL PROTECTED]@...
> ...
> ..d.P.N..06...
> %`..2
> 3.HTTP/1.1 200 OK
> Date: Fri, 09 Nov 2007 06:45:47 GMT
> Server: Apache
> Last-Modified: Thu, 08 Nov 2007 11:29:36 GMT
> ETag: "31101-d-2e4b0800"
> Accept-Ranges: bytes
> Content-Length: 13
> Connection: close
> Content-Type: text/plain
> 
> hello world!
> 
> 07:45:47.906720 IP wcwe003u.pnet.ch.58702 > w032y7.pnet.ch.www: . ack 245
> win 54 
> [EMAIL PROTECTED]@.I.
> ..d
> N.P..16
> W.
> 
>   2
> 3.%`..
> 07:45:47.906797 IP w032y7.pnet.ch.www > wcwe003u.pnet.ch.58702: F
> 245:245(0) ack 180 win 54 
> [EMAIL PROTECTED]@...
> ...
> ..d.P.N..16
> V.
> 
>   %`..2
> 3.
> 07:45:47.908037 IP wcwe003u.pnet.ch.58702 > w032y7.pnet.ch.www: F
> 180:180(0) ack 246 win 54 
> [EMAIL PROTECTED]@.I.
> ..d
> N.P..16
> U.
> 
>   2
> 3.%`..
> 07:45:47.908046 IP w032y7.pnet.ch.www > wcwe003u.pnet.ch.58702: . ack 181
> win 54 
> [EMAIL PROTECTED]@...
> ...
> ..d.P.N..16
> T.
> 
>   %`. 2
> 3.
> 
> 
> 
> 
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> 
> 

-- 
View this message in context: 
http://www.nabble.com/Apache-Hangs..-Server-Status-shows-all-Reading-tf4766110.html#a13662733
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Use NTLM only when needed

2007-11-08 Thread Christian Folini 
On Tue, Nov 06, 2007 at 10:41:57PM +0100, Fabrizio Reale wrote:
> I have a web application (Plone) which has its own authentication, but in an
> intranet I set up the NTLM authentication using the mod_ntlm module.
> It works very well when I am using a windows PC, but when I use my Linux
> desktop I must login using the ugly NTLM popup window.
> I would rather prefer to use the standard login of the web application.
> So if I can perform the NTLM authentication the system should authomatically
> log me, but if not I would like to see the application as an anonimous
> user.
> 
> Does any one know how to do that?

Hi Fabrizio, 

I can think of a hack including mod_rewrite and possibly mod_security,
but it means a potential breach of your security and is really
complicated. Unless you absolutely have to (and "ugly popup" sounds
annoying, but not really lethal) I would stick with the situation
as is. If you really have to, then there are a lot of learning 
opportunities ahead. ;)

However, I'd be happy to hear about Firefox on Linux being able to respond
to NTLM by itself. Have not checked that in quite some time. And it
would solve your problem too, I suppose.

regs,

Christian



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Apache Hangs.. Server-Status shows all Reading

2007-11-08 Thread Christian Folini 
On Thu, Nov 08, 2007 at 10:27:59AM -0800, Andrew Rosolino wrote:
> 
> Ok I did it but how am I suppose to read this?

That's not the interesting part. There should be more data.

Below is an example of a simple GET request
in a local setup. You can clearly see the request.
You can also take this into wireshark/ethereal and
select "follow tcp stream" or so.

regs,

Christian

07:45:47.905305 IP wcwe003u.pnet.ch.58702 > w032y7.pnet.ch.www: S 
318106195:318106195(0) win 5840 
E..<[EMAIL PROTECTED]@.I.
..d
N.P...S...

2
3.
07:45:47.905345 IP w032y7.pnet.ch.www > wcwe003u.pnet.ch.58702: S 
4288032982:4288032982(0) ack 318106196 win 5792 
E..<[EMAIL PROTECTED]@.#.
...
..d.P.N..0T...

%`..2
3.
07:45:47.905543 IP wcwe003u.pnet.ch.58702 > w032y7.pnet.ch.www: . ack 1 win 46 

[EMAIL PROTECTED]@.I.
..d
N.P...T..0

2
3.%`..
07:45:47.905880 IP wcwe003u.pnet.ch.58702 > w032y7.pnet.ch.www: P 1:180(179) 
ack 1 win 46 
[EMAIL PROTECTED]@.I.
..d
N.P...T..0.P..
2
3.%`..GET /index.html HTTP/1.1
User-Agent: curl/7.13.2 (i386-pc-linux-gnu) libcurl/7.13.2 OpenSSL/0.9.7e 
zlib/1.2.2 libidn/0.5.13
Host: 10.226.0.220
Pragma: no-cache
Accept: */*



07:45:47.905888 IP w032y7.pnet.ch.www > wcwe003u.pnet.ch.58702: . ack 180 win 
54 
[EMAIL PROTECTED]@...
...
..d.P.N..06.K.

%`..2
3.
07:45:47.906504 IP w032y7.pnet.ch.www > wcwe003u.pnet.ch.58702: P 1:245(244) 
ack 180 win 54 
E..([EMAIL PROTECTED]@...
...
..d.P.N..06...
%`..2
3.HTTP/1.1 200 OK
Date: Fri, 09 Nov 2007 06:45:47 GMT
Server: Apache
Last-Modified: Thu, 08 Nov 2007 11:29:36 GMT
ETag: "31101-d-2e4b0800"
Accept-Ranges: bytes
Content-Length: 13
Connection: close
Content-Type: text/plain

hello world!

07:45:47.906720 IP wcwe003u.pnet.ch.58702 > w032y7.pnet.ch.www: . ack 245 win 
54 
[EMAIL PROTECTED]@.I.
..d
N.P..16
W.

2
3.%`..
07:45:47.906797 IP w032y7.pnet.ch.www > wcwe003u.pnet.ch.58702: F 245:245(0) 
ack 180 win 54 
[EMAIL PROTECTED]@...
...
..d.P.N..16
V.

%`..2
3.
07:45:47.908037 IP wcwe003u.pnet.ch.58702 > w032y7.pnet.ch.www: F 180:180(0) 
ack 246 win 54 
[EMAIL PROTECTED]@.I.
..d
N.P..16
U.

2
3.%`..
07:45:47.908046 IP w032y7.pnet.ch.www > wcwe003u.pnet.ch.58702: . ack 181 win 
54 
[EMAIL PROTECTED]@...
...
..d.P.N..16
T.

%`. 2
3.




-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] HTDigest

2007-11-08 Thread Joshua Slive 
On Nov 8, 2007 6:38 PM, Grant Peel <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> I have a security company hounding me to turn of HTDigest.
>
> Any idea how?

If they think it is so important, why not ask them? Or are they just
following some set of inflexible rules that even they don't really
understand?

Anyway, htdigest is a simple support utility that comes with apache.
As long as it isn't suid or called directly from the web, it poses
absolutely no security hazard. But if you want to "turn it off", find
it on your hard disk and remove it.

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] HTDigest

2007-11-08 Thread Grant Peel 

Hi all,

I have a security company hounding me to turn of HTDigest.

Any idea how?

Words of wisdom ... please.

-Grant

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Weird charakters added to the top of html pages

2007-11-08 Thread Joshua Slive 
On Nov 8, 2007 2:24 PM, Samuel Vogel <[EMAIL PROTECTED]> wrote:
> Ok, I did think that not saving as UTF8 was the problem:
> But is there some on the fly workaround? Since some of my users seem to
> be to dumb to do it by there selfs.

I don't know what browsers do with the BOM in html files. It is
possible that if you properly mark the file as UTF (in the
Content-Type header, using AddEncoding in httpd.conf), you might have
better luck.

There are various ways to edit files on-the-fly in apache, but they
are very resource-intensive and not a good solution to this problem.

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Weird charakters added to the top of html pages

2007-11-08 Thread Samuel Vogel 

Ok, I did think that not saving as UTF8 was the problem:
But is there some on the fly workaround? Since some of my users seem to 
be to dumb to do it by there selfs.


Regards,
Samy

Joshua Slive schrieb:

On Nov 8, 2007 2:01 PM, Samuel Vogel <[EMAIL PROTECTED]> wrote:
  

Hey guys,

I do experience a weird issue. This has been going on for some time though.
Apache adds 3 weird looking charakters to the top of some HTML pages:






That's the UTF BOM, added by your editor not apache. See:
http://www.w3.org/International/questions/qa-utf8-bom

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
  


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Problem in access_log?

2007-11-08 Thread Joshua Slive 
On Nov 8, 2007 10:08 AM, Angelo Miranda <[EMAIL PROTECTED]> wrote:
> Hi,
>
> Thank you for your answer.
> I didnt notice the 400 code.
> For instance in this day (2007/11/7) the error_log is clean. No errors.
> Do you think the problem might be on Tomcat ? Some hint ?

Yes, if you don't see anything in the apache error log, it is most
likely tomcat generating the 400s. Check your tomcat config and logs.

If the problem is indeed caused by range requests, you might be able
to work around it with
Header set Accept-Ranges none
RequestHeader unset Range
in httpd.conf.

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Weird charakters added to the top of html pages

2007-11-08 Thread Joshua Slive 
On Nov 8, 2007 2:01 PM, Samuel Vogel <[EMAIL PROTECTED]> wrote:
> Hey guys,
>
> I do experience a weird issue. This has been going on for some time though.
> Apache adds 3 weird looking charakters to the top of some HTML pages:
>
> 
> 

That's the UTF BOM, added by your editor not apache. See:
http://www.w3.org/International/questions/qa-utf8-bom

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Apache server crashes

2007-11-08 Thread isaak malik 

Hey,

Every time I try to use the new version of OpenAds on my localhost version my 
HTTP server crashes.

Error log details:

[crit] (OS 10038)An operation was attempted on something that is not a socket. 
: Parent: WSADuplicateSocket failed for socket 6821136. Check the FAQ.
[crit] (OS 109)The pipe has been ended. : setup_inherited_listeners: Unable to 
read socket data from parent
[crit] (OS 10038)An operation was attempted on something that is not a socket. 
: master_main: create child process failed. Exiting.

I've searched the net for a solution but unfortunately I couldn't find anything.

Thanks in advance,
Isaak
_
De snelle weg naar een praatje
http://messenger.live.com
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Weird charakters added to the top of html pages

2007-11-08 Thread Samuel Vogel 

Hey guys,

I do experience a weird issue. This has been going on for some time though.
Apache adds 3 weird looking charakters to the top of some HTML pages:





The real file on the command prompt starts like this:




I guess this is an encoding issue. But my config file does contain a 
"AddDefaultCharset ISO-8859-1".

The page I do refert to does contain the following charset definition:



May this be the reason? What do I have to do to fix it?

Regards,
Samy


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Apache Hangs.. Server-Status shows all Reading

2007-11-08 Thread Andrew Rosolino 

Ok I did it but how am I suppose to read this?

J5...3.P..w8P...{.
13:26:22.990526 IP alpha2.shiftcode.com.http > nat10.ekspres.net.pl.3891: .
ack 1 win 6432
E..([EMAIL PROTECTED]@.G.J5..S..

.P.3...{..w.P.. \...
13:26:22.994371 IP nat10.ekspres.net.pl.3891 > alpha2.shiftcode.com.http: R
1:1(0) ack 1091 win 0
E..([EMAIL PROTECTED]

J5...3.P..wzP...v.
13:26:23.002050 IP n219077060129.netvigator.com.61317 >
alpha2.shiftcode.com.http: S 2990870443:2990870443(0) win 642
40 

E..0.<@.vM<.J5.P.E..p...n...
13:26:23.002083 IP alpha2.shiftcode.com.http >
n219077060129.netvigator.com.61317: S 3164683349:3164683349(0) ack 299
0870444 win 5840 



Christian Folini-4 wrote:
> 
> Hey Andrew,
> 
> You have to try and isolate the problem.
> It's a start to remove modules and make the issue
> go away in a lab setup and thus identify the component
> that is causing the problem. Try to nail down the
> individual requests that cause a server process/thread
> to hang.
> 
> Ideally mod_forensic should tell you about this
> requests as the forensic log will tell you about incoming
> requests before they are handled. But I am not sure
> they are in the forensic log as your status suggests
> they are still being read. 
> 
> tcpdump outside of your apache could help here (start
> with "tcpdump -A -s 0 port xxx" here. Unless it is
> https traffic, then it would not tell you much.
> 
> regs,
> 
> Christian
> 
> On Wed, Nov 07, 2007 at 09:31:58AM -0800, Andrew Rosolino wrote:
>> 
>> Hi this keeps happening a lot where my server will be unresponsive... it
>> just
>> hangs forever.. so I checked the apache server-status and there was 131
>> requests that looked like this..
>> 
>> 39-16 2177 0/67/114 R  0.95 47 562 0.0 0.48 0.66  ? ? ..reading..  
>> 40-16 29189 0/220/220 R  3.40 47 135 0.0 0.67 0.67  ? ? ..reading..  
>> 41-16 3959 0/7/111 R  0.21 48 81 0.0 0.01 0.42  ? ? ..reading..  
>> 
>> They were all just in the "reading" state and i couldnt get an open slot
>> nor
>> anyone else who was viewing our websites..
>> 
>> I restarted apache and all was fine.. but then 20 minutes later they went
>> back all into a reading state.. it appears as if slowly each processes
>> goes
>> into the reading state?? I dont understand what the problem is.
>> -- 
>> View this message in context:
>> http://www.nabble.com/Apache-Hangs..-Server-Status-shows-all-Reading-tf4766110.html#a13631744
>> Sent from the Apache HTTP Server - Users mailing list archive at
>> Nabble.com.
>> 
>> 
>> -
>> The official User-To-User support forum of the Apache HTTP Server
>> Project.
>> See http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>"   from the digest: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>> 
> 
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> 
> 

-- 
View this message in context: 
http://www.nabble.com/Apache-Hangs..-Server-Status-shows-all-Reading-tf4766110.html#a13652832
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Using a proxy manually from a webbrowser?

2007-11-08 Thread Martin Fick 
--- Nick Kew <[EMAIL PROTECTED]> wrote:
> On Wed, 7 Nov 2007 23:31:10 -0800 (PST)
> Martin Fick <[EMAIL PROTECTED]> wrote:
> 
> >   The end
> > result should be that the page returned by th
> > webserver (myapache.com) should actually be
> > http://website.com/webpage.html but the request
> has to
> > go through privoxy! 
> 
> ProxyRemote?

Doesn't ProxyRemote require that my webserver be
acting in forward proxy mode?  In other words,
wouldn't the 
browser still have to be configured to use my
webserver
as its proxy?  If not, could you show me a sample line
that would map a request from my webserver's namespace
(i.e. not an absolute URL) to an absolute URL on a
proxy server?

-Martin


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] Using a proxy manually from a webbrowser?

2007-11-08 Thread Martin Fick 
--- Axel-Stephane  SMORGRAV
<[EMAIL PROTECTED]> wrote:
>
> Well there are 8 lines about implementation issues
> and 2 lines of warning. I would not call that a
> lecture...
 
Sorry, I jumped too quickly. I knew that the moment
I hit the send button. :(

I would still like a proposed solution, most of 
what you mentioned seemed like all the normal
problems associated with ProxyPass (rewriting
html urls...).  Ignoring those for now, I am 
still asking for how the forwarding could be 
done?  What directives and what format?  I 
understand that this may not be perfect.

-Martin


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] errors with installing Apache HTTP 2.0.61

2007-11-08 Thread Hu, Leigi (CDC/CCHIS/NCPHI) (CTR) 
Krist,

Thanks for your quick answer. I re-unpacked the Apache HTTP 2.0.61
software in my account without using 'sudo'. Then I tried 'configure'
and 'make' commands without using sudo. This time it seemed that I
successfully passed these two stages as I only found a (minor) warning
during 'make' stage as listed below:
Libtool: link: warning: 'version-info' is ignored for programs

Now should I use or not use sudo to install Apache?

Thanks,

Rick



-Original Message-
From: Krist van Besien [mailto:[EMAIL PROTECTED] 
Sent: Thursday, November 08, 2007 10:33 AM
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] errors with installing Apache HTTP 2.0.61

On Nov 8, 2007 4:13 PM, Hu, Leigi (CDC/CCHIS/NCPHI) (CTR) <[EMAIL PROTECTED]>
wrote:
> Krist,
>
> (1) I use gcc compiler on the UNIX box.
> (2) I tried 'configure' without 'sudo' privileges and got 'Permission
> denied' error:
> ./configure: line 1571: config.log: Permission denied
> ./configure: line 1581: config.log: Permission denied
>
> These lines from file 'configure' are listed below for your
information:
> 1571: cat >config.log <<_ACEOF
>
> 1580: _ACEOF
> 1581: exec 5>>config.log
> 1582: {
>
> Thanks,

You don't have write rights in the apache source dir. Which is odd if
you downloaded and unpacked it yourself. Unless you used sudo for that
too...
Also, are you using the gcc that came with solaris (in /usr/sfw) or
one that was installed somewhere else?

I've compiled apache on solaris 10 quite a few times, using the gcc
that was installed in /usr/sfw

First I needed to fix some headers (this needs to be done as root)

cd /usr/sfw/libexec/gcc/sparc-sun-solaris2.10/3.3.2/install-tools
./mkheaders

I only needed to do that once, after that I just downloaded the most
recent source and unpacked it.
(for this you don't need to be root)

unset LD_LIBRARY_PATH
unset OPENWIN_HOME   #just to make sure
export CC=/usr/sfw/bin/gcc
./configure  (add any options you want)

/usr/sfw/bin/gmake -j

and finally, as root:
/usr/sfw/bin/gmake install

Krist

 --
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

-
The official User-To-User support forum of the Apache HTTP Server
Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] apache as non-root

2007-11-08 Thread Michael McGlothlin 
The system I use keeps administrators at arms length by requiring they 
interact with servers through a service that lets them do the desired 
admin tasks such as working with users and groups, configuring services, 
starting/stopping services, etc. All functions can be individually 
allowed or denied to individual users or groups. Of course you still 
need actual system administrators for some things but it allows me to 
extend control to other users with fine-grained control and has the 
bonus that admins can manage all our servers through an easy-to-use 
client app and even manage groups of servers together.


I rolled my own for building the mgmt console but such things can just 
be purchased I'd imagine. Or it's not to difficult to code your own - I 
used XML-RPC over Jabber written in Python.


--
Michael McGlothlin
Southwest Plumbing Supply


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] apache as non-root

2007-11-08 Thread Axel-Stephane SMORGRAV 
I understand that everything is black or white to you, and there are no shades 
of grey. Good for you. 


-ascs
 
-Message d'origine-
De : Michael McGlothlin [mailto:[EMAIL PROTECTED] 
Envoyé : jeudi 8 novembre 2007 17:17
À : users@httpd.apache.org
Objet : Re: [EMAIL PROTECTED] apache as non-root

I plan to give everyone root access. Security is a silly concept anyway because 
obviously everyone can be trusted.
> Somebody trusted you enough to give YOU the root password.
>
> Why should you not in turn entrust others with the privileges that will allow 
> them to do their job?


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] apache as non-root

2007-11-08 Thread Michael McGlothlin 
I plan to give everyone root access. Security is a silly concept anyway 
because obviously everyone can be trusted.

Somebody trusted you enough to give YOU the root password.

Why should you not in turn entrust others with the privileges that will allow 
them to do their job?



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] Using a proxy manually from a webbrowser?

2007-11-08 Thread Axel-Stephane SMORGRAV 
Well there are 8 lines about implementation issues and 2 lines of warning. I 
would not call that a lecture...


-ascs

-Message d'origine-
De : Martin Fick [mailto:[EMAIL PROTECTED] 
Envoyé : jeudi 8 novembre 2007 17:08
À : users@httpd.apache.org
Objet : RE: [EMAIL PROTECTED] Using a proxy manually from a webbrowser?

Sorry but I was really asking for implementation help, not a lecture on 
security...

-Martin


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] dbd and mysql in apache 2.2.6

2007-11-08 Thread Daniel Campbell 
Sorry, I missed that.  That did fix the compile issue but unfortunately 
not the issue with the mysql support actually being compile in.  Any 
other ideas?

*Daniel Campbell
Director Of Networking
& Purchasing Agent
On2 Technologies
21 Corporate Drive
Suite 103
Clifton Park, NY 12065
518-348-0099 ext 234
[EMAIL PROTECTED] 
http://www.on2.com


*


Res wrote:


Daniel,. this sounds like you did not run ./configure from teh very top 
source directory first.

This needs to be done to make the apr stuff available from what I can see.
Like I said earlier do a dummy ./configure run from the main source 
directory first.




On Wed, 7 Nov 2007, Daniel Campbell wrote:

I did the following but get a configure error with --with-apr=../apr 
Any Ideas?


Thanks,
Dan

build_machine:/usr/local/src#tar -xjf httpd-2.2.6.tar.bz2
build_machine:/usr/local/src#cd httpd-2.2.6
build_machine:/usr/local/src/httpd-2.2.6#cd srclib/apr
apr   apr-util
build_machine:/usr/local/src/httpd-2.2.6#cd srclib/apr-util/dbd/
build_machine:/usr/local/src/httpd-2.2.6/srclib/apr-util/dbd#cat 
../INSTALL.MySQL
The MySQL driver is not distributed from apache.org due to licensing 
issues.


If you wish to build the driver, download apr_dbd_mysql.c from
http://apache.webthing.com/database/
and copy it into the dbd directory.
Now run buildconf, followed by configure.

It is distributed under the GPL to conform with MySQL License terms
This means it cannot be distributed from apache.org, as that would
violate ASF policy.

Using the driver with APR and Apache is of course allowed,
and there is no problem with a third party bundling the driver,
provided you respect both the ASF and GPL licenses.
build_machine:/usr/local/src/httpd-2.2.6/srclib/apr-util/dbd#wget 
http://apache.webthing.com/database/apr_dbd_mysql.c

--17:36:22--  http://apache.webthing.com/database/apr_dbd_mysql.c
  => `apr_dbd_mysql.c'
Resolving apache.webthing.com... 195.50.92.131
Connecting to apache.webthing.com[195.50.92.131]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 18,999 [text/plain]

100%[>] 
18,999   115.34K/s


17:36:23 (114.69 KB/s) - `apr_dbd_mysql.c' saved [18999/18999]

build_machine:/usr/local/src/httpd-2.2.6/srclib/apr-util/dbd#cd ..
build_machine:/usr/local/src/httpd-2.2.6/srclib/apr-util#./buildconf

Looking for apr source in /usr/local/src/httpd-2.2.6/srclib/apr
Creating include/private/apu_config.h ...
Creating configure ...
Generating 'make' outputs ...
Invoking xml/expat/buildconf.sh ...
Copying libtool helper files ...
Incorporating /usr/share/aclocal/libtool.m4 into aclocal.m4 ...
Creating config.h.in ...
autoheader: WARNING: Using auxiliary files such as `acconfig.h', 
`config.h.bot'
autoheader: WARNING: and `config.h.top', to define templates for 
`config.h.in'

autoheader: WARNING: is deprecated and discouraged.
autoheader:
autoheader: WARNING: Using the third argument of `AC_DEFINE' and
autoheader: WARNING: `AC_DEFINE_UNQUOTED' allows to define a template 
without

autoheader: WARNING: `acconfig.h':
autoheader:
autoheader: WARNING:   AC_DEFINE([NEED_FUNC_MAIN], 1,
autoheader: [Define if a function `main' is needed.])
autoheader:
autoheader: WARNING: More sophisticated templates can also be 
produced, see the

autoheader: WARNING: documentation.
Creating configure ...
rebuilding rpm spec file
build_machine:/usr/local/src/httpd-2.2.6/srclib/apr-util#./configure 
--with-apr=../apr

checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking target system type... i686-pc-linux-gnu
checking for a BSD-compatible install... /usr/bin/ginstall -c
checking for working mkdir -p... yes
APR-util Version: 1.2.10
checking for chosen layout... apr-util
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ANSI C... none needed
Applying apr-util hints file rules for i686-pc-linux-gnu
checking for APR... configure: error: the --with-apr parameter is 
incorrect. It must specify an install prefix, a build directory, or an 
apr-config file.

build_machine:/usr/local/src/httpd-2.2.6/srclib/apr-util#

Res wrote:



Daniel Campbell schrieb:
Has anyone had any luck building mysql into apache version 2.2.6?  I 
am able to get it to compile fine but if I "ldd httpd" there is no 
mysql library linked in and if I try and use the "DBDriver mysql" in 
the httpd.conf file I get "DBD: No driver for mysql" when starting it.


I have followed the INSTALL.MYSQL instructions under the 
srclib/apr-util directory which says to download the apr_dbd_mysql.c 
file fr

RE: [EMAIL PROTECTED] Using a proxy manually from a webbrowser?

2007-11-08 Thread Martin Fick 
Sorry but I was really asking for implementation help,
not a lecture on security...

-Martin

--- Axel-Stephane  SMORGRAV
<[EMAIL PROTECTED]> wrote:

> you're cruising for a bruising. 
> 
> The only way I can imagine it would possible to
> achieve this would be by creating a reverse proxy.
> 
> First of all, even if this is possible using
> mod_rewrite, you will not be able to rewrite the
> Location headers (ProxyPassReverse) to make
> redirects work correctly. You will also need to
> rewrite all links in HTML (and even non-HTML)
> contents so that they point to your proxy and use
> the correct URL path, which may work for a number of
> web sites, but which will certainly fail for others.
> 
> If that was not enough, you expose yourself to all
> kinds of troubles by allowing anyone to hide
> themselves behind your (reverse) proxy.
> 
> 
> -ascs
>  
> -Message d'origine-
> De : Martin Fick [mailto:[EMAIL PROTECTED] 
> Envoyé : jeudi 8 novembre 2007 08:31
> À : users@httpd.apache.org
> Objet : [EMAIL PROTECTED] Using a proxy manually from a
> webbrowser?
> 
> Hi,
> 
> This may sound like a strange question, but I am
> trying to use mod_proxy in a way which I have not
> yet seen described anywhere.  What I would like to
> do is accept connections on my webserver for certain
> URLs,
> say:  
> 
>
http://myapache.com/useproxy/website.com/webpage.html
> 
> where example myapache.com is my web server and
> website.com/webpage.html is the http URL of some
> page that I would like the user to be proxied to. 
> The trick that makes my question different from a
> normal ProxyPass setup is that I would like to chain
> the request through a proxy server, say privoxy. 
> The end result should be that the page returned by
> th webserver (myapache.com) should actually be
> http://website.com/webpage.html but the request has
> to go through privoxy! 
> 
> The idea is that a user could make use of privoxy
> running on my website without having to configure a
> proxy in their browser (imagine that they already
> have to use a proxy to get out of their corporate
> firewall).  Then they could still benefit from using
> privoxy by accessing it with my web server manually.
> 
> If there are any other ways of manually making use
> of a proxy server from a browser without using the
> proxy setting in a browser that would be a welcomed
> alternative to what I am suggesting.
> 
> Thanks,
> 
> -Martin
> 
> 
> __
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam
> protection around http://mail.yahoo.com 
> 
>
-
> The official User-To-User support forum of the
> Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for
> more info.
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
>"   from the digest:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> 
> 
>
-
> The official User-To-User support forum of the
> Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for
> more info.
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
>"   from the digest:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> 
> 


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] apache as non-root

2007-11-08 Thread Axel-Stephane SMORGRAV 
Somebody trusted you enough to give YOU the root password.

Why should you not in turn entrust others with the privileges that will allow 
them to do their job? 


-ascs

-Message d'origine-
De : Krist van Besien [mailto:[EMAIL PROTECTED] 
Envoyé : jeudi 8 novembre 2007 16:40
À : users@httpd.apache.org
Objet : Re: [EMAIL PROTECTED] apache as non-root

On Nov 8, 2007 3:50 PM, Axel-Stephane  SMORGRAV <[EMAIL PROTECTED]> wrote:
> -Message d'origine-
> De : Krist van Besien [mailto:[EMAIL PROTECTED]
> Envoyé : jeudi 8 novembre 2007 15:14
> À : users@httpd.apache.org
> Objet : Re: [EMAIL PROTECTED] apache as non-root
>
> > You could use a wrapper script (as I do) that the user can't change.
>
> You could, but AFAICS the only point of using a wrapper over using sudo would 
> be to hard code the -f parameter... In that case you would also need to 
> prevent the user to change the configuration. What would be the point of that?

The point is that somebody not root can start/stop apache. In our setup I have 
a wrapper script that can start the server in two modes:
A "maintenance mode" where a "server is down, please come back later"
message is displayed to whoever visits the site, and a normal mode.
This is done by passing a different value for the -f option to httpd when 
started. These values (two alternative configs basically) are hard coded in a 
script that only root can modify.
This way a user with less privileges than root can switch the site to 
maintenance mode before taking the tomcat application server down.

> I have opted for sudo. Designated Apache administrators are allowed to 
> start/stop/create as many instances of Apache they want to with the 
> configurations of their choice. They are entrusted with that privilege. 
> Bottom line.

Indeed, but in your case you have given the designated administrators 
everything they need to become root. I hope you can trust them enough not to 
try this.

Krist



--
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] apache as non-root

2007-11-08 Thread Krist van Besien 
On Nov 8, 2007 3:50 PM, Axel-Stephane  SMORGRAV
<[EMAIL PROTECTED]> wrote:
> -Message d'origine-
> De : Krist van Besien [mailto:[EMAIL PROTECTED]
> Envoyé : jeudi 8 novembre 2007 15:14
> À : users@httpd.apache.org
> Objet : Re: [EMAIL PROTECTED] apache as non-root
>
> > You could use a wrapper script (as I do) that the user can't change.
>
> You could, but AFAICS the only point of using a wrapper over using sudo would 
> be to hard code the -f parameter... In that case you would also need to 
> prevent the user to change the configuration. What would be the point of that?

The point is that somebody not root can start/stop apache. In our
setup I have a wrapper script that can start the server in two modes:
A "maintenance mode" where a "server is down, please come back later"
message is displayed to whoever visits the site, and a normal mode.
This is done by passing a different value for the -f option to httpd
when started. These values (two alternative configs basically) are
hard coded in a script that only root can modify.
This way a user with less privileges than root can switch the site to
maintenance mode before taking the tomcat application server down.

> I have opted for sudo. Designated Apache administrators are allowed to 
> start/stop/create as many instances of Apache they want to with the 
> configurations of their choice. They are entrusted with that privilege. 
> Bottom line.

Indeed, but in your case you have given the designated administrators
everything they need to become root. I hope you can trust them enough
not to try this.

Krist



-- 
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] errors with installing Apache HTTP 2.0.61

2007-11-08 Thread Krist van Besien 
On Nov 8, 2007 4:13 PM, Hu, Leigi (CDC/CCHIS/NCPHI) (CTR) <[EMAIL PROTECTED]> 
wrote:
> Krist,
>
> (1) I use gcc compiler on the UNIX box.
> (2) I tried 'configure' without 'sudo' privileges and got 'Permission
> denied' error:
> ./configure: line 1571: config.log: Permission denied
> ./configure: line 1581: config.log: Permission denied
>
> These lines from file 'configure' are listed below for your information:
> 1571: cat >config.log <<_ACEOF
>
> 1580: _ACEOF
> 1581: exec 5>>config.log
> 1582: {
>
> Thanks,

You don't have write rights in the apache source dir. Which is odd if
you downloaded and unpacked it yourself. Unless you used sudo for that
too...
Also, are you using the gcc that came with solaris (in /usr/sfw) or
one that was installed somewhere else?

I've compiled apache on solaris 10 quite a few times, using the gcc
that was installed in /usr/sfw

First I needed to fix some headers (this needs to be done as root)

cd /usr/sfw/libexec/gcc/sparc-sun-solaris2.10/3.3.2/install-tools
./mkheaders

I only needed to do that once, after that I just downloaded the most
recent source and unpacked it.
(for this you don't need to be root)

unset LD_LIBRARY_PATH
unset OPENWIN_HOME   #just to make sure
export CC=/usr/sfw/bin/gcc
./configure  (add any options you want)

/usr/sfw/bin/gmake -j

and finally, as root:
/usr/sfw/bin/gmake install

Krist

 --
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] errors with installing Apache HTTP 2.0.61

2007-11-08 Thread Hu, Leigi (CDC/CCHIS/NCPHI) (CTR) 
Krist,

(1) I use gcc compiler on the UNIX box.
(2) I tried 'configure' without 'sudo' privileges and got 'Permission
denied' error:
./configure: line 1571: config.log: Permission denied
./configure: line 1581: config.log: Permission denied

These lines from file 'configure' are listed below for your information:
1571: cat >config.log <<_ACEOF

1580: _ACEOF
1581: exec 5>>config.log
1582: {

Thanks,

Rick


-Original Message-
From: Krist van Besien [mailto:[EMAIL PROTECTED] 
Sent: Thursday, November 08, 2007 9:31 AM
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] errors with installing Apache HTTP 2.0.61

On Nov 8, 2007 3:24 PM, Hu, Leigi (CDC/CCHIS/NCPHI) (CTR) <[EMAIL PROTECTED]>
wrote:
> Thanks for your help in advance.

Firstly, What compiler are you using?
Secondly, you don't need root privileges for the configure and make
commands. What happens when you run them as a normal user?

Krist

-- 
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

-
The official User-To-User support forum of the Apache HTTP Server
Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Apache Hangs.. Server-Status shows all Reading

2007-11-08 Thread Andrew Rosolino 

Ok next time it happens ill try tcpdump -A -s 0 port 80 and let you know..
thank u.

Christian Folini-4 wrote:
> 
> Hey Andrew,
> 
> You have to try and isolate the problem.
> It's a start to remove modules and make the issue
> go away in a lab setup and thus identify the component
> that is causing the problem. Try to nail down the
> individual requests that cause a server process/thread
> to hang.
> 
> Ideally mod_forensic should tell you about this
> requests as the forensic log will tell you about incoming
> requests before they are handled. But I am not sure
> they are in the forensic log as your status suggests
> they are still being read. 
> 
> tcpdump outside of your apache could help here (start
> with "tcpdump -A -s 0 port xxx" here. Unless it is
> https traffic, then it would not tell you much.
> 
> regs,
> 
> Christian
> 
> On Wed, Nov 07, 2007 at 09:31:58AM -0800, Andrew Rosolino wrote:
>> 
>> Hi this keeps happening a lot where my server will be unresponsive... it
>> just
>> hangs forever.. so I checked the apache server-status and there was 131
>> requests that looked like this..
>> 
>> 39-16 2177 0/67/114 R  0.95 47 562 0.0 0.48 0.66  ? ? ..reading..  
>> 40-16 29189 0/220/220 R  3.40 47 135 0.0 0.67 0.67  ? ? ..reading..  
>> 41-16 3959 0/7/111 R  0.21 48 81 0.0 0.01 0.42  ? ? ..reading..  
>> 
>> They were all just in the "reading" state and i couldnt get an open slot
>> nor
>> anyone else who was viewing our websites..
>> 
>> I restarted apache and all was fine.. but then 20 minutes later they went
>> back all into a reading state.. it appears as if slowly each processes
>> goes
>> into the reading state?? I dont understand what the problem is.
>> -- 
>> View this message in context:
>> http://www.nabble.com/Apache-Hangs..-Server-Status-shows-all-Reading-tf4766110.html#a13631744
>> Sent from the Apache HTTP Server - Users mailing list archive at
>> Nabble.com.
>> 
>> 
>> -
>> The official User-To-User support forum of the Apache HTTP Server
>> Project.
>> See http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>"   from the digest: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>> 
> 
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> 
> 

-- 
View this message in context: 
http://www.nabble.com/Apache-Hangs..-Server-Status-shows-all-Reading-tf4766110.html#a13648781
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] Problem in access_log?

2007-11-08 Thread Angelo Miranda 
Hi,

Thank you for your answer.
I didnt notice the 400 code.
For instance in this day (2007/11/7) the error_log is clean. No errors.
Do you think the problem might be on Tomcat ? Some hint ?

Thanks
Angelo

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joshua Slive
Sent: quinta-feira, 8 de Novembro de 2007 14:54
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] Problem in access_log?

On Nov 8, 2007 9:50 AM, Angelo Miranda <[EMAIL PROTECTED]> wrote:
>
> I am getting multiple lines in access_log for the same request. Most of
the
> time several in the same second or in the near seconds. Sometimes it can
> take 1 hour or so.

Since these are pdf files, it is most likely acrobat doing "byte
range" requests (requesting a portion of the file instead of the whole
file).

The real question you want to answer is whey the response status code
is 400. This error might be leading acrobat to retry. Is there
anything relevant in the error log?

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Problem in access_log?

2007-11-08 Thread Joshua Slive 
On Nov 8, 2007 9:50 AM, Angelo Miranda <[EMAIL PROTECTED]> wrote:
>
> I am getting multiple lines in access_log for the same request. Most of the
> time several in the same second or in the near seconds. Sometimes it can
> take 1 hour or so.

Since these are pdf files, it is most likely acrobat doing "byte
range" requests (requesting a portion of the file instead of the whole
file).

The real question you want to answer is whey the response status code
is 400. This error might be leading acrobat to retry. Is there
anything relevant in the error log?

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] apache as non-root

2007-11-08 Thread Axel-Stephane SMORGRAV 
-Message d'origine-
De : Krist van Besien [mailto:[EMAIL PROTECTED] 
Envoyé : jeudi 8 novembre 2007 15:14
À : users@httpd.apache.org
Objet : Re: [EMAIL PROTECTED] apache as non-root

> You could use a wrapper script (as I do) that the user can't change.

You could, but AFAICS the only point of using a wrapper over using sudo would 
be to hard code the -f parameter... In that case you would also need to prevent 
the user to change the configuration. What would be the point of that?

I have opted for sudo. Designated Apache administrators are allowed to 
start/stop/create as many instances of Apache they want to with the 
configurations of their choice. They are entrusted with that privilege. Bottom 
line.

-ascs

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Problem in access_log?

2007-11-08 Thread Angelo Miranda 
Hi everyone,

 

I am getting multiple lines in access_log for the same request. Most of the
time several in the same second or in the near seconds. Sometimes it can
take 1 hour or so.

This is happening for several IP's, in several days, in several pages.

Something must be happening with my access_log.

Someone can help me ?

I send an example below.

My server:

Server Version: Apache/2.0.55 (Unix) mod_ssl/2.0.55 OpenSSL/0.9.7a
mod_jk/1.2.15 

We are connecting Apache to Tomcat with mod_jk.

 

Thanks in advance

Angelo Miranda

 

200.241.244.4 - - [07/Nov/2007:15:04:58 -0500] "GET
/bitstream/1822/2999/1/TESE.pdf HTTP/1.0" 400 24552
"http://www.google.com.br/search?hl=pt-BR&q=palavras+que+terminam+em+az+ez+i
z+oz+uz&meta=" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"

200.241.244.4 - - [07/Nov/2007:15:05:23 -0500] "GET
/bitstream/1822/2999/1/TESE.pdf HTTP/1.0" 400 16368
"http://www.google.com.br/search?hl=pt-BR&q=palavras+que+terminam+em+az+ez+i
z+oz+uz&meta=" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"

200.241.244.4 - - [07/Nov/2007:15:05:25 -0500] "GET
/bitstream/1822/2999/1/TESE.pdf HTTP/1.0" 400 16368
"http://www.google.com.br/search?hl=pt-BR&q=palavras+que+terminam+em+az+ez+i
z+oz+uz&meta=" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"

200.241.244.4 - - [07/Nov/2007:15:05:30 -0500] "GET
/bitstream/1822/2999/1/TESE.pdf HTTP/1.0" 400 16368
"http://www.google.com.br/search?hl=pt-BR&q=palavras+que+terminam+em+az+ez+i
z+oz+uz&meta=" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"

200.241.244.4 - - [07/Nov/2007:15:05:32 -0500] "GET
/bitstream/1822/2999/1/TESE.pdf HTTP/1.0" 400 16368
"http://www.google.com.br/search?hl=pt-BR&q=palavras+que+terminam+em+az+ez+i
z+oz+uz&meta=" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"

200.241.244.4 - - [07/Nov/2007:15:05:32 -0500] "GET
/bitstream/1822/2999/1/TESE.pdf HTTP/1.0" 400 16368
"http://www.google.com.br/search?hl=pt-BR&q=palavras+que+terminam+em+az+ez+i
z+oz+uz&meta=" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"

200.241.244.4 - - [07/Nov/2007:15:05:34 -0500] "GET
/bitstream/1822/2999/1/TESE.pdf HTTP/1.0" 400 16368
"http://www.google.com.br/search?hl=pt-BR&q=palavras+que+terminam+em+az+ez+i
z+oz+uz&meta=" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"

200.241.244.4 - - [07/Nov/2007:15:05:32 -0500] "GET
/bitstream/1822/2999/1/TESE.pdf HTTP/1.0" 400 24552
"http://www.google.com.br/search?hl=pt-BR&q=palavras+que+terminam+em+az+ez+i
z+oz+uz&meta=" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"

200.241.244.4 - - [07/Nov/2007:15:05:54 -0500] "GET
/bitstream/1822/2999/1/TESE.pdf HTTP/1.0" 400 16368
"http://www.google.com.br/search?hl=pt-BR&q=palavras+que+terminam+em+az+ez+i
z+oz+uz&meta=" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"

200.241.244.4 - - [07/Nov/2007:15:05:14 -0500] "GET
/bitstream/1822/2999/1/TESE.pdf HTTP/1.0" 400 24552
"http://www.google.com.br/search?hl=pt-BR&q=palavras+que+terminam+em+az+ez+i
z+oz+uz&meta=" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"

200.241.244.4 - - [07/Nov/2007:15:05:53 -0500] "GET
/bitstream/1822/2999/1/TESE.pdf HTTP/1.0" 400 16368
"http://www.google.com.br/search?hl=pt-BR&q=palavras+que+terminam+em+az+ez+i
z+oz+uz&meta=" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"

200.241.244.4 - - [07/Nov/2007:15:05:56 -0500] "GET
/bitstream/1822/2999/1/TESE.pdf HTTP/1.0" 400 16368
"http://www.google.com.br/search?hl=pt-BR&q=palavras+que+terminam+em+az+ez+i
z+oz+uz&meta=" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"

200.241.244.4 - - [07/Nov/2007:15:06:03 -0500] "GET
/bitstream/1822/2999/1/TESE.pdf HTTP/1.0" 400 16368
"http://www.google.com.br/search?hl=pt-BR&q=palavras+que+terminam+em+az+ez+i
z+oz+uz&meta=" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"

200.241.244.4 - - [07/Nov/2007:15:06:21 -0500] "GET
/bitstream/1822/2999/1/TESE.pdf HTTP/1.0" 400 16368
"http://www.google.com.br/search?hl=pt-BR&q=palavras+que+terminam+em+az+ez+i
z+oz+uz&meta=" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"

200.241.244.4 - - [07/Nov/2007:15:06:22 -0500] "GET
/bitstream/1822/2999/1/TESE.pdf HTTP/1.0" 400 16368
"http://www.google.com.br/search?hl=pt-BR&q=palavras+que+terminam+em+az+ez+i
z+oz+uz&meta=" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"

200.241.244.4 - - [07/Nov/2007:15:06:18 -0500] "GET
/bitstream/1822/2999/1/TESE.pdf HTTP/1.0" 400 16368
"http://www.google.com.br/search?hl=pt-BR&q=palavras+que+terminam+em+az+ez+i
z+oz+uz&meta=" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"

200.241.244.4 - - [07/Nov/2007:15:06:25 -0500] "GET
/bitstream/1822/2999/1/TESE.pdf HTTP/1.0" 400 24552
"http://www.google.com.br/search?hl=pt-BR&q=palavras+que+terminam+em+az+ez+i
z+oz+uz&meta=" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"

200.241.244.4 - - [07/Nov/2007:15:06:40 -0500] "GET
/bitstream/1822/2999/1/TESE.pdf HTTP/1.0" 400 16368
"http://www.google.com.br/search?hl=pt-BR&q=palavras+que+terminam+em+az+ez+i
z+oz+uz&meta=" "Mozilla/4.0

RE: [EMAIL PROTECTED] Apache1.3 forward to Jboss

2007-11-08 Thread Schaible, Adam 
Excellent, I'll give that a shot! 

-Original Message-
From: Martin Strand [mailto:[EMAIL PROTECTED] 
Sent: Thursday, November 08, 2007 9:38 AM
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] Apache1.3 forward to Jboss

A quick fix would be to add this:

ServerAlias www.rememberit.us


On Thu, 08 Nov 2007 15:31:06 +0100, Schaible, Adam
<[EMAIL PROTECTED]>
wrote:

> Hello everyone,
>
>   I have a webapp running at 8080 and want port 80 connections to
be 
> sent to 8080.  I have the following configuration
>
> NameVirtualHost my.ip:80
>
> 
>   ServerName rememberit.us
>   ProxyPass /repos !
>   ProxyPass / http://www.rememberit.us:8080/ 
>
>
>
> This is working fine if you type http://rememberit.us/ in your
browser,
> however if you type http://www.rememberit.us/ it's not forwarding.
>
> Any suggestions?
> This e-mail transmission contains information that is confidential and

> may be privileged.
> It is intended only for the addressee(s) named above. If you receive  
> this e-mail in error,
> please do not read, copy or disseminate it in any manner.  If you are

> not the intended
> recipient, any disclosure, copying, distribution or use of the
contents  
> of this information
> is prohibited. Please reply to the message immediately by informing
the  
> sender that the
> message was misdirected. After replying, please erase it from your  
> computer system. Your
> assistance in correcting this error is appreciated.
>
>
>



-
The official User-To-User support forum of the Apache HTTP Server
Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

This e-mail transmission contains information that is confidential and may be 
privileged.   It is intended only for the addressee(s) named above. If you 
receive this e-mail in error, please do not read, copy or disseminate it in any 
manner. If you are not the intended recipient, any disclosure, copying, 
distribution or use of the contents of this information is prohibited. Please 
reply to the message immediately by informing the sender that the message was 
misdirected. After replying, please erase it from your computer system. Your 
assistance in correcting this error is appreciated.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] apache as non-root

2007-11-08 Thread Joshua Slive 
On Nov 8, 2007 9:12 AM, Axel-Stephane  SMORGRAV
<[EMAIL PROTECTED]> wrote:
> -Message d'origine-
> >De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Joshua Slive
> >Envoyé : jeudi 8 novembre 2007 14:56
> >À : users@httpd.apache.org
> >Objet : Re: [EMAIL PROTECTED] apache as non-root
> >
> >On Nov 8, 2007 7:11 AM, Axel-Stephane  SMORGRAV <[EMAIL PROTECTED]> wrote:
> >> Whether Apache is started with sudo or is suid root, anyone able start an 
> >> Apache instance with the configuration of his/her choice can do bad things 
> >> on the server.
> >
> >No, if apache is started with normal user privileges, it can't do harm 
> >beyond the privileges of that user. By setting apache suid root, anyone on 
> >your system can obtain complete root access by using the -f flag to specify 
> >a config file. (I won't give specifics of what you need to put in the config 
> >file, but it is quite easy for anyone with some apache knowledge.)
>
>
> Well, Joshua, that was basically what I was trying to say. If Apache is 
> started with root privileges (whether sudo or setuid) with a carefully 
> crafted configuration, bad things can happen.
>
> So the question is rather whether you can entrust some or all legitimate 
> non-root users of the host with the ability to start Apache with root 
> privileges so it can bind to reserved ports, and in that case how you choose 
> to do so.
>

Ok. I misread your message. What people should remember is that anyone
who can control the main apache config files can gain the privileges
of the user who starts apache.

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] errors with installing Apache HTTP 2.0.61

2007-11-08 Thread Krist van Besien 
On Nov 8, 2007 3:24 PM, Hu, Leigi (CDC/CCHIS/NCPHI) (CTR) <[EMAIL PROTECTED]> 
wrote:
> Thanks for your help in advance.

Firstly, What compiler are you using?
Secondly, you don't need root privileges for the configure and make
commands. What happens when you run them as a normal user?

Krist

-- 
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Apache1.3 forward to Jboss

2007-11-08 Thread Martin Strand 

A quick fix would be to add this:

ServerAlias www.rememberit.us


On Thu, 08 Nov 2007 15:31:06 +0100, Schaible, Adam <[EMAIL PROTECTED]>  
wrote:



Hello everyone,

I have a webapp running at 8080 and want port 80 connections to
be sent to 8080.  I have the following configuration

NameVirtualHost my.ip:80


  ServerName rememberit.us
  ProxyPass /repos !
  ProxyPass / http://www.rememberit.us:8080/




This is working fine if you type http://rememberit.us/ in your browser,
however if you type http://www.rememberit.us/ it's not forwarding.

Any suggestions?
This e-mail transmission contains information that is confidential and  
may be privileged.
It is intended only for the addressee(s) named above. If you receive  
this e-mail in error,
please do not read, copy or disseminate it in any manner.  If you are  
not the intended
recipient, any disclosure, copying, distribution or use of the contents  
of this information
is prohibited. Please reply to the message immediately by informing the  
sender that the
message was misdirected. After replying, please erase it from your  
computer system. Your

assistance in correcting this error is appreciated.







-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Apache1.3 forward to Jboss

2007-11-08 Thread Schaible, Adam 
Hello everyone,

I have a webapp running at 8080 and want port 80 connections to
be sent to 8080.  I have the following configuration

NameVirtualHost my.ip:80


  ServerName rememberit.us
  ProxyPass /repos !
  ProxyPass / http://www.rememberit.us:8080/




This is working fine if you type http://rememberit.us/ in your browser,
however if you type http://www.rememberit.us/ it's not forwarding.

Any suggestions?
This e-mail transmission contains information that is confidential and may be 
privileged.
It is intended only for the addressee(s) named above. If you receive this 
e-mail in error,
please do not read, copy or disseminate it in any manner.  If you are not the 
intended 
recipient, any disclosure, copying, distribution or use of the contents of this 
information
is prohibited. Please reply to the message immediately by informing the sender 
that the 
message was misdirected. After replying, please erase it from your computer 
system. Your 
assistance in correcting this error is appreciated.

[EMAIL PROTECTED] errors with installing Apache HTTP 2.0.61

2007-11-08 Thread Hu, Leigi (CDC/CCHIS/NCPHI) (CTR) 
Hi there,

 

I try to install Apache HTTP 2.0.61 server on a Solaris 10 UNIX machine.
I can't check the signature of the downloaded Apache HTTP 2.0.61 as my
UNIX machine doesn't recognize the 'gpg' command. When I was trying to
configure Apache HTTP 2.0.61, I received the following WARNING message:

configure: WARNING: netinet/sctp.h: present but cannot be compiled

configure: WARNING: netinet/sctp.h: check for missing prerequisite
headers?

configure: WARNING: netinet/sctp.h: see the Autoconf documentation

configure: WARNING: netinet/sctp.h: section "Present But Cannot Be
Compiled"

configure: WARNING: netinet/sctp.h: proceeding with the preprocessor's
result

configure: WARNING: netinet/sctp.h: in the future, the compiler will
take precedence

config.status: WARNING:  apr-config.in seems to ignore the --datarootdir
setting

config.status: WARNING:  Makefile.in seems to ignore the --datarootdir
setting

config.status: WARNING:  lib/Makefile.in seems to ignore the
--datarootdir setting

 

When I ignored the warnings above and continued to build the Apache
package by running 'make' command, I got the following errors:

make: Fatal error: Command failed for target `libexpat.la'

Current working directory
/export/home/dxq6/apache/httpd-2.0.61/srclib/apr-util/xml/expat/lib

make: Fatal error: Command failed for target `build-subdirs'

Current working directory
/export/home/dxq6/apache/httpd-2.0.61/srclib/apr-util/xml/expat

make: Fatal error: Command failed for target `all-recursive'

Current working directory
/export/home/dxq6/apache/httpd-2.0.61/srclib/apr-util/xml

make: Fatal error: Command failed for target `all-recursive'

Current working directory
/export/home/dxq6/apache/httpd-2.0.61/srclib/apr-util

make: Fatal error: Command failed for target `all-recursive'

Current working directory /export/home/dxq6/apache/httpd-2.0.61/srclib

make: Fatal error: Command failed for target `all-recursive'

 

I am not a system admin. I ran the 'configure' and 'make' commands by
means of 'sudo'. Does someone know why this happened and how to fix the
problem? 

 

Thanks for your help in advance.

 

Rick

Re: [EMAIL PROTECTED] apache as non-root

2007-11-08 Thread Krist van Besien 
On Nov 8, 2007 2:55 PM, Joshua Slive <[EMAIL PROTECTED]> wrote:
> On Nov 8, 2007 7:11 AM, Axel-Stephane  SMORGRAV
> <[EMAIL PROTECTED]> wrote:
> > I think you would need to elaborate on that statement. Frankly I can see a 
> > few differences, but I am not sure whether those are what you were thinking 
> > about. Apache also does a chuid/chgid effectively changing the UID/GID of 
> > the process to something which is hopefully not privileged.
> >
> > Whether Apache is started with sudo or is suid root, anyone able start an 
> > Apache instance with the configuration of his/her choice can do bad things 
> > on the server.
>
> No, if apache is started with normal user privileges, it can't do harm
> beyond the privileges of that user. By setting apache suid root,
> anyone on your system can obtain complete root access by using the -f
> flag to specify a config file. (I won't give specifics of what you
> need to put in the config file, but it is quite easy for anyone with
> some apache knowledge.)

You could use a wrapper script (as I do) that the user can't change.

Krist

-- 
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] apache as non-root

2007-11-08 Thread Axel-Stephane SMORGRAV 
-Message d'origine-
>De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Joshua Slive
>Envoyé : jeudi 8 novembre 2007 14:56
>À : users@httpd.apache.org
>Objet : Re: [EMAIL PROTECTED] apache as non-root
>
>On Nov 8, 2007 7:11 AM, Axel-Stephane  SMORGRAV <[EMAIL PROTECTED]> wrote:
>> Whether Apache is started with sudo or is suid root, anyone able start an 
>> Apache instance with the configuration of his/her choice can do bad things 
>> on the server.
>
>No, if apache is started with normal user privileges, it can't do harm beyond 
>the privileges of that user. By setting apache suid root, anyone on your 
>system can obtain complete root access by using the -f flag to specify a 
>config file. (I won't give specifics of what you need to put in the config 
>file, but it is quite easy for anyone with some apache knowledge.)


Well, Joshua, that was basically what I was trying to say. If Apache is started 
with root privileges (whether sudo or setuid) with a carefully crafted 
configuration, bad things can happen.

So the question is rather whether you can entrust some or all legitimate 
non-root users of the host with the ability to start Apache with root 
privileges so it can bind to reserved ports, and in that case how you choose to 
do so.

-ascs

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] apache as non-root

2007-11-08 Thread Joshua Slive 
On Nov 8, 2007 7:11 AM, Axel-Stephane  SMORGRAV
<[EMAIL PROTECTED]> wrote:
> I think you would need to elaborate on that statement. Frankly I can see a 
> few differences, but I am not sure whether those are what you were thinking 
> about. Apache also does a chuid/chgid effectively changing the UID/GID of the 
> process to something which is hopefully not privileged.
>
> Whether Apache is started with sudo or is suid root, anyone able start an 
> Apache instance with the configuration of his/her choice can do bad things on 
> the server.

No, if apache is started with normal user privileges, it can't do harm
beyond the privileges of that user. By setting apache suid root,
anyone on your system can obtain complete root access by using the -f
flag to specify a config file. (I won't give specifics of what you
need to put in the config file, but it is quite easy for anyone with
some apache knowledge.)

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] apache as non-root

2007-11-08 Thread Axel-Stephane SMORGRAV 
I think you would need to elaborate on that statement. Frankly I can see a few 
differences, but I am not sure whether those are what you were thinking about. 
Apache also does a chuid/chgid effectively changing the UID/GID of the process 
to something which is hopefully not privileged.

Whether Apache is started with sudo or is suid root, anyone able start an 
Apache instance with the configuration of his/her choice can do bad things on 
the server. The main advantage about sudo I can think of is that it at least 
allows you to restrict who is allowed to execute Apache with root priveleges. 
On the other hand you could apply the same restrictions using file system 
access control lists.

On a server with many users of which only a few are allowed to start Apache 
with root privileges, there is definitely an advantage to sudo.


-ascs
 
-Message d'origine-
De : Christian Folini [mailto:[EMAIL PROTECTED] 
Envoyé : jeudi 8 novembre 2007 11:10
À : users@httpd.apache.org
Objet : Re: [EMAIL PROTECTED] apache as non-root

On Thu, Nov 08, 2007 at 11:00:10AM +0100, Krist van Besien wrote:
> > Sounds like a task for "sudo".
> 
> Another option is making the httpd executable suid root.

Ouch.

Starting a webserver on port 80 as a normal user is not a good thing. Sudo 
helps to limit the security breach somewhat if you really have to. Setting the 
suid flag is a lot worse securitywise. A lot.

regs,

Christian

> --
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> Bremgarten b. Bern, Switzerland

Bern, Switzerland


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Timeout problem with apache benchmark

2007-11-08 Thread Christian Folini 
On Thu, Nov 08, 2007 at 11:36:51AM +0100, Bj wrote:
> httperf (from HP)  is also basic but a bit more evolued.
> 
> You can use Jmeter to test your Webservice. If you want to obtain 1
> req/s with Jmeter you will have to use several Jmeter instances on several
> servers.

siege and proxysniffer are other alternatives.

Christian


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Timeout problem with apache benchmark

2007-11-08 Thread Bj 
ab is a "basic" tool. Sometimes it's not able to complete the bench when the
number (or/and the  concurrency) of requests is too high.
what is excatly your "timeout" message ?
Are you sure that your underlaying application server is not overloaded ?

httperf (from HP)  is also basic but a bit more evolued.

You can use Jmeter to test your Webservice. If you want to obtain 1
req/s with Jmeter you will have to use several Jmeter instances on several
servers.

-- 
Bj


On 11/7/07, Lahiru Gunathilake <[EMAIL PROTECTED]> wrote:
>
> Hi,
> I'm testing performance of Apache Axis2/c using apache Bechmark.I'm
> sending requests in a linux machine but when i'm sending a big xml
> file with my request
> apache benchmark is time out.I don't know how to set apache benchmark
> timeout.And when i'm setting the apache web server's timeout parameter
> it's not responding to that set value.I just edit the
> conf/extras/httpd-default.conf and included that file in the
> conf/httpd.conf file.I think there's a problem with apache benchmark
> in linux.Then i tried to send request in windows now it can send big
> files but the performance is very slow.
> In linux some services requests per second:1
> In window some services requests per seconde:2500
> Do i need to do any settings with windows before using apache
> benchmark or there's a performance issue with windows.what should i
> do...?
>
> Regs
> lahiru
>
>
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>"   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

Re: [EMAIL PROTECTED] apache as non-root

2007-11-08 Thread Christian Folini 
On Thu, Nov 08, 2007 at 11:00:10AM +0100, Krist van Besien wrote:
> > Sounds like a task for "sudo".
> 
> Another option is making the httpd executable suid root.

Ouch.

Starting a webserver on port 80 as a normal user is not
a good thing. Sudo helps to limit the security breach somewhat
if you really have to. Setting the suid flag is a lot
worse securitywise. A lot.

regs,

Christian

> --
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> Bremgarten b. Bern, Switzerland

Bern, Switzerland


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] apache as non-root

2007-11-08 Thread Krist van Besien 
On Nov 6, 2007 4:59 PM, Christian Folini <[EMAIL PROTECTED]> wrote:
> On Tue, Nov 06, 2007 at 02:29:03PM +, Melanie Pfefer wrote:
> > hi
> >
> > I modified user in httpd.conf but as long as the port
> > number is 80, only root can start apache. subsequent
> > process will be run as non-root.
> >
> > any idea how to allow this user to start apache?
>
> Sounds like a task for "sudo".

Another option is making the httpd executable suid root.

Krist


-- 
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] Using a proxy manually from a webbrowser?

2007-11-08 Thread Nick Kew 
On Wed, 7 Nov 2007 23:31:10 -0800 (PST)
Martin Fick <[EMAIL PROTECTED]> wrote:

> The end
> result should be that the page returned by th
> webserver (myapache.com) should actually be
> http://website.com/webpage.html but the request has to
> go through privoxy! 

ProxyRemote?

-- 
Nick Kew

Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]