Re: [EMAIL PROTECTED] Authenticating Proxy Server
Try using NTLM which provides some level of security or else try digest authentication using mod_auth_digest Roy Pearce wrote: Hi Nils, Thanks for your reply. Our proxy server is a forward proxy server, not a reverse one so I haven't used the ProxyPass and ProxyPassReverse directives. I replicated the (forward) proxy server, added SSL and changed the port to 443. The browser was configured to use this authenticating proxy server. The browser appears not to like talking to an SSL-enabled proxy server. Doing this was a stab in the dark! A guess, if you like and it's possibly a forlorn hope. Are there other ways to transmit the credentials in an encrypted manner rather than in plain text? Regards, Roy Nils Jeppe wrote: On 15.04.2008, at 13:22, Roy Pearce wrote: I have tried using an ssl-enabled authenticating proxy server but this confuses the browser as it attempts to talk http to an https server. Mh, why is this? I don't have experience with mod_auth_radius, but I'd expect it to work similarily to all the other mod_auth_* modules, that is, internally in Apache and not exposed to the user. So it shouldn't be the cause... For the proxy I assume you use the normal ProxyPass / ProxyPass reverse combination? Best wishes Nils - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Browser handling of 413 Request Entity Too Large
On Tue, Apr 15, 2008 at 05:01:52PM -0700, Ray Van Dolson wrote: Hi all, running into this on an old Apache 2.0.46 installation (actually httpd-2.0.46-70.ent from RHEL 3 Update 9). When a user attempts to upload a large file it's exceeding the LimitRequestBody size and Apache returns a 413 error. It appears however that the browser (IE6 and FireFox 2.x in this case) do not display the 413 message and instead show an error as if the connection has been reset. This is the 2.0.x lingering close bug; it's fixed in 2.2.x. https://issues.apache.org/bugzilla/show_bug.cgi?id=35292 Regards, joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Tons of Segfaults in Apache-Prefork 2.2.4
Hi all, we experience a lot of threads segfaulting with our Apaches. There are about 300 dying threads per day. The error in syslog is the following: Apr 16 23:51:41 foo-bar kernel: httpd[24629]: segfault at 7fffae529f98 rip 2b2ffd6408b7 rsp 7fffae529ea0 error 6 I wish I could give you some kind of trace or core file. But we don't get a core file since only threads die and not the root-process. I also tried to strace the Apache but this slowed the server down too much. And the error appears only on the live system with a very high load. Any ideas welcome here. At the same time we get broken TCP packets with a wrong window size which looks like this: Apr 17 00:14:17 foo-bar kernel: TCP: Treason uncloaked! Peer 84.175.98.78:2637/80 shrinks window 1785243455:1785255071. Repaired. The information I found on the net are very contradictory, so I can't estimate the impact on the system. The box is used for dynamic webpages on PHP. Below are some system information. Sorry, this is not very much information but I'm still at the beginning of my Apache leraning curve. Thx and cheers, --- Markus Meyer Some system info: # uname -a Linux wkw-fra2 2.6.18-4-amd64 #1 SMP Fri May 4 00:37:33 UTC 2007 x86_64 GNU/Linux from httpd.conf ServerLimit 1800 StartServers250 MinSpareServers 64 MaxSpareServers 128 MaxClients 1200 Timeout 60 KeepAlive On KeepAliveTimeout 2 MaxKeepAliveRequests 128 MaxRequestsPerChild 1 LoadModule authz_owner_module modules/mod_authz_owner.so LoadModule ext_filter_module modules/mod_ext_filter.so LoadModule env_module modules/mod_env.so LoadModule mime_magic_module modules/mod_mime_magic.so LoadModule expires_module modules/mod_expires.so LoadModule autoindex_module modules/mod_autoindex.so LoadModule asis_module modules/mod_asis.so LoadModule info_module modules/mod_info.so LoadModule cgi_module modules/mod_cgi.so LoadModule negotiation_module modules/mod_negotiation.so LoadModule actions_module modules/mod_actions.so LoadModule php5_modulemodules/libphp5.so CoreDumpDirectory /var/log/apache/core UseCanonicalName On TypesConfig /etc/apache2/conf-prefork/mime.types DefaultType text/plain MIMEMagicFile /etc/apache2/conf-prefork/magic HostnameLookups Off PHP version # ./php --version PHP 5.2.3 (cli) (built: Jun 17 2007 21:46:02) Copyright (c) 1997-2007 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies with eAccelerator v0.9.5.2, Copyright (c) 2004-2006 eAccelerator, by eAccelerator - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] mod_mem_cache caches incomplete content
Hi all, I'm using mod_mem_cache to cache iso files provided by tomcat backend server (using mod_http_proxy). During the first client download, the iso file is stored into this cache. If this client stops prematurely the download, the cache contains an incomplete part of this iso file. Consequently, for all other requests from all clients, the iso file will be wrong. Of course, we have the same behavior for any kind of content (jpeg, html, ...). This bug has already been defined partially into the 32735 and 15866 bug reports, but I would like to complete it. We have two cases : - The backend server doesn't send a complete response. For me, this case is covered by the 15866 bug report. I agree that we should be compliant with RFC 2616 and so treat response as partial. - The first client, filling the cache, stops prematurely the download. In such case, the mod_mem_cache must discard the body response. I've performed same tests using the mod_disk_cache. This one discards the body if the connection has been aborted. disk_cache: Discarding body for URL http://... because connection has been aborted. My feeling is that we should have the same behavior for mem and disk cache modules. The mem module is not usable because the integrity of cache content should not depend of the client. Fred PS : I'm doing my tests on Apache 2.2.8 on Linux. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] mod_proxy_html and segmentation fault
hi, I am getting a segmentation fault when I use mod_proxy_html so I wonder if this is due to a compilation error, a bug, a mis-configuration…. RewriteEngine On RewriteRule ^/(.*XYZ.*) http://backend:8080/abc/$1 [P,L] Or ProxyPass /XYZ:001 http://backend:8080/abc/XYZ:001 ProxyPassReverse /XYZ:001 http://backend:8080/abc/XYZ:001 I get: Not Found The requested URL /abc/tree.jsp was not found on this server. Not Found The requested URL /abc/content.jsp was not found on this server. So If I add SetOutputFilter proxy-html ProxyHTMLURLMap http://backend:8080/abc/XYZ:001 /XYZ:001 I get a blank page. The error_log file: [Thu Apr 17 13:29:41 2008] [debug] mod_proxy_http.c(54): proxy: HTTP: canonicalising URL //backend:8080/abc/XYZ:001 [Thu Apr 17 13:29:41 2008] [debug] proxy_util.c(1397): [client 172.21.194.71] proxy: *: found reverse proxy worker for http://backend:8080/abc/XYZ:001 [Thu Apr 17 13:29:41 2008] [debug] mod_proxy.c(777): Running scheme http handler (attempt 0) [Thu Apr 17 13:29:41 2008] [debug] mod_proxy_http.c(1662): proxy: HTTP: serving URL http://backend:8080/abc/XYZ:001 [Thu Apr 17 13:29:41 2008] [debug] proxy_util.c(1798): proxy: HTTP: has acquired connection for (*) [Thu Apr 17 13:29:41 2008] [debug] proxy_util.c(1859): proxy: connecting http://backend:8080/abc/XYZ:001 to backend:8080 [Thu Apr 17 13:29:41 2008] [debug] proxy_util.c(1955): proxy: connected /abc/XYZ:001 to backend:8080 [Thu Apr 17 13:29:41 2008] [debug] proxy_util.c(2050): proxy: HTTP: fam 2 socket created to connect to * [Thu Apr 17 13:29:41 2008] [debug] proxy_util.c(2146): proxy: HTTP: connection complete to 172.21.26.218:8080 (backend) [Thu Apr 17 13:29:41 2008] [debug] proxy_util.c(1625): proxy: grabbed scoreboard slot 0 in child 26171 for worker proxy:reverse [Thu Apr 17 13:29:41 2008] [debug] proxy_util.c(1644): proxy: worker proxy:reverse already initialized [Thu Apr 17 13:29:41 2008] [debug] proxy_util.c(1724): proxy: initialized single connection worker 0 in child 26171 for (*) [Thu Apr 17 13:29:42 2008] [debug] mod_proxy_http.c(1448): proxy: start body send [Thu Apr 17 13:29:42 2008] [notice] child pid 26027 exit signal Segmentation fault (11) Many thanks for your support. ___ Yahoo! For Good helps you make a difference http://uk.promotions.yahoo.com/forgood/ - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] url proxying
On Wed, Apr 16, 2008 at 10:23 AM, Melanie Pfefer [EMAIL PROTECTED] wrote: Hi Krist,all indeed the cause was related to redirects on the backend application. The developers fixed this issue and the url proxying is working now. I appreciate your help and support. thank you. You're welcome. Glad your problem is solved. Krist -- [EMAIL PROTECTED] [EMAIL PROTECTED] Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] mod_userdir issue
Well, I've figured out a workaround for the issue. I just added an alias to httpd.conf to point /~bob to /home/bob/public_html and it works fine when I try to go to http://my.webserver.com/~bob/. If anyone has any idea what was going, let me know. I'm still really confused by it. Thanks! Anyone? Hello everyone, I'm having an issue with mod_userdir and was hoping someone could help me. I have a centos 4.6 machine that is acting as a file/web server for my users. I have tied it into our AD with winbind and samba for smb access and I'm using mod_userdir to allow the users to host content from their home directories. The machine itself is a dell desktop that has been converted for this purpose. I have the /home directory living on a separate hard drive from the rest of the file system. It gets mounted from /etc/fstab. The issue I'm having is for one (he's the only one that has complained ;) user. When I try to go to his webpage at http://my.webserver.com/~bob/ I get the following errors: accesslog xxx.xxx.xxx.xxx - - [14/Apr/2008:09:44:01 -0400] GET /~bob/ HTTP/1.1 302 278 errorlog [Mon Apr 14 09:41:15 2008] [error] [client xxx.xxx.xxx.xx] File does not exist: /var/www/html/~bob The really weird thing I'm seeing happen is that when I console in to the server and cd to the /home directory and issue an ls -l, his page will start showing up when I try to access it, but only for a short time. After a while, it goes missing again. xxx.xxx.xxx.xxx - - [14/Apr/2008:09:47:19 -0400] GET /~bob/ HTTP/1.1 200 17781 I'm attaching my httpd.conf as well. Anyone have any idea? Thanks for your help! Brandon
Re: [EMAIL PROTECTED] Authenticating Proxy Server
Hi Nick, Thanks for your comments. Nick Kew wrote: On Tue, 15 Apr 2008 15:19:01 +0100 Roy Pearce [EMAIL PROTECTED] wrote: The browser appears not to like talking to an SSL-enabled proxy server. Sounds to me like a browser misconfiguration. All I changed was the port number to point to a secure authenticating proxy server. It appears that FF assumes the proxy server is talking HTTP when I would like it to talk HTTPS. There doesn't appear to be any way to define the protocol when configuring a proxy server. (Of course, if this was to work, then all of the traffic would be encrypted - which would be overkill!) Are there other ways to transmit the credentials in an encrypted manner rather than in plain text? HTTP digest authentication. We can't use Digest as the password file is not on the same machine. We use mod_auth_radius to connect to a RADIUS server (on another machine) to check credentials against the ADF database. Regards, Roy Pearce Computing Systems University of Birmingham UK - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Tons of Segfaults in Apache-Prefork 2.2.4
Markus Meyer schrieb: Hi all, we experience a lot of threads segfaulting with our Apaches. There are about 300 dying threads per day. The error in syslog is the following: Apr 16 23:51:41 foo-bar kernel: httpd[24629]: segfault at 7fffae529f98 rip 2b2ffd6408b7 rsp 7fffae529ea0 error 6 BTW: The same appears with the actual Apache 2.2.8 too. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Single Client Simultaneous Page Load Issue
On Wed, Apr 16, 2008 at 9:03 PM, Robert Conrad [EMAIL PROTECTED] wrote: I am aware of the browser limitation, however that is certainly not the problem. The simplest way I can explain it is this: if I load two pages with nothing but reams of text (no images, no included files, nothing else) on two different domains from the same server, they load simultaneously. If I load those same two pages on the same domain, the second will not begin loading until the first has completed. Unless my various browsers are all limited to one connection, I can't see how it is a browser issue. Have you looked in your apache log? Apache logs the exact moment a request arrives. This allows you to see if requests are received in parallel or not. Krist -- [EMAIL PROTECTED] [EMAIL PROTECTED] Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] More than one SSL Certificate/Virtual Host
Apache 2.2 I want to get two virtual hosts to work on my install of apache: www.a.edu http://www.a.edu/ and www.b.edu http://www.b.edu/ . I already have one certificate working fine for SSL. How do I get the other to work? I created two certificates. The first one worked fine. I added the second virtual host and got the following error: Starting apache 2.2.8[Thu Apr 17 09:46:25 2008] [warn] _default_ VirtualHost overlap on port 443, the first has precedence Apache/2.2.8 mod_ssl/2.2.8 (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. In order to read them you have to provide the pass phrases. Server www.a.edu:443 (RSA) Enter pass phrase: OK: Pass Phrase Dialog successful. I thought if I copied the SSL virtual host and changed the file reference to the new ssl.key and ssl.crt files it would work. I also changed the server name. Is there something I am missing? Thanks, Lance Campbell Project Manager/Software Architect Web Services at Public Affairs University of Illinois 217.333.0382 http://webservices.uiuc.edu
Re: [EMAIL PROTECTED] More than one SSL Certificate/Virtual Host
On Thu, Apr 17, 2008 at 10:01:23AM -0500, Campbell, Lance wrote: I thought if I copied the SSL virtual host and changed the file reference to the new ssl.key and ssl.crt files it would work. I also changed the server name. Is there something I am missing? You can only have one SSL site per IP address. Ray - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] More than one SSL Certificate/Virtual Host
Is there something I am missing? Yes. You must use IP based virtual hosts. It is only possible to have one cert on one ip on one port. You can add another ip or configure each virtual host on a different port (443, 444,...) on one ip. You can also configure one cert for all virtual hosts, but you will see some warings in the logs and the users will see a warning message when they open the site. Thomas - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Authenticating Proxy Server
On Thu, 17 Apr 2008 15:28:19 +0100 Roy Pearce [EMAIL PROTECTED] wrote: Sounds to me like a browser misconfiguration. All I changed was the port number to point to a secure authenticating proxy server. It appears that FF assumes the proxy server is talking HTTP when I would like it to talk HTTPS. Sorry, I'm no expert on firefox. Did you try its about:? I expect there's a plugin for it, it it really isn't builtin. HTTP digest authentication. We can't use Digest as the password file is not on the same machine. We use mod_auth_radius to connect to a RADIUS server (on another machine) to check credentials against the ADF database. One of the changes in 2.2 over earlier versions is that the HTTP authentication method (Basic/Digest/Homebrew) is decoupled from the backend lookup (radius, in your case). So that's no longer an issue, assuming the radius authentication module has been updated to use the new framework. -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.apachetutor.org/ - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] More than one SSL Certificate/Virtual Host
On Thursday 17 April 2008 11:05:11 Ray Van Dolson wrote: You can only have one SSL site per IP address. However, you can work around this by using a wildcard SSL certificate if all the vhosts are in the same second-level domain, e.g., foo.example.com, bar.example.com, and www.example.com can all share one wildcard SSL cert for *.example.com. I have this running on a server I administer for a nonprofit org. Kind regards, Scott -- - Scott D. COURTNEY, Principal Engineer Sine Nomine Associates [EMAIL PROTECTED] http://www.sinenomine.net/ - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Tons of Segfaults in Apache-Prefork 2.2.4
On Thu, 17 Apr 2008 12:13:04 +0200 Markus Meyer [EMAIL PROTECTED] wrote: Hi all, we experience a lot of threads segfaulting with our Apaches. There are about 300 dying threads per day. The error in syslog is the following: Apr 16 23:51:41 foo-bar kernel: httpd[24629]: segfault at 7fffae529f98 rip 2b2ffd6408b7 rsp 7fffae529ea0 error 6 I wish I could give you some kind of trace or core file. But we don't get a core file since only threads die and not the root-process. I Hmmm? Your subject line says prefork. With prefork, there are no threads. Anyway, no matter. You should get cores from a segfault. Have you enabled them? (See Coredumpdirectory, and check limitations imposed by your operating system and shell). also tried to strace the Apache but this slowed the server down too much. And the error appears only on the live system with a very high load. Any ideas welcome here. We recently (for 2.2.9) fixed a bug that fits that description: http://issues.apache.org/bugzilla/show_bug.cgi?id=44402 But that's not relevant to prefork. At the same time we get broken TCP packets with a wrong window size which looks like this: Um, sounds like a problem in the network, below the level of apache. The box is used for dynamic webpages on PHP. Below are some system information. PHP is always a prime suspect for this kind of problem. If you're using mod_php, make sure you really are running prefork, as PHP+threads is a classic recipe for random segfaults. Sorry, this is not very much information but I'm still at the beginning of my Apache leraning curve. Contradictory information is more of a problem. -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.apachetutor.org/ - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] mod_expires in Apache 2.0.54
Hello everyone, We have been using Apache 2.0.54 on SLES as our hosting standard for all our applications. We have enabled the mod_expires in apache to set the expiration settings for the static content like JPEG, GIF, JS, etc. There is a requirement that the expiration settings should be set at the directory level. Currently, it is set based on the file extension (or MIME). E.G. /directory1/*.js - expires after 5 hours while the /directory2/*.js expires after 30 days. I have read the apache docs for mod_expires, it does not have any info on this. If anyone has any idea on this, please share. Thank You, Karthick P _ The information contained in this message may be CONFIDENTIAL and is for the intended addressee only. Any unauthorized use, dissemination of the information, or copying of this message is prohibited. If you are not the intended addressee, please notify the sender immediately and delete this message. _
Re: [EMAIL PROTECTED] Tons of Segfaults in Apache-Prefork 2.2.4
Nick Kew schrieb: On Thu, 17 Apr 2008 12:13:04 +0200 Hmmm? Your subject line says prefork. With prefork, there are no threads. Anyway, no matter. Stupid me. This happens when having developers crying in your ear all the time ;) You should get cores from a segfault. Have you enabled them? (See Coredumpdirectory, and check limitations imposed by your operating system and shell). I enabled CoreDumpDirectory in httpd.conf, made a ulimit -c unlimited and started Apache. When I had a segfault there was no corefile in the specified directory and Apache was still running. Only the forked process was gone and a new was spawned. After two days or sometimes a week Apache gets really slow and can handle only a fourth or less of it's usual traffic. We recently (for 2.2.9) fixed a bug that fits that description: http://issues.apache.org/bugzilla/show_bug.cgi?id=44402 But that's not relevant to prefork. Currently the page is not reachable. Um, sounds like a problem in the network, below the level of apache. I'm looking into this too. PHP is always a prime suspect for this kind of problem. If you're using mod_php, make sure you really are running prefork, as PHP+threads is a classic recipe for random segfaults. *lol* Contradictory information is more of a problem. I do my best. Cheers, Markus Meyer - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] mod_expires in Apache 2.0.54
On Thu, Apr 17, 2008 at 12:14 PM, Karthick P [EMAIL PROTECTED] wrote: Hello everyone, We have been using Apache 2.0.54 on SLES as our hosting standard for all our applications. We have enabled the mod_expires in apache to set the expiration settings for the static content like JPEG, GIF, JS, etc. There is a requirement that the expiration settings should be set at the directory level. Currently, it is set based on the file extension (or MIME). E.G. /directory1/*.js - expires after 5 hours while the /directory2/*.js expires after 30 days. I have read the apache docs for mod_expires, it does not have any info on this. If anyone has any idea on this, please share. The docs note that these directives are valid in directory context, which means they can be placed in Directory/Files/Location sections. See: http://httpd.apache.org/docs/2.2/sections.html So for example, you can do Directory /full/path/to/directory1 ExpiresByType whatever/whatever access plus 5 hours /Directory Directory /full/path/to/directory2 ExpiresByType whatever/whatever access plus 30 days /Directory Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Options Indexes
I have the following in httpd.conf : DocumentRoot /Apache/Apache/htdocs Directory / Options FollowSymLinks MultiViews AllowOverride None /Directory Directory /landing Options FollowSymLinks MultiViews /Directory Directory /images Options Indexes FollowSymLinks MultiViews AllowOverride None /Directory Directory /Apache/Apache/htdocs Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny Allow from all /Directory In my htdocs folder I have: myserver:/Apache/Apache/htdocs $ ls -al -rw-r- 1 oracle dba3638 Jan 25 2007 favicon.ico -rw-rw-r-- 1 oracle dba 411 Nov 30 13:00 index.html drwxrwxr-x 2 oracle dba 512 Apr 16 19:18 images lrwxrwxrwx 1 oracle dba 23 Dec 18 10:35 landing - /landing/IFS1G/catalogs -rw-rw-r-- 1 oracle dba 28 Dec 20 16:43 robots.txt And under images folder: myserver:/Apache/Apache/htdocs/images $ ls -al lrwxrwxrwx 1 oracle dba 24 Apr 16 19:18 Large - /landing/Marketing/Large lrwxrwxrwx 1 oracle dba 24 Apr 16 17:40 Print - /landing/Marketing/Print lrwxrwxrwx 1 oracle dba 24 Apr 16 17:40 Small - /landing/Marketing/Small The above shows Indexes for /landing /images but I just want file indexing under /images not landing, how do I change it so it allows file indexing on just /images ? If I Remove Indexes from under Directory /Apache/Apache/htdocs then I get a 404 for both /images and /landing and the Error log says: Directory index forbidden by rule: /Apache/Apache/htdocs/landing/ Any ideas? Thanks __ This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. Katun Corporation -- www.katun.com _
Re: [EMAIL PROTECTED] Tons of Segfaults in Apache-Prefork 2.2.4
On Thu, Apr 17, 2008 at 12:16 PM, Markus Meyer [EMAIL PROTECTED] wrote: I enabled CoreDumpDirectory in httpd.conf, made a ulimit -c unlimited and started Apache. When I had a segfault there was no corefile in the specified directory and Apache was still running. Only the forked process was gone and a new was spawned. After two days or sometimes a week Apache gets really slow and can handle only a fourth or less of it's usual traffic. It is expected that apache should still be running, but you should be able to get a core file. Without the core file, it is almost impossible to debug a segfault. There is a little more guidance here: http://httpd.apache.org/dev/debugging.html#crashes Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Options Indexes
On Thu, Apr 17, 2008 at 12:42 PM, James Wuerflein [EMAIL PROTECTED] wrote: I have the following in httpd.conf : DocumentRoot /Apache/Apache/htdocs Directory /landing Options FollowSymLinks MultiViews /Directory Directory refers to file-system directories. You probably want Directory /Apache/Apache/htdocs/landing ... Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] mod_mem_cache caches incomplete content
On Thu, Apr 17, 2008 at 6:41 AM, Frederic Paillart [EMAIL PROTECTED] wrote: Hi all, I'm using mod_mem_cache to cache iso files provided by tomcat backend server (using mod_http_proxy). During the first client download, the iso file is stored into this cache. If this client stops prematurely the download, the cache contains an incomplete part of this iso file. Consequently, for all other requests from all clients, the iso file will be wrong. Of course, we have the same behavior for any kind of content (jpeg, html, ...). This doesn't directly answer your question, but in general, you should be aware that the disk cache is much more stable, and very-often more performant than the memory cache. Unless you have a very good reason to use the memory cache, you should try the disk cache instead. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Redirecting http to https using mod_proxy
I want to redirect users whenever they type http://webmail.example.com they are redirected to localmail.example.com The local server is local server is localserver.gleanerjm.com the apache2.conf is as follows: VirtualHost * ServerName webmail.example.com ProxyPass / https://localwebmail.example.com ProxyPassReverse / https://localwebmail.example.com Location / Order allow,deny Allow from all /Location /VirtualHost The user is seeing localserver.example.com:8080 in their browser. How can I fix this to redirect the user from http to https Disclaimer... This e-mail and any attachment is confidential and may be legally privileged. It is intended for the named recipient only. If you are not the named addressee you should not disseminate, distribute, copy or alter this email. If you have received this email in error please notify the sender by email Warning: Although The Gleaner Co. Limited has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments. __ This email has been scanned by the Email Security System.
Re: [EMAIL PROTECTED] Redirecting http to https using mod_proxy
On Thu, Apr 17, 2008 at 12:59 PM, [EMAIL PROTECTED] wrote: I want to redirect users whenever they type http://webmail.example.com they are redirected to localmail.example.com The local server is local server is localserver.gleanerjm.com the apache2.conf is as follows: VirtualHost * ServerName webmail.example.com ProxyPass / https://localwebmail.example.com Change ProxyPass to Redirect and delete the ProxyPassReverse. Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] mod_proxy limit session
Hi there, I try to figure out if there is a way to limit the amount of active sessions when using mod_proxy with sticky bit. I've found the max and smax param which allows to limit the connections, but it does not limit the amount of concurrent sessions. Thanks for any help or hint Regards, Arsène - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Authenticating Proxy Server
No FF will not communicate to a proxy using SSL. It will communicate using SSL to any webserver via proxy or directly, but not to a proxy using SSL. Its not forbidden, but its not explicitly defined anywhere. Similar to bug http://issues.apache.org/bugzilla/show_bug.cgi?id=29744 Till Necko comes out I dont think it will be possible to tinker with the network code in mozilla. So that leaves us with NTLM, Digest or Radius. Hope you are able to get something to work. Neil A. Hillard wrote: Hi, Nick Kew wrote: On Thu, 17 Apr 2008 15:28:19 +0100 Roy Pearce [EMAIL PROTECTED] wrote: Sounds to me like a browser misconfiguration. All I changed was the port number to point to a secure authenticating proxy server. It appears that FF assumes the proxy server is talking HTTP when I would like it to talk HTTPS. Sorry, I'm no expert on firefox. Did you try its about:? I expect there's a plugin for it, it it really isn't builtin. HTTP digest authentication. We can't use Digest as the password file is not on the same machine. We use mod_auth_radius to connect to a RADIUS server (on another machine) to check credentials against the ADF database. One of the changes in 2.2 over earlier versions is that the HTTP authentication method (Basic/Digest/Homebrew) is decoupled from the backend lookup (radius, in your case). So that's no longer an issue, assuming the radius authentication module has been updated to use the new framework. We (as Nick knows) had major problems with mod_auth_radius so we commissioned mod_auth_xradius http://www.outoforder.cc/projects/apache/mod_auth_xradius/ which should be fully compatible with Apache 2.2. HTH, Neil. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] problem building apache on solaris-10
|*hello maintainers, I am trying to build apache-2.2.8 on a solaris 10 machine and facing the following linking error in the build stage. make[2]: Entering directory `/users/mhalder/Documents/httpd-2.2.8/support' /users/mhalder/Documents/httpd-2.2.8/srclib/apr/libtool --silent --mode=compile gcc -g -O2-DSOLARIS2=10 -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT -D_LARGEFILE64_SOURCE -I/tools/openbin/gcc/4.2.2/sparc-sun-solaris10/include -I/users/mhalder/Documents/httpd-2.2.8/srclib/pcre -I. -I/users/mhalder/Documents/httpd-2.2.8/os/unix -I/users/mhalder/Documents/httpd-2.2.8/server/mpm/prefork -I/users/mhalder/Documents/httpd-2.2.8/modules/http -I/users/mhalder/Documents/httpd-2.2.8/modules/filters -I/users/mhalder/Documents/httpd-2.2.8/modules/proxy -I/users/mhalder/Documents/httpd-2.2.8/include -I/users/mhalder/Documents/httpd-2.2.8/modules/generators -I/users/mhalder/Documents/httpd-2.2.8/modules/mappers -I/users/mhalder/Documents/httpd-2.2.8/modules/database -I/users/mhalder/Documents/httpd-2.2.8/srclib/apr/include -I/users/mhalder/Documents/httpd-2.2.8/srclib/apr-util/include -I/users/mhalder/Documents/httpd-2.2.8/srclib/apr-util/xml/expat/lib -I/users/mhalder/Documents/httpd-2.2.8/modules/proxy/../generators -I/users/mhalder/Documents/httpd-2.2.8/modules/ssl -I/users/mhalder/Documents/httpd-2.2.8/modules/dav/main -prefer-non-pic -static -c htpasswd.c touch htpasswd.lo /users/mhalder/Documents/httpd-2.2.8/srclib/apr/libtool --silent --mode=link gcc -g -O2-o htpasswd htpasswd.lo -lm /users/mhalder/Documents/httpd-2.2.8/srclib/pcre/libpcre.la /users/mhalder/Documents/httpd-2.2.8/srclib/apr-util/libaprutil-1.la /users/mhalder/Documents/httpd-2.2.8/srclib/apr-util/xml/expat/lib/libexpat.la /users/mhalder/Documents/httpd-2.2.8/srclib/apr/libapr-1.la -luuid -lsendfile -lrt -lsocket -lnsl -lpthread /users/mhalder/Documents/httpd-2.2.8/srclib/apr/.libs/libapr-1.so: undefined reference to [EMAIL PROTECTED]' /users/mhalder/Documents/httpd-2.2.8/srclib/apr/.libs/libapr-1.so: undefined reference to [EMAIL PROTECTED]' /users/mhalder/Documents/httpd-2.2.8/srclib/apr/.libs/libapr-1.so: undefined reference to [EMAIL PROTECTED]' /users/mhalder/Documents/httpd-2.2.8/srclib/apr/.libs/libapr-1.so: undefined reference to [EMAIL PROTECTED]' /users/mhalder/Documents/httpd-2.2.8/srclib/apr/.libs/libapr-1.so: undefined reference to [EMAIL PROTECTED]' /users/mhalder/Documents/httpd-2.2.8/srclib/apr/.libs/libapr-1.so: undefined reference to [EMAIL PROTECTED]' /users/mhalder/Documents/httpd-2.2.8/srclib/apr/.libs/libapr-1.so: undefined reference to [EMAIL PROTECTED]' /users/mhalder/Documents/httpd-2.2.8/srclib/apr/.libs/libapr-1.so: undefined reference to [EMAIL PROTECTED]' /users/mhalder/Documents/httpd-2.2.8/srclib/apr/.libs/libapr-1.so: undefined reference to [EMAIL PROTECTED]' /users/mhalder/Documents/httpd-2.2.8/srclib/apr/.libs/libapr-1.so: undefined reference to [EMAIL PROTECTED]' /users/mhalder/Documents/httpd-2.2.8/srclib/apr/.libs/libapr-1.so: undefined reference to [EMAIL PROTECTED]' /users/mhalder/Documents/httpd-2.2.8/srclib/apr/.libs/libapr-1.so: undefined reference to [EMAIL PROTECTED]' /users/mhalder/Documents/httpd-2.2.8/srclib/apr/.libs/libapr-1.so: undefined reference to [EMAIL PROTECTED]' /users/mhalder/Documents/httpd-2.2.8/srclib/apr/.libs/libapr-1.so: undefined reference to [EMAIL PROTECTED]' /users/mhalder/Documents/httpd-2.2.8/srclib/apr/.libs/libapr-1.so: undefined reference to [EMAIL PROTECTED]' /users/mhalder/Documents/httpd-2.2.8/srclib/apr/.libs/libapr-1.so: undefined reference to [EMAIL PROTECTED]' /users/mhalder/Documents/httpd-2.2.8/srclib/apr/.libs/libapr-1.so: undefined reference to [EMAIL PROTECTED]' /users/mhalder/Documents/httpd-2.2.8/srclib/apr/.libs/libapr-1.so: undefined reference to [EMAIL PROTECTED]' /users/mhalder/Documents/httpd-2.2.8/srclib/apr/.libs/libapr-1.so: undefined reference to [EMAIL PROTECTED]' /users/mhalder/Documents/httpd-2.2.8/srclib/apr/.libs/libapr-1.so: undefined reference to [EMAIL PROTECTED]' /users/mhalder/Documents/httpd-2.2.8/srclib/apr/.libs/libapr-1.so: undefined reference to [EMAIL PROTECTED]' /users/mhalder/Documents/httpd-2.2.8/srclib/apr/.libs/libapr-1.so: undefined reference to [EMAIL PROTECTED]' /users/mhalder/Documents/httpd-2.2.8/srclib/apr/.libs/libapr-1.so: undefined reference to [EMAIL PROTECTED]' /users/mhalder/Documents/httpd-2.2.8/srclib/apr/.libs/libapr-1.so: undefined reference to [EMAIL PROTECTED]' /users/mhalder/Documents/httpd-2.2.8/srclib/apr/.libs/libapr-1.so: undefined reference to [EMAIL PROTECTED]' /users/mhalder/Documents/httpd-2.2.8/srclib/apr/.libs/libapr-1.so: undefined reference to [EMAIL PROTECTED]' /users/mhalder/Documents/httpd-2.2.8/srclib/apr/.libs/libapr-1.so: undefined reference to [EMAIL PROTECTED]' /users/mhalder/Documents/httpd-2.2.8/srclib/apr/.libs/libapr-1.so: undefined reference to [EMAIL PROTECTED]'