[users@httpd] Re: Matt Tosto has shared a document on Google Docs with you

[Matt]

Ignore the previous email you may have received from me with a shared
Google Doc. It is not valid.

On Wed, May 3, 2017 at 1:34 PM,  wrote:

> Matt Tosto has invited you to view the following document:
>
>

[users@httpd] Matt Tosto has shared a document on Google Docs with you

[datahead4]

Matt Tosto has invited you to view the following document:

Open in Docs

[users@httpd] Error in log, Idk problem

[Luiz Guilherme Nunes Fernandes]

Hi,
I have a problem and I do not know how to fix it,
Is problem with sub directories, I try redirect with cups. Although have
errors, I can navigate.

if i remove lines:
Order deny,allow
Deny from All

And i add no erros, and no have authentication with Active Directory
   Allow from all
   Order Deny,Allow

Attention: No erros in apache configure file, only erros in log.

My file configuration:


ProxyPreserveHost On
ProxyPass / http://10.1.1.75:631/
ProxyPassReverse / http://10.1.1.75:631/

   CacheEnable disk /
   CacheRoot /var/spool/httpd
   CacheDirLevels 5
   CacheDirLength 4
   CacheMinFileSize 1024
   CacheMaxFileSize 10485760
   CacheDefaultExpire 144000


Order deny,allow
Deny from All
# Allow from all
# Order Deny,Allow

AuthName "Informe usuario da rede LDAP"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPUrl ldap://ldap/ou=ldap,dc=com,dc=br?sAMAccountName
AuthLDAPBindDN cn=UsrLDAP,cn=Users,ou=ldap,dc=com,dc=br
AuthLDAPBindPassword X
Require valid-user
Satisfy any





Error:
[Wed May 03 10:28:57.562769 2017] [access_compat:error] [pid 14722] [client
10.251.14.140:35328] AH01797: client denied by server configuration: proxy:
http://10.1.1.75:631/help/, referer: http://10.1.1.75/admin

[Wed May 03 10:47:38.214012 2017] [access_compat:error] [pid 14725] [client
10.251.14.140:36325] AH01797: client denied by server configuration: proxy:
http://10.1.1.75:631/help/, referer: http://10.1.1.75/admin
[Wed May 03 10:47:38.910394 2017] [access_compat:error] [pid 14727] [client
10.251.14.140:36328] AH01797: client denied by server configuration: proxy:
http://10.1.1.75:631/jobs/, referer: http://10.1.1.75/admin
[Wed May 03 10:47:44.151292 2017] [access_compat:error] [pid 14727] [client
10.251.14.140:36328] AH01797: client denied by server configuration: proxy:
http://10.1.1.75:631/jobs/, referer: http://10.1.1.75/jobs/
[Wed May 03 10:47:48.905561 2017] [access_compat:error] [pid 14727] [client
10.251.14.140:36328] AH01797: client denied by server configuration: proxy:
http://10.1.1.75:631/jobs/, referer: http://10.1.1.75/jobs/
[Wed May 03 10:47:51.476263 2017] [access_compat:error] [pid 14727] [client
10.251.14.140:36328] AH01797: client denied by server configuration: proxy:
http://10.1.1.75:631/help/, referer: http://10.1.1.75/jobs/
[Wed May 03 10:47:53.428483 2017] [access_compat:error] [pid 14727] [client
10.251.14.140:36328] AH01797: client denied by server configuration: proxy:
http://10.1.1.75:631/help/, referer: http://10.1.1.75/help/


-- 
<<<--->>>

< Disse-lhe Jesus: Eu sou o caminho, e a verdade e a vida; ninguém vem ao
Pai, senão por mim >
 (João 14:6)

Att.
♪ ♫  Luiz Guilherme Nunes
Fernandes  ♫ ♪

<<<--->>>

Re: [users@httpd] Apache + Squid Proxy: AH01991: SSL input filter read failed

[Luca Toscano]

Hi,

2017-05-02 19:18 GMT+02:00 chiasa.men :

> Hi,
> my apache is behind a squid proxy which is configured like that:
> https_port 3128 accel cert=/cert.pem key=/cert.key defaultsite=
> ww1.example.com
> vhost
> acl server20_domains dstdomain ww1.example.com ww2.example.com
> http_access allow server20_domains
> cache_peer server20 parent 443 0 no-query originserver name=server20
> login=PASSTHRU ssl sslversion=6
> cache_peer_access server20 allow server20_domains
> cache_peer_access server20 deny all
>
> The idea was to send ww1 and ww2 to server20 which is hosting an apache
> webservice for both sites.
> It works but each time I visit one of those sites the following messages
> appear in apache's logs:
>
> [00:00:39.641665] ---
> [00:00:44.641883] [ssl:info] ssl_engine_io.c(675): (70007)The timeout
> specified has expired: [client wwwclient:47122] AH01991: SSL input filter
> read
> failed.
> [00:00:44.642170] [ssl:info] ssl_engine_io.c(675): (70007)The timeout
> specified has expired: [client wwwclient:47120] AH01991: SSL input filter
> read
> failed.
> [00:00:44.642442] [ssl:info] ssl_engine_io.c(675): (70007)The timeout
> specified has expired: [client wwwclient:47118] AH01991: SSL input filter
> read
> failed.
> [00:00:44.642570] [ssl:info] ssl_engine_io.c(675): (70007)The timeout
> specified has expired: [client wwwclient:47124] AH01991: SSL input filter
> read
> failed.
> [00:00:44.642977] [ssl:debug] ssl_engine_io.c(1016): -: [client wwwclient:
> 47118] AH02001: Connection closed to child 11 with standard shutdown
> (server
> ww1.example.com:443)
> [00:00:44.643241] [ssl:debug] ssl_engine_io.c(1016): -: [client wwwclient:
> 47124] AH02001: Connection closed to child 6 with standard shutdown (server
> ww1.example.com:443)
> [00:00:44.643373] [ssl:debug] ssl_engine_io.c(1016): -: [client wwwclient:
> 47120] AH02001: Connection closed to child 5 with standard shutdown (server
> ww1.example.com:443)
> [00:00:44.643560] [ssl:debug] ssl_engine_io.c(1016): -: [client wwwclient:
> 47122] AH02001: Connection closed to child 8 with standard shutdown (server
> ww1.example.com:443)
> [00:00:44.647119] [ssl:info] ssl_engine_io.c(675): (70007)The timeout
> specified has expired: [client wwwclient:47116] AH01991: SSL input filter
> read
> failed.
> [00:00:44.647347] [ssl:debug] ssl_engine_io.c(1016): -: [client wwwclient:
> 47116] AH02001: Connection closed to child 3 with standard shutdown (server
> ww1.example.com:443)
>
> The corresponding squid access.log entries would be:
> [00:00:39] "GET https://ww1.example.com/a/ HTTP/1.1" 503 4033 "-" "ua"
> TCP_MISS:FIRSTUP_PARENT
> [00:00:39] "GET https://ww1.example.com/some.js HTTP/1.1" 304 240
> "https://
> ww1.example.com/a/" "ua" TCP_MISS:FIRSTUP_PARENT
> [00:00:39] "GET https://ww1.example.com/someother.js HTTP/1.1" 304 239
> "https://ww1.example.com/a/; "ua" TCP_MISS:FIRSTUP_PARENT
> [00:00:39] "GET https://ww1.example.com/more.js HTTP/1.1" 304 241
> "https://
> ww1.example.com/a/" "ua" TCP_MISS:FIRSTUP_PARENT
> [00:00:39] "GET https://ww1.example.com/some.css HTTP/1.1" 304 277
> "https://
> ww1.example.com/a/" "ua" TCP_MISS:FIRSTUP_PARENT
> [00:00:39] "GET https://ww1.example.com/someother.css HTTP/1.1" 304 277
> "https://ww1.example.com/a/; "ua" TCP_MISS:FIRSTUP_PARENT
> [00:00:39] "GET https://ww1.example.com/a.png HTTP/1.1" 304 241 "https://
> ww1.example.com/a/" "ua" TCP_MISS:FIRSTUP_PARENT
>
>
> You can see that approximately after 5s the timeout happens. Is it a
> message
> to worry about? (it is just "info" labled) Why does it occur?
>
> I sent basically the same problem to squid's mailing list because I
> supposed
> squid was the problematic part here. But since they suggested apache could
> be
> the weirdo, I'm asking here
> Thanks for your help
>

I'd need to ask you a couple of questions since I am not familiar with
Squid:

1) Does Squid terminate TLS/SSL or is it proxied to httpd in some way? Can
you describe a bit more your set up?
2) Can you share your httpd configuration? Do you have any timeout set on
it that might explain this in httpd or Squid (check also default timeouts)?
3) Not super familiar with Squid but from the logs it seems that a 503 is
logged for https://ww1.example.com/a.. Is it normal?

Luca

[users@httpd] Apache 2.4: Proxy certificate configuration question

[Markus Gausling]

Hello,

when Apache is configured as a WebServer I can configure the private
key and the certificate of the server separately using
SSLCertificateFile and SSLCertificateKeyFile.

When configuring Apache as an HTTP Proxy (Reverse Proxy or Forward
Proxy) it seems I can only configure the proxy private key and
certificate if they are combined into a single PEM file with
SSLProxyMachineCertificateFile.

Is that understanding corrector is there also a way to defined key and
certificate for an HTTP Proxy configuration separately?

Regards
Markus

Re: [users@httpd] I need help figuring out a 500 response code

[John Covici]

I am using mod_php.  I do not have any special directives, but in my
php.ini I have display_errors off (I put it on briefly to see if I
would see anything), and I have errors logged to
/var/log/apache2/php_errors.log .  I would be interested in how you
are doing this.  I can send my virtual host if that would be of any
use here.  If not in the error_log file where should I see a log of
the 500 response?

 
On Wed, 03 May 2017 09:08:35 -0400,
Daniel wrote:
> 
> [1  ]
> [2  ]
> Perhaps you should also add how you are configuring httpd to handle the 
> interpretation of PHP files.
> 
> That is, if you are, for example using mod_proxy_fcgi to send php file 
> requests to php-fpm you should see your 500 detailed errors there instead of 
> Apache.
> 
> Apache will always log 500status errors, so maybe you should make sure you 
> are checking the correct login if you are not using the case I describe above.
> 
> If you are using the dreaded mod_php you should check for php directives you 
> can specify for more verbose logging onto why your php scripts fail.
> 
> I use owncloud too, so if you want I can show you a configuration snippet on 
> how to set apache with mod_proxy_fcgi reverse proxy php requests to a php-fpm 
> pool
> 
> 2017-05-03 11:21 GMT+02:00 John Covici :
> 
>  The error_log just had one line or in debug mode a lot of information
>  about ssl and several lines about requireall granted, but no further
>  information about the error.
> 
>  On Wed, 03 May 2017 02:55:28 -0400,
>  Dr James Smith wrote:
>  >
>  > Is there an error.log in the same directory? This is usually in
>  > the same directory this should contain some information about why
>  > the system failed.
>  >
>  >
>  > On 03/05/2017 07:41, John Covici wrote:
>  > > Hi. I am having major problems figuring out a 500 response code I am
>  > > getting on my hserver.
>  > >
>  > > I am using apache 2.4.25 on gentoo linux up to date as of a few days
>  > > ago.
>  > >
>  > > So, I havinstalled owncloud which is a cloud server written in php and
>  > > it has worked for a long time, but for a few days I have gotten 500
>  > > when I try to access it. Now, I am using https normally to access and
>  > > when I look at the error_log, I get just one line like this:
>  > >
>  > > [Wed May 03 02:14:37.074791 2017] [ssl:info] [pid 22312] [client
>  > > 192.168.0.2:56613] AH01964: Connection to child 0 established (server
>  > > ccs.covici.com:443)
>  > >
>  > > If I change the loglevel to debug, I get all kinds of ssl information
>  > > and the lines saying that requireall was granted, but nothing about
>  > > the error.
>  > >
>  > > Now, if I change to http access, on my access_log I get lines like the
>  > > following:
>  > >
>  > > 192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET /owncloud HTTP/1.1"
>  > > 301 295
>  > > 192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET /owncloud HTTP/1.1"
>  > > 301 295 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0;
>  > > rv:11.0) like Gecko"
>  > > 192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET /owncloud HTTP/1.1"
>  > > 301 295 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0;
>  > > rv:11.0) like Gecko"
>  > > 192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET /owncloud/ HTTP/1.1"
>  > > 302 -
>  > > 192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET /owncloud/ HTTP/1.1"
>  > > 302 - "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0)
>  > > like Gecko"
>  > > 192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET /owncloud/ HTTP/1.1"
>  > > 302 - "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0)
>  > > like Gecko"
>  > > 192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET
>  > > /owncloud/index.php/login HTTP/1.1" 500 -
>  > > 192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET
>  > > /owncloud/index.php/login HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT
>  > > 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
>  > > 192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET
>  > > /owncloud/index.php/login HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT
>  > > 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
>  > >
>  > > Now, owncloud has theirownw log, but I get nothing in it.
>  > >
>  > > So, my question is how to find out more about why I am getting the 500
>  > > response and what I can do about it.
>  > >
>  > > Thanks in advance for any suggestions.
>  > >
>  >
>  >
>  >
>  > --
>  > The Wellcome Trust Sanger Institute is operated by Genome
>  > Research Limited, a charity registered in England with number
>  > 1021457 and a company registered in England with number 2742969,
>  > whose registered office is 215 Euston Road, London, NW1 2BE.
>  > -
>  > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>  > For additional commands, e-mail: users-h...@httpd.apache.org
>  >
> 
>  --
>  Your life is like a penny. You're going to lose it. The question is:
>  How do
>  you spend it?
> 
>  John 

Re: [users@httpd] I need help figuring out a 500 response code

[Daniel]

Perhaps you should also add how you are configuring httpd to handle the
interpretation of PHP files.

That is, if you are, for example using mod_proxy_fcgi to send php file
requests to php-fpm you should see your 500 detailed errors there instead
of Apache.

Apache will always log 500status errors, so maybe you should make sure you
are checking the correct login if you are not using the case I describe
above.

If you are using the dreaded mod_php you should check for php directives
you can specify for more verbose logging onto why your php scripts fail.

I use owncloud too, so if you want I can show you a configuration snippet
on how to set apache with mod_proxy_fcgi reverse proxy php requests to a
php-fpm pool

2017-05-03 11:21 GMT+02:00 John Covici :

> The error_log just had one line or in debug mode a lot of information
> about ssl and several lines about requireall granted, but no further
> information about the error.
>
> On Wed, 03 May 2017 02:55:28 -0400,
> Dr James Smith wrote:
> >
> > Is there an error.log in the same directory? This is usually in
> > the same directory this should contain some information about why
> > the system failed.
> >
> >
> > On 03/05/2017 07:41, John Covici wrote:
> > > Hi.  I am having major problems figuring out a 500 response code I am
> > > getting  on my hserver.
> > >
> > > I am using apache 2.4.25 on gentoo linux up to date as of a few days
> > > ago.
> > >
> > > So, I havinstalled owncloud which is a cloud server written in php and
> > > it has worked for a long time, but for a few days I have gotten 500
> > > when I try to access it.  Now, I am using https normally to access and
> > > when I look at the error_log, I get just one line like this:
> > >
> > > [Wed May 03 02:14:37.074791 2017] [ssl:info] [pid 22312] [client
> > > 192.168.0.2:56613] AH01964: Connection to child 0 established (server
> > > ccs.covici.com:443)
> > >
> > > If I change the loglevel to debug, I get all kinds of ssl information
> > > and the lines saying that requireall was granted, but nothing about
> > > the error.
> > >
> > > Now, if I change to http access, on my access_log I get lines like the
> > > following:
> > >
> > > 192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET /owncloud HTTP/1.1"
> > > 301 295
> > > 192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET /owncloud HTTP/1.1"
> > > 301 295 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0;
> > > rv:11.0) like Gecko"
> > > 192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET /owncloud HTTP/1.1"
> > > 301 295 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0;
> > > rv:11.0) like Gecko"
> > > 192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET /owncloud/ HTTP/1.1"
> > > 302 -
> > > 192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET /owncloud/ HTTP/1.1"
> > > 302 - "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0)
> > > like Gecko"
> > > 192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET /owncloud/ HTTP/1.1"
> > > 302 - "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0)
> > > like Gecko"
> > > 192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET
> > > /owncloud/index.php/login HTTP/1.1" 500 -
> > > 192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET
> > > /owncloud/index.php/login HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT
> > > 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
> > > 192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET
> > > /owncloud/index.php/login HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT
> > > 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
> > >
> > > Now, owncloud has theirownw log, but I get nothing in it.
> > >
> > > So, my question is how to find out more about why I am getting the 500
> > > response and what I can do about it.
> > >
> > > Thanks in advance for any suggestions.
> > >
> >
> >
> >
> > --
> > The Wellcome Trust Sanger Institute is operated by Genome
> > Research Limited, a charity registered in England with number
> > 1021457 and a company registered in England with number 2742969,
> > whose registered office is 215 Euston Road, London, NW1 2BE.
> > -
> > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> > For additional commands, e-mail: users-h...@httpd.apache.org
> >
>
> --
> Your life is like a penny.  You're going to lose it.  The question is:
> How do
> you spend it?
>
>  John Covici
>  cov...@ccs.covici.com
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>


-- 
*Daniel Ferradal*
IT Specialist

email dferradal at gmail.com
linkedin es.linkedin.com/in/danielferradal

RE: [users@httpd] Browser differences

[Ramsey, Robert L]

This is just my non-apache two cents.  Chrome does a number of things that are 
. . . interesting, let’s say.

Just from my own experience, some things to look for which you probably thought 
of already, and aren’t apache specific:


-  Is your js loaded after all of the libraries?  Are you sure?  I had 
a similar problem and I had all of my js references at the bottom of the body 
as you should, with jquery loaded first, 3-5 other libraries in-between, then 
my js.  I moved just jquery and bootstrap to the head and loaded my js file 
from the bottom of the body.  Then the error I had about jquery not being 
loaded went away.  Like yours, it worked in FF but not Chrome.



-  Is your js file one huge file or many little ones?  It sounds like 
one big file.  Maybe break it up to see if loading many smaller files works for 
this client.  One place I worked actually had a css file that was too big for 
some clients, so splitting it up and loading it in the right order fixed 
problems.


-  Is this straight js or are you transpiling jsx/tsx files?  Check the 
config for the transpiler to see if it is doing anything weird.  Maybe strip 
comments out if you really need one big file.

You’ve probably already looked at those, but sometimes it helps to have another 
person chime in.  A js/chrome list might be more appropriate too.

You are lucky that you are working with one client.  I’m doing a small project 
that needs to be compatible back to IE9, has unsophisticated users, and has 
users with accessibility requirements beyond straight wcag 2.1 AA.  Luckily the 
user base is < 100,000.

bob

From: robertin...@gmail.com [mailto:robertin...@gmail.com] On Behalf Of Robert 
Inder
Sent: Wednesday, May 3, 2017 4:34 AM
To: users@httpd.apache.org
Subject: [users@httpd] Browser differences

We have developed a complex javascript application
There are "a few megabytes" of our own code, plus OpenLayers map handling and 
jQuery.

We're serving it through Apache 2.2.15-59, which arrived on CentOS 6.9 in mid 
April.
And everything works well and reliably for us.

But for the last couple of weeks, our client has been experiencing problems 
starting the application.
The Javascript console reports that some Javascript files are not loading 
because "Connection Timed Out" on one of the JS files.
Apache is not logging any errors.

The obvious explanation would be in terms of network connection between him and 
the hosting company.
But his connection is actually faster than ours
AND he only has problems when he uses Google Chrome: Firefox is fine.

So I'm struggling to think what this can be.  Any suggestions?

Our client started having problems at ABOUT the time that yum installed 
2.2.15-59.
Has something changed?

Robert

--
Robert Inder,0131 229 1052 / 07808 492 213
Interactive Information Ltd,   3, Lauriston Gardens, Edinburgh EH3 9HH
Registered in Scotland, Company no. SC 150689
   Interactions speak louder than words

[users@httpd] Browser differences

[Robert Inder]

We have developed a complex javascript application
There are "a few megabytes" of our own code, plus OpenLayers map handling
and jQuery.

We're serving it through Apache 2.2.15-59, which arrived on CentOS 6.9 in
mid April.
And everything works well and reliably for us.

But for the last couple of weeks, our client has been experiencing problems
starting the application.
The Javascript console reports that some Javascript files are not loading
because "Connection Timed Out" on one of the JS files.
Apache is not logging any errors.

The obvious explanation would be in terms of network connection between him
and the hosting company.
But his connection is actually faster than ours
AND he only has problems when he uses Google Chrome: Firefox is fine.

So I'm struggling to think what this can be.  Any suggestions?

Our client started having problems at ABOUT the time that yum installed
2.2.15-59.
Has something changed?

Robert

-- 
Robert Inder,0131 229 1052 / 07808 492
213
Interactive Information Ltd,   3, Lauriston Gardens, Edinburgh EH3 9HH
Registered in Scotland, Company no. SC 150689
   Interactions speak louder than
words

Re: [users@httpd] I need help figuring out a 500 response code

[John Covici]

The error_log just had one line or in debug mode a lot of information
about ssl and several lines about requireall granted, but no further
information about the error.

On Wed, 03 May 2017 02:55:28 -0400,
Dr James Smith wrote:
> 
> Is there an error.log in the same directory? This is usually in
> the same directory this should contain some information about why
> the system failed.
> 
> 
> On 03/05/2017 07:41, John Covici wrote:
> > Hi.  I am having major problems figuring out a 500 response code I am
> > getting  on my hserver.
> > 
> > I am using apache 2.4.25 on gentoo linux up to date as of a few days
> > ago.
> > 
> > So, I havinstalled owncloud which is a cloud server written in php and
> > it has worked for a long time, but for a few days I have gotten 500
> > when I try to access it.  Now, I am using https normally to access and
> > when I look at the error_log, I get just one line like this:
> > 
> > [Wed May 03 02:14:37.074791 2017] [ssl:info] [pid 22312] [client
> > 192.168.0.2:56613] AH01964: Connection to child 0 established (server
> > ccs.covici.com:443)
> > 
> > If I change the loglevel to debug, I get all kinds of ssl information
> > and the lines saying that requireall was granted, but nothing about
> > the error.
> > 
> > Now, if I change to http access, on my access_log I get lines like the
> > following:
> > 
> > 192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET /owncloud HTTP/1.1"
> > 301 295
> > 192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET /owncloud HTTP/1.1"
> > 301 295 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0;
> > rv:11.0) like Gecko"
> > 192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET /owncloud HTTP/1.1"
> > 301 295 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0;
> > rv:11.0) like Gecko"
> > 192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET /owncloud/ HTTP/1.1"
> > 302 -
> > 192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET /owncloud/ HTTP/1.1"
> > 302 - "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0)
> > like Gecko"
> > 192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET /owncloud/ HTTP/1.1"
> > 302 - "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0)
> > like Gecko"
> > 192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET
> > /owncloud/index.php/login HTTP/1.1" 500 -
> > 192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET
> > /owncloud/index.php/login HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT
> > 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
> > 192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET
> > /owncloud/index.php/login HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT
> > 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
> > 
> > Now, owncloud has theirownw log, but I get nothing in it.
> > 
> > So, my question is how to find out more about why I am getting the 500
> > response and what I can do about it.
> > 
> > Thanks in advance for any suggestions.
> > 
> 
> 
> 
> -- 
> The Wellcome Trust Sanger Institute is operated by Genome
> Research Limited, a charity registered in England with number
> 1021457 and a company registered in England with number 2742969,
> whose registered office is 215 Euston Road, London, NW1 2BE. 
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
> 

-- 
Your life is like a penny.  You're going to lose it.  The question is:
How do
you spend it?

 John Covici
 cov...@ccs.covici.com

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] CRL list with size more than 4MB

[Hristiyan Kirov]

Hello,

We have a system in which the access control is done via SSL certificates. The 
end-users provide their personal certificate and we let them in. We have Oracle 
Linux 6.8 with apache 2.4 and openssl 1.0.1e. We have problem with one of the 
issuers of certificates (CA) in our country. Their CRL files are larger than 
4MB. When a client with certificate issued from them try to login the following 
error is generated:

[Wed Apr 12 18:48:37.694046 2017] [ssl:info] [pid 9123] [client 
xxx:51018] AH02276: Certificate Verification: Error (3): unable to get 
certificate CRL

Other users with certificates from other issuers (CAs) are able to login 
correctly.

Our apache is configured with the following directives:
SSLCARevocationCheck   leaf
SSLCARevocationPath/etc/rh/root/etc/httpd24/conf/keystore/crl/

and in SSLCARevocationPath we have symbolic links to the CRL file named 
hash-value.rN. The CRL files are downloaded everyday via crontab. All CRL files 
(except the ones from problematic CA) are smaller than 4MB.
We found a documentation from Oracle that their Oracle HTTP Server (based on 
apache) is not able to process CRL files larger than 4MB.

One additional comment, we have a similar legacy system but with apache 2.2 and 
openssl 0.9.8 and the login is successful there with CRLs larger than 4MB - but 
we assume that this is during the fact that in apache 2.2 if there is no CRL, 
the system will let you pass.

We can provide more information for the problem and trace files from openssl 
commands that checks the certificates but after weeks of troubleshooting we 
came up to the size of the revocation list...
So, have any of you guys managed to process correctly CRL file larger than 4MB?
Thanks

Regards,
Hristiyan Kirov

Re: [users@httpd] I need help figuring out a 500 response code

[Dr James Smith]

Is there an error.log in the same directory? This is usually in the same 
directory this should contain some information about why the system failed.



On 03/05/2017 07:41, John Covici wrote:

Hi.  I am having major problems figuring out a 500 response code I am
getting  on my hserver.

I am using apache 2.4.25 on gentoo linux up to date as of a few days
ago.

So, I havinstalled owncloud which is a cloud server written in php and
it has worked for a long time, but for a few days I have gotten 500
when I try to access it.  Now, I am using https normally to access and
when I look at the error_log, I get just one line like this:

[Wed May 03 02:14:37.074791 2017] [ssl:info] [pid 22312] [client
192.168.0.2:56613] AH01964: Connection to child 0 established (server
ccs.covici.com:443)

If I change the loglevel to debug, I get all kinds of ssl information
and the lines saying that requireall was granted, but nothing about
the error.

Now, if I change to http access, on my access_log I get lines like the
following:

192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET /owncloud HTTP/1.1"
301 295
192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET /owncloud HTTP/1.1"
301 295 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0;
rv:11.0) like Gecko"
192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET /owncloud HTTP/1.1"
301 295 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0;
rv:11.0) like Gecko"
192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET /owncloud/ HTTP/1.1"
302 -
192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET /owncloud/ HTTP/1.1"
302 - "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0)
like Gecko"
192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET /owncloud/ HTTP/1.1"
302 - "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0)
like Gecko"
192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET
/owncloud/index.php/login HTTP/1.1" 500 -
192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET
/owncloud/index.php/login HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT
10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET
/owncloud/index.php/login HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT
10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"

Now, owncloud has theirownw log, but I get nothing in it.

So, my question is how to find out more about why I am getting the 500
response and what I can do about it.

Thanks in advance for any suggestions.





--
The Wellcome Trust Sanger Institute is operated by Genome Research 
Limited, a charity registered in England with number 1021457 and a 
company registered in England with number 2742969, whose registered 
office is 215 Euston Road, London, NW1 2BE. 


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] I need help figuring out a 500 response code

[John Covici]

Hi.  I am having major problems figuring out a 500 response code I am
getting  on my hserver.

I am using apache 2.4.25 on gentoo linux up to date as of a few days
ago.

So, I havinstalled owncloud which is a cloud server written in php and
it has worked for a long time, but for a few days I have gotten 500
when I try to access it.  Now, I am using https normally to access and
when I look at the error_log, I get just one line like this:

[Wed May 03 02:14:37.074791 2017] [ssl:info] [pid 22312] [client
192.168.0.2:56613] AH01964: Connection to child 0 established (server
ccs.covici.com:443)

If I change the loglevel to debug, I get all kinds of ssl information
and the lines saying that requireall was granted, but nothing about
the error.

Now, if I change to http access, on my access_log I get lines like the
following:

192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET /owncloud HTTP/1.1"
301 295
192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET /owncloud HTTP/1.1"
301 295 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0;
rv:11.0) like Gecko"
192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET /owncloud HTTP/1.1"
301 295 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0;
rv:11.0) like Gecko"
192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET /owncloud/ HTTP/1.1"
302 -
192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET /owncloud/ HTTP/1.1"
302 - "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0)
like Gecko"
192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET /owncloud/ HTTP/1.1"
302 - "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0)
like Gecko"
192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET
/owncloud/index.php/login HTTP/1.1" 500 -
192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET
/owncloud/index.php/login HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT
10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
192.168.0.2 - - [03/May/2017:02:33:38 -0400] "GET
/owncloud/index.php/login HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT
10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"

Now, owncloud has theirownw log, but I get nothing in it.

So, my question is how to find out more about why I am getting the 500
response and what I can do about it.

Thanks in advance for any suggestions.

-- 
Your life is like a penny.  You're going to lose it.  The question is:
How do
you spend it?

 John Covici
 cov...@ccs.covici.com

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org