[users@httpd] Detection of apache2 shared memory segment
Dear users, sometimes my server could not be started correctly because of shared memory segment still exists on the Linux machine: linux:/usr/sbin # ipcs -m -- Shared Memory Segments keyshmid owner perms bytes nattch status 0x0310 32768 root 6661 1 0x01071f96 744751107 root 600262144 6 0x52574803 744685572 root 666107724817 0x 229381 root 600655360 2 0x 262150 gdm 600196608 2 dest linux:/usr/sbin # How can I recognize what shared memory segment belongs to apache2 webserver? Thank you in advance. -- Best Regards / S pozdravem Petr Hracek - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Add a Alias
Hello, I am trying to configure a site, I want to add a Alias. This way it works well: VirtualHost *:80 ServerAdmin mymail ServerName site1.mydomain.com DocumentRoot /usr/share/site1 Directory / Options FollowSymLinks AllowOverride All /Directory Directory /usr/share/site1/ Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all /Directory ErrorLog ${APACHE_LOG_DIR}/error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined /VirtualHost But I want to get my web from http://site1.domain.com and http://server/site1, so I add this line: Alias /site1 /usr/share/site1 But it doesn't work, how could I do that? Thanks and best regards. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Add a Alias
Hi, Doesn't work, but what happens? http gives you an error? You can do a redirect. Regards, Hugo Gomes On Tue, 2011-10-04 at 10:32 +0200, Josu Lazkano wrote: Hello, I am trying to configure a site, I want to add a Alias. This way it works well: VirtualHost *:80 ServerAdmin mymail ServerName site1.mydomain.com DocumentRoot /usr/share/site1 Directory / Options FollowSymLinks AllowOverride All /Directory Directory /usr/share/site1/ Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all /Directory ErrorLog ${APACHE_LOG_DIR}/error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined /VirtualHost But I want to get my web from http://site1.domain.com and http://server/site1, so I add this line: Alias /site1 /usr/share/site1 But it doesn't work, how could I do that? Thanks and best regards. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org -- * Hugo Gomes LIP Av. Elias Garcia 14, 1º 1000-149 Lisboa, Portugal Telef.: +351- 217 998 587 URL: http://www.lip.pt E-mail: h...@lip.pt * - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Could Apache login support CAPTCHA and lockout?
We have bunches of web applications which use the regular Apache login protection, and they won't run unless REMOTE_USER is set by the Apache login. Limit GET require valid-user /Limit Limit POST PUT DELETE require valid-user /Limit AuthName O-Visitor AuthUserFile /usr/appl/cgi/.htpasswd AuthType Basic Looking at improving security, it would seem that it would be much harder to conduct brute-force attacks on these systems if we could configure Apache login to do two things: A. Present the CAPTCHA style validation prompt as part of the login, to make it difficult for scripted attacks to proceed; B. Lockout an individual username in the .htpasswd file after X failed login attempts. Are there flavors of linux apache which have modules to provide this? Neal Rhodes MNOP Ltd
Re: [users@httpd] setting mod_fcgid tmp directory?
On Fri, 30 Sep 2011 01:30:14 -0700 Wade Evans wrote: what happens when you set TEMP? -w unfortunately that doesn't do anything either, still fcgid creates /tmp/fcgid. apr tries for a writable temp dir in this order -- sure you had the native envvar set? const char *try_envs[] = { TMPDIR, TMP, TEMP}; const char *try_dirs[] = { /tmp, /usr/tmp, /var/tmp }; sorry late reply. i am not sure what you mean by native envvar, as i try to set different tmp pathes for different vhosts, or maybe i misunderstand what you mean. i tried SetEnv with TMPDIR TMP and TEMP in the vhost and all of them seem to be ignored. startx - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] setting mod_fcgid tmp directory?
On Tue, Oct 4, 2011 at 9:22 AM, startx sta...@plentyfact.org wrote: On Fri, 30 Sep 2011 01:30:14 -0700 Wade Evans wrote: what happens when you set TEMP? -w unfortunately that doesn't do anything either, still fcgid creates /tmp/fcgid. apr tries for a writable temp dir in this order -- sure you had the native envvar set? const char *try_envs[] = { TMPDIR, TMP, TEMP}; const char *try_dirs[] = { /tmp, /usr/tmp, /var/tmp }; sorry late reply. i am not sure what you mean by native envvar, as i try to set different tmp pathes for different vhosts, or maybe i misunderstand what you mean. i tried SetEnv with TMPDIR TMP and TEMP in the vhost and all of them seem to be ignored. I don't think those will work, they need to be set as real environment variables outside of httpd (e.g. bin/envvars file or exported before calling apachectl) - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Track + Trace HTTP Methods
I know I've read in the past that the TRACK method is not supported by Apache. Is that correct? Anyone have a reference they could point me to that explains that?I just need something to point our engineering group to to explain that only TraceEnable Off is needed (not the rewrite rule).
[users@httpd] Limit + LimitExcept Blocks?
Isn't it redundant to have *both* a Limit and LimitExcept if all you're trying to do is limit HTTP methods for everything on a given httpd to only GET POST HEAD? Directory / Options FollowSymLinks AllowOverride None Limit GET POST HEAD Order allow,deny Allow from all /Limit LimitExcept GET POST HEAD Order Deny,Allow Deny from all /LimitExcept /Directory
Re: [users@httpd] Limit + LimitExcept Blocks?
Yes it is keep the LimitExcept only. On Oct 5, 2011 1:41 AM, Nick Tkach ntk...@gmail.com wrote: Isn't it redundant to have *both* a Limit and LimitExcept if all you're trying to do is limit HTTP methods for everything on a given httpd to only GET POST HEAD? Directory / Options FollowSymLinks AllowOverride None Limit GET POST HEAD Order allow,deny Allow from all /Limit LimitExcept GET POST HEAD Order Deny,Allow Deny from all /LimitExcept /Directory
Re: [users@httpd] Track + Trace HTTP Methods
On October 4, 2011 10:09 , Nick Tkach ntk...@gmail.com wrote: I know I've read in the past that the TRACK method is not supported by Apache. Is that correct? Anyone have a reference they could point me to that explains that?I just need something to point our engineering group to to explain that only TraceEnable Off is needed (not the rewrite rule). As far as I know, that is correct: Apache HTTP Server does not implement the TRACK method. I don't know of any reference that explains this, but you can check the source code: see the function ap_method_registry_init() in the file modules/http/http_protocol.c If you are looking at the latest (unreleased) source code, then see lines 439 - 474 at https://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http/http_protocol.c?view=markup As you can see, TRACK is not in the list of methods registered. You can double-check this by searching all of the Apache HTTP Server source code for the word TRACK as well as for any calls to the function ap_method_register(). ap_method_register() is how modules such as mod_dav add support for new methods to Apache HTTP Server. I hope this helps. -- Mark Montague m...@catseye.org - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Add a Alias
On October 4, 2011 4:32 , Josu Lazkano josu.lazk...@barcelonamedia.org wrote: Hello, I am trying to configure a site, I want to add a Alias. This way it works well: VirtualHost *:80 ServerAdmin mymail ServerName site1.mydomain.com [...] But I want to get my web from http://site1.domain.com and http://server/site1, so I add this line: Alias /site1 /usr/share/site1 But it doesn't work, how could I do that? You could add the directive ServerAlias server so that your name-based virtual host will respond to requests for http://server/ and serve the same content for that URL as for http://site1.domain.com/ If you then also add the alias you give above, then http://server/site1 and http://site1.domain.com/site1 will both serve the same content as http://site1.domain.com/ Note the overlap here. If this is not what you want -- if you want the two sites to not overlap at all -- then you'd have to use multiple virtual hosts (without the ServerAlias directive) to serve http://server/ and http://site1.domain.com You would give the virtual host for http://server/ a different document root (something other than /usr/share/site1) and then use the Alias directive you give above to map the content in /usr/share/site1 to http://server/site1 -- Mark Montague m...@catseye.org - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Can Basic authentication (or equivalent) ask a script to perform the authentication?
Hi all, We have a largish application written in Python / MySQL running under Apache 2.2.x + mod_wsgi (Ubuntu 11.04). Part of the application requires us to deliver large number of documents to each user. Problem being each user has different levels of access (based on roles they have in an application). I hate the idea of having my app generate .htaccess files (like what a lot of popular CMSes do), or streaming the file through a script (would undermine performance). I have looked into using mod_auth_mysql which could do the authentication part, but authorization would be an issue due to the complex rules of our app. Is it possible to configure Apache to ask a script to perform the authentication / authorization but allow Apache to serve the content? Thanks. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Could Apache login support CAPTCHA and lockout?
Hi Neal, I have used http://authmemcookie.sourceforge.net/ previously to create a form based authentication for web sites. The form can be in any scripting language Apache supports so CAPTCHA should be easy to implement. On Tue, Oct 4, 2011 at 11:44 PM, Neal Rhodes ne...@mnopltd.com wrote: We have bunches of web applications which use the regular Apache login protection, and they won't run unless REMOTE_USER is set by the Apache login. Limit GET require valid-user /Limit Limit POST PUT DELETE require valid-user /Limit AuthName O-Visitor AuthUserFile /usr/appl/cgi/.htpasswd AuthType Basic Looking at improving security, it would seem that it would be much harder to conduct brute-force attacks on these systems if we could configure Apache login to do two things: A. Present the CAPTCHA style validation prompt as part of the login, to make it difficult for scripted attacks to proceed; B. Lockout an individual username in the .htpasswd file after X failed login attempts. Are there flavors of linux apache which have modules to provide this? Neal Rhodes MNOP Ltd - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Can Basic authentication (or equivalent) ask a script to perform the authentication?
On Tue, Oct 4, 2011 at 8:51 PM, Devraj Mukherjee dev...@gmail.com wrote: Is it possible to configure Apache to ask a script to perform the authentication / authorization but allow Apache to serve the content? Yes, with mod_wsgi even. http://code.google.com/p/modwsgi/wiki/AccessControlMechanisms - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org