Re: [us...@httpd] apache hanging whole system

2010-05-21 Thread Peter Halicky
Hi everyone,

the problem now seems to be solved - it turned out that it was not a
problem of apache, or php or mysql. The problem was that the hypervisor
where I run the VM with apache started swapping to disk... I killed some
unnecessary VMs and now I haven't seen this problem happen again.

Anyways, big thanks to everyone who replied!

Regards,
Peter

On 17.05.2010 20:54, Peter Halicky wrote:
 Hi Tom,

 PHP:
 The RES size of the apache processes is around 25Mb, which totals to
 about 2Gb with 80 processes. The VM is configured with 3Gb RAM, so
 memory should be OK.

 Mysql:
 This, I think, is the most likely explanation - mysql locks. To avoid
 this, I tried to set max_execution_time in mysql to 10 seconds (i.e. if
 it is locked for 10 seconds, it should terminate the script run and
 hopefully also the mysql session). Maybe I'm too optimistic that it
 would work...

 FastCGI: I am also thinking about this, but I don't have too much
 experience with this. I know there's 'spawn-fcgi' for controlling the
 fastcgi processes, but its capabilities seem quite limited to me - fixed
 number of processes pre-spawned, I'm not sure how this will scale...
 There is PHP-FPM coming, but it's not in the stock PHP yet and is also
 not in the distribution I use (I prefer to use packaged versions of
 everything, I like that I don't need to care about watching security
 advisories and just run the security updates every now and then).

 Anyways, thanks for the suggestions, I'm still waiting for the 'storm'
 to happen. Seems the storms have moved outdoors today, we got a lot of
 rainfall, but no apache storm on my server ;-)

 Thanks again.
 Peter

 On 17.05.2010 19:07, Tom Evans wrote:
   
 Apache is unlikely to hang your whole machine - its normally the 'MP'
 part that has the problems. I don't know about Linux issues though.

 P:

 PHP uses a lot of memory. Run your server for a while, and look at the
 RSS/RES size of the httpd processes. A 'stock' apache process should
 be around 5-10Mb. A process with a nice PHP interpreter can be
 anything from 10Mb to 200Mb - check to see how much yours are.

 When your server gets busy, you're telling apache that it can spawn 80
 children. Does 80 * avg process size fit in your RAM?

 M:

 mysql has locks. It is possible that your web application has locked
 up the DB server in some way - a long running update, or a DB dump,
 etc. If each request coming into the webserver requires a query that
 is blocked, then apache will have to start spawning more children, as
 the requests aren't being completed appropriately.
 This will very quickly turn into a 'perfect storm' :

 queries are blocked in mysql - children dont finish requests -
 apache spawns more children - more queries submitted to mysql -
 slower operating mysql - more queries are blocked in mysql

 This can quickly lead to resource exhaustion. You wouldn't be able to
 connect to apache (no spare children) and there is so little RAM
 available that login cant spawn a tty. You may be just about able to
 ping the box.


 A solution is to not serve PHP in this manner. PHP as FastCGI works
 well, and clearly indicates where the memory is going (eg to PHP or
 Apache) and you can put tighter controls on FastCGI (which would lead
 to slower response times to your webapp, rather than overloading your
 server) than you would want to on apache.

 You could even then run apache with a more resource efficient and
 effective MPM, like worker or (my favourite) event. Apache with the
 event MPM serve all of $JOBs web apps static files and reverse proxies
 to all our app servers, and load never goes above 0.1, ram usage of
 apache never above 150Mb, serving between 2 and 4 million requests a
 day.

 Cheers

 Tom

 -
 The official User-To-User support forum of the Apache HTTP Server Project.
 See URL:http://httpd.apache.org/userslist.html for more info.
 To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   from the digest: users-digest-unsubscr...@httpd.apache.org
 For additional commands, e-mail: users-h...@httpd.apache.org

   
 
 -
 The official User-To-User support forum of the Apache HTTP Server Project.
 See URL:http://httpd.apache.org/userslist.html for more info.
 To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   from the digest: users-digest-unsubscr...@httpd.apache.org
 For additional commands, e-mail: users-h...@httpd.apache.org

   

-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



[us...@httpd] Multi domain certificate and named virtual hosts

2010-05-21 Thread Chris Johnson

 Hi.

 I really need to talk to someone offline who has multi domain certificates 
and
named virtual hosts configured, up and running please.  I'm using CentOS 4.7 and 
5.4 with Apache 2.x.  Help greatly appreciated.


---
Chris Johnson   |Internet: john...@nmr.mgh.harvard.edu
Systems Administrator   |Web:  http://www.nmr.mgh.harvard.edu/~johnson
NMR Center  |Voice:617.726.0949
Mass. General Hospital  |FAX:  617.726.7422
149 (2301) 13th Street  |I'm continually amazed by mankind's seemingly
Charlestown, MA., 02129 USA |infinite capacity for stupidity.Me
---


The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Partners Compliance HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in error
but does not contain patient information, please contact the sender and properly
dispose of the e-mail.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



[us...@httpd] SSL protocol limits ignored?

2010-05-21 Thread Dennis J.

Hi,
I've noticed that my Apache server seems to accept SSLv2 connections even 
though they are supposed to be disabled. From the mod_ssl.conf:


#   SSL Protocol support:
# List the enable protocol levels with which clients will be able to
# connect.  Disable SSLv2 access by default:
SSLProtocol all -SSLv2

I also tried the following in a global context:
SSLProtocol -all +SSLv3 +TLSv1

Still I can connect using SSLv2. I grepped through the config directories 
but these are the only instances of this directive so I'm not sure why the 
configuration doesn't apply. Any ideas?


Regards,
  Dennis

-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



[us...@httpd] Re: Virtual Directory tree for ftp access

2010-05-21 Thread bma srcds
Hi.

I have not heard anything on this yet, anyone ot any ideas? Would rewrite
offer a solution?

Thanks

On Fri, Apr 30, 2010 at 4:54 PM, Stuart Kenworthy
bma.sr...@googlemail.comwrote:

  OS – Windows XP SP3

 Apache httpd version - 2.2.14

 Mod_ftp version - 0.9.7



 I am currently running an apache http web server with the configuration
 above and would like to implement the mod_ftp functionality within it. I
 would like to know if there is any way to create a virtual directory tree to
 represent folders accessible by the users that are outside that users
 homedir or document root. A brief representation below



 C:/

 |-ftp/

 |-documentroot/

 |-user1/

 |-welcome.txt

 D:/

 |-media/

 |-video/

 |-tournement1.avi

 |-presentation1.avi



 Ftpd.conf has the following alias entry



 Alias /movies D:/media/video



 At present the user logs into the server with ftp://us...@mydomain.com



 And sees a directory containing only “welcome.txt”, this can be either
 through a web interface or through a client like filezilla.



 In order to see the video directory the user has to put in
 ftp://us...@mydomain.com/movies



 Is there any way to create a virtual representation to the movies alias
 within user1’s home directory so using either a web interface or client they
 would see this structure



 ftp://us...@mydomain.com

 |-welcome.txt

 |-movies

 |-tournement1.avi

 |-presentation1.avi



 I currently user filezillas ftp server and wish to merge the ftp and http
 functions together within apache. Filezilla has the capability to create
 virtual directory trees and is the only thing I cannot figure out how to do
 on apache’s mod_ftp.



 Thanks



Re: [us...@httpd] Re: Virtual Directory tree for ftp access

2010-05-21 Thread Jorge Schrauwen
Have you tried creating an empty directory called movies? All I can think
of.

Jorge


On Fri, May 21, 2010 at 5:29 PM, bma srcds bma.sr...@googlemail.com wrote:

 Hi.

 I have not heard anything on this yet, anyone ot any ideas? Would rewrite
 offer a solution?

 Thanks

 On Fri, Apr 30, 2010 at 4:54 PM, Stuart Kenworthy 
 bma.sr...@googlemail.com wrote:

  OS – Windows XP SP3

 Apache httpd version - 2.2.14

 Mod_ftp version - 0.9.7



 I am currently running an apache http web server with the configuration
 above and would like to implement the mod_ftp functionality within it. I
 would like to know if there is any way to create a virtual directory tree to
 represent folders accessible by the users that are outside that users
 homedir or document root. A brief representation below



 C:/

 |-ftp/

 |-documentroot/

 |-user1/

 |-welcome.txt

 D:/

 |-media/

 |-video/

 |-tournement1.avi

 |-presentation1.avi



 Ftpd.conf has the following alias entry



 Alias /movies D:/media/video



 At present the user logs into the server with ftp://us...@mydomain.com



 And sees a directory containing only “welcome.txt”, this can be either
 through a web interface or through a client like filezilla.



 In order to see the video directory the user has to put in
 ftp://us...@mydomain.com/movies



 Is there any way to create a virtual representation to the movies alias
 within user1’s home directory so using either a web interface or client they
 would see this structure



 ftp://us...@mydomain.com

 |-welcome.txt

 |-movies

 |-tournement1.avi

 |-presentation1.avi



 I currently user filezillas ftp server and wish to merge the ftp and http
 functions together within apache. Filezilla has the capability to create
 virtual directory trees and is the only thing I cannot figure out how to do
 on apache’s mod_ftp.



 Thanks





[us...@httpd] Connections hanging...

2010-05-21 Thread Tony Anecito
Hi All,

When load testing against a system that uses Apache we notice an extra-ordinary 
issue where we had quite a few connections. While not unexpected we were 
concerned. I ran a manual test against Apache and discovered sometimes 
connections would last exactly 30 seconds when closing them which turned out to 
be the same setting for WAIT_TIME for tcpip settings in my windows registry. I 
noticed the connection issue when closing connetions for IE 7. I also did not 
see the same issue with the latest version of FireFox but then I suspect it 
does not use the WAIT_TIME setting to obtain faster disconnect times for tcpip 
sockets?

So I am not sure what the issue is if Apache is responding slowly to socket 
disconnects. Performance wise when viewing pages this 30 seconds is not visible 
to the user but I am concerned about socket availability.

Thanks,
-Tony




-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



[us...@httpd] webdav : digest authentication

2010-05-21 Thread Clément Février

Hello,

I already asked my question here, but no one replied me.
I try to do a webdav on my server but it doesn't work. I'm using the 
digest authentication.


cadaver http://www.forumanalogue.fr/webdav/
Authentication required for webdav on server `www.forumanalogue.fr':
Username: clement
Password:
Authentication required for webdav on server `www.forumanalogue.fr':
Username: clement
Password:
Could not open collection:
Could not authenticate to server: rejected Digest challenge
dav:/webdav/?

To do this, I enable the three mods :
dav_fs
auth_digest
authn_file

I changed the user/group of the webdav repertory : www-data:www-data

In the virtualhost, I put this section :

Location /webdav/
 Dav On
 AuthType Digest
 AuthName webdav
 AuthDigestDomain /webdav/
 AuthDigestProvider file
 AuthUserFile /home/www/www/.htdigest
 Require valid-user
/Location

I created the password file :
htdigest -c /home/www/www/.htdigest webdav clement

I've got this in the logs :
access.log :

127.0.0.1 - - [20/May/2010:18:48:52 +0200] OPTIONS /webdav/ HTTP/1.1 
401 881 - cadaver/0.23.3 neon/0.29.0
127.0.0.1 - clement [20/May/2010:18:49:02 +0200] OPTIONS /webdav/ 
HTTP/1.1 401 796 - cadaver/0.23.3 neon/0.29.0


error.log :

[Thu May 20 18:49:02 2010] [error] [client 127.0.0.1] GROUP: clement not 
in required group(s).


I don't understand what's wrong in my configuration.

I'm running on Ubuntu 10.04 LTS Lucid Lynx (kernel 2.6.32-22-generic), 
apache version : 2.2.14-5ubuntu8


Anyone can help me, please ?
Thanks.

--
Clément Février
http://www.forumanalogue.fr/
Président d'Ubuntu-Lyon
http://www.ubuntu-lyon.org/?accueil

-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



Re: [us...@httpd] webdav : digest authentication

2010-05-21 Thread Eric Covener
 [Thu May 20 18:49:02 2010] [error] [client 127.0.0.1] GROUP: clement not in
 required group(s).

sounds like a non-standard module generating this.

-- 
Eric Covener
cove...@gmail.com

-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



Re: [us...@httpd] webdav : digest authentication

2010-05-21 Thread Clément Février

Le 21/05/2010 18:40, Eric Covener a écrit :

[Thu May 20 18:49:02 2010] [error] [client 127.0.0.1] GROUP: clement not in
required group(s).


sounds like a non-standard module generating this.

What do you mean ? I didn't add a mods manually. I enabled all mods by 
the command line a2enmod.


If it cans help, the list of enabled mods :
alias.load
auth_basic.load
auth_digest.load
authn_file.load
auth_pam.load
auth_sys_group.load
authz_default.load
authz_groupfile.load
authz_host.load
authz_user.load
autoindex.load
cgi.load
dav_fs.load
dav.load
deflate.load
dir.load
env.load
headers.load
mime.load
negotiation.load
perl.load
php5.load
python.load
reqtimeout.load
rewrite.load
setenvif.load
status.load
userdir.load


--
Clément Février
http://www.forumanalogue.fr/
Président d'Ubuntu-Lyon
http://www.ubuntu-lyon.org/?accueil

-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



Re: [us...@httpd] webdav : digest authentication

2010-05-21 Thread Eric Covener
2010/5/21 Clément Février clem...@forumanalogue.fr:
 Le 21/05/2010 18:40, Eric Covener a écrit :

 [Thu May 20 18:49:02 2010] [error] [client 127.0.0.1] GROUP: clement not
 in
 required group(s).

 sounds like a non-standard module generating this.

 What do you mean ? I didn't add a mods manually. I enabled all mods by the
 command line a2enmod.

 If it cans help, the list of enabled mods :
 alias.load
 auth_basic.load
 auth_digest.load
 authn_file.load
 auth_pam.load
 auth_sys_group.load
 authz_default.load
 authz_groupfile.load

that's a list of files, not modules.  auth_sys_group and auth_pam sure
like like modules that aren't part of the Apache distribution.

apache2ctl -M reports modules actually loaded by the config.

-- 
Eric Covener
cove...@gmail.com

-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



Re: [us...@httpd] webdav : digest authentication

2010-05-21 Thread Clément Février

Le 21/05/2010 19:20, Eric Covener a écrit :

2010/5/21 Clément Févrierclem...@forumanalogue.fr:

Le 21/05/2010 18:40, Eric Covener a écrit :


[Thu May 20 18:49:02 2010] [error] [client 127.0.0.1] GROUP: clement not
in
required group(s).


sounds like a non-standard module generating this.


What do you mean ? I didn't add a mods manually. I enabled all mods by the
command line a2enmod.

If it cans help, the list of enabled mods :
alias.load
auth_basic.load
auth_digest.load
authn_file.load
auth_pam.load
auth_sys_group.load
authz_default.load
authz_groupfile.load


that's a list of files, not modules.  auth_sys_group and auth_pam sure
like like modules that aren't part of the Apache distribution.

apache2ctl -M reports modules actually loaded by the config.



ok, I didn't know there is a difference between the list of file into 
the repertory mods-enabled and the real enabled mods.


The true list :
apache2ctl -M
Loaded Modules:
 core_module (static)
 log_config_module (static)
 logio_module (static)
 mpm_prefork_module (static)
 http_module (static)
 so_module (static)
 alias_module (shared)
 auth_basic_module (shared)
 auth_digest_module (shared)
 auth_pam_module (shared)
 auth_sys_group_module (shared)
 authn_file_module (shared)
 authz_default_module (shared)
 authz_groupfile_module (shared)
 authz_host_module (shared)
 authz_user_module (shared)
 autoindex_module (shared)
 cgi_module (shared)
 dav_module (shared)
 dav_fs_module (shared)
 deflate_module (shared)
 dir_module (shared)
 env_module (shared)
 headers_module (shared)
 mime_module (shared)
 negotiation_module (shared)
 perl_module (shared)
 php5_module (shared)
 python_module (shared)
 reqtimeout_module (shared)
 rewrite_module (shared)
 setenvif_module (shared)
 status_module (shared)
 userdir_module (shared)
Syntax OK

I see the auth_sys_group and auth_pam mods. I don't add the both. You 
said it's not a part of apache distribution. Maybe it's a particular 
case of ubuntu package.


--
Clément Février
http://www.forumanalogue.fr/
Président d'Ubuntu-Lyon
http://www.ubuntu-lyon.org/?accueil

-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



[us...@httpd] server configuration for 5000 hits per second

2010-05-21 Thread Reber Simon
Dear all,

We have a web application with about 5000 hits per second.
The apache server is running on Red Hat AS 4.x with version 2.0.52 and prefork 
MPM.

The question I have is, how I should configure prefork to manage this amount of 
requests.

I had something like that in mind:

IfModule prefork.c
   StartServers 100
   MinSpareServers 10
   MaxSpareServers 10
   ServerLimit 8000
   MaxClients 5120
   MaxRequestsPerChild 2000
/IfModule

As the requests are only some kind of ping do I also plan to disable 
KeepAlive.

Do you think this will work, or do you have any other suggestion?

Thanks and all the best,
Si

-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



Re: [us...@httpd] Re: Virtual Directory tree for ftp access

2010-05-21 Thread bma srcds
awesome,so simple I am upset with myself for not trying it.

I've tried creating url links, lnk links, nothing worked, can't believe I
never thought of it.
Seems to work a treat, must remember to add new directories though, would be
nice for it to happen automatically.
On Fri, May 21, 2010 at 4:50 PM, Jorge Schrauwen
jorge.schrau...@gmail.comwrote:

 Have you tried creating an empty directory called movies? All I can think
 of.

 Jorge



 On Fri, May 21, 2010 at 5:29 PM, bma srcds bma.sr...@googlemail.comwrote:

 Hi.

 I have not heard anything on this yet, anyone ot any ideas? Would rewrite
 offer a solution?

 Thanks

   On Fri, Apr 30, 2010 at 4:54 PM, Stuart Kenworthy 
 bma.sr...@googlemail.com wrote:

  OS – Windows XP SP3

 Apache httpd version - 2.2.14

 Mod_ftp version - 0.9.7



 I am currently running an apache http web server with the configuration
 above and would like to implement the mod_ftp functionality within it. I
 would like to know if there is any way to create a virtual directory tree to
 represent folders accessible by the users that are outside that users
 homedir or document root. A brief representation below



 C:/

 |-ftp/

 |-documentroot/

 |-user1/

 |-welcome.txt

 D:/

 |-media/

 |-video/

 |-tournement1.avi

 |-presentation1.avi



 Ftpd.conf has the following alias entry



 Alias /movies D:/media/video



 At present the user logs into the server with ftp://us...@mydomain.com



 And sees a directory containing only “welcome.txt”, this can be either
 through a web interface or through a client like filezilla.



 In order to see the video directory the user has to put in
 ftp://us...@mydomain.com/movies



 Is there any way to create a virtual representation to the movies alias
 within user1’s home directory so using either a web interface or client they
 would see this structure



 ftp://us...@mydomain.com

 |-welcome.txt

 |-movies

 |-tournement1.avi

 |-presentation1.avi



 I currently user filezillas ftp server and wish to merge the ftp and http
 functions together within apache. Filezilla has the capability to create
 virtual directory trees and is the only thing I cannot figure out how to do
 on apache’s mod_ftp.



 Thanks






Re: [us...@httpd] server configuration for 5000 hits per second

2010-05-21 Thread Igor Galić

- Reber Simon li...@cgi-net.ch wrote:

 Dear all,
 
 We have a web application with about 5000 hits per second.
 The apache server is running on Red Hat AS 4.x with version 2.0.52 and
 prefork MPM.

2.2 with worker MPM should be well able to deliever substantially better
performance, do you have to use the OS httpd?
 
 The question I have is, how I should configure prefork to manage this
 amount of requests.
 
 I had something like that in mind:
 
 IfModule prefork.c
StartServers 100
MinSpareServers 10
MaxSpareServers 10
ServerLimit 8000
MaxClients 5120
MaxRequestsPerChild 2000
 /IfModule

Is there good reason to keep MaxRequestsPerChild this low? It means rather
frequent recycling

 As the requests are only some kind of ping do I also plan to disable
 KeepAlive.

Especially with KeepAlive Off.

 Do you think this will work, or do you have any other suggestion?

It all depends on what kind of service you're offering, what it does, how
long a request takes to process, what kind of hardware it's running on, etc..

 Thanks and all the best,
 Si

Bye,
-- 
Igor Galić

Tel: +43 (0) 699 122 96 338
Fax: +43(0) 1 91 333 41
Mail: i.ga...@brainsware.org
URL: http://brainsware.org/

-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



Re: [us...@httpd] Connections hanging...

2010-05-21 Thread Igor Galić

- Tony Anecito adanec...@yahoo.com wrote:

 Hi All,
 
 When load testing against a system that uses Apache we notice an
 extra-ordinary issue where we had quite a few connections. While not
 unexpected we were concerned. I ran a manual test against Apache and
 discovered sometimes connections would last exactly 30 seconds when
 closing them which turned out to be the same setting for WAIT_TIME for
 tcpip settings in my windows registry. I noticed the connection issue
 when closing connetions for IE 7. I also did not see the same issue
 with the latest version of FireFox but then I suspect it does not use
 the WAIT_TIME setting to obtain faster disconnect times for tcpip
 sockets?

Depending on how a connection is closed (I suppose), WAIT_TIME is the state
a socket connection will linger in, before the OS allows the port to be
reused.

 So I am not sure what the issue is if Apache is responding slowly to
 socket disconnects. Performance wise when viewing pages this 30
 seconds is not visible to the user but I am concerned about socket
 availability.

Unless you have KeepAlive Off, and are planning to serve more than
30K connections concurrently, this shouldn't be an issue.

 Thanks,
 -Tony

-- 
Igor Galić

Tel: +43 (0) 699 122 96 338
Fax: +43(0) 1 91 333 41
Mail: i.ga...@brainsware.org
URL: http://brainsware.org/

-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



[us...@httpd] mod_rewrite/mod_ssl questions

2010-05-21 Thread Beto Limoun
Hello group,

I am working on the mod_ssl configuration on a website and trying to achieve 
following:
When a user accesses a page posting sensitive data to the server, the page 
should be accessed in httpS mode. What I am doing to achieve this is that I 
have a set of rewrite rules that will match the URI and invoke the httpS page. 
[1]
This seems to be working fine.
The problem I am facing is that when in httpS mode I select a page that is 
supposed to be accessed in http mode, apache still calls it in httpS mode. I 
have added some rewrite rules to prevent this [2], but they somehow get 
ignored. 

Example:
Being in httpS://localhost/myapp/user/register
I click on the linked  home page logo image and expect to be resent to 
http://localhost/myapp/ but land instead in httpS://localhost/myapp/

I would appreciate if you can suggest a more elegant solution from your own 
experience of a fix to my config below.

Many thanks in anticipation.

Beto

#
# 
#
RewriteLog /private/var/log/apache2/rewrite.log
RewriteLogLevel 9

Options +FollowSymlinks
RewriteEngine on

#[1] all /user, /subscription and /login pages should be served in https
RewriteCond %{HTTPS} =on [OR]
RewriteCond %{HTTPS} !=on
RewriteRule ^(.+)$ - [env=ps:https]
RewriteRule ^.*/user(.*) %{ENV:ps}://%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteRule ^.*/subscription(.*) %{ENV:ps}://%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteRule ^.*/login(.*) %{ENV:ps}://%{HTTP_HOST}%{REQUEST_URI} [R,L]

#[2] For all other pages, if in https mode, serve the page in http mode.
RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_URI} !^/(user.*|login.*|subscription.*)
RewriteRule ^(.+)$ - [env=ps:http]
RewriteRule ^(.+)$ %{ENV:ps}://%{HTTP_HOST}%{REQUEST_URI} [R,L]


-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



Re: [us...@httpd] mod_rewrite/mod_ssl questions

2010-05-21 Thread Reinhard Vicinus

Hi,

the problem is that if a site which shouldn't be served by https is 
called by http your first rewriterule sets ps:https but the first 
rewriterule after #[2] isn't used because HTTPS is not on.


I think you can also have your desired effect much more easier like this:

#[1] all /user, /subscription and /login pages should be served in https
RewriteRule /user https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteRule /subscription https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteRule /login https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

#[2] For all other pages, if in https mode, serve the page in http mode.
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R,L]

Kind regards
Reinhard


On 21/05/10 22:58, Beto Limoun wrote:

Hello group,

I am working on the mod_ssl configuration on a website and trying to achieve 
following:
When a user accesses a page posting sensitive data to the server, the page 
should be accessed in httpS mode. What I am doing to achieve this is that I 
have a set of rewrite rules that will match the URI and invoke the httpS page. 
[1]
This seems to be working fine.
The problem I am facing is that when in httpS mode I select a page that is 
supposed to be accessed in http mode, apache still calls it in httpS mode. I 
have added some rewrite rules to prevent this [2], but they somehow get ignored.

Example:
Being in httpS://localhost/myapp/user/register
I click on the linked  home page logo image and expect to be resent to 
http://localhost/myapp/ but land instead in httpS://localhost/myapp/

I would appreciate if you can suggest a more elegant solution from your own 
experience of a fix to my config below.

Many thanks in anticipation.

Beto

#
#
#
RewriteLog /private/var/log/apache2/rewrite.log
RewriteLogLevel 9

Options +FollowSymlinks
RewriteEngine on

#[1] all /user, /subscription and /login pages should be served in https
RewriteCond %{HTTPS} =on [OR]
RewriteCond %{HTTPS} !=on
RewriteRule ^(.+)$ - [env=ps:https]
RewriteRule ^.*/user(.*) %{ENV:ps}://%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteRule ^.*/subscription(.*) %{ENV:ps}://%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteRule ^.*/login(.*) %{ENV:ps}://%{HTTP_HOST}%{REQUEST_URI} [R,L]

#[2] For all other pages, if in https mode, serve the page in http mode.
RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_URI} !^/(user.*|login.*|subscription.*)
RewriteRule ^(.+)$ - [env=ps:http]
RewriteRule ^(.+)$ %{ENV:ps}://%{HTTP_HOST}%{REQUEST_URI} [R,L]


-
The official User-To-User support forum of the Apache HTTP Server Project.
SeeURL:http://httpd.apache.org/userslist.html  for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

   



-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org