Re: [users@httpd] Question on building mod_qos for Centos 6
Thanks Rainr. I build the modules in the end with apxs -i -c mod_qos.c -lcrypto -lpcre because configure asked for items I could not find in my repositories. It build this in /etc/httpd/modules/mod_qos -rw-r--r-- 1 root root 744576 Aug 18 11:37 mod_qos.o -rw-r--r-- 1 root root276 Aug 18 11:37 mod_qos.lo -rw-r--r-- 1 root root 0 Aug 18 11:37 mod_qos.slo -rw-r--r-- 1 root root936 Aug 18 11:37 mod_qos.la And put a compiled .so in : # ls -l /usr/lib64/httpd/modules/mod_qos.so -rwxr-xr-x 1 root root 518232 Aug 18 11:37 /usr/lib64/httpd/modules/mod_qos.so :) Added to httpd.conf LoadModule qos_module /usr/lib64/httpd/modules/mod_qos.so Unsure for the conf file. I've created a file called mod_qos.conf in /etc/httpd/conf.d/ and added: ## QoS Settings IfModule mod_qos.c QS_LogOnly on # put mod_qos into a permissive mode. No actions are applied. # handles connections from up to 10 different IPs QS_ClientEntries 10 /IfModule Does the last configuration step look correct? Thanks. Kind regards, Sophie -- Sophie Loewenthal System Engineer ITOPS / Trimble Transport Logistics GSM:+32.471.900703 On 8/18/2015 11:36 AM, Rainer Jung wrote: Am 18.08.2015 um 09:59 schrieb Sophie Loewenthal: Hi, I've been trying to build the module mod_qos on for Centos 6 and wondered if somebody had some experience with this. The documentation referred to a file buildconf but I did not find this in the tarball mod_qos-11.16.tar.gz. Does anybody know where I could find the *buildconf* file? Install guide read: tar xfz httpd-2.2.27.tar.gz tar xfz mod_qos-11.16-src.tar.gz ln -s httpd-2.2.27 httpd cd httpd mkdir modules/qos cp ../mod_qos-11.16/apache2/* modules/qos ./*buildconf* ./configure --with-mpm=worker --enable-so --enable-qos=shared --enable-ssl --enable-unique-id make cd .. This creates a DSO module that can be loaded into the Apache server using the following directive: LoadModule qos_module path to module/mod_qos.so Typically a script named buildconf or similar is only needed for the people doing a release. It uses thr auto-tools (autoconf etc.) to generate the configure script. If you have a real release tarball, configure should be already included and you don't need to run buildconf. Just start with the next step, running configure. Regards, Rainr - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] mod_auth_kerb failing when invalid credentials given
Hi, I have two Apache 2.2.15 servers running on Redhat 6.7, both of which are using the mod_auth_kerb module to authenticate users. As far as I can see the apache and module config is identical, but I'm seeing different behaviour when a user enters an invalid username. One will just reprompt for the credentials, the other gives a 403 Forbidden error. This doesn't happen when the user enters an invalid password with a valid user, in this instance the user gets reprompted for the password. My auth_kerb.conf file is identical apart from the keytab filename on both: LoadModule auth_kerb_module modules/mod_auth_kerb.so Location /idp/Authn/RemoteUser SSLRequireSSL AuthType Kerberos AuthName Shib Kerberos Login KrbMethodNegotiate On KrbMethodK5Passwd On KrbAuthRealms DOMAIN.AC.UK Krb5KeyTab /etc/shibdevkerb.keytab KrbSaveCredentials On KrbServiceName HTTP/server.dev.publicdomain.ac...@domain.ac.uk require valid-user /Location I can successfully perform a kinit on both, so Kerberos is working ok as far as I can tell. However I'm not sure why the invalid user would be rejected on one and not the other. The error log on the failing server shows: [Tue Aug 18 11:29:58 2015] [error] [client 192.168.219.233] gss_accept_sec_context() failed: No credentials were supplied, or the credentials were unavailable or inaccessible (, Unknown error), referer: https://server.publicdomain.ac.uk/CookieAuth.dll?GetLogon?curl=Z2FidpZ2FAuthnZ2FRemoteUserreason=0formdir=2 For reference, this server is part of a Shibboleth IdP setup, published to the internet using MS Forefront TMG. Once authentication has happened, the Apache server passes onto a Tomcat server for the Shibboleth functions to run using the RemoteUser handler. Can somebody please point out just where I might be able to find the thing that is different between these servers in order to resolve this? Cheers, Andi [Cardiff Metropolitan University - 150 years of nurturing talent]http://www.cardiffmet.ac.uk/cardiffmet150
[users@httpd] Question on building mod_qos for Centos 6
Hi, I've been trying to build the module mod_qos on for Centos 6 and wondered if somebody had some experience with this. The documentation referred to a file buildconf but I did not find this in the tarball mod_qos-11.16.tar.gz. Does anybody know where I could find the *buildconf* file? Install guide read: tar xfz httpd-2.2.27.tar.gz tar xfz mod_qos-11.16-src.tar.gz ln -s httpd-2.2.27 httpd cd httpd mkdir modules/qos cp ../mod_qos-11.16/apache2/* modules/qos ./*buildconf* ./configure --with-mpm=worker --enable-so --enable-qos=shared --enable-ssl --enable-unique-id make cd .. This creates a DSO module that can be loaded into the Apache server using the following directive: LoadModule qos_module path to module/mod_qos.so Kind regards, Sophie
Re: [users@httpd] Question on building mod_qos for Centos 6
Am 18.08.2015 um 09:59 schrieb Sophie Loewenthal: Hi, I've been trying to build the module mod_qos on for Centos 6 and wondered if somebody had some experience with this. The documentation referred to a file buildconf but I did not find this in the tarball mod_qos-11.16.tar.gz. Does anybody know where I could find the *buildconf* file? Install guide read: tar xfz httpd-2.2.27.tar.gz tar xfz mod_qos-11.16-src.tar.gz ln -s httpd-2.2.27 httpd cd httpd mkdir modules/qos cp ../mod_qos-11.16/apache2/* modules/qos ./*buildconf* ./configure --with-mpm=worker --enable-so --enable-qos=shared --enable-ssl --enable-unique-id make cd .. This creates a DSO module that can be loaded into the Apache server using the following directive: LoadModule qos_module path to module/mod_qos.so Typically a script named buildconf or similar is only needed for the people doing a release. It uses thr auto-tools (autoconf etc.) to generate the configure script. If you have a real release tarball, configure should be already included and you don't need to run buildconf. Just start with the next step, running configure. Regards, Rainr - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Proxy and mod_deflate (httpd 2.4.x)
On Tue, 2015-08-18 at 15:31 +, Macks, Aaron wrote: [chop] What you have looks fine to me. Though you might have some stray directive in global scope that affects you. What happens if you crank up LogLevel and wade through the messages? mod_deflate will generate a lot of debug, and might tell you all. -- Nick Kew - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Question on building mod_qos for Centos 6
Am 18.08.2015 um 12:09 schrieb Sophie Loewenthal: Thanks Rainr. I build the modules in the end with apxs -i -c mod_qos.c -lcrypto -lpcre because configure asked for items I could not find in my repositories. It build this in /etc/httpd/modules/mod_qos -rw-r--r-- 1 root root 744576 Aug 18 11:37 mod_qos.o -rw-r--r-- 1 root root276 Aug 18 11:37 mod_qos.lo -rw-r--r-- 1 root root 0 Aug 18 11:37 mod_qos.slo -rw-r--r-- 1 root root936 Aug 18 11:37 mod_qos.la And put a compiled .so in : # ls -l /usr/lib64/httpd/modules/mod_qos.so -rwxr-xr-x 1 root root 518232 Aug 18 11:37 /usr/lib64/httpd/modules/mod_qos.so :) OK, if it loads that's fine. Added to httpd.conf LoadModule qos_module /usr/lib64/httpd/modules/mod_qos.so Unsure for the conf file. I've created a file called mod_qos.conf in /etc/httpd/conf.d/ and added: ## QoS Settings IfModule mod_qos.c QS_LogOnly on# put mod_qos into a permissive mode. No actions are applied. # handles connections from up to 10 different IPs QS_ClientEntries 10 /IfModule Does the last configuration step look correct? mod_qos is quite complex and allows a lot of configuration depending on your use cases. You should probably switch over to the support channels provided by the people who created mod_qos. It is a 3rd party module, not one coming from the Apache Software Foundation. This list here is for questions concerning the Apache web server itself, not 3rd party modules. The best configuration description for mod_qos is probably http://opensource.adnovum.ch/mod_qos/ Support situation is a bit vague, but their sourceforge site http://sourceforge.net/p/mod-qos/wiki/Home/ lists the project members and there is an issue tracker http://sourceforge.net/p/mod-qos/bugs/?source=navbar and a discusion forum http://sourceforge.net/p/mod-qos/discussion/?source=navbar Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] apache - mod_security Issue
Hi, We have two application on different tomcats and both the applications interacts through apache. Apache is configured with mod_security rules. In this setup I have faced two scenario: Scenario 1: --- First application is requesting second for any resource (e.g. any document). In this case apache is taking more time in sending request to the second application's tomcat. As we have noticed sometimes it is taking around 30 sec to send request to the second application's tomcat. Due to this, response time is exceeding the the Read time out time set for the request. And On removing mod_security form apache we haven't faced this type of issue. Scenario 2: --- When scenario 1 occurs we have multiple requests that is waiting long for it's response. On checking apache's server-status we found most of the worker threads in W Sending Reply state. And keep on increasing worker threads in W state. This leads to a situation where the no. of request exceeds the number of worker threads in the server process since multiple threads are in their waiting state. Please find attachment-screenshot of apache server-status where all apache's working thread in W Sending Reply state. And the strange thing is that even after stopping both application's tomcats their still exists threads in W Sending Reply state in apache's server-status. It releases only after restarting apache. We are facing this issue after updating from 2.4.10 to apache 2.4.12 or 2.4.16. Haven't faced this scenario upto apache 2.4.10. And On removing mod_security form apache we haven't faced this type of scenario as well. For now, we have given solution by just removing mod_security when both application interact with each other. But this does'nt seems a feasible solution as its working fine in apache 2.4.10. Please suggest for this odd behave of apache 2.4.12 or 2.4.16 with mod_security or reason for this. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Question on building mod_qos for Centos 6
HI Rainr, Thanks for your notes. I'll join their mailing. Thanks again! Sophie. On 8/18/2015 3:58 PM, Rainer Jung wrote: Am 18.08.2015 um 12:09 schrieb Sophie Loewenthal: Thanks Rainr. I build the modules in the end with apxs -i -c mod_qos.c -lcrypto -lpcre because configure asked for items I could not find in my repositories. It build this in /etc/httpd/modules/mod_qos -rw-r--r-- 1 root root 744576 Aug 18 11:37 mod_qos.o -rw-r--r-- 1 root root276 Aug 18 11:37 mod_qos.lo -rw-r--r-- 1 root root 0 Aug 18 11:37 mod_qos.slo -rw-r--r-- 1 root root936 Aug 18 11:37 mod_qos.la And put a compiled .so in : # ls -l /usr/lib64/httpd/modules/mod_qos.so -rwxr-xr-x 1 root root 518232 Aug 18 11:37 /usr/lib64/httpd/modules/mod_qos.so :) OK, if it loads that's fine. Added to httpd.conf LoadModule qos_module /usr/lib64/httpd/modules/mod_qos.so Unsure for the conf file. I've created a file called mod_qos.conf in /etc/httpd/conf.d/ and added: ## QoS Settings IfModule mod_qos.c QS_LogOnly on# put mod_qos into a permissive mode. No actions are applied. # handles connections from up to 10 different IPs QS_ClientEntries 10 /IfModule Does the last configuration step look correct? mod_qos is quite complex and allows a lot of configuration depending on your use cases. You should probably switch over to the support channels provided by the people who created mod_qos. It is a 3rd party module, not one coming from the Apache Software Foundation. This list here is for questions concerning the Apache web server itself, not 3rd party modules. The best configuration description for mod_qos is probably http://opensource.adnovum.ch/mod_qos/ Support situation is a bit vague, but their sourceforge site http://sourceforge.net/p/mod-qos/wiki/Home/ lists the project members and there is an issue tracker http://sourceforge.net/p/mod-qos/bugs/?source=navbar and a discusion forum http://sourceforge.net/p/mod-qos/discussion/?source=navbar Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Proxy and mod_deflate (httpd 2.4.x)
I’ve seen a LOT of posts on the poric of “hot to get mod_deflate to compress proxied content, but none of the numerous suggestions seems to help. My config is pretty simple, we want to compress everything in /resources, which all lives in an S3 bucket. In the config above this are some local standard config lines, with the include mod_deflate, etc. Location /resources Header set Cache-Control max-age=86400, public SetOutputFilter DEFLATE Header set apache-location /resources ProxyPass http://BUCKET.s3.amazonaws.com/resources ProxyPassReverse http://BUCKET.s3.amazonaws.com/resources /Location However it doesn’t seem to be having the desired effect. When I request a local file, all is well [aaronm@Shamash common]$ curl http:/test.url/style.css -H Accept-Encoding: gzip,deflate -I HTTP/1.1 200 OK Accept-Ranges: bytes Content-Encoding: gzip Content-Length: 33652 Content-Type: text/css Date: Tue, 18 Aug 2015 15:22:28 GMT ETag: 35195-51d977611af6e-gzip Last-Modified: Tue, 18 Aug 2015 15:20:41 GMT Server: Apache/2.4.12 (Amazon) Vary: Accept-Encoding Connection: keep-alive but when I pull a similar-content file through the proxy, it remains uncompressed [aaronm@Shamash common]$ curl http://test.url/resources/css/style.css -H Accept-Encoding: gzip,deflate -I HTTP/1.1 200 OK Accept-Ranges: bytes apache-location: /resources Cache-Control: max-age=86400, public Content-Encoding: UTF-8 Content-Length: 217493 Content-Type: text/css Date: Tue, 18 Aug 2015 15:22:42 GMT ETag: 926885eeaa851790caa9502782770c29 Last-Modified: Thu, 13 Aug 2015 18:52:19 GMT Server: AmazonS3 x-amz-id-2: kyrC8PCgQqI5Iktj5pyyKIDD6UqWTKwoWTJfAq/rHO7wq0oI81XcFahP4IMpjQRQG0ALEPPf3PU= x-amz-request-id: D2E9F2455D54BDF0 Connection: keep-alive Is there a new reccomended fix for the 2.4 line? thanks Aaron -- Aaron Macks Systems Architect Harvard Business Publishing 300 North Beacon St.| Watertown, MA 02472 (617) 783-7461| Fax: (617) 783-7467 www.harvardbusiness.orghttp://www.harvardbusiness.org | Cell:(978) 317-3614