[users@httpd] Re: Help with config
Am 13.01.2011 13:41, schrieb Bob Wilson: DocumentRoot C:/Users/User/My Documents/htdocs Directory C:/Users/User/My Documents/htdocs Which doesn't work with error message 'The requested operation has failed!' IMHO My Documents should written as Documents in the config file. Regards, Carsten - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] [mod_fcgid] Question about FcgidCmdOptions (InitialEnv) and session (cookie) problem with PHP
Hello, 1) With FcgidInitialEnv I write: | FcgidInitialEnv FOO C:\\ProgramData\\Foo but with FcgidCmdOptions it's: | FcgidCmdOptions C:/usr/bin/cgi.exe \ |InitialEnv FOO=C:\ProgramData\Foo I have to use a single backslash and not a double backslash as usual. Why? Another problem: How can I set a value with space? e.g: | FcgidInitialEnv FOO C:\\Program Files\\Foo is working. But: |InitialEnv FOO=C:\Program Files\Foo or |InitialEnv FOO=C:\Program Files\Foo not. BTW: It would be nice, if I don't set a variable with FcgidCmdOptions InitialEnv, a variable already set with FcgidInitialEnv would be passed to the FastCGI app. 2) I also have a problem with PHP apps like phpMyAdmin. e.g. Cookie login is not working. After each request a new session file is created in the temp dir. And after a few requests I got a message, that the session can not be started without errors. But nothing in the Apache/PHP logs. Thus I don't know, if this is a PHP or a mod_fcgid problem? Well, with a very simple testscript (from the PHP manual) there is no problem. If I setup PHP as CGI and not as FastCGI, phpMyAdmin is working. It's also working on my Debian box with FastCGI. Current System: Windows 7 32bit Apache 2.2.17 (x86/vc9) mod_fcgid 2.3.6 (x86/vc9) PHP 5.3.5 (x86/vc9) Regards, Carsten - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Help with config
On 14/01/2011 08:28, Joost de Heer wrote: I have changed it to: DocumentRoot C:/Users/User/My Documents/htdocs Windows 7 has pretty strict ACLs on the c:\users directory. Check to see which account is used to run Apache httpd and check to see if this account has access to the directory c:\users\user\My Documents\htdocs. Another way to check this is to move the data to (e.g.) c:\data\htdocs and see if the pages are displayed correctly. If they are, ACL's are almost certain the cause of the problem. Joost - The official User-To-User support forum of the Apache HTTP Server Project. SeeURL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org Thanks for that. moving it to c:\data\htdocs did work so we can assume that it is an ACL problem and nothing to do with apache! Bob - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Re: Help with config
On 14/01/2011 08:01, Carsten Wiedmann wrote: Am 13.01.2011 13:41, schrieb Bob Wilson: DocumentRoot C:/Users/User/My Documents/htdocs Directory C:/Users/User/My Documents/htdocs Which doesn't work with error message 'The requested operation has failed!' IMHO My Documents should written as Documents in the config file. Regards, Carsten - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org Thanks, but we think we've narrowed it down to an ACL problem with the 'user' directory Bob - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Re: Help with config
On 14/01/2011 01:49, DW wrote: See if this helps: http://httpd.apache.org/docs/2.0/urlmapping.html Good luck. Bob Wilson wrote: Can any one help with the initial configuration of Apache? I was told that to make localhost point to a alternative directory I should change both the 'Documentroot' AND 'Directory' paths The original info in httpd.conf works OK DocumentRoot C:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs Directory C:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs I have changed it to: DocumentRoot C:/Users/User/My Documents/htdocs Directory C:/Users/User/My Documents/htdocs Which doesn't work with error message 'The requested operation has failed!' I'm sure that I didn't have this problem with XP but I'm now using Windows 7 Thanks Bob - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org Thanks, we think we've narrowed down to an ACL problem with the 'user' directories Bob - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Re: Help with config
Am 14.01.2011 10:54, schrieb Bob Wilson: DocumentRoot C:/Users/User/My Documents/htdocs IMHO My Documents should written as Documents in the config file. Thanks, but we think we've narrowed it down to an ACL problem with the 'user' directory I don't think so... I guess you don't know how these special folders are working in Vista/7/2008. The real name of this folder is C:/Users/User/Documents/. But in Explorer you see a localized name according to your selected/installed display language. In your case it is C:/Users/User/My Documents/. On my system it is C:/Users/User/Eigene Dateien/. But Apache is always working with the real names. (BTW: There is also a symlink My Documents in C:/Users/User for legacy programs. But this symlink folder should not be used.) e.g I'm having: | DocumentRoot C:/Users/Public/Documents/htdocs | Directory C:/Users/Public/Documents/htdocs and for mod_userdir: | UserDir Documents/public_html | Directory C:/Users/*/Documents/public_html And that's always working regardless if the current user is using English as display language (My Documents) or German (Eigene Dateien), because the real folder name is always Documents. Thanks for that. moving it to c:\data\htdocs did work so we can assume that it is an ACL problem and nothing to do with apache! In this case c:\data\ is always c:\data\, because this is not a special folder and is not localized in Explorer. So you see data in Explorer and it is data in the config file. Regards, Carsten - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] kill hanging CGIs
Hello, we provide our users possibility to upload their own CGI scripts, using suexec (in a limited environment, for security reasons). I found that a user uploaded CGI that calls flock() function which sometimes makes the CGI hang for a long time (hours). Is there possibility to automatically kill such CGI processes after some time, so they won't cross eat our resources (file locks, for example)? Unfortunately this can't be done by usint RlimitCPU because the process does nothing or nearly nothing. Could mod_cgi or suexec kill the process after configured time? The apache version is 2.2.16 (gentoo linux). Thank you P.S. I know that the problem may lie outside of this problem, but I'm afraid that if processes will hang, I will just have to kill them somehow). -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. On the other hand, you have different fingers. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] How to properly block IP ranges server wide?
Joost de Heer wrote: On 01/14/2011 02:40 AM, Norman Peelman wrote: Hello all, I've got a server with name based virtualhosts. I am getting spammers from various countries and would like to block these IP ranges. But I can't seem to figure out how to block them. How can I block them by default for the entire server? Where do I put the: Directory Order Allow,Deny Allow from all Deny from ip range ... Deny from ip range /Directory http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order Allow,Deny First, all Allow directives are evaluated; at least one must match, or the request is rejected. Next, all Deny directives are evaluated. If any matches, the request is rejected. Last, any requests which do not match an Allow or a Deny directive are denied by default. So your rule doesn't block anything, because you have an 'allow all'. So either change the order to 'Order deny,allow' or remove the 'allow from all' line. If you really want to block IP addresses so they can't even reach your webserver, you should use a firewall. Joost - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org Thanks all, wasn't really sure what was going on here... I will take a look at setting up a proper firewall (iptables). -- Norman Registered Linux user #461062 AMD64X2 6400+ Ubuntu 8.04 64bit - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] How to properly block IP ranges server wide?
So your rule doesn't block anything, because you have an 'allow all'. So either change the order to 'Order deny,allow' or remove the 'allow from all' line. The pesudo-config he had is actually correct and Order deny,allow with the rest of his config would be incorrect. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] webservice clustering trouble
Hello, I have deployed 3 tomcat6.0.29 webapps, each of which exposes a webservice, and am using apache2.2 and mod_jk-1.2.31-httpd-2.2.3.so to cluster them - a performance exercise. 1 webapp as well as apache is running on my dev box, and 2 other webapps are running on the dev boxes of my colleagues sitting next to me. I can connect to each webapp (both webapp and webservice) individually, and I can connect to them via my apache as well. (I know that the roundrobin is working, I have a test.jsp that tells me what machine I am currently talking to.) Everything appears to be running fine. I can do individual webservice load tests on each machine individually, without any problems, nothing bad in the logs, expected results, etc. However, when I do a loadtest on the apache port, the 2 remote tomcats start having SEVERE: Invalid message recieved with signature 28276 14-Jan-2011 15:18:45 org.apache.coyote.ajp.AjpMessage processHeader SEVERE: Invalid message recieved with signature 28276 14-Jan-2011 15:18:45 org.apache.coyote.ajp.AjpMessage processHeader SEVERE: Invalid message recieved with signature 28276 14-Jan-2011 15:18:48 org.apache.coyote.ajp.AjpMessage processHeader SEVERE: Invalid message recieved with signature 28276 the above dumps in their logs, load test throughput goes down, and the load test reports errors. The number of errors the loadtest reports matches the number of the SEVERE: Invalid message recieved with signature 28276 lines I get on the 2 remote machines. I am ready to post my config if need be, but wanted to know if someone has come across this before? I can find some reference in the archives which suggests I should update tomcat/apache/java etc but I have the latest versions already. Thank you, Lukas p.s. Apologies if the format of the message is incorrect, this is my first post to this forum. __ Lukas Sklenar t +44 (0)1483 817132 | m +44 (0) 7786 374324 www.detica.com Please consider the environment before printing this email. This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately. Statements of intent shall only become binding when confirmed in hard copy by an authorised signatory. The contents of this email may relate to dealings with other companies within the Detica Limited group of companies. Detica Limited is registered in England under No: 1337451. Registered offices: Surrey Research Park, Guildford, Surrey, GU2 7YP, England. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Bug in Apache 2.0 mod_proxy
I've been using Apache's mod_proxy module recently when I came across a bug. Addresses of the form: www.zappos.com/donald-j-pliner-womens-boots~2 were being converted to www.zappos.com/donald-j-pliner-womens-boots%7E2 When the Zappos servers see a url with %7E in them it will respond with an HTTP 301 Moved Permanently to the same url with a decoded ~. Tshark dump follows: Hypertext Transfer Protocol HTTP/1.1 301 Moved Permanently\r\n [Expert Info (Chat/Sequence): HTTP/1.1 301 Moved Permanently\r\n] [Message: HTTP/1.1 301 Moved Permanently\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Response Code: 301 Server: nginx/0.8.34\r\n Content-Type: text/html\r\n Content-Length: 185\r\n [Content length: 185] Location: /donald-j-pliner-womens-boots~2\r\n X-Core-Value: 6. Build Open and Honest Relationships With Communication\r\n X-Recruiting: If you're reading this, maybe you should be working at Zappos instead. Check out jobs.zappos.com\r\n Vary: Accept-Encoding\r\n Date: Fri, 14 Jan 2011 00:33:56 GMT\r\n Connection: close\r\n \r\n Line-based text data: text/html html\r\n headtitle301 Moved Permanently/title/head\r\n body bgcolor=white\r\n centerh1301 Moved Permanently/h1/center\r\n hrcenternginx/0.8.34/center\r\n /body\r\n /html\r\n Because mod_proxy will always escape ~ into %7E this will quickly lead to an infinite redirect loop (luckily most applications will get the hint quickly). I dug into why this is and came up with the following message: http://marc.info/?l=apache-bugdbm=99926707930303w=2 Digging further I even found a commit to the Apache 2.2 branch: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/proxy/proxy_util.c?view=logpathrev=571456 However, when I looked for a similar change in Apache 2.0.64 I notice it was not present http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/modules/proxy/proxy_util.c?revision=563329view=markup line 137 I assume it just never got back-ported. I went to file a bug on the Apache website, but it suggested I ping this mailing list first (http://httpd.apache.org/bug_report.html) While Zappos' redirection is non-standard, forcing the URLEncoding of the tilde character is not in keeping with RFC 2396 which supersedes RFC 1738 and specifically states: 2.3. Unreserved Characters Data characters that are allowed in a URI but do not have a reserved purpose are called unreserved. These include upper and lower case letters, decimal digits, and a limited set of punctuation marks and symbols. unreserved = alphanum | mark mark= - | _ | . | ! | ~ | * | ' | ( | ) Unreserved characters can be escaped without changing the semantics of the URI, but this should not be done unless the URI is being used in a context that does not allow the unescaped character to appear. There for, I would recommend a similar change to Apache 2.0.x's proxy_util.c in keeping with Apache 2.2.x's revision 571436. Specifically, line 137, which reads: allowed = $-_.+!*'(),;:@=; should read: allowed = ~$-_.+!*'(),;:@=; Thank you for your time. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Re: Bug in Apache 2.0 mod_proxy
Please file all bug reports at this link if you haven't done so for yours: https://issues.apache.org/bugzilla/ hth Sam Rossoff wrote: I've been using Apache's mod_proxy module recently when I came across a bug. Addresses of the form: www.zappos.com/donald-j-pliner-womens-boots~2 were being converted to www.zappos.com/donald-j-pliner-womens-boots%7E2 When the Zappos servers see a url with %7E in them it will respond with an HTTP 301 Moved Permanently to the same url with a decoded ~. Tshark dump follows: Hypertext Transfer Protocol HTTP/1.1 301 Moved Permanently\r\n [Expert Info (Chat/Sequence): HTTP/1.1 301 Moved Permanently\r\n] [Message: HTTP/1.1 301 Moved Permanently\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Response Code: 301 Server: nginx/0.8.34\r\n Content-Type: text/html\r\n Content-Length: 185\r\n [Content length: 185] Location: /donald-j-pliner-womens-boots~2\r\n X-Core-Value: 6. Build Open and Honest Relationships With Communication\r\n X-Recruiting: If you're reading this, maybe you should be working at Zappos instead. Check out jobs.zappos.com\r\n Vary: Accept-Encoding\r\n Date: Fri, 14 Jan 2011 00:33:56 GMT\r\n Connection: close\r\n \r\n Line-based text data: text/html html\r\n headtitle301 Moved Permanently/title/head\r\n body bgcolor=white\r\n centerh1301 Moved Permanently/h1/center\r\n hrcenternginx/0.8.34/center\r\n /body\r\n /html\r\n Because mod_proxy will always escape ~ into %7E this will quickly lead to an infinite redirect loop (luckily most applications will get the hint quickly). I dug into why this is and came up with the following message: http://marc.info/?l=apache-bugdbm=99926707930303w=2 Digging further I even found a commit to the Apache 2.2 branch: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/proxy/proxy_util.c?view=logpathrev=571456 However, when I looked for a similar change in Apache 2.0.64 I notice it was not present http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/modules/proxy/proxy_util.c?revision=563329view=markup line 137 I assume it just never got back-ported. I went to file a bug on the Apache website, but it suggested I ping this mailing list first (http://httpd.apache.org/bug_report.html) While Zappos' redirection is non-standard, forcing the URLEncoding of the tilde character is not in keeping with RFC 2396 which supersedes RFC 1738 and specifically states: 2.3. Unreserved Characters Data characters that are allowed in a URI but do not have a reserved purpose are called unreserved. These include upper and lower case letters, decimal digits, and a limited set of punctuation marks and symbols. unreserved = alphanum | mark mark= - | _ | . | ! | ~ | * | ' | ( | ) Unreserved characters can be escaped without changing the semantics of the URI, but this should not be done unless the URI is being used in a context that does not allow the unescaped character to appear. There for, I would recommend a similar change to Apache 2.0.x's proxy_util.c in keeping with Apache 2.2.x's revision 571436. Specifically, line 137, which reads: allowed = $-_.+!*'(),;:@=; should read: allowed = ~$-_.+!*'(),;:@=; Thank you for your time. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org