Re: [users@httpd] Router change issue
This is all correct. I think I have determined that this router blocks WAN requests from devices on the LAN, something the Airport Express does not do. Everything seems to work now that I have Comcast's router in bridge mode. Thanks for your trying to help me! On Jul 25, 2013, at 4:26 AM, Mauricio Tavares raubvo...@gmail.com wrote: On Wed, Jul 24, 2013 at 5:02 PM, James Coyle jamescoy...@mac.com wrote: I installed a new wireless router last night from Comcast. Previously I had been using an Apple Airport Extreme as a router along with a regular cable modem. I have duplicated the IP scheme on this new router and have opened up the appropriate port so that Apache can serve up my web site, but so far I have had no luck in getting the pages to display. As I said, I've confirmed that the correct port for my web hop via DYNDns is open (port 8102) and it is mapped to my internal IP address. I have not changed my Apache config file or anything else. The only thing I can think of here is that Apache is confused by the change in hardware since both the Airport Extreme and the new Comcast wireless router are/were using the same 10.0.0.x range of addresses. My old Airport is now in bridge mode and is not acting as a router. I need to draw your network. Is this what you have? Internet-[modem] | | [comcast router]---[airport extreme] (10.0.0.0/24) |10.0.0.A 10.0.0.B | FW rule: WAN port 8102 goes to 10.0.0.C port 80 | |10.0.0.C [web server] I am reluctant to call Comcast, first of all because they are Comcast, and secondly because they are now pushing a higher level of paid support that I'm not interested in. I'd appreciate any help anyone could provide. Thanks. I understand completely, which is why I want to make sure I understand your network so I can give suggestions. =) - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Logging Base64 decoded info in access_log
On Fri, Jul 26, 2013 at 12:39:37PM -0700, Jignesh Badani wrote: Thanks Pete, yes, post processing the log file nightly is the option I was considering. I am doing it currently on a per request basis. But I was hoping to avoid it if I could do it in real time by calling on B64 decode on the cookie. I do not see the advantage in doing it in real time over post-processing. The docs are pretty clear on this too. http://httpd.apache.org/docs/2.4/logs.html#piped says As with conditional logging, piped logs are a very powerful tool, but they should not be used where a simpler solution like off-line post-processing is available. which is good advice. Piped logs is an option I did not consider even though I am currently using it for logs rotation. Can you suggest how I can achieve what you are proposing w/o loosing out on the log rotation functionality. I have the following in my httpd config: --- CustomLog |/opt/apache/bin/rotatelogs /opt/apache/logs/access_log 86400 combined env=!dontlog #where dontlog are a couple of load balancers IP address I want to keep out of the access logs. --- If you go against the advice in the documentation and decide to do it with piped logs just use something like CustomLog |/path/to/filterprog | /opt/apache/bin/rotatelogs /opt/apache/logs/access_log 86400 combined env=!dontlog And remember the docs also say: Piped log processes are spawned by the parent Apache httpd process, and inherit the userid of that process. This means that piped log programs usually run as root. It is therefore very important to keep the programs simple and secure. Good luck, Pete -- Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 pgpIkpKQsVEqA.pgp Description: PGP signature
[users@httpd] webdav trigger external script
I have a requirement to fire a script whenever a file is uploaded via webdav. In my case, I'm using this to trigger CSS compression and combining scripts when a user uploads a file. And also to exclude rubbish files like DS_Store. Although I have a current implementation using ftp, I'm having trouble seeing how to make this work with webdav. Ideally I'd like to use mod_dav since it is a mature and robust implementation. I can handle external authentication using mod_authnz_external but that is triggered before the file is uploaded. I need something similar as a post upload event. Thoughts I'd had so far: 1. External webdav implementation implemented as fcgi where I can customise the implementation directly. But then I lose the nice robust mod_dav module. 2. Something that tails the webdav log for certain regex indicating a file was uploaded. Doable, but seems a bit fragile. 3. Some mechanism which allows a single request to trigger the mod_dav module and then automatically fire a request to fcgi where I handle my post processing needs. Am I missing a simple way to do this within mod_dav or other httpd module? Ari -- -- Aristedes Maniatis GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Mod_rewrite END flag does not work for directory index
The END flag for mod_rewrite in Apache 2.4 does not appear to be working correctly. I have a directory named test with a file test.html. I have placed an .htaccess file in the directory with the following content RewriteEngine on RewriteRule ^test$ test.html [NC,QSA,END] RewriteRule ^$ test.html [NC,QSA,END] Here is the rewrite log for the request http://localhost.dev/test/ [...] 10.0.2.2 - - [localhost.dev/sid#2532c00][rid#2a56d60/initial] [perdir /var/www/vhosts/test/] strip per-dir prefix: /var/www/vhosts/test/ - [...] 10.0.2.2 - - [localhost.dev/sid#2532c00][rid#2a56d60/initial] [perdir /var/www/vhosts/test/] applying pattern '^test to uri '' [...] 10.0.2.2 - - [localhost.dev/sid#2532c00][rid#2a56d60/initial] [perdir /var/www/vhosts/test/] strip per-dir prefix: /var/www/vhosts/test/ - [...] 10.0.2.2 - - [localhost.dev/sid#2532c00][rid#2a56d60/initial] [perdir /var/www/vhosts/test/] applying pattern '^ to uri '' [...] 10.0.2.2 - - [localhost.dev/sid#2532c00][rid#2a56d60/initial] [perdir /var/www/vhosts/test/] rewrite '' - 'test.html' [...] 10.0.2.2 - - [localhost.dev/sid#2532c00][rid#2a56d60/initial] [perdir /var/www/vhosts/test/] add per-dir prefix: test.html - /var/www/vhosts/test/test.html [...] 10.0.2.2 - - [localhost.dev/sid#2532c00][rid#2a56d60/initial] [perdir /var/www/vhosts/test/] strip document_root prefix: /var/www/vhosts/test/test.html - /test/test.html [...] 10.0.2.2 - - [localhost.dev/sid#2532c00][rid#2a56d60/initial] [perdir /var/www/vhosts/test/] internal redirect with /test/test.html [INTERNAL REDIRECT] [...] 10.0.2.2 - - [localhost.dev/sid#2532c00][rid#2a44060/subreq] [perdir /var/www/vhosts/test/] strip per-dir prefix: /var/www/vhosts/test/index.php - index.php [...] 10.0.2.2 - - [localhost.dev/sid#2532c00][rid#2a44060/subreq] [perdir /var/www/vhosts/test/] applying pattern '^test to uri 'index.php' [...] 10.0.2.2 - - [localhost.dev/sid#2532c00][rid#2a44060/subreq] [perdir /var/www/vhosts/test/] strip per-dir prefix: /var/www/vhosts/test/index.php - index.php [...] 10.0.2.2 - - [localhost.dev/sid#2532c00][rid#2a44060/subreq] [perdir /var/www/vhosts/test/] applying pattern '^ to uri 'index.php' [...] 10.0.2.2 - - [localhost.dev/sid#2532c00][rid#2a44060/subreq] [perdir /var/www/vhosts/test/] pass through /var/www/vhosts/test/index.php [...] 10.0.2.2 - - [localhost.dev/sid#2532c00][rid#2a44060/subreq] [perdir /var/www/vhosts/test/] strip per-dir prefix: /var/www/vhosts/test/index.html - index.html [...] 10.0.2.2 - - [localhost.dev/sid#2532c00][rid#2a44060/subreq] [perdir /var/www/vhosts/test/] applying pattern '^test to uri 'index.html' [...] 10.0.2.2 - - [localhost.dev/sid#2532c00][rid#2a44060/subreq] [perdir /var/www/vhosts/test/] strip per-dir prefix: /var/www/vhosts/test/index.html - index.html [...] 10.0.2.2 - - [localhost.dev/sid#2532c00][rid#2a44060/subreq] [perdir /var/www/vhosts/test/] applying pattern '^ to uri 'index.html' [...] 10.0.2.2 - - [localhost.dev/sid#2532c00][rid#2a44060/subreq] [perdir /var/www/vhosts/test/] pass through /var/www/vhosts/test/index.html Why is mod_rewrite making sub requests for directory index files index.html and index.php, when the second rule matches the request? If I set a FallbackResource directive, then the fallback file is served, instead of the rewritten file. Request for http://localhost.dev/test/test works without any sub request, as expected [...] 10.0.2.2 - - [localhost.dev/sid#2532c00][rid#2a58b20/initial] [perdir /var/www/vhosts/test/] strip per-dir prefix: /var/www/vhosts/test/test - test [...] 10.0.2.2 - - [localhost.dev/sid#2532c00][rid#2a58b20/initial] [perdir /var/www/vhosts/test/] applying pattern '^test to uri 'test' [...] 10.0.2.2 - - [localhost.dev/sid#2532c00][rid#2a58b20/initial] [perdir /var/www/vhosts/test/] rewrite 'test' - 'test.html' [...] 10.0.2.2 - - [localhost.dev/sid#2532c00][rid#2a58b20/initial] [perdir /var/www/vhosts/test/] add per-dir prefix: test.html - /var/www/vhosts/test/test.html [...] 10.0.2.2 - - [localhost.dev/sid#2532c00][rid#2a58b20/initial] [perdir /var/www/vhosts/test/] strip document_root prefix: /var/www/vhosts/test/test.html - /test/test.html [...] 10.0.2.2 - - [localhost.dev/sid#2532c00][rid#2a58b20/initial] [perdir /var/www/vhosts/test/] internal redirect with /test/test.html [INTERNAL REDIRECT] I have tried using L and END flags, independently and together. In 2.2 it is working, even if the FallbackResource directive is set. The problem is only in httpd 2.4. Is this a bug? Joyce Babu
[users@httpd] Re: apache service interruption
My server has 4GB RAM and uses nginx as a reverse proxy to apache. A little while ago my website became inaccessible for about 30 minutes. I checked my munin graphs and it looks like apache processes spiked to about 29 during this time which is many times greater than usual. I have MaxClients at 30 and the error log verifies that MaxClients was not reached. The strange part is system disk latency shows a spike during the interruption which is only very slightly greater than other spikes which did not interrupt service. System CPU, memory, and swap usage don't show anything interesting at all. Does this make sense to anyone? Should I decrease MaxClients? - Grant I've looked over my access_log and I can see there is a particular IP which was making many requests during the interruption. Since munin does not show there was an excessive amount of memory or CPU usage, lowering MaxClients won't help? - Grant - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Re: Mod_rewrite END flag does not work for directory index
When the rule is placed in the VirtualHost context, it works correctly. But when it is placed in the Directory context or in an .htaccess file, the request is mapped to the FallbackResource. http://apaste.info/12Cw
Re: [users@httpd] Re: Mod_rewrite END flag does not work for directory index
On Sat, Jul 27, 2013 at 8:20 AM, Joyce Babu jo...@joycebabu.com wrote: When the rule is placed in the VirtualHost context, it works correctly. But when it is placed in the Directory context or in an .htaccess file, the request is mapped to the FallbackResource. http://apaste.info/12Cw My recollection is that END is designed to prevent looping from rewrites own re-injection method during per-directory rewrites, which differs from how mod_dir and mod_negotiation internally lookup and then replace/redirect the active request. The method used by END does not propagate to those subrequests -- very little does. But maybe it would be possible for mod_rewrite to reach back, but I think it may require a new flag as some subrequests are not replacing the current request. I have a suspicion that maybe the 2.4 difference is related to not having a default type anymore. It is quite a roundabout influence, but you could maybe see if ForceType or SetHandler makes some kind of difference if it's active on that context? -- Eric Covener cove...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Re: Mod_rewrite END flag does not work for directory index
Just occurred to me that just NS flag may be enough too. On Sat, Jul 27, 2013 at 11:49 AM, Eric Covener cove...@gmail.com wrote: On Sat, Jul 27, 2013 at 8:20 AM, Joyce Babu jo...@joycebabu.com wrote: When the rule is placed in the VirtualHost context, it works correctly. But when it is placed in the Directory context or in an .htaccess file, the request is mapped to the FallbackResource. http://apaste.info/12Cw My recollection is that END is designed to prevent looping from rewrites own re-injection method during per-directory rewrites, which differs from how mod_dir and mod_negotiation internally lookup and then replace/redirect the active request. The method used by END does not propagate to those subrequests -- very little does. But maybe it would be possible for mod_rewrite to reach back, but I think it may require a new flag as some subrequests are not replacing the current request. I have a suspicion that maybe the 2.4 difference is related to not having a default type anymore. It is quite a roundabout influence, but you could maybe see if ForceType or SetHandler makes some kind of difference if it's active on that context? -- Eric Covener cove...@gmail.com -- Eric Covener cove...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Logging Base64 decoded info in access_log
On 27.07.2013 10:29, Pete Houston wrote: On Fri, Jul 26, 2013 at 12:39:37PM -0700, Jignesh Badani wrote: Thanks Pete, yes, post processing the log file nightly is the option I was considering. I am doing it currently on a per request basis. But I was hoping to avoid it if I could do it in real time by calling on B64 decode on the cookie. I do not see the advantage in doing it in real time over post-processing. The docs are pretty clear on this too. http://httpd.apache.org/docs/2.4/logs.html#piped says As with conditional logging, piped logs are a very powerful tool, but they should not be used where a simpler solution like off-line post-processing is available. which is good advice. Piped logs is an option I did not consider even though I am currently using it for logs rotation. Can you suggest how I can achieve what you are proposing w/o loosing out on the log rotation functionality. I have the following in my httpd config: --- CustomLog |/opt/apache/bin/rotatelogs /opt/apache/logs/access_log 86400 combined env=!dontlog #where dontlog are a couple of load balancers IP address I want to keep out of the access logs. --- If you go against the advice in the documentation and decide to do it with piped logs just use something like CustomLog |/path/to/filterprog | /opt/apache/bin/rotatelogs /opt/apache/logs/access_log 86400 combined env=!dontlog And remember the docs also say: Piped log processes are spawned by the parent Apache httpd process, and inherit the userid of that process. This means that piped log programs usually run as root. It is therefore very important to keep the programs simple and secure. ... and handle the signals issued during Apache (graceful) restart to all children including such piped filters. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Logging Base64 decoded info in access_log
On 28/07/2013 3:36 AM, Rainer Jung rainer.j...@kippdata.de wrote: On 27.07.2013 10:29, Pete Houston wrote: On Fri, Jul 26, 2013 at 12:39:37PM -0700, Jignesh Badani wrote: Thanks Pete, yes, post processing the log file nightly is the option I was considering. I am doing it currently on a per request basis. But I was hoping to avoid it if I could do it in real time by calling on B64 decode on the cookie. I do not see the advantage in doing it in real time over post-processing. The docs are pretty clear on this too. http://httpd.apache.org/docs/2.4/logs.html#piped says As with conditional logging, piped logs are a very powerful tool, but they should not be used where a simpler solution like off-line post-processing is available. which is good advice. Piped logs is an option I did not consider even though I am currently using it for logs rotation. Can you suggest how I can achieve what you are proposing w/o loosing out on the log rotation functionality. I have the following in my httpd config: --- CustomLog |/opt/apache/bin/rotatelogs /opt/apache/logs/access_log 86400 combined env=!dontlog #where dontlog are a couple of load balancers IP address I want to keep out of the access logs. --- If you go against the advice in the documentation and decide to do it with piped logs just use something like CustomLog |/path/to/filterprog | /opt/apache/bin/rotatelogs /opt/apache/logs/access_log 86400 combined env=!dontlog And remember the docs also say: Piped log processes are spawned by the parent Apache httpd process, and inherit the userid of that process. This means that piped log programs usually run as root. It is therefore very important to keep the programs simple and secure. ... and handle the signals issued during Apache (graceful) restart to all children including such piped filters. Regards, Rainer Or you can use CustomLog ||/path/to/filterprog ... so apache doesnt spawn new shell - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Re: apache service interruption
Was it just an IP exhausting the apache service with too many connections? What do you see in the access logs? I use OSSEC HIDS on my apache servers to mitigate this. -- Sent from my mobile device Michael D. Wood www.itsecuritypros.org Grant emailgr...@gmail.com wrote: My server has 4GB RAM and uses nginx as a reverse proxy to apache. A little while ago my website became inaccessible for about 30 minutes. I checked my munin graphs and it looks like apache processes spiked to about 29 during this time which is many times greater than usual. I have MaxClients at 30 and the error log verifies that MaxClients was not reached. The strange part is system disk latency shows a spike during the interruption which is only very slightly greater than other spikes which did not interrupt service. System CPU, memory, and swap usage don't show anything interesting at all. Does this make sense to anyone? Should I decrease MaxClients? - Grant I've looked over my access_log and I can see there is a particular IP which was making many requests during the interruption. Since munin does not show there was an excessive amount of memory or CPU usage, lowering MaxClients won't help? - Grant - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org