[users@httpd] Re: ModSecurity and custom headers
Is there a different list I should be asking this on? On Mon, Feb 27, 2017 at 8:49 AM, Andrei wrote: > Hi all, > > How can I add a custom header using the 'msg' value from a ModSecurity > rule, for all rules triggered? I'm basically trying to track the ModSec > block reason at an edge point (Varnish) based on Apache's response. > > For example, I would like: > > SecRule REQUEST_URI "/modsectest" > "log,deny,status:406,phase:1,t:none,id:9084310,msg:'ModSec > Log Test'" > > To add a 'X-ModSec-Block' response header with the value 'ModSec Log Test' > in this case. I understand this might be better suited with setenv + > mod_headers due to blocks being done at different phases, and found > http://serverfault.com/questions/796088/modsecurity- > creating-a-new-request-header-from-secrule which seems similar to this > scenario, just that it's not quite working out for me. Any help is greatly > appreciated! > > Andrei >
Re: [users@httpd] Forward Proxy on behalf of the client instead of as a tunnel
> I spent some time looking at the P option for mod_rewrite but I got the > impression that it would only work in the case of the reverse proxy > situation. I was not able to get it to work but I wanted to make sure you > thought there was potential for that to help with my forward proxy issue > before I spent a lot more time on it. I think it's a matter of definitions: I'd call it forward proxy already if client decides what services to connect to, and proxy server is specified on it as, well, proxy. In any case, it does not matter much how you call it. In your case you'll need rather simple rewrite rule that changes URLs of all requests from http to https, with P option, and that's all. It is hard to say more without doing experiments. -- With Best Regards, Marat Khalili
Re: [users@httpd] Forward Proxy on behalf of the client instead of as a tunnel
Marat, Thank you again for your response. You are correct, I cannot enumerate all of the targets because we do not know about any of them and they could potentially be any IP or URI reachable by the system. I spent some time looking at the P option for mod_rewrite but I got the impression that it would only work in the case of the reverse proxy situation. I was not able to get it to work but I wanted to make sure you thought there was potential for that to help with my forward proxy issue before I spent a lot more time on it. -Dan On Tue, Feb 28, 2017 at 11:05 AM, Marat Khalili wrote: > Solution using reverse proxy does not require any control over proxied > services, but you'll need to enumerate them all in your proxy > configuration. Proxy will discriminate requests by hostname and port and > forward them to specified services. This will give you additional control > and security at the cost of management overhead. > > If you cannot or wish not enumerate all your target services, looks like > you can use "P" option of mod_rewrite: https://httpd.apache.org/docs/ > 2.4/rewrite/flags.html#flag_p . I do not have much experience with it, > but it might work. > -- > > With Best Regards, > Marat Khalili > > On February 28, 2017 6:39:38 PM GMT+03:00, Daniel Frank < > danthehit...@gmail.com> wrote: >> >> I see how my original question made it sound like a single service. I >> was trying to keep the scenario as simple as possible and probably over >> simplified it. The reality is that the endpoint we will be connecting to >> will be many appliances at many different IPs. >> >> Regarding using a reverse proxy, even if it were one service I dont see >> how the reverse proxy would work since we dont control that service or >> where it is running. Maybe I am misunderstanding how the reverse proxy >> works as well. >> >> Thanks for the response. Regarding the original question, is what I am >> asking possible? >> >> -Dan >> >> On Tue, Feb 28, 2017 at 12:19 AM, Marat Khalili wrote: >> >>> Why are you calling it _forward_ proxy if it's only going to connect to >>> one service? Your problem can easily be solved with _reverse_ proxy. >>> >>> -- >>> >>> With Best Regards, >>> Marat Khalili >>> >>> On 28/02/17 02:16, Daniel Frank wrote: >>> >>> All, >>> >>> I am trying to set Apache up as a forward proxy to help solve an issue >>> that we have where an HTTP Client in our application does not support TLS >>> 1.2 but an API that we need to consume only supports TLS 1.2. What I am >>> attempting to do is use Apache to talk HTTPS/TLS 1.2 to the target API but >>> allow my internal client to talk to the proxy over HTTP. >>> >>> I had it in my head that this was what a forward proxy was going to give >>> me so after having set up a forward proxy and configuring my application to >>> use it I was surprised to see that I was getting exactly the same behavior >>> that I was getting when I had no proxy configured (failure of my internal >>> client to speak TLS 1.2). >>> >>> So my question is; can Apache be configured as a FORWARD proxy to speak >>> HTTP with the caller but HTTPS to the callee? >>> >>> I have spent a lot of time searching and I did check the mailing list >>> archives but it's entirely possible that I just dont even know what to >>> search for to get a good answer so if this is a dumb question I sincerely >>> apologize for wasting the groups time. >>> >>> Thanks in advance for any help. >>> >>> -Dan >>> >>> >>> >>
[users@httpd] RE : [users@httpd] RE : [users@httpd] RE : [users@httpd]
Hello Eric, Inever had a startup problem before. At first i try with mod_jk just like it was install and configure on apache 2.2 + tomcat 7 environment and i got those type of error on the new environment so someone suggest me to try with proxy_mod_ajp. What i did but when i'm verifying the module load by apache i don't see the proxy_mod_ajp module load. So my question is how can i make it wotrk with proxy_mod_ajp or if it's simple to try to solve my issue with mod_jk ? regards, Stephane De : Eric Covener [cove...@gmail.com] Envoyé : 28 février 2017 13:48 À : users@httpd.apache.org Objet : Re: [users@httpd] RE : [users@httpd] RE : [users@httpd] On Tue, Feb 28, 2017 at 1:13 PM, Stéphane Laurencelle wrote: > after that in my httpd-vhosts.conf file that is use for my different vhost > define on this server i add those line for testing ajp call : So you no longer have a startup error about loaded modules. How do you know you're hitting the right vhost? -- Eric Covener cove...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] RE : [users@httpd] RE : [users@httpd]
On Tue, Feb 28, 2017 at 1:13 PM, Stéphane Laurencelle wrote: > after that in my httpd-vhosts.conf file that is use for my different vhost > define on this server i add those line for testing ajp call : So you no longer have a startup error about loaded modules. How do you know you're hitting the right vhost? -- Eric Covener cove...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] RE : [users@httpd] RE : [users@httpd]
Hello Éric here is what i see when i use mod_jk module instead of the proxy_mod_ajp module [Tue Feb 28 13:34:09.137 2017] [23245:140478953539328] [debug] ajp_process_callback::jk_ajp_common.c (2135): (ajp13instance9) AJP13 protocol: Reuse is OK [Tue Feb 28 13:34:09.137 2017] [23245:140478953539328] [debug] ajp_reset_endpoint::jk_ajp_common.c (851): (ajp13instance9) resetting endpoint with socket 15 [Tue Feb 28 13:34:09.137 2017] [23245:140478953539328] [debug] ajp_done::jk_ajp_common.c (3287): recycling connection pool for worker ajp13instance9 and socket 15 [Tue Feb 28 13:34:09.137 2017] [23245:140478953539328] [debug] jk_handler::mod_jk.c (2979): Service finished with status=404 for worker=ajp13instance9 Stéphane De : Stéphane Laurencelle [stephane.laurence...@momentum-tech.ca] Envoyé : 28 février 2017 13:13 À : users@httpd.apache.org Objet : [users@httpd] RE : [users@httpd] RE : [users@httpd] What i have done is in the http.conf file uncomment both lines LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_ajp_module modules/mod_proxy_ajp.so after that in my httpd-vhosts.conf file that is use for my different vhost define on this server i add those line for testing ajp call : ProxyPreserveHost On ProxyPass ajp://servername:ajpport/exemples ProxyPassReverse ajp://servername:ajpport/exemples Require all granted ProxyPreserveHost On ProxyPass ajp://servername:ajpport/exemples/ ProxyPassReverse ajp://servername:ajpport/exemples/ Require all granted and when i try to access this page i got a 404 error Stephane De : Eric Covener [cove...@gmail.com] Envoyé : 28 février 2017 12:20 À : users@httpd.apache.org Objet : Re: [users@httpd] RE : [users@httpd] On Tue, Feb 28, 2017 at 11:23 AM, Stéphane Laurencelle wrote: > when i look at apachectl -M, i don't see the ajp module load but i see the > proxy_mod module > and when i try i get an error 404 in the apache log. > > i don't know where to look to debug the module not loading in apache. If you uncommented a LoadModule for the AJP module, it wasn't in a conf file being read by Apache. -- Eric Covener cove...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] RE : [users@httpd] RE : [users@httpd]
What i have done is in the http.conf file uncomment both lines LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_ajp_module modules/mod_proxy_ajp.so after that in my httpd-vhosts.conf file that is use for my different vhost define on this server i add those line for testing ajp call : ProxyPreserveHost On ProxyPass ajp://servername:ajpport/exemples ProxyPassReverse ajp://servername:ajpport/exemples Require all granted ProxyPreserveHost On ProxyPass ajp://servername:ajpport/exemples/ ProxyPassReverse ajp://servername:ajpport/exemples/ Require all granted and when i try to access this page i got a 404 error Stephane De : Eric Covener [cove...@gmail.com] Envoyé : 28 février 2017 12:20 À : users@httpd.apache.org Objet : Re: [users@httpd] RE : [users@httpd] On Tue, Feb 28, 2017 at 11:23 AM, Stéphane Laurencelle wrote: > when i look at apachectl -M, i don't see the ajp module load but i see the > proxy_mod module > and when i try i get an error 404 in the apache log. > > i don't know where to look to debug the module not loading in apache. If you uncommented a LoadModule for the AJP module, it wasn't in a conf file being read by Apache. -- Eric Covener cove...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Forward Proxy on behalf of the client instead of as a tunnel
Solution using reverse proxy does not require any control over proxied services, but you'll need to enumerate them all in your proxy configuration. Proxy will discriminate requests by hostname and port and forward them to specified services. This will give you additional control and security at the cost of management overhead. If you cannot or wish not enumerate all your target services, looks like you can use "P" option of mod_rewrite: https://httpd.apache.org/docs/2.4/rewrite/flags.html#flag_p . I do not have much experience with it, but it might work. -- With Best Regards, Marat Khalili On February 28, 2017 6:39:38 PM GMT+03:00, Daniel Frank wrote: >I see how my original question made it sound like a single service. I >was >trying to keep the scenario as simple as possible and probably over >simplified it. The reality is that the endpoint we will be connecting >to >will be many appliances at many different IPs. > >Regarding using a reverse proxy, even if it were one service I dont see >how >the reverse proxy would work since we dont control that service or >where it >is running. Maybe I am misunderstanding how the reverse proxy works as >well. > >Thanks for the response. Regarding the original question, is what I am >asking possible? > >-Dan > >On Tue, Feb 28, 2017 at 12:19 AM, Marat Khalili wrote: > >> Why are you calling it _forward_ proxy if it's only going to connect >to >> one service? Your problem can easily be solved with _reverse_ proxy. >> >> -- >> >> With Best Regards, >> Marat Khalili >> >> On 28/02/17 02:16, Daniel Frank wrote: >> >> All, >> >> I am trying to set Apache up as a forward proxy to help solve an >issue >> that we have where an HTTP Client in our application does not support >TLS >> 1.2 but an API that we need to consume only supports TLS 1.2. What I >am >> attempting to do is use Apache to talk HTTPS/TLS 1.2 to the target >API but >> allow my internal client to talk to the proxy over HTTP. >> >> I had it in my head that this was what a forward proxy was going to >give >> me so after having set up a forward proxy and configuring my >application to >> use it I was surprised to see that I was getting exactly the same >behavior >> that I was getting when I had no proxy configured (failure of my >internal >> client to speak TLS 1.2). >> >> So my question is; can Apache be configured as a FORWARD proxy to >speak >> HTTP with the caller but HTTPS to the callee? >> >> I have spent a lot of time searching and I did check the mailing list >> archives but it's entirely possible that I just dont even know what >to >> search for to get a good answer so if this is a dumb question I >sincerely >> apologize for wasting the groups time. >> >> Thanks in advance for any help. >> >> -Dan >> >> >>
Re: [users@httpd] RE : [users@httpd]
On Tue, Feb 28, 2017 at 11:23 AM, Stéphane Laurencelle wrote: > when i look at apachectl -M, i don't see the ajp module load but i see the > proxy_mod module > and when i try i get an error 404 in the apache log. > > i don't know where to look to debug the module not loading in apache. If you uncommented a LoadModule for the AJP module, it wasn't in a conf file being read by Apache. -- Eric Covener cove...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] RE : [users@httpd]
Hello Eric, when i look at apachectl -M, i don't see the ajp module load but i see the proxy_mod module and when i try i get an error 404 in the apache log. i don't know where to look to debug the module not loading in apache. Stephane De : Eric Covener [cove...@gmail.com] Envoyé : 28 février 2017 10:54 À : users@httpd.apache.org Objet : Re: [users@httpd] On Tue, Feb 28, 2017 at 10:45 AM, Stéphane Laurencelle wrote: > even if i uncomment the line in httpd.conf file for enabling the module it > don't seem to load What do you observe exactly? -- Eric Covener cove...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd]
On Tue, Feb 28, 2017 at 10:45 AM, Stéphane Laurencelle wrote: > even if i uncomment the line in httpd.conf file for enabling the module it > don't seem to load What do you observe exactly? -- Eric Covener cove...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd]
Hi' i'm trying to use mod_proxy_ajp module with apache 2.4.25 and tomcat 8.5.11 on oel 6.8 even if i uncomment the line in httpd.conf file for enabling the module it don't seem to load, i read that i need to also activate mod_proxy module and that is done. do you know if a bug exist that would made it unable to load. Regards, Stephane
Re: [users@httpd] Forward Proxy on behalf of the client instead of as a tunnel
I see how my original question made it sound like a single service. I was trying to keep the scenario as simple as possible and probably over simplified it. The reality is that the endpoint we will be connecting to will be many appliances at many different IPs. Regarding using a reverse proxy, even if it were one service I dont see how the reverse proxy would work since we dont control that service or where it is running. Maybe I am misunderstanding how the reverse proxy works as well. Thanks for the response. Regarding the original question, is what I am asking possible? -Dan On Tue, Feb 28, 2017 at 12:19 AM, Marat Khalili wrote: > Why are you calling it _forward_ proxy if it's only going to connect to > one service? Your problem can easily be solved with _reverse_ proxy. > > -- > > With Best Regards, > Marat Khalili > > On 28/02/17 02:16, Daniel Frank wrote: > > All, > > I am trying to set Apache up as a forward proxy to help solve an issue > that we have where an HTTP Client in our application does not support TLS > 1.2 but an API that we need to consume only supports TLS 1.2. What I am > attempting to do is use Apache to talk HTTPS/TLS 1.2 to the target API but > allow my internal client to talk to the proxy over HTTP. > > I had it in my head that this was what a forward proxy was going to give > me so after having set up a forward proxy and configuring my application to > use it I was surprised to see that I was getting exactly the same behavior > that I was getting when I had no proxy configured (failure of my internal > client to speak TLS 1.2). > > So my question is; can Apache be configured as a FORWARD proxy to speak > HTTP with the caller but HTTPS to the callee? > > I have spent a lot of time searching and I did check the mailing list > archives but it's entirely possible that I just dont even know what to > search for to get a good answer so if this is a dumb question I sincerely > apologize for wasting the groups time. > > Thanks in advance for any help. > > -Dan > > >
Re: [users@httpd] Forward Proxy on behalf of the client instead of as a tunnel
I see how my original question made it sound like a single service. I was trying to keep the scenario as simple as possible and probably over simplified it. The reality is that the endpoint we will be connecting to will be many appliances at many different IPs. Regarding using a reverse proxy, even if it were one service I dont see how the reverse proxy would work since we dont control that service or where it is running. Maybe I am misunderstanding how the reverse proxy works as well. Thanks for the response. Regarding the original question, is what I am asking possible? -Dan On Tue, Feb 28, 2017 at 8:09 AM, Daniel Frank wrote: > I see how my original question made it sound like a single service. I was > trying to keep the scenario as simple as possible and probably over > simplified it. The reality is that the endpoint we will be connecting to > will be many appliances at many different IPs. > > Regarding using a reverse proxy, even if it were one service I dont see > how the reverse proxy would work since we dont control that service or > where it is running. Maybe I am misunderstanding how the reverse proxy > works as well. > > Thanks for the response. Regarding the original question, is what I am > asking possible? > > -Dan > > On Tue, Feb 28, 2017 at 12:19 AM, Marat Khalili wrote: > >> Why are you calling it _forward_ proxy if it's only going to connect to >> one service? Your problem can easily be solved with _reverse_ proxy. >> >> -- >> >> With Best Regards, >> Marat Khalili >> >> On 28/02/17 02:16, Daniel Frank wrote: >> >> All, >> >> I am trying to set Apache up as a forward proxy to help solve an issue >> that we have where an HTTP Client in our application does not support TLS >> 1.2 but an API that we need to consume only supports TLS 1.2. What I am >> attempting to do is use Apache to talk HTTPS/TLS 1.2 to the target API but >> allow my internal client to talk to the proxy over HTTP. >> >> I had it in my head that this was what a forward proxy was going to give >> me so after having set up a forward proxy and configuring my application to >> use it I was surprised to see that I was getting exactly the same behavior >> that I was getting when I had no proxy configured (failure of my internal >> client to speak TLS 1.2). >> >> So my question is; can Apache be configured as a FORWARD proxy to speak >> HTTP with the caller but HTTPS to the callee? >> >> I have spent a lot of time searching and I did check the mailing list >> archives but it's entirely possible that I just dont even know what to >> search for to get a good answer so if this is a dumb question I sincerely >> apologize for wasting the groups time. >> >> Thanks in advance for any help. >> >> -Dan >> >> >> >
Re: [users@httpd] download stops at 1kB
Hi Luca, I'm somewhat unsure which configuration is used by apache, because it's all configured via plesk-parallels panel (ugh). So I put my configuration files and access/error_log online under eckner.net/apache2.conf (/etc/apache2/apache2.conf) eckner.net/httpd.conf (/var/www/vhosts/system/eckner.net/conf/httpd.conf) eckner.net/access_log (for crux.eckner.net) eckner.net/error_log (for crux.eckner.net) I can't believe this is all the logs apache produces in "LogLevel debug" for this vhost, but I can't find any more, either. If you need any other infos, just let me know, which. regards, Erich On 28.02.2017 11:08, Luca Toscano wrote: > Hi Eric, > > 2017-02-27 20:21 GMT+01:00 Erich Eckner : > >> Hi, >> >> I have a strange problem: >> I'm running an apache server (Apache/2.2.22 under Debian) with several >> vhosts, one of which is hosted at crux.eckner.net, on a vps. >> The index document "http://crux.eckner.net/index.html"; stops >> transferring after 1kB (exactly 1024 Bytes are shown if I do 'curl >> http://crux.eckner.net/index.html', firefox also hangs at the respective >> position). index.html is a local file and I deactivated all >> dynamic-content-stuff (e.g. php). If I wait long enough, I get a timeout: >> the client says: "curl: (56) Recv failure: Connection reset by peer", >> the server logs nothing. >> >> The strange part is, that each of the following work fine: >> - Downloading via https, e.g. https://crux.eckner.net/index.html >> - Downloading the same file with same size, but replaced content, works >> fine - e.g. 'head -c 14052 /dev/urandom | base64 -w0 > index.html', then >> 'curl http://crux.eckner.net/index.html' >> >> I'm somewhat out of Ideas where to look next :-( >> Any hints are apreciated. >> >> > If you could share your httpd config and apache error log somewhere (like > http://apaste.info) it would be really useful to help (even better if you > could increase your log level with > https://httpd.apache.org/docs/2.2/mod/core.html#loglevel). > > > Luca > - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] mod_lua and subprocess_env
On Tue, Feb 28, 2017 at 2:02 PM, Eric Covener wrote: > On Mon, Feb 27, 2017 at 4:58 AM, Andrei Ivanov > wrote: > > But I think mod_headers has some different way of interpreting > expressions, > > because this doesn't work: > > The grammar has different starting points for expressions that resolve > to boolean values vs. strings. I think that's what's biting some of > your experiments. > That's probably true and seems very unfortunate, every module interprets expressions differently :-( That's why I hope Yann can provide more patches to get this working :-)
Re: [users@httpd] mod_lua and subprocess_env
On Mon, Feb 27, 2017 at 4:58 AM, Andrei Ivanov wrote: > But I think mod_headers has some different way of interpreting expressions, > because this doesn't work: The grammar has different starting points for expressions that resolve to boolean values vs. strings. I think that's what's biting some of your experiments. -- Eric Covener cove...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] mod_lua and subprocess_env
On Mon, Feb 27, 2017 at 11:58 AM, Andrei Ivanov wrote: > On Fri, Feb 24, 2017 at 10:58 PM, Andrei Ivanov > wrote: > >> On Feb 24, 2017 22:54, "Yann Ylavic" wrote: >> >> On Fri, Feb 24, 2017 at 6:50 PM, Andrei Ivanov >> wrote: >> > >> > I've managed to apply your patch and rebuild Apache and now I have: >> > Header set Client-IP "expr=%{REMOTE_ADDR}" >> > Header set Client-SAN "expr=%{PeerExtList:2.5.29.17}" >> > Header set Client-DN "expr=%{SSL_CLIENT_S_DN}" >> >> Could you please add: >> Header set Expr "'IP Address:'.%{REMOTE_ADDR} -in >> PeerExtList('2.5.29.17')" >> ? >> >> If it outputed "Expr: IP Addressfalse" that'd be issue with operators' >> precedence. >> I'll try on my side, but you may beat me to it since you have the >> environment... >> >> >> Ugh, it's my work environment, I'll be able to access it only on Monday. >> >> > Tried now, I've adapted your suggestion a bit as it doesn't seem correct: > > Header set Expr "expr='IP Address:'.%{REMOTE_ADDR} -in > %{PeerExtList:2.5.29.17}" > > This results in: > Expr: 'IP Address:'.159.107.78.127 -in email:, > email:, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP > Address:159.107.78.127, IP Address:FE80:0:0:0:6D03:4CE1:C15F:5A44 > > As far as I understand, it doesn't perform the concatenation properly. > I've tried > Header set Expr "expr='%{IP Address:'.%{REMOTE_ADDR}} -in > %{PeerExtList:2.5.29.17}" > > But I get a parse error at startup: > Can't parse value expression : syntax error, unexpected T_ERROR, expecting > T_VAR_END or ':': Invalid character in variable name ' ' > > But I think mod_headers has some different way of interpreting > expressions, because this doesn't work: > > Header set matched false > > Header set matched true > > > Cannot parse condition clause: syntax error, unexpected T_VAR_BEGIN, > expecting T_ID or '{ > Yann? Any clues? :-)
Re: [users@httpd] download stops at 1kB
Hi Eric, 2017-02-27 20:21 GMT+01:00 Erich Eckner : > Hi, > > I have a strange problem: > I'm running an apache server (Apache/2.2.22 under Debian) with several > vhosts, one of which is hosted at crux.eckner.net, on a vps. > The index document "http://crux.eckner.net/index.html"; stops > transferring after 1kB (exactly 1024 Bytes are shown if I do 'curl > http://crux.eckner.net/index.html', firefox also hangs at the respective > position). index.html is a local file and I deactivated all > dynamic-content-stuff (e.g. php). If I wait long enough, I get a timeout: > the client says: "curl: (56) Recv failure: Connection reset by peer", > the server logs nothing. > > The strange part is, that each of the following work fine: > - Downloading via https, e.g. https://crux.eckner.net/index.html > - Downloading the same file with same size, but replaced content, works > fine - e.g. 'head -c 14052 /dev/urandom | base64 -w0 > index.html', then > 'curl http://crux.eckner.net/index.html' > > I'm somewhat out of Ideas where to look next :-( > Any hints are apreciated. > > If you could share your httpd config and apache error log somewhere (like http://apaste.info) it would be really useful to help (even better if you could increase your log level with https://httpd.apache.org/docs/2.2/mod/core.html#loglevel). Luca
[users@httpd] Re: Apache 2.4 Mod Speling
Hi - I did some further digging around on Mod Speling and came across this forum - https://www.drupal.org/node/268561 It suggests that if Mod Rewrite is enabled alongside Mod Speling that there will be a conflict, resulting in Mod Speling not working. Can anyone confirm if this is the case? Theo On 27 Feb 2017, at 09:57, Sweeny, Theo (Chief Customer Office) mailto:theo.swe...@directlinegroup.co.uk>> wrote: Hello - I am trying to implement mod_speling on Apache 2.4 running on RH v6.8. The idea so ignore case of the URL on the destination file system, by way of file names or directories. There are multiple sites configured in the vhosts directory, each with it's own virtual hosts file. The spelling module has been enabled in the server config file /etc/httpd/conf/httpd.conf. Inside one of the virtual host files the following has been added - CheckSpelling on CheckCaseOnly on The server has been restared but the URL's are still case sensitive. Yes I know that all incoming URL's can be rewrote to lowercase but the problem is not all URL's in the configs are in lower case - hence the need for this module. Any pointers would be much appreciated. Theo Direct Line Insurance Group plc. Registered in England & Wales No 02280426. Registered Office: Churchill Court, Westmoreland Road, Bromley, Kent, BR1 1DP This e-mail message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer. You should not copy, print, distribute, disclose or use any part of it. Internet e-mails are not necessarily secure. By replying to this message you give your consent to our monitoring of your email communications with us. We do not accept responsibility for changes made to this message after it was sent. We cannot accept any liability for viruses transmitted via this email once it has left our network. We will never send e-mails requesting personal or confidential information. If you ever receive such an e-mail appearing to come from us, do not reply to it, instead please contact us immediately. __ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com __