[users@httpd] disable cache for a virtualhost
Hi I have a apache 2.2.17 configured as a reverse proxy with mod_cache and mod_disk_cache. I need to disable cache for a certains virtualhosts but cache enable/disable in a reverse proxy configuration allow me to do this on the path level. Is there a way do disable cache for a certain vhost name on the proxy ? Thanks Alex - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] FilesMatch does nothing
Hi I run several servers and sometimes for some of them, directives in FilesMatch seem never to be executed. Problems come when apache is the frontend of other servers such as tomcat or play framework, through mod_jk or mod_proxy. Are there known issues about that ? Some conflicts with mod_rewrite and/or mod_alias ? Thanks I run apache 2.2 -- Sébastien Moretti - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] FilesMatch does nothing
On Mon, May 9, 2011 at 9:00 AM, Sébastien Moretti wrote: > Hi > > I run several servers and sometimes for some of them, directives in > FilesMatch seem never to be executed. > > Problems come when apache is the frontend of other servers such as tomcat or > play framework, through mod_jk or mod_proxy. In Apache terms, these requests don't match any Directory or Files containers because they're not mapped to any Directory or file. Pieces of the URL aren't files. Use Location/LocationMatch. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] FilesMatch does nothing
Hi I run several servers and sometimes for some of them, directives in FilesMatch seem never to be executed. Problems come when apache is the frontend of other servers such as tomcat or play framework, through mod_jk or mod_proxy. In Apache terms, these requests don't match any Directory or Files containers because they're not mapped to any Directory or file. Pieces of the URL aren't files. Use Location/LocationMatch. I should use LocationMatch everywhere, it will be less ambiguous for my mind. Thanks Eric -- Sébastien Moretti - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Chroot a virtual host
Hello, On 20.04.11 00:47, --[ UxBoD ]-- wrote: > I have noticed that when running Joomla, or in-fact any browsing capable > PHP code, I am able to navigate above my virtual host document root and > look at other virtual host files. > > How would one stop this ? I have taken a look at mod_chroot but that does > not seem to work as ChrootDir can only be used in the main configuration > and not in the VirtualHost directive. just a 1.5 months ago this question was asked and (imho) answered. Usually the PHP scripts are run under the same user apache runs as, so they have the same permissions. You can limit files which can a PHP script access by using PHP directives open_basedir and doc_root. You can run peruses MPM wich apathe 2.2. You can also run PHP as CGI using suexec, but that's a bit ineffective. I don't know how does FastCGI work. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. (R)etry, (A)bort, (C)ancer - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] FilesMatch does nothing
On Mon, May 9, 2011 at 9:13 AM, Sébastien Moretti wrote: >>> Hi >>> >>> I run several servers and sometimes for some of them, directives in >>> FilesMatch seem never to be executed. >>> >>> Problems come when apache is the frontend of other servers such as tomcat >>> or >>> play framework, through mod_jk or mod_proxy. >> >> In Apache terms, these requests don't match any Directory or Files >> containers because they're not mapped to any Directory or file. >> Pieces of the URL aren't files. >> >> Use Location/LocationMatch. > > I should use LocationMatch everywhere, it will be less ambiguous for my > mind. > > Thanks Eric > FWIW -- The manual cautions against this, since you might accidentally expose a resource on a 2nd URL (or via some 'equivalent URL?') and have access control mis-applied. -- Eric Covener cove...@gmail.com - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] FilesMatch does nothing
Hi I run several servers and sometimes for some of them, directives in FilesMatch seem never to be executed. Problems come when apache is the frontend of other servers such as tomcat or play framework, through mod_jk or mod_proxy. In Apache terms, these requests don't match any Directory or Files containers because they're not mapped to any Directory or file. Pieces of the URL aren't files. Use Location/LocationMatch. I should use LocationMatch everywhere, it will be less ambiguous for my mind. Thanks Eric FWIW -- The manual cautions against this, since you might accidentally expose a resource on a 2nd URL (or via some 'equivalent URL?') and have access control mis-applied. I mainly take care of access control issues at the OS level and use FileMatch or LocationMatch for HTTP header issues. But I have definitely to take care of that. Thanks again -- Sébastien Moretti - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] FilesMatch does nothing
On May 9, 2011 9:21 , Eric Covener wrote: On Mon, May 9, 2011 at 9:13 AM, Sébastien Moretti wrote: I run several servers and sometimes for some of them, directives in FilesMatch seem never to be executed. Problems come when apache is the frontend of other servers such as tomcat or play framework, through mod_jk or mod_proxy. In Apache terms, these requests don't match any Directory or Files containers because they're not mapped to any Directory or file. Pieces of the URL aren't files. Use Location/LocationMatch. I should use LocationMatch everywhere, it will be less ambiguous for my mind. FWIW -- The manual cautions against this, since you might accidentally expose a resource on a 2nd URL (or via some 'equivalent URL?') and have access control mis-applied. Or to put this another way... Location and LocationMatch don't really control access to resources, they control access via specific resource names; they leave resources accessible via other names / means. Directory and DirectoryMatch, on the other hand, protect the actual filesystem resources. -- Mark Montague m...@catseye.org - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Incomplete file downloads if Apache HTTPD is killed
> >< if a server is killed (SIGKILL) during a "large" static file transfer, then > >> the client is not notified by his browser that file has not been completely > >> downloaded. On Win it just says it is not a valid Win32 application or > >> corrupted or sth. > >> Now I know this is not a general problem and a graceful restart is the way > >> to go around this, but if I do an upgrade then proper restart is required, > >> or at least I think I remember I had problems with graceful restart in such > >> situations. > >> > > > > Sending a SIGKILL is an unfriendly way to end a process -- it causes the > > kernel to immediately terminate the process, without giving the process any > > chance to clean up. SIGKILL is thus not one of the signals handled > > specially by Apache HTTP Server. For a list of the signals that are handled > > specially, see http://httpd.apache.org/docs/2.2/stopping.html On 20.04.11 20:19, Bostjan Skufca wrote: > Sending SIGKILL was just a way to simulate apachectl stop, which sends > SIGTERM and then if after 10s some children still did not exit, parent sends > SIGKILL to them. So that was bad way to simulate "apachectl stop" just because of the above. I think with 2.2 it even is not true, because apache2 has own way to configure shutdown timeouts, the GracefulShutdownTimeout directive. While talking about killed server and knowing that the file was transferred - It's often impossible to know. The chunked encoding or the Content-Length header are needed to know if the whole file was transfered. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. WinError #9: Out of error messages. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Incomplete file downloads if Apache HTTPD is killed
On 9 May 2011 15:44, Matus UHLAR - fantomas wrote: > So that was bad way to simulate "apachectl stop" just because of the above. > I think with 2.2 it even is not true, because apache2 has own way to > configure shutdown timeouts, the GracefulShutdownTimeout directive. Yes, timeout is configurable, but that was the only lie there:) > While talking about killed server and knowing that the file was > transferred - It's often impossible to know. The chunked encoding or the > Content-Length header are needed to know if the whole file was transfered. Chunked content encoding does not help here. Also, my experiments with few popular browsers has shown that they don't even try to support Content-Length correctly. I've been watching HTTP headers and correct Content-Length was specified, then I started a download and then killed the HTTPD child that served the download request before the download was completed. AND browsers did not even complain about failed download, they just stopped downloading with message "Download complete" or (if I selected to run the executable) complained about downloaded file being corrupt, but not incomplete. It does not work with gzip and Firefox too, just tried it. "Download complete." So here is the question again - is there something one can do with Apache (or Linux/other OS) that will change browser's behaviour in a way that it will report incomplete download to the user? Thank you for your time BTW, b. > > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > WinError #9: Out of error messages. > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Dropped packets and 408 responses
Hello everyone, We've got a customer that's got a flakey network that's dropping packets. This has resulted in a few weird errors coming out of our Apache setup that I'm trying to work out if I can tweak to avoid. The sequence of events is essentially: 1) Client issues a POST from a file upload form. All headers arrive in the first packet, but no request body yet. 2) There is a pause of 10 seconds, no further data arrives 3) Apache issues a "302 Found" response 4) A few seconds later, we finally get packets for the original request body, flagged as TCP retransmissions, so the originals were sent, but got lost 5) Apache now complains with "501 Invalid Method" and this is what our customer ends up seeing in their browser. Issue 47087 (https://issues.apache.org/bugzilla/show_bug.cgi?id=47087) explains why I get the 501 at the end (fallback to HTTP/0.9) The question is, why is Apache returning the "302 Found" response rather than a "408 Client timeout" in step 3? The POST issued in step 1 has the appropriate Content-Length header. The timing of the "302 Found" response doesn't seem to align with the values of "Timeout" or "KeepAliveTimeout" that I have configured (15 sec and 300 sec). Has anyone seen this sequence of events before and knows a workaround to avoid it? daniel - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Dropped packets and 408 responses
On Mon, May 9, 2011 at 3:01 PM, TRAFx Research wrote: > Hello everyone, > > We've got a customer that's got a flakey network that's dropping > packets. This has resulted in a few weird errors coming out of our > Apache setup that I'm trying to work out if I can tweak to avoid. > > The sequence of events is essentially: > > 1) Client issues a POST from a file upload form. All headers > arrive in the first packet, but no request body yet. > 2) There is a pause of 10 seconds, no further data arrives > 3) Apache issues a "302 Found" response Do you use any apache SSO modules for form-based login by any chance? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Dropped packets and 408 responses
On Mon, May 9, 2011 at 13:11, Eric Covener wrote: > > Do you use any apache SSO modules for form-based login by any chance? > > Nope, no SSO or form-based login in use anywhere.
