Re: [users@httpd] Mark cookies as secure?
On 19/02/2013 12:43 AM, Alan Murphy amurp...@tcd.ie wrote: Hi all, I need to mark cookies as secure, I thought I could just use the mod headers directive Header edit set-cookie ^(.*)$ $1;secure But it does not work, am I missing something. Any help would be greatly appreciated, Sent from my iPhone - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org Which apache version??
[users@httpd] mod_proxy timeout problems
Can anyone give any clues as to what might be causing a timeout problem with mod_proxy being used as a reverse proxy to a local app server. This is using httpd 2.2.23 on ubuntu 10.04 LTS i686 I've (hopefully) eliminated the network itself as a source of the problem by testing this with the app server running on the same box as apache, using 127.0.0.1 as the network address in the proxy config. Even like this, I still get occasional '(70007)The timeout specified has expired: proxy: prefetch request body failed to 127.0.0.1:4000 (127.0.0.1)' messages in the logs. The app server shows the socket accept happening at the point the request is made, but then just sticks in a select() call until the timeout occurs (set to 5 seconds). No data is recieved from the apache mod_proxy. The apache logs then get the error message shown above added to them. The connection that mod_proxy is using is plain http, not https. This seems to happen maybe once or twice a day, no apparent pattern with system load, client type, url being requested etc. Is there anywhere that details the different error log messages that mod_proxy can generate, what they actually mean, and possible causes of them. I'm not even sure in this case if 'prefetch request body failed' relates to getting data from the app server or getting it from the web browser client (the error has 'to 127.0.0.1' in it which makes me think it relates to getting data from the app server) Is there any enhanced logging I can add to mod_proxy, for example to show it making the connection, packets sent, packets recieved etc. I just can't see why this timeout fails with mod_proxy not sending any data to the app server. Does mod proxy need the entire request from the browser before it forwards it on (what about requests with large post data? - though that is not the case in these errors). Can it have a long delay between making the connection to the app server and actually starting to transmit the request? Thanks for any hints/tips. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] mod_proxy timeout problems
On 19/02/2013 14:37, Pavel Mateja wrote: Can anyone give any clues as to what might be causing a timeout problem with mod_proxy being used as a reverse proxy to a local app server. This is using httpd 2.2.23 on ubuntu 10.04 LTS i686 I've (hopefully) eliminated the network itself as a source of the problem by testing this with the app server running on the same box as apache, using 127.0.0.1 as the network address in the proxy config. Even like this, I still get occasional '(70007)The timeout specified has expired: proxy: prefetch request body failed to 127.0.0.1:4000 (127.0.0.1)' messages in the logs. The app server shows the socket accept happening at the point the request is made, but then just sticks in a select() call until the timeout occurs (set to 5 seconds). No data is recieved from the apache mod_proxy. The apache logs then get the error message shown above added to them. The connection that mod_proxy is using is plain http, not https. This seems to happen maybe once or twice a day, no apparent pattern with system load, client type, url being requested etc. Is there anywhere that details the different error log messages that mod_proxy can generate, what they actually mean, and possible causes of them. I'm not even sure in this case if 'prefetch request body failed' relates to getting data from the app server or getting it from the web browser client (the error has 'to 127.0.0.1' in it which makes me think it relates to getting data from the app server) Is there any enhanced logging I can add to mod_proxy, for example to show it making the connection, packets sent, packets recieved etc. I just can't see why this timeout fails with mod_proxy not sending any data to the app server. Does mod proxy need the entire request from the browser before it forwards it on (what about requests with large post data? - though that is not the case in these errors). Can it have a long delay between making the connection to the app server and actually starting to transmit the request? Thanks for any hints/tips. Hi, do you use keepalive in your proxy? I had so set something like ProxyTimeout 41 Timeout 40 on proxy and Timeout 45 on backend because there is tiny race when backend closes connection just in the moment proxy tries to reuse that connection. The proxy settings I'm using at the moment are: ProxyRequests Off ProxyErrorOverride On ProxyPreserveHost On ProxyTimeout 600 ProxyVia Off Proxy balancer://appserver BalancerMember http://127.0.0.1:4000 loadfactor=1 max=100 disablereuse=On ProxySet lbmethod=byrequests /Proxy ### Normally the balancer has more than one member, distributed over different servers but whilst trying to get to the bottom of this I've set it to just a single instance on the local box. I've also tried disabling re-use by setting the nokeepalive and 1.0 request options in the location section that sets the reverse proxy: Location /tools/ SetEnv force-proxy-request-1.0 1 SetEnv proxy-nokeepalive 1 ProxyPass balancer://appserver/tools/ /Location Using this the proxy does seem to be closing the connection immediately after each request. With the error I received today (the timeout shown above) it was at the start of a new connection, with no existing open connection to apache. The previous request from the same client had been almost 4 minutes earlier. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Issue with redirection from HTTP to HTTPS
On Tue, Feb 5, 2013 at 7:47 PM, Igor Cicimov icici...@gmail.com wrote: Redirect / https://nikolaskallis.com/ I don't get what your trying to saying. You can't see the difference between Redirect / https://nikolaskallis.com and Redirect / https://nikolaskallis.com/ ??? Still wrestling with this advanced topic apparently: https://issues.apache.org/bugzilla/show_bug.cgi?id=54580 - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Using Alias (mod_alias) with .htaccess files
Hi, everyone, I'm using mod_alias to map URLs to directories that are outside of Apache's DocumentRoot. However, it seems that .htaccess files are being ignored in these directories. File: my-customizations.conf (included in httpd.conf) ## Alias /project-one C:/Users/Ben/Documents/Projects/one-svn/trunk Alias /project-two C:/Users/Ben/Documents/Projects/two-svn/trunk DirectoryMatch ^C:/Users/Ben/Documents/Projects/.*-svn/(trunk|branches|tags)/ Options +Indexes +FollowSymLinks AllowOverride All Include conf/auth.conf /DirectoryMatch ## File: C:/Users/Ben/Documents/Projects/one-svn/trunk/public/.htaccess ## RewriteEngine on Options All RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php?q=$1 [L,QSA] ## The first block seems to have the intended effect. I'm able to access each project at the designated alias, and my authentication rules are applied. This block is definitely effective, because if I remove it, I receive access denied, as expected. However, it appears that the .htaccess file is being ignored entirely. If I cram a bunch of syntactically-invalid junk into the .htaccess file, no error occurs. The directory index file (index.php in this case) is loaded without errors. I see the following excerpt among mod_info's output: In file: C:/Program Files/apache/conf/my-customizations.conf 3: DirectoryMatch ^C:/Users/Ben/Documents/Projects/.*-svn/(trunk|branches|tags)/ 16: Options +Indexes +FollowSymLinks 23: AllowOverride All : /DirectoryMatch Given that AllowOverride All is present, shouldn't the .htaccess file be honored? This post seems to describe the same issue: http://stackoverflow.com/questions/8376590/htaccess-is-ignored-when-using-an-aliased-uri . Unfortunately, the answer doesn't address the fact that the .htaccess file isn't loaded at all, in which case the mod_rewrite peculiarities are irrelevant. I'm using Apache 2.4 on Win32. Any help is very much appreciated. Thank you, -Ben - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Mark cookies as secure?
Apache 2.2 Sent from my iPhone On 19 Feb 2013, at 13:24, Igor Cicimov icici...@gmail.com wrote: On 19/02/2013 12:43 AM, Alan Murphy amurp...@tcd.ie wrote: Hi all, I need to mark cookies as secure, I thought I could just use the mod headers directive Header edit set-cookie ^(.*)$ $1;secure But it does not work, am I missing something. Any help would be greatly appreciated, Sent from my iPhone - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org Which apache version??
Re: [users@httpd] Mark cookies as secure?
2.2.22 Sent from my iPhone On 19 Feb 2013, at 13:24, Igor Cicimov icici...@gmail.com wrote: On 19/02/2013 12:43 AM, Alan Murphy amurp...@tcd.ie wrote: Hi all, I need to mark cookies as secure, I thought I could just use the mod headers directive Header edit set-cookie ^(.*)$ $1;secure But it does not work, am I missing something. Any help would be greatly appreciated, Sent from my iPhone - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org Which apache version??
[users@httpd] htaccess file and computer names
I am using some htaccess files to control access to a few web pages. The htaccess file works if I use the ip address of the computer to grant access, but not its name. Is there another setting to enable for Allow from computername.domain.name to work like using the ip address Allow from ###.###.###.### ? Order deny,allow Deny from all Allow from computername.domain.name //this does not grant access Allow from ###.###.###.### //this grants access The computers and the server are all on the same network Thanks Marc
Re: [users@httpd] htaccess file and computer names
On 19 February 2013 18:49, Marc Fromm marc.fr...@wwu.edu wrote: I am using some htaccess files to control access to a few web pages. The htaccess file works if I use the ip address of the computer to grant access, but not its name. Is there another setting to enable for “Allow from computername.domain.name” to work like using the ip address “Allow from ###.###.###.###” ? ** ** Order deny,allow Deny from all Allow from computername.domain.name //this does not grant access Allow from ###.###.###.### //this grants access ** ** The computers and the server are all on the same network ** ** Thanks ** ** Marc Hello http://httpd.apache.org/docs/2.0/mod/core.html#location Location /status SetHandler server-status Order Deny,Allow Deny from all Allow from .foo.com /Location Hope this helps. All the best Paul -- Perhaps today is a good day to die. Prepare for ramming speed -*Commander **Worf*
Re: [users@httpd] htaccess file and computer names
Hello, DNS names won't work here; because the connection is made by an IP host, for this a reverse DNS request would be neccessary; the apache log files also also don't contain DNS names, just IP addresses; I wouldn't do this, because this decreases performance; Walter On 19.02.2013 19:49, Marc Fromm wrote: I am using some htaccess files to control access to a few web pages. The htaccess file works if I use the ip address of the computer to grant access, but not its name. Is there another setting to enable for Allow from computername.domain.name to work like using the ip address Allow from ###.###.###.### ? Order deny,allow Deny from all Allow from computername.domain.name //this does not grant access Allow from ###.###.###.### //this grants access The computers and the server are all on the same network Thanks Marc smime.p7s Description: S/MIME Cryptographic Signature
Re: [users@httpd] htaccess file and computer names
Op 19 feb. 2013 om 21:01 heeft Walter H. walte...@mathemainzel.info het volgende geschreven: Hello, DNS names won't work here; because the connection is made by an IP host, for this a reverse DNS request would be neccessary; the apache log files also also don't contain DNS names, just IP addresses; Note: This is only true if HostnameLookups is set to off I wouldn't do this, because this decreases performance; Walter On 19.02.2013 19:49, Marc Fromm wrote: I am using some htaccess files to control access to a few web pages. The htaccess file works if I use the ip address of the computer to grant access, but not its name. Is there another setting to enable for “Allow from computername.domain.name” to work like using the ip address “Allow from ###.###.###.###” ? Order deny,allow Deny from all Allow from computername.domain.name //this does not grant access Allow from ###.###.###.### //this grants access The computers and the server are all on the same network Thanks Marc
Re: [users@httpd] Mark cookies as secure?
Any CGI scripts or modules enabled? On Wed, Feb 20, 2013 at 5:00 AM, Alan Murphy amurp...@tcd.ie wrote: 2.2.22 Sent from my iPhone On 19 Feb 2013, at 13:24, Igor Cicimov icici...@gmail.com wrote: On 19/02/2013 12:43 AM, Alan Murphy amurp...@tcd.ie wrote: Hi all, I need to mark cookies as secure, I thought I could just use the mod headers directive Header edit set-cookie ^(.*)$ $1;secure But it does not work, am I missing something. Any help would be greatly appreciated, Sent from my iPhone - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org Which apache version??
[users@httpd] httpd-2.2.23-win32-x86-no_ssl.msi is not available?
I'm searching for httpd-2.2.23-win32-x86-no_ssl.msi file. But I cannot find it. The latest version I found is httpd-2.2.22-win32-x86-no_ssl.msi in http://www.apache.org/dist/httpd/binaries/win32/ . The Apache httpd MSI binary for Windows is no more available? If so, I need to make an MSI binary that contains Apache httpd for myself since my web-based application which is for on-premise package bundles the MSI binary to make it easy to setup my application when the user does not have installed an http server yet. Thanks in advance. -- Yoshinori Sano yoshinori.s...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] httpd-2.2.23-win32-x86-no_ssl.msi is not available?
On 2/19/2013 8:14 PM, Yoshinori Sano wrote: I'm searching for httpd-2.2.23-win32-x86-no_ssl.msi file. But I cannot find it. The latest version I found is httpd-2.2.22-win32-x86-no_ssl.msi in http://www.apache.org/dist/httpd/binaries/win32/ . The Apache httpd MSI binary for Windows is no more available? If so, I need to make an MSI binary that contains Apache httpd for myself since my web-based application which is for on-premise package bundles the MSI binary to make it easy to setup my application when the user does not have installed an http server yet. Thanks in advance. Yoshinori, If you absolutely must have 2.2.23, have a look at http://www.apachelounge.com/download/ . Apache Lounge is more or less the de facto source for Windows binaries (including the most popular third-party modules). You will need to bundle the files into MSI format yourself, however. The availability of binaries has been discussed on this list at great length, and is somewhat of a sore subject, but please do be informed that the Apache Software Foundation does not provide binaries. Generous users create and upload them as a courtesy to the rest of us; as such, our expectations must be kept reasonable. Good luck with your project, -Ben - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Web Hosting - Apache2 Precaution
Dear Apache Experts I am planning to host a site and the environment is CentOS 6. I am planning to use Apache2. I am not comfortble for initial tuning and configuration of Apache2. Basically it is going to be a job site, where people will be registering their profiles, uploading resumes etc. So I can expect, day by day load on server will increase and I must configure it properly. I will be running both Apache server and Apache SOLR search engine as well. 1. How to configure Apache 2 server for stability and best performance. 2. How to configure Apache 2 for handling huge number of users (guest and logged in users). 3. To make sure, Apache 2 server performance does not degrade, do I need to do any cleanup time to time. If there is some good document or link, kindly let me know. Best Regards Austin