Re: [us...@httpd] apache hanging whole system
Hi everyone, the problem now seems to be solved - it turned out that it was not a problem of apache, or php or mysql. The problem was that the hypervisor where I run the VM with apache started swapping to disk... I killed some unnecessary VMs and now I haven't seen this problem happen again. Anyways, big thanks to everyone who replied! Regards, Peter On 17.05.2010 20:54, Peter Halicky wrote: Hi Tom, PHP: The RES size of the apache processes is around 25Mb, which totals to about 2Gb with 80 processes. The VM is configured with 3Gb RAM, so memory should be OK. Mysql: This, I think, is the most likely explanation - mysql locks. To avoid this, I tried to set max_execution_time in mysql to 10 seconds (i.e. if it is locked for 10 seconds, it should terminate the script run and hopefully also the mysql session). Maybe I'm too optimistic that it would work... FastCGI: I am also thinking about this, but I don't have too much experience with this. I know there's 'spawn-fcgi' for controlling the fastcgi processes, but its capabilities seem quite limited to me - fixed number of processes pre-spawned, I'm not sure how this will scale... There is PHP-FPM coming, but it's not in the stock PHP yet and is also not in the distribution I use (I prefer to use packaged versions of everything, I like that I don't need to care about watching security advisories and just run the security updates every now and then). Anyways, thanks for the suggestions, I'm still waiting for the 'storm' to happen. Seems the storms have moved outdoors today, we got a lot of rainfall, but no apache storm on my server ;-) Thanks again. Peter On 17.05.2010 19:07, Tom Evans wrote: Apache is unlikely to hang your whole machine - its normally the 'MP' part that has the problems. I don't know about Linux issues though. P: PHP uses a lot of memory. Run your server for a while, and look at the RSS/RES size of the httpd processes. A 'stock' apache process should be around 5-10Mb. A process with a nice PHP interpreter can be anything from 10Mb to 200Mb - check to see how much yours are. When your server gets busy, you're telling apache that it can spawn 80 children. Does 80 * avg process size fit in your RAM? M: mysql has locks. It is possible that your web application has locked up the DB server in some way - a long running update, or a DB dump, etc. If each request coming into the webserver requires a query that is blocked, then apache will have to start spawning more children, as the requests aren't being completed appropriately. This will very quickly turn into a 'perfect storm' : queries are blocked in mysql - children dont finish requests - apache spawns more children - more queries submitted to mysql - slower operating mysql - more queries are blocked in mysql This can quickly lead to resource exhaustion. You wouldn't be able to connect to apache (no spare children) and there is so little RAM available that login cant spawn a tty. You may be just about able to ping the box. A solution is to not serve PHP in this manner. PHP as FastCGI works well, and clearly indicates where the memory is going (eg to PHP or Apache) and you can put tighter controls on FastCGI (which would lead to slower response times to your webapp, rather than overloading your server) than you would want to on apache. You could even then run apache with a more resource efficient and effective MPM, like worker or (my favourite) event. Apache with the event MPM serve all of $JOBs web apps static files and reverse proxies to all our app servers, and load never goes above 0.1, ram usage of apache never above 150Mb, serving between 2 and 4 million requests a day. Cheers Tom - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Multi domain certificate and named virtual hosts
Hi. I really need to talk to someone offline who has multi domain certificates and named virtual hosts configured, up and running please. I'm using CentOS 4.7 and 5.4 with Apache 2.x. Help greatly appreciated. --- Chris Johnson |Internet: john...@nmr.mgh.harvard.edu Systems Administrator |Web: http://www.nmr.mgh.harvard.edu/~johnson NMR Center |Voice:617.726.0949 Mass. General Hospital |FAX: 617.726.7422 149 (2301) 13th Street |I'm continually amazed by mankind's seemingly Charlestown, MA., 02129 USA |infinite capacity for stupidity.Me --- The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] SSL protocol limits ignored?
Hi, I've noticed that my Apache server seems to accept SSLv2 connections even though they are supposed to be disabled. From the mod_ssl.conf: # SSL Protocol support: # List the enable protocol levels with which clients will be able to # connect. Disable SSLv2 access by default: SSLProtocol all -SSLv2 I also tried the following in a global context: SSLProtocol -all +SSLv3 +TLSv1 Still I can connect using SSLv2. I grepped through the config directories but these are the only instances of this directive so I'm not sure why the configuration doesn't apply. Any ideas? Regards, Dennis - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Re: Virtual Directory tree for ftp access
Hi. I have not heard anything on this yet, anyone ot any ideas? Would rewrite offer a solution? Thanks On Fri, Apr 30, 2010 at 4:54 PM, Stuart Kenworthy bma.sr...@googlemail.comwrote: OS – Windows XP SP3 Apache httpd version - 2.2.14 Mod_ftp version - 0.9.7 I am currently running an apache http web server with the configuration above and would like to implement the mod_ftp functionality within it. I would like to know if there is any way to create a virtual directory tree to represent folders accessible by the users that are outside that users homedir or document root. A brief representation below C:/ |-ftp/ |-documentroot/ |-user1/ |-welcome.txt D:/ |-media/ |-video/ |-tournement1.avi |-presentation1.avi Ftpd.conf has the following alias entry Alias /movies D:/media/video At present the user logs into the server with ftp://us...@mydomain.com And sees a directory containing only “welcome.txt”, this can be either through a web interface or through a client like filezilla. In order to see the video directory the user has to put in ftp://us...@mydomain.com/movies Is there any way to create a virtual representation to the movies alias within user1’s home directory so using either a web interface or client they would see this structure ftp://us...@mydomain.com |-welcome.txt |-movies |-tournement1.avi |-presentation1.avi I currently user filezillas ftp server and wish to merge the ftp and http functions together within apache. Filezilla has the capability to create virtual directory trees and is the only thing I cannot figure out how to do on apache’s mod_ftp. Thanks
Re: [us...@httpd] Re: Virtual Directory tree for ftp access
Have you tried creating an empty directory called movies? All I can think of. Jorge On Fri, May 21, 2010 at 5:29 PM, bma srcds bma.sr...@googlemail.com wrote: Hi. I have not heard anything on this yet, anyone ot any ideas? Would rewrite offer a solution? Thanks On Fri, Apr 30, 2010 at 4:54 PM, Stuart Kenworthy bma.sr...@googlemail.com wrote: OS – Windows XP SP3 Apache httpd version - 2.2.14 Mod_ftp version - 0.9.7 I am currently running an apache http web server with the configuration above and would like to implement the mod_ftp functionality within it. I would like to know if there is any way to create a virtual directory tree to represent folders accessible by the users that are outside that users homedir or document root. A brief representation below C:/ |-ftp/ |-documentroot/ |-user1/ |-welcome.txt D:/ |-media/ |-video/ |-tournement1.avi |-presentation1.avi Ftpd.conf has the following alias entry Alias /movies D:/media/video At present the user logs into the server with ftp://us...@mydomain.com And sees a directory containing only “welcome.txt”, this can be either through a web interface or through a client like filezilla. In order to see the video directory the user has to put in ftp://us...@mydomain.com/movies Is there any way to create a virtual representation to the movies alias within user1’s home directory so using either a web interface or client they would see this structure ftp://us...@mydomain.com |-welcome.txt |-movies |-tournement1.avi |-presentation1.avi I currently user filezillas ftp server and wish to merge the ftp and http functions together within apache. Filezilla has the capability to create virtual directory trees and is the only thing I cannot figure out how to do on apache’s mod_ftp. Thanks
[us...@httpd] Connections hanging...
Hi All, When load testing against a system that uses Apache we notice an extra-ordinary issue where we had quite a few connections. While not unexpected we were concerned. I ran a manual test against Apache and discovered sometimes connections would last exactly 30 seconds when closing them which turned out to be the same setting for WAIT_TIME for tcpip settings in my windows registry. I noticed the connection issue when closing connetions for IE 7. I also did not see the same issue with the latest version of FireFox but then I suspect it does not use the WAIT_TIME setting to obtain faster disconnect times for tcpip sockets? So I am not sure what the issue is if Apache is responding slowly to socket disconnects. Performance wise when viewing pages this 30 seconds is not visible to the user but I am concerned about socket availability. Thanks, -Tony - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] webdav : digest authentication
Hello, I already asked my question here, but no one replied me. I try to do a webdav on my server but it doesn't work. I'm using the digest authentication. cadaver http://www.forumanalogue.fr/webdav/ Authentication required for webdav on server `www.forumanalogue.fr': Username: clement Password: Authentication required for webdav on server `www.forumanalogue.fr': Username: clement Password: Could not open collection: Could not authenticate to server: rejected Digest challenge dav:/webdav/? To do this, I enable the three mods : dav_fs auth_digest authn_file I changed the user/group of the webdav repertory : www-data:www-data In the virtualhost, I put this section : Location /webdav/ Dav On AuthType Digest AuthName webdav AuthDigestDomain /webdav/ AuthDigestProvider file AuthUserFile /home/www/www/.htdigest Require valid-user /Location I created the password file : htdigest -c /home/www/www/.htdigest webdav clement I've got this in the logs : access.log : 127.0.0.1 - - [20/May/2010:18:48:52 +0200] OPTIONS /webdav/ HTTP/1.1 401 881 - cadaver/0.23.3 neon/0.29.0 127.0.0.1 - clement [20/May/2010:18:49:02 +0200] OPTIONS /webdav/ HTTP/1.1 401 796 - cadaver/0.23.3 neon/0.29.0 error.log : [Thu May 20 18:49:02 2010] [error] [client 127.0.0.1] GROUP: clement not in required group(s). I don't understand what's wrong in my configuration. I'm running on Ubuntu 10.04 LTS Lucid Lynx (kernel 2.6.32-22-generic), apache version : 2.2.14-5ubuntu8 Anyone can help me, please ? Thanks. -- Clément Février http://www.forumanalogue.fr/ Président d'Ubuntu-Lyon http://www.ubuntu-lyon.org/?accueil - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] webdav : digest authentication
[Thu May 20 18:49:02 2010] [error] [client 127.0.0.1] GROUP: clement not in required group(s). sounds like a non-standard module generating this. -- Eric Covener cove...@gmail.com - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] webdav : digest authentication
Le 21/05/2010 18:40, Eric Covener a écrit : [Thu May 20 18:49:02 2010] [error] [client 127.0.0.1] GROUP: clement not in required group(s). sounds like a non-standard module generating this. What do you mean ? I didn't add a mods manually. I enabled all mods by the command line a2enmod. If it cans help, the list of enabled mods : alias.load auth_basic.load auth_digest.load authn_file.load auth_pam.load auth_sys_group.load authz_default.load authz_groupfile.load authz_host.load authz_user.load autoindex.load cgi.load dav_fs.load dav.load deflate.load dir.load env.load headers.load mime.load negotiation.load perl.load php5.load python.load reqtimeout.load rewrite.load setenvif.load status.load userdir.load -- Clément Février http://www.forumanalogue.fr/ Président d'Ubuntu-Lyon http://www.ubuntu-lyon.org/?accueil - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] webdav : digest authentication
2010/5/21 Clément Février clem...@forumanalogue.fr: Le 21/05/2010 18:40, Eric Covener a écrit : [Thu May 20 18:49:02 2010] [error] [client 127.0.0.1] GROUP: clement not in required group(s). sounds like a non-standard module generating this. What do you mean ? I didn't add a mods manually. I enabled all mods by the command line a2enmod. If it cans help, the list of enabled mods : alias.load auth_basic.load auth_digest.load authn_file.load auth_pam.load auth_sys_group.load authz_default.load authz_groupfile.load that's a list of files, not modules. auth_sys_group and auth_pam sure like like modules that aren't part of the Apache distribution. apache2ctl -M reports modules actually loaded by the config. -- Eric Covener cove...@gmail.com - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] webdav : digest authentication
Le 21/05/2010 19:20, Eric Covener a écrit : 2010/5/21 Clément Févrierclem...@forumanalogue.fr: Le 21/05/2010 18:40, Eric Covener a écrit : [Thu May 20 18:49:02 2010] [error] [client 127.0.0.1] GROUP: clement not in required group(s). sounds like a non-standard module generating this. What do you mean ? I didn't add a mods manually. I enabled all mods by the command line a2enmod. If it cans help, the list of enabled mods : alias.load auth_basic.load auth_digest.load authn_file.load auth_pam.load auth_sys_group.load authz_default.load authz_groupfile.load that's a list of files, not modules. auth_sys_group and auth_pam sure like like modules that aren't part of the Apache distribution. apache2ctl -M reports modules actually loaded by the config. ok, I didn't know there is a difference between the list of file into the repertory mods-enabled and the real enabled mods. The true list : apache2ctl -M Loaded Modules: core_module (static) log_config_module (static) logio_module (static) mpm_prefork_module (static) http_module (static) so_module (static) alias_module (shared) auth_basic_module (shared) auth_digest_module (shared) auth_pam_module (shared) auth_sys_group_module (shared) authn_file_module (shared) authz_default_module (shared) authz_groupfile_module (shared) authz_host_module (shared) authz_user_module (shared) autoindex_module (shared) cgi_module (shared) dav_module (shared) dav_fs_module (shared) deflate_module (shared) dir_module (shared) env_module (shared) headers_module (shared) mime_module (shared) negotiation_module (shared) perl_module (shared) php5_module (shared) python_module (shared) reqtimeout_module (shared) rewrite_module (shared) setenvif_module (shared) status_module (shared) userdir_module (shared) Syntax OK I see the auth_sys_group and auth_pam mods. I don't add the both. You said it's not a part of apache distribution. Maybe it's a particular case of ubuntu package. -- Clément Février http://www.forumanalogue.fr/ Président d'Ubuntu-Lyon http://www.ubuntu-lyon.org/?accueil - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] server configuration for 5000 hits per second
Dear all, We have a web application with about 5000 hits per second. The apache server is running on Red Hat AS 4.x with version 2.0.52 and prefork MPM. The question I have is, how I should configure prefork to manage this amount of requests. I had something like that in mind: IfModule prefork.c StartServers 100 MinSpareServers 10 MaxSpareServers 10 ServerLimit 8000 MaxClients 5120 MaxRequestsPerChild 2000 /IfModule As the requests are only some kind of ping do I also plan to disable KeepAlive. Do you think this will work, or do you have any other suggestion? Thanks and all the best, Si - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Re: Virtual Directory tree for ftp access
awesome,so simple I am upset with myself for not trying it. I've tried creating url links, lnk links, nothing worked, can't believe I never thought of it. Seems to work a treat, must remember to add new directories though, would be nice for it to happen automatically. On Fri, May 21, 2010 at 4:50 PM, Jorge Schrauwen jorge.schrau...@gmail.comwrote: Have you tried creating an empty directory called movies? All I can think of. Jorge On Fri, May 21, 2010 at 5:29 PM, bma srcds bma.sr...@googlemail.comwrote: Hi. I have not heard anything on this yet, anyone ot any ideas? Would rewrite offer a solution? Thanks On Fri, Apr 30, 2010 at 4:54 PM, Stuart Kenworthy bma.sr...@googlemail.com wrote: OS – Windows XP SP3 Apache httpd version - 2.2.14 Mod_ftp version - 0.9.7 I am currently running an apache http web server with the configuration above and would like to implement the mod_ftp functionality within it. I would like to know if there is any way to create a virtual directory tree to represent folders accessible by the users that are outside that users homedir or document root. A brief representation below C:/ |-ftp/ |-documentroot/ |-user1/ |-welcome.txt D:/ |-media/ |-video/ |-tournement1.avi |-presentation1.avi Ftpd.conf has the following alias entry Alias /movies D:/media/video At present the user logs into the server with ftp://us...@mydomain.com And sees a directory containing only “welcome.txt”, this can be either through a web interface or through a client like filezilla. In order to see the video directory the user has to put in ftp://us...@mydomain.com/movies Is there any way to create a virtual representation to the movies alias within user1’s home directory so using either a web interface or client they would see this structure ftp://us...@mydomain.com |-welcome.txt |-movies |-tournement1.avi |-presentation1.avi I currently user filezillas ftp server and wish to merge the ftp and http functions together within apache. Filezilla has the capability to create virtual directory trees and is the only thing I cannot figure out how to do on apache’s mod_ftp. Thanks
Re: [us...@httpd] server configuration for 5000 hits per second
- Reber Simon li...@cgi-net.ch wrote: Dear all, We have a web application with about 5000 hits per second. The apache server is running on Red Hat AS 4.x with version 2.0.52 and prefork MPM. 2.2 with worker MPM should be well able to deliever substantially better performance, do you have to use the OS httpd? The question I have is, how I should configure prefork to manage this amount of requests. I had something like that in mind: IfModule prefork.c StartServers 100 MinSpareServers 10 MaxSpareServers 10 ServerLimit 8000 MaxClients 5120 MaxRequestsPerChild 2000 /IfModule Is there good reason to keep MaxRequestsPerChild this low? It means rather frequent recycling As the requests are only some kind of ping do I also plan to disable KeepAlive. Especially with KeepAlive Off. Do you think this will work, or do you have any other suggestion? It all depends on what kind of service you're offering, what it does, how long a request takes to process, what kind of hardware it's running on, etc.. Thanks and all the best, Si Bye, -- Igor Galić Tel: +43 (0) 699 122 96 338 Fax: +43(0) 1 91 333 41 Mail: i.ga...@brainsware.org URL: http://brainsware.org/ - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Connections hanging...
- Tony Anecito adanec...@yahoo.com wrote: Hi All, When load testing against a system that uses Apache we notice an extra-ordinary issue where we had quite a few connections. While not unexpected we were concerned. I ran a manual test against Apache and discovered sometimes connections would last exactly 30 seconds when closing them which turned out to be the same setting for WAIT_TIME for tcpip settings in my windows registry. I noticed the connection issue when closing connetions for IE 7. I also did not see the same issue with the latest version of FireFox but then I suspect it does not use the WAIT_TIME setting to obtain faster disconnect times for tcpip sockets? Depending on how a connection is closed (I suppose), WAIT_TIME is the state a socket connection will linger in, before the OS allows the port to be reused. So I am not sure what the issue is if Apache is responding slowly to socket disconnects. Performance wise when viewing pages this 30 seconds is not visible to the user but I am concerned about socket availability. Unless you have KeepAlive Off, and are planning to serve more than 30K connections concurrently, this shouldn't be an issue. Thanks, -Tony -- Igor Galić Tel: +43 (0) 699 122 96 338 Fax: +43(0) 1 91 333 41 Mail: i.ga...@brainsware.org URL: http://brainsware.org/ - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] mod_rewrite/mod_ssl questions
Hello group, I am working on the mod_ssl configuration on a website and trying to achieve following: When a user accesses a page posting sensitive data to the server, the page should be accessed in httpS mode. What I am doing to achieve this is that I have a set of rewrite rules that will match the URI and invoke the httpS page. [1] This seems to be working fine. The problem I am facing is that when in httpS mode I select a page that is supposed to be accessed in http mode, apache still calls it in httpS mode. I have added some rewrite rules to prevent this [2], but they somehow get ignored. Example: Being in httpS://localhost/myapp/user/register I click on the linked home page logo image and expect to be resent to http://localhost/myapp/ but land instead in httpS://localhost/myapp/ I would appreciate if you can suggest a more elegant solution from your own experience of a fix to my config below. Many thanks in anticipation. Beto # # # RewriteLog /private/var/log/apache2/rewrite.log RewriteLogLevel 9 Options +FollowSymlinks RewriteEngine on #[1] all /user, /subscription and /login pages should be served in https RewriteCond %{HTTPS} =on [OR] RewriteCond %{HTTPS} !=on RewriteRule ^(.+)$ - [env=ps:https] RewriteRule ^.*/user(.*) %{ENV:ps}://%{HTTP_HOST}%{REQUEST_URI} [R,L] RewriteRule ^.*/subscription(.*) %{ENV:ps}://%{HTTP_HOST}%{REQUEST_URI} [R,L] RewriteRule ^.*/login(.*) %{ENV:ps}://%{HTTP_HOST}%{REQUEST_URI} [R,L] #[2] For all other pages, if in https mode, serve the page in http mode. RewriteCond %{HTTPS} =on RewriteCond %{REQUEST_URI} !^/(user.*|login.*|subscription.*) RewriteRule ^(.+)$ - [env=ps:http] RewriteRule ^(.+)$ %{ENV:ps}://%{HTTP_HOST}%{REQUEST_URI} [R,L] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] mod_rewrite/mod_ssl questions
Hi, the problem is that if a site which shouldn't be served by https is called by http your first rewriterule sets ps:https but the first rewriterule after #[2] isn't used because HTTPS is not on. I think you can also have your desired effect much more easier like this: #[1] all /user, /subscription and /login pages should be served in https RewriteRule /user https://%{HTTP_HOST}%{REQUEST_URI} [R,L] RewriteRule /subscription https://%{HTTP_HOST}%{REQUEST_URI} [R,L] RewriteRule /login https://%{HTTP_HOST}%{REQUEST_URI} [R,L] #[2] For all other pages, if in https mode, serve the page in http mode. RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R,L] Kind regards Reinhard On 21/05/10 22:58, Beto Limoun wrote: Hello group, I am working on the mod_ssl configuration on a website and trying to achieve following: When a user accesses a page posting sensitive data to the server, the page should be accessed in httpS mode. What I am doing to achieve this is that I have a set of rewrite rules that will match the URI and invoke the httpS page. [1] This seems to be working fine. The problem I am facing is that when in httpS mode I select a page that is supposed to be accessed in http mode, apache still calls it in httpS mode. I have added some rewrite rules to prevent this [2], but they somehow get ignored. Example: Being in httpS://localhost/myapp/user/register I click on the linked home page logo image and expect to be resent to http://localhost/myapp/ but land instead in httpS://localhost/myapp/ I would appreciate if you can suggest a more elegant solution from your own experience of a fix to my config below. Many thanks in anticipation. Beto # # # RewriteLog /private/var/log/apache2/rewrite.log RewriteLogLevel 9 Options +FollowSymlinks RewriteEngine on #[1] all /user, /subscription and /login pages should be served in https RewriteCond %{HTTPS} =on [OR] RewriteCond %{HTTPS} !=on RewriteRule ^(.+)$ - [env=ps:https] RewriteRule ^.*/user(.*) %{ENV:ps}://%{HTTP_HOST}%{REQUEST_URI} [R,L] RewriteRule ^.*/subscription(.*) %{ENV:ps}://%{HTTP_HOST}%{REQUEST_URI} [R,L] RewriteRule ^.*/login(.*) %{ENV:ps}://%{HTTP_HOST}%{REQUEST_URI} [R,L] #[2] For all other pages, if in https mode, serve the page in http mode. RewriteCond %{HTTPS} =on RewriteCond %{REQUEST_URI} !^/(user.*|login.*|subscription.*) RewriteRule ^(.+)$ - [env=ps:http] RewriteRule ^(.+)$ %{ENV:ps}://%{HTTP_HOST}%{REQUEST_URI} [R,L] - The official User-To-User support forum of the Apache HTTP Server Project. SeeURL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org