Re: [us...@httpd] different php.ini for virtual host on apache2 with mod_php5
On 03/16/2010 06:24 PM, Matus UHLAR - fantomas wrote: On 16.03.10 11:50, Станислав Сметанин wrote: To: users@httpd.apache.org I want to disable mail() function in the one of virtual hosts' that use PHP(I use mod_php for apache2), and regarding to the http://www.php.net/manual/en/ini.core.php#ini.disable-functions I can't use directives like php_value, etc, because value of disable_functions can be set only in php.ini, but I don't want to disable mail() on the all of my virtual hosts, just on one. the question: Can I use different php.ini for virtual hosts, in my case I want to use php.ini for one host, where disable_functions = mail will be. Yes you can. Do place the config in .htaccess and it will work for that particular vhost or do place the config in that particular vhost. Cheers -- জয়দীপ বক্সী - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Encryption key size
On Tue, Mar 16, 2010 at 9:54 PM, Hugh E Cruickshank h...@forsoft.com wrote: Apache 2.2.3 on RHEL 5.4 Hi All: I am attempting to find a way of determining the encryption key size. Apparently the old environment variable was HTTPS_KEYSIZE which was renamed SSL_CIPHER_USEKEYSIZE. However this is only active if you specify +CompatEnvVars on the SSLOptions directives. When I attempted this I encountered the error: SSLOptions: Illegal option 'CompatEnvVars' Searching for this error leads me to the conclusion that the CompatEnvVars directive was deprecated in Apache 2.2 (and was possibly never implemented correctly anyway). See http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#ssloptions (StdEnvVars). SSL_CIPHER_USEKEYSIZE should be set. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] auth_ldap error message not showed correct
On Tue, Mar 16, 2010 at 10:43 PM, pantao p...@ffcs.cn wrote: Hi,all I use apache2.2.6 and SVN1.4.5 on Chinese version of WINDOWS XP platform and ,and try to use ldap_module and authnz_ldap_module as authentication method . But I found that the error log of auth_ldap module in error_log file is shown with hex format. I try translate it as UTF-8 code, and it seems (not very sure) that the error message is not utf-8. [Thu Oct 15 15:11:50 2009] [warn] [client 127.0.0.1] [9424] auth_ldap authenticate: user pant authentication failed; URI /bill/test/test/ [ldap_search_ext_s() for user failed][\xb2\xd9\xd7\xf7\xb4\xed\xce\xf3] [Thu Oct 15 15:12:38 2009] [warn] [client 127.0.0.1] [9424] auth_ldap authenticate: user pant authentication failed; URI /bill/test/ [ldap_search_ext_s() for user failed][\xb2\xd9\xd7\xf7\xb4\xed\xce\xf3] I would like to know how can I let the ldap module out the Chinese or English error message so I can understand it. And I wouldalso like to know how the ldap module output different error message for different language,many thanks. The core error log code is formatting the bytes in hex format. To disable that, in case that causes the data to be formatted properly, define AP_UNSAFE_ERROR_LOG_UNESCAPED and rebuild Apache httpd. There's no run-time configuration of this behavior. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Overlap some content when using pppoe+httpd
On Wed, Mar 17, 2010 at 5:03 AM, ChiaTzung Liu chiatzung@zyxel.com.tw wrote: Hi, My pc is installed linux-2.6.24.4, httpd-2.2.9, rp-pppoe-3.8 and ppp-2.4.4. It connects to WAN by PPPoE, so it has both of WAN IP and LAN IP. For example, 172.23.26.130(LAN) and 140.35.25.73(PPPoE). Then, I put a file which size is larger than 16396 bytes on my pc for downloading. After that, I use http://140.35.25.73/file and https://140.35.25.73/file to download this file. If I use https, the downloaded file is correct. But not for http. For example, the file original content may be… = abcdefghijklmnopqrstuvwxyz = And the downloaded file by http may be… = abcdefghijklklmnopqrsrstuvwxyz = If use wireshark to watch packets, will see… Packet1(data part): abcdefghijkl Packet2(data part): klmnopqrs Packet3(data part): rstuvwxyz It is easy to find that the returned data isn’t correct, some overlap happens. The interesting thing is… 1. It only happens when the file size is larger than 16396 bytes 2. https is ok, only http has this problem 3. Only when using PPPoE, if use http://172.23.26.130/file, it’s ok. However, a more interesting thing is… http://140.35.25.73/file is ok if turn on DumpIOOutput. Is it a bug of httpd? Probably not. Should I report it? Or anyone can give me any suggestion about how to solve this issue? Use strace to dump the full I/O buffers passed by httpd to the TCP layer (see the text -e write=set in the strace man page). If httpd passes bad data, open a bug with the Apache Bugzilla. Otherwise, ask for debug help on a Linux mailing list. (Isn't fix the MTU the answer to any weird networking issue? (only half joking)) - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Autoindex don't show directories with authbasic
Hello everyone, this is my first message to the list and the first thing I want to do is say thanks, the second, sorry for my English ;-) I have a problem with module Autoindex and module AuthBasic. How can I make the module Autoindex list the directories that hace authentication basic? I have 3 diretories in the DocumentRoot: ser servicios_internos www If I do not put anything Authtpe AutoIndex list the 3 directories If i put this configuration: *Directory /var/www/midominio.com/ser AuthName Autenticación AuthType Basic AuthUserFile /etc/.htpasswdweb require valid-user Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all /Directory* *VirtualHost * ServerName apache.midominio.com ServerPath /var/www/midominio.com DocumentRoot /var/www/midominio.com CustomLog /var/log/apache2/servicios_internos.midominio.com.log combined /VirtualHost* The module Autonindex only show: servicios_internos www Thanks in advance ;-)
[us...@httpd] problem regarding mod_rewrite
Greetings to all, I am trying to configure my apache server to serve pages from an underlying jetty application server. This jetty servers hosts two applications in following paths http://localhost:7070/bw/ and http://localhost:7070/feedbrn/ my configuration is like this RewriteEngine On RewriteRule ^/$ http://localhost:7070/bw/ [P,L] RewriteRule ^/bw$ http://localhost:7070/bw/ [P,L] RewriteRule ^/bw/admin/(.*) http://localhost:7070/bw/ [P,L] RewriteRule ^/bw/feedbrn/(.*) http://localhost:7070/feedbrn/ [P,L] RewriteRule ^/bw/alfrescoUser/(.*) http://localhost:7070/bw/ [P,L] RewriteRule ^/bw/(.*) http://localhost:7070/bw/$1 [P,L] ProxyPassReverse / http://localhost:7070/bw This does not seem to detech the feedbrn part. How can I fix this problem? Thanks in advance.
Re: [us...@httpd] Autoindex don't show directories with authbasic
On Wed, Mar 17, 2010 at 7:36 AM, Juan Miguel Alcarria Herrera jua...@arco2000.es wrote: Hello everyone, this is my first message to the list and the first thing I want to do is say thanks, the second, sorry for my English ;-) I have a problem with module Autoindex and module AuthBasic. How can I make the module Autoindex list the directories that hace authentication basic? indexoptions +showforbidden ? -- Eric Covener cove...@gmail.com - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] problem regarding mod_rewrite
On Wed, Mar 17, 2010 at 7:44 AM, Supratim Bandyopadhyaya mail.supra...@gmail.com wrote: Greetings to all, I am trying to configure my apache server to serve pages from an underlying jetty application server. This jetty servers hosts two applications in following paths http://localhost:7070/bw/ and http://localhost:7070/feedbrn/ my configuration is like this RewriteEngine On RewriteRule ^/$ http://localhost:7070/bw/ [P,L] RewriteRule ^/bw$ http://localhost:7070/bw/ [P,L] RewriteRule ^/bw/admin/(.*) http://localhost:7070/bw/ [P,L] RewriteRule ^/bw/feedbrn/(.*) http://localhost:7070/feedbrn/ [P,L] RewriteRule ^/bw/alfrescoUser/(.*) http://localhost:7070/bw/ [P,L] RewriteRule ^/bw/(.*) http://localhost:7070/bw/$1 [P,L] ProxyPassReverse / http://localhost:7070/bw This does not seem to detech the feedbrn part. What URL are you testing? How can I fix this problem? What happens? What do you expect to happen? What does the RewriteLog say? -- Eric Covener cove...@gmail.com - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] auth_ldap error message not showed correct
- Original Message - From: Jeff Trawick traw...@gmail.com To: users@httpd.apache.org Sent: Wednesday, March 17, 2010 7:20 PM Subject: Re: [us...@httpd] auth_ldap error message not showed correct On Tue, Mar 16, 2010 at 10:43 PM, pantao p...@ffcs.cn wrote: Hi,all I use apache2.2.6 and SVN1.4.5 on Chinese version of WINDOWS XP platform and ,and try to use ldap_module and authnz_ldap_module as authentication method . But I found that the error log of auth_ldap module in error_log file is shown with hex format. I t ry translate it as UTF-8 code, and it seems (not very sure) that the error message is not utf-8. [Thu Oct 15 15:11:50 2009] [warn] [client 127.0.0.1] [9424] auth_ldap authent icate: user pant authentication failed; URI /bill/test/test/ [ldap_search_ext_s( ) for user failed][\xb2\xd9\xd7\xf7\xb4\xed\xce\xf3] [Thu Oct 15 15:12:38 2009] [warn] [client 127.0.0.1] [9424] auth_ldap authent icate: user pant authentication failed; URI /bill/test/ [ldap_search_ext_s() for user failed][\xb2\xd9\xd7\xf7\xb4\xed\xce\xf3] I would like to know how can I let the ldap module out the Chinese or English error message so I can understand it. And I wouldalso like to know how the ldap module output different error message for different language,many thanks. The core error log code is formatting the bytes in hex format. To disable that, in case that causes the data to be formatted properly, define AP_UNSAFE_ERROR_LOG_UNESCAPED and rebuild Apache httpd. There's no run-time configuration of this behavior. Thanks, Jeff. But I can found some error message like mine with engligh output on the web : [Sat Mar 01 17:05:38 2008] [warn] [client 192.168.5.133] [25788] auth_ldap authenticate: user john authentication failed; URI /module [LDAP: ldap_simple_bind_s() failed][Invalid credentials] [Fri Dec 12 17:17:14 2008] [warn] [client XXX.XXX.XXX.XXX] [17128] auth_ldap authenticate: user XXX authentication failed; URI /svn/project [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server] It seems that the error message of auth_ldap can be output as English. It's ok for me to output the error message as English. regards, PanTao
Re: [us...@httpd] auth_ldap error message not showed correct
On Wed, Mar 17, 2010 at 8:33 AM, pantao p...@ffcs.cn wrote: It seems that the error message of auth_ldap can be output as English. It's ok for me to output the error message as English. Isn't that just your LDAP client library respecting your language/locale settings? -- Eric Covener cove...@gmail.com - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Autoindex don't show directories with authbasic
No, with the indexoptions +showforbidden i have the same results :-( 2010/3/17 Eric Covener cove...@gmail.com On Wed, Mar 17, 2010 at 7:36 AM, Juan Miguel Alcarria Herrera jua...@arco2000.es wrote: Hello everyone, this is my first message to the list and the first thing I want to do is say thanks, the second, sorry for my English ;-) I have a problem with module Autoindex and module AuthBasic. How can I make the module Autoindex list the directories that hace authentication basic? indexoptions +showforbidden ? -- Eric Covener cove...@gmail.com - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Autoindex don't show directories with authbasic
Sorry, in apache2 with showforbidden works ok, no works with +showforbidden ;-) Thanks!! 2010/3/17 Juan Miguel Alcarria Herrera jua...@arco2000.es No, with the indexoptions +showforbidden i have the same results :-( 2010/3/17 Eric Covener cove...@gmail.com On Wed, Mar 17, 2010 at 7:36 AM, Juan Miguel Alcarria Herrera jua...@arco2000.es wrote: Hello everyone, this is my first message to the list and the first thing I want to do is say thanks, the second, sorry for my English ;-) I have a problem with module Autoindex and module AuthBasic. How can I make the module Autoindex list the directories that hace authentication basic? indexoptions +showforbidden ? -- Eric Covener cove...@gmail.com - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] auth_ldap error message not showed correct
- Original Message - From: Eric Covener cove...@gmail.com To: users@httpd.apache.org Sent: Wednesday, March 17, 2010 9:27 PM Subject: Re: [us...@httpd] auth_ldap error message not showed correct On Wed, Mar 17, 2010 at 8:33 AM, pantao p...@ffcs.cn wrote: It seems that the error message of auth_ldap can be output as English. It's ok for me to output the error message as English. Isn't that just your LDAP client library respecting your language/locale settings? -- Eric Covener cove...@gmail.com I think it is so,but I don't know how to set the local as english or let the auth_ldap output chinese message. PanTao
RE: [us...@httpd] Overlap some content when using pppoe+httpd
I used strace to watch httpd, I found it use sendfile64 to write date to socket. But my cpu doesn't 64bits. Does anyone know sendfile64 whether can work on 32bits cpu? Or how can I do to let httpd not to use sendfile64? --- Regards, Aslan Liu -Original Message- From: Jeff Trawick [mailto:traw...@gmail.com] Sent: Wednesday, March 17, 2010 7:27 PM To: users@httpd.apache.org Subject: Re: [us...@httpd] Overlap some content when using pppoe+httpd On Wed, Mar 17, 2010 at 5:03 AM, ChiaTzung Liu chiatzung@zyxel.com.tw wrote: Hi, My pc is installed linux-2.6.24.4, httpd-2.2.9, rp-pppoe-3.8 and ppp-2.4.4. It connects to WAN by PPPoE, so it has both of WAN IP and LAN IP. For example, 172.23.26.130(LAN) and 140.35.25.73(PPPoE). Then, I put a file which size is larger than 16396 bytes on my pc for downloading. After that, I use http://140.35.25.73/file and https://140.35.25.73/file to download this file. If I use https, the downloaded file is correct. But not for http. For example, the file original content may be... = abcdefghijklmnopqrstuvwxyz = And the downloaded file by http may be... = abcdefghijklklmnopqrsrstuvwxyz = If use wireshark to watch packets, will see... Packet1(data part): abcdefghijkl Packet2(data part): klmnopqrs Packet3(data part): rstuvwxyz It is easy to find that the returned data isn't correct, some overlap happens. The interesting thing is... 1. It only happens when the file size is larger than 16396 bytes 2. https is ok, only http has this problem 3. Only when using PPPoE, if use http://172.23.26.130/file, it's ok. However, a more interesting thing is... http://140.35.25.73/file is ok if turn on DumpIOOutput. Is it a bug of httpd? Probably not. Should I report it? Or anyone can give me any suggestion about how to solve this issue? Use strace to dump the full I/O buffers passed by httpd to the TCP layer (see the text -e write=set in the strace man page). If httpd passes bad data, open a bug with the Apache Bugzilla. Otherwise, ask for debug help on a Linux mailing list. (Isn't fix the MTU the answer to any weird networking issue? (only half joking)) - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Overlap some content when using pppoe+httpd
On Wed, Mar 17, 2010 at 10:08 AM, ChiaTzung Liu chiatzung@zyxel.com.tw wrote: I used strace to watch httpd, I found it use sendfile64 to write date to socket. But my cpu doesn't 64bits. Does anyone know sendfile64 whether can work on 32bits cpu? yes; sendfile64 has large file support for 32-bit applications (to handle files over 2GB in size) Or how can I do to let httpd not to use sendfile64? put EnableSendfile Off in httpd.conf - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] mod_ssl newbie question
I have a .crt file and it is issued by a CA. By looking at the .crt file, the Private Key is not included in the .crt file. My question: How can I generate the Private Key so I can use the directive SSLCertificateKeyFile? reference: http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslcertificatekeyfile - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] mod_ssl newbie question
Hi, On Wed, Mar 17, 2010 at 10:41 PM, Philip Wigg p...@philipwigg.co.uk wrote: You would have generated a public key and a private key initially (they're a pair) because your public key is needed to generate your CSR (Certificate Signing Request). Thanks for your link. So it seems that now I missed the private key from the beginning. I want to ask, can this private key shared across multiple server and reused? So once I found this private key, I don't need to go through the public key/private key generation, and CSR process. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] mod_ssl newbie question
On Wed, 2010-03-17 at 23:02 +0800, howard chen wrote: Hi, On Wed, Mar 17, 2010 at 10:41 PM, Philip Wigg p...@philipwigg.co.uk wrote: You would have generated a public key and a private key initially (they're a pair) because your public key is needed to generate your CSR (Certificate Signing Request). Thanks for your link. So it seems that now I missed the private key from the beginning. I want to ask, can this private key shared across multiple server and reused? So once I found this private key, I don't need to go through the public key/private key generation, and CSR process. A Key/Certificate pair relates (generally) to a single website name; eg: www.example.com If you are hosting the same site on two machines, and load-balancing between the two, then yes; assuming your Certificate is licensed for two machines, you can use the same Key/Certificate pair on both machines. You would *not* create one Key for use with multiple CSR requests for different hostnames. Mark. -- Mark Watts BSc RHCE MBCS Senior Systems Engineer, Managed Services Manpower www.QinetiQ.com QinetiQ - Delivering customer-focused solutions GPG Key: http://www.linux-corner.info/mwatts.gpg signature.asc Description: This is a digitally signed message part
[us...@httpd] Re: mod_ldap cache and strace doesn't tell the same story
On Tue, Mar 16, 2010 at 2:18 PM, Manuel Vacelet
manuel.vace...@gmail.com wrote:
On Tue, Mar 16, 2010 at 11:06 AM, Manuel Vacelet
manuel.vace...@gmail.com wrote:
Hi all,
I'm facing a strange issue.
I have a major performance penalty on some apache related operations
(svn checkout that used to take 5mn but that suddenly takes more than
7 hours).
I'm running a standard RHEL5.3 with apache 2.2.3 (fyi the server runs
mod_php, mod_auth_mysql and some other modules too).
Thanks to strace, I identified that the httpd process that is very
long (the httpd process that discuss with svn client that takes hour
to complete).
The process makes a lot of operation on a file descriptor attached to
my ldap server and is regulary blocking with following syscall:
poll([{fd=3, events=POLLIN|POLLPRI|POLLERR|POLLHUP}], 1, -1 unfinished ...
fd3 is a socket (/proc/pid/fd/3) and the inode of this socket is
used to communicate with the ldap server (shown by netstat)
This is where I no longer understand what happens:
- I'm using mod_ldap so there should be a cache of all ldap info.
- ldap-status confirm that the credentials used for the svn operation
are in cache.
- The cache is far from full (2%)
- The hit ratio is close to 100%
= Why there is an activity between my httpd process and the ldap server ?
I think I have an answer to this question:
In some cases, the apache process (I'm running prefork) doesn't use
mod_ldap cache.
I made a test:
In parallel of a very slow checkout, I ran another one. The second
checkout was running as normal rate.
A couple of strace on the server later, it appears that, the apache
process that server the second checkout never talk to the ldap server
So the new question is:
Why 2 apache processes forked from the same root could behave so differently ?
Does anybody have an explanation to this whole thing ?
Why sometimes mod_ldap never cache my credentials ?
Or in other words: what would make mod_ldap not to cache users credentials ?
Manuel
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
RE: [us...@httpd] Overlap some content when using pppoe+httpd
Oh my god.. It works if I close sendfile. So, this means there exists some bugs in system call sendfile64.. GOD... Thanks, Jeff. Very thanks. --- Regards, Aslan Liu -Original Message- From: Jeff Trawick [mailto:traw...@gmail.com] Sent: Wednesday, March 17, 2010 10:12 PM To: users@httpd.apache.org Subject: Re: [us...@httpd] Overlap some content when using pppoe+httpd On Wed, Mar 17, 2010 at 10:08 AM, ChiaTzung Liu chiatzung@zyxel.com.tw wrote: I used strace to watch httpd, I found it use sendfile64 to write date to socket. But my cpu doesn't 64bits. Does anyone know sendfile64 whether can work on 32bits cpu? yes; sendfile64 has large file support for 32-bit applications (to handle files over 2GB in size) Or how can I do to let httpd not to use sendfile64? put EnableSendfile Off in httpd.conf - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Overlap some content when using pppoe+httpd
On Wed, Mar 17, 2010 at 11:17 AM, ChiaTzung Liu chiatzung@zyxel.com.tw wrote: Oh my god.. It works if I close sendfile. So, this means there exists some bugs in system call sendfile64.. It is much more likely to be in the lower layers of the network stack. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] mod_ssl newbie question
Thanks. On Wed, Mar 17, 2010 at 11:13 PM, Mark Watts m.wa...@eris.qinetiq.com wrote: If you are hosting the same site on two machines, and load-balancing between the two, then yes; assuming your Certificate is licensed for two machines, you can use the same Key/Certificate pair on both machines. You would *not* create one Key for use with multiple CSR requests for different hostnames. Your information is useful. Thanks again. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Got error proxy: pass request body failed, after restart of apache2 it works again
Hi, I'm using Apace 2 as a reverse proxy for my Tomcat 5.5 server, redirecting https requests on port 443 to tomcats 8443 (as well as url remapping). The setup has been running well for months but suddenly started producing errors Unknown error 502: proxy: pass request body failed. The load when this happened was much larger than usual, but would still be considered light (some 200 users) by most standards. The problem went away when I restarted the apache service (I did not restart tomcat or anything else). The only logs showing anything was the apache error log (see below), nothing showed up in the tomcat or system logs. What could be the cause of this, and how would I stop it from happening again (will provide further details below)? I've tried searching the archives for this list and googeling it, and while there are many reports of similar errors I could not find one that could explain what and why it happened. The closest I could find had the most likely culprit as being a expired certificate, but since things started working for me again after apace restart I can't see how that could be the cause of my problems (none of my certificates should expire until summer). Thanks for your attention Leon Ljunggren Technical details: System: Ubuntu 9.04, 2.6.28-11-server Apache/2.2.11 (Ubuntu) Tomcat 5.5.26.0 /var/log/apache2/error.log: [Wed Mar 17 12:53:18 2010] [debug] proxy_util.c(1820): proxy: worker http://tom.kikora.no:8180/kikoraweb2/ already initialized [Wed Mar 17 12:53:18 2010] [debug] proxy_util.c(1897): proxy: initialized worker 1 in child 24989 for (tom.kikora.no) min=0 max=25 smax=25 [Wed Mar 17 12:56:15 2010] [debug] proxy_util.c(1801): proxy: grabbed scoreboard slot 1 in child 27299 for worker http://tom.kikora.no:8180/kikoraweb2/ [Wed Mar 17 12:56:15 2010] [debug] proxy_util.c(1820): proxy: worker http://tom.kikora.no:8180/kikoraweb2/ already initialized [Wed Mar 17 12:56:15 2010] [debug] proxy_util.c(1897): proxy: initialized worker 1 in child 27299 for (tom.kikora.no) min=0 max=25 smax=25 [Wed Mar 17 12:56:15 2010] [error] (502)Unknown error 502: proxy: pass request body failed to 91.205.184.26:8443 (login.kikora.no) [Wed Mar 17 12:56:15 2010] [error] proxy: pass request body failed to 91.205.184.26:8443 (login.kikora.no) from 193.156.194.5 () [Wed Mar 17 12:56:19 2010] [error] (502)Unknown error 502: proxy: pass request body failed to 91.205.184.26:8443 (login.kikora.no) [Wed Mar 17 12:56:19 2010] [error] proxy: pass request body failed to 91.205.184.26:8443 (login.kikora.no) from 91.205.185.76 () The error entries kept on like that for a few hours till I was made aware of the problem and restarted the service. /etc/apache2/sites-enabled/login.kikora.no: VirtualHost login.kikora.no:80 ServerAdmin webmas...@localhost ServerName login.kikora.no RewriteEngine On RewriteRule ^/(.*) https://login.kikora.no/$1 # [R=301, L] /VirtualHost virtualhost *:443 ServerName login.kikora.no ServerAlias https://login.kikora.no DocumentRoot /var/www/ Header edit Set-Cookie ^(.*; Path=/)(.*) $1 SSLEngine on SSLProxyEngine on SSLCertificateFile /etc/apache2/ssl/login.kikora.no/login.kikora.no.crt SSLCertificateKeyFile /etc/apache2/ssl/login.kikora.no/login.kikora.no.key_nopass ProxyRequests off # ProxyPreserveHost on ProxyPass / https://login.kikora.no:8443/kikoraweb2/ ProxyPassReverse / https://login.kikora.no:8443/kikoraweb2/ /virtualhost - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [us...@httpd] Encryption key size
From: Jeff Trawick Sent: March 17, 2010 04:10 On Tue, Mar 16, 2010 at 9:54 PM, Hugh E Cruickshank I am attempting to find a way of determining the encryption key size. Apparently the old environment variable was HTTPS_KEYSIZE which was renamed SSL_CIPHER_USEKEYSIZE. However this is only active if you specify +CompatEnvVars on the SSLOptions directives. When I attempted this I encountered the error: SSLOptions: Illegal option 'CompatEnvVars' Searching for this error leads me to the conclusion that the CompatEnvVars directive was deprecated in Apache 2.2 (and was possibly never implemented correctly anyway). See http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#ssloptions (StdEnvVars). SSL_CIPHER_USEKEYSIZE should be set. Hi Jeff: That looks perfect. Thank you muchly. Regards, Hugh -- Hugh E Cruickshank, Forward Software, www.forward-software.com - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [us...@httpd] Encryption key size
From: Hugh E Cruickshank Sent: March 17, 2010 11:00 From: Jeff Trawick Sent: March 17, 2010 04:10 See http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#ssloptions (StdEnvVars). SSL_CIPHER_USEKEYSIZE should be set. That looks perfect. Thank you muchly. Unfortunately that did not work either. Regards, Hugh -- Hugh E Cruickshank, Forward Software, www.forward-software.com - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Encryption key size
On Wed, Mar 17, 2010 at 2:08 PM, Hugh E Cruickshank h...@forsoft.com wrote: From: Hugh E Cruickshank Sent: March 17, 2010 11:00 From: Jeff Trawick Sent: March 17, 2010 04:10 See http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#ssloptions (StdEnvVars). SSL_CIPHER_USEKEYSIZE should be set. That looks perfect. Thank you muchly. Unfortunately that did not work either. Exactly where are you/your software looking for it to be set? - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [us...@httpd] Encryption key size
From: Jeff Trawick Sent: March 17, 2010 11:10 Exactly where are you/your software looking for it to be set? First a little background infor that may help explain things... We are a PROGRESS shop and are using their WebSpeed package. WebSpeed provides us the ability to write programs as either augmented HTML or as 4GL programs that output HTML (we use the former). Our development system uses a CentOS 4.8 server for the database and CUI programs, Windows PCs for GUI development and a Windows 200 Server for a web sever and web development. The QA and live environments run on two RHEL 5.4 servers, one for a database server CUI program host and one for a web server. The WebSpeed programs run in CGI mode for both the IIS and Apache web servers. Within our programs we can interrogate any of the standard CGI and OS environment variables. On IIS I can get the HTTPS_KEYSIZE value to determine the encryption key size but I have not been able to find anything similar on Apache that will work. I had tried SSL_CIPHER_ALGKEYSIZE in the past but it never returned a value and now it appears the CompatEnvVars directive that was supposed to generate this environment variable has been deprecated. Here is a list of the CGI variables that I can see when using an HTTPS connection: AUTH_TYPE*: CONTENT_LENGTH*: 12 CONTENT_TYPE*: application/x-www-form-urlencoded DLC: /usr/dlc91e DOCUMENT_ROOT: /var/www/faq GATEWAY_INTERFACE*: CGI/1.1 HTTPS: on HTTP_ACCEPT*: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */* HTTP_ACCEPT_ENCODING: gzip, deflate HTTP_ACCEPT_LANGUAGE: en-ca HTTP_CACHE_CONTROL: no-cache HTTP_CONNECTION: Keep-Alive HTTP_COOKIE*: safeSessionID=ddjjVkjKlbdmgkCi6794 HTTP_HOST: value intentionally masked HTTP_REFERER*: value intentionally masked HTTP_USER_AGENT*: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727) nokeepalive: 1 PATH: /sbin:/usr/sbin:/bin:/usr/bin PATH_INFO*: /webtools/session.w PATH_TRANSLATED*: /var/www/faq/webtools/session.w PROMSGS: /usr/dlc91e/promsgs PWD: /var/www/cgi-bin QUERY_STRING*: REMOTE_ADDR*: 192.168.2.30 REMOTE_HOST*: REMOTE_IDENT*: REMOTE_PORT: 1388 REMOTE_USER*: REQUEST_METHOD*: POST REQUEST_URI: /cgi-bin/faq/webtools/session.w SCRIPT_FILENAME: /var/www/cgi-bin/faq SCRIPT_NAME*: /cgi-bin/faq SERVER_ADDR: 192.168.4.1 SERVER_ADMIN: value intentionally masked SERVER_NAME*: value intentionally masked SERVER_PORT*: 443 SERVER_PROTOCOL*: HTTP/1.1 SERVER_SIGNATURE: addressApache/2.2.3 (Red Hat) Server at faq.forsoft.com Port 443/address SERVER_SOFTWARE*: Apache/2.2.3 (Red Hat) SHLVL: 1 ssl_unclean_shutdown: 1 useConnID: 0 WRKDIR: /usr/wrk91e _: /usr/dlc91e/bin/cgiip I hope that clarifies things a bit. TIA Regards, Hugh -- Hugh E Cruickshank, Forward Software, www.forward-software.com - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Encryption key size
On Wed, Mar 17, 2010 at 3:00 PM, Hugh E Cruickshank h...@forsoft.com wrote: From: Jeff Trawick Sent: March 17, 2010 11:10 Exactly where are you/your software looking for it to be set? Here is a list of the CGI variables that I can see when using an HTTPS connection: AUTH_TYPE*: CONTENT_LENGTH*: 12 CONTENT_TYPE*: application/x-www-form-urlencoded DLC: /usr/dlc91e DOCUMENT_ROOT: /var/www/faq GATEWAY_INTERFACE*: CGI/1.1 HTTPS: on ... (no mod_ssl-set envvars but HTTPS) Can you show the part of your config where you added SSLOptions +StdEnvVars - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [us...@httpd] Encryption key size
From: Jeff Trawick Sent: March 17, 2010 13:25
(no mod_ssl-set envvars but HTTPS)
Can you show the part of your config where you added
SSLOptions +StdEnvVars
From /etc/httpd/conf.d/ssl.conf:
VirtualHost *:443
ServerName value intentionally masked
ServerAlias value intentionally masked
ServerAlias value intentionally masked
DocumentRoot /var/www/fap
ServerAdmin value intentionally masked
ErrorLog /etc/httpd/logs/error_log
TransferLog /etc/httpd/logs/access_log
SSLEngine on
SSLCertificateFile/usr/pgi/crt/pgi.crt
SSLCertificateKeyFile /usr/pgi/crt/pgi.key
# SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca-bundle.crt
Files ~ \.(cgi|shtml)$
SSLOptions +StdEnvVars
/Files
Directory /etc/httpd/cgi-bin
SSLOptions +StdEnvVars
/Directory
SetEnvIf User-Agent .*MSIE.* nokeepalive ssl-unclean-shutdown
CustomLog /etc/httpd/logs/ssl_request_log \
%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\ %b
/VirtualHost
There are two VirtualHost entries in the configuration file but both
are virtually identical except for the ServerName, ServerAlias and
DocumentRoot values.
TIA
Regards, Hugh
--
Hugh E Cruickshank, Forward Software, www.forward-software.com
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Encryption key size
On Wed, Mar 17, 2010 at 4:40 PM, Hugh E Cruickshank h...@forsoft.com wrote:
From: Jeff Trawick Sent: March 17, 2010 13:25
(no mod_ssl-set envvars but HTTPS)
Can you show the part of your config where you added
SSLOptions +StdEnvVars
From /etc/httpd/conf.d/ssl.conf:
VirtualHost *:443
ServerName value intentionally masked
ServerAlias value intentionally masked
ServerAlias value intentionally masked
DocumentRoot /var/www/fap
ServerAdmin value intentionally masked
ErrorLog /etc/httpd/logs/error_log
TransferLog /etc/httpd/logs/access_log
SSLEngine on
SSLCertificateFile /usr/pgi/crt/pgi.crt
SSLCertificateKeyFile /usr/pgi/crt/pgi.key
# SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca-bundle.crt
Files ~ \.(cgi|shtml)$
SSLOptions +StdEnvVars
/Files
Directory /etc/httpd/cgi-bin
Either this (/etc/httpd/cgi-bin) is the wrong directory, or you need
to also enable SSL envvars for /var/www/cgi-bin. From your envvars
dump, the script is running from /var/www/cgi-bin:
SCRIPT_FILENAME: /var/www/cgi-bin/faq
SSLOptions +StdEnvVars
/Directory
SetEnvIf User-Agent .*MSIE.* nokeepalive ssl-unclean-shutdown
CustomLog /etc/httpd/logs/ssl_request_log \
%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\ %b
/VirtualHost
There are two VirtualHost entries in the configuration file but both
are virtually identical except for the ServerName, ServerAlias and
DocumentRoot values.
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] PHP 4 and 5
Is is possible to run php4 and 5 on the same apache server? Bob - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [us...@httpd] Overlap some content when using pppoe+httpd
This issue maybe introduce to more bugs in kernel. I decide close sendfile as temporary solution to fix this issue. Thanks --- Regards, Aslan Liu -Original Message- From: Jeff Trawick [mailto:traw...@gmail.com] Sent: Wednesday, March 17, 2010 11:50 PM To: users@httpd.apache.org Subject: Re: [us...@httpd] Overlap some content when using pppoe+httpd On Wed, Mar 17, 2010 at 11:17 AM, ChiaTzung Liu chiatzung@zyxel.com.tw wrote: Oh my god.. It works if I close sendfile. So, this means there exists some bugs in system call sendfile64.. It is much more likely to be in the lower layers of the network stack. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] PHP 4 and 5
On 03/18/2010 03:24 AM, Bob Cohen wrote: Is is possible to run php4 and 5 on the same apache server? Bob - The official User-To-User support forum of the Apache HTTP Server Project. SeeURL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org why not ? Use mod_fcgid or mod_fastcgi. Both will do. Lot of stuff is in Google. Search ! -- Nilesh Govindarajan Site Server Adminstrator www.itech7.com - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [us...@httpd] Encryption key size
From: Hugh E Cruickshank Sent: March 17, 2010 14:18 From: Jeff Trawick Sent: March 17, 2010 13:50 Either this (/etc/httpd/cgi-bin) is the wrong directory, or you need to also enable SSL envvars for /var/www/cgi-bin. From your envvars dump, the script is running from /var/www/cgi-bin: SCRIPT_FILENAME: /var/www/cgi-bin/faq Good catch. That's what I get for using someone else's example and not taking the time to double check absolutely everything. My bad! /etc/httpd/cgi-bin is the wrong directory, in fact it does not even exist. /var/www/cgi-bin is the correct directory. I have made the suggested correction but I will be unable to test it until this evening when I can restart the httpd service otherwise I will have a bunch of upset users. I will post my results. Give the man a cigar! That has worked. Both SSL_CIPHER_ALGKEYSIZE and SSL_CIPHER_USEKEYSIZE are being returned with the proper value. Thanks again for all your help. It was definitely appreciated. Regards, Hugh -- Hugh E Cruickshank, Forward Software, www.forward-software.com - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
