[users@httpd] Apache 2.5 Source Code ?

[Joe Muller]

Where can I get the source code to build Apache 2.5 for Red Hat 8 ?   The links 
on apache.org redirect to the source for Apache 2.4, and I don't see any 
packages for Apache 2.5 in the Red Hat repos.

Thanks,

-Joe

[users@httpd] Question Error apache

[Nacho Herrerías]

I have a problem with Apache. Now and then i get an alert from my SIEM,
telling me this: auditd: process ended abnormally type=ANOM_ABEND
msg=audit(1699052664.898:938628): auid=4294967295 uid=1001 gid=1002
ses=4294967295 pid=32043 comm="httpd" exe="/usr/sbin/httpd" sig=7 res=1
AUID="unset" UID="censored" GID="censored"

The thing is that Apache (2.4.58) is working fine, and its been working the
all time, what can I do to stop getting this error from Apache?

Re: [users@httpd] Apache 2.4 Balancer still sends requests to the server with status "Init Err"

[Suvendu Sekhar Mondal]

On Wed, Nov 1, 2023 at 3:55 PM Daniel Ferradal  wrote:
>
>
>
> El mié, 1 nov 2023 a las 8:32,  escribió:
>>
>> Hello everybody.
>>
>> I use Apache 2.4.37 on Red Hat as balancer for two Tomcat servers. We have 
>> this configuration of balancer:
>> 
>> BalancerMember https://192.168.1.40:8443 route=TOMCAT_SRV1 timeout=60 
>> ping=1ms
>> BalancerMember https://192.168.1.50:8443 route=TOMCAT_SRV2 timeout=60 
>> ping=500ms
>> ProxySet stickysession=JSESSIONID|jsessionid
>> ProxySet lbmethod=byrequests
>> ProxySet nofailover=off
>> 
>> For testing reasons, I have reduced the ping value to 1 ms for one server.
>>
>> During test calls Load Balancer Manager shows server status "Init Err" and 
>> Apache error log shows these errors:
>> [Tue Oct 31 17:01:38.075395 2023] [proxy_http:error] [pid 151375:tid 
>> 140535126157056] (70007)The timeout specified has expired: [client 
>> xxx.xxx.xxx.xxx:33855] AH01102: error reading status line from remote server 
>> 192.168.1.40:8443, referer: https://xy
>> [Tue Oct 31 17:01:38.075453 2023] [proxy:error] [pid 151375:tid 
>> 140535126157056] [client xxx.xxx.xxx.xxx:33855] AH00898: Timeout on 
>> 100-Continue returned by /tomcat, referer: https://xy
>>
>> But I can still see requests from Apache in the request log of the server 
>> 192.168.1.40. How do I configure the load balancer to stop sending requests 
>> to the server 192.168.1.40 for a defined period of time after detecting the 
>> "Init Err" status and only send them to the other server in the cluster? 
>> Thank you very much in advance for your help.
>>
This can be achieved by using the "retry" parameter. Apache will not
forward any request to the backend server(which is in error state)
until retry timeout expires. By default this value is 60 sec. You may
need to adjust it.

https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#balancermember

>
> "failontimeout" by default is off, you may want to turn it on for your 
> testing purposes.
>
>
> --
> Daniel Ferradal
> HTTPD Project
> #httpd help at Libera.Chat

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache 2.4 Balancer still sends requests to the server with status "Init Err"

[Daniel Ferradal]

El vie, 3 nov 2023 a las 9:36,  escribió:

>
>
> Now when the first server is in "bad condition" (192.168.1.40:8443 is
> available, but the server does not respond), Apache waits 10 s and than it
> sends 502 error to client, instead of using the second server. What is
> wrong? Thanks in advance.
>
>
timeout is making it wait 10 seconds to see if server responds in that time
because it is taking long to answer but has accepted the connection, if you
want to make it wait less, adjust it.

AFAIK, httpd does not send the request to the other balancer member until
the first has failed, so at least you will get one failure for 30 seconds
and a wait of 10 every time httpd retries a backend that is failing.

Someone may correct me though, but I haven't managed with your setup,
perhaps reaching this point you can try with mod_proxy_hcheck. Although
timeouts are tricky.

-- 
Daniel Ferradal
HTTPD Project
#httpd help at Libera.Chat

Re: [users@httpd] Apache 2.4 Balancer still sends requests to the server with status "Init Err"

[ficajar]

Hello Daniel,

Thank you very much for your advice. Based on it I modified the configuration:

BalancerMember https://192.168.1.40:8443 route=TOMCAT_SRV1 timeout=10 
retry=30
BalancerMember https://192.168.1.50:8443 route=TOMCAT_SRV2 timeout=10 
retry=30
ProxySet stickysession=JSESSIONID|jsessionid
ProxySet lbmethod=byrequests
ProxySet failontimeout=on
ProxySet failonstatus=500,502,503
ProxySet forcerecovery=off
ProxySet nofailover=off

I removed ping parameter because it does not work for GET requests.

Now when the first server is in "bad condition" (192.168.1.40:8443 is 
available, but the server does not respond), Apache waits 10 s and than it 
sends 502 error to client, instead of using the second server. What is wrong? 
Thanks in advance.

Best regards,
Fica

On 2023/11/01 10:24:54 Daniel Ferradal wrote:
> El mié, 1 nov 2023 a las 8:32,  escribió:
>
> > Hello everybody.
> >
> > I use Apache 2.4.37 on Red Hat as balancer for two Tomcat servers. We have
> > this configuration of balancer:
> > 
> > BalancerMember https://192.168.1.40:8443 route=TOMCAT_SRV1 timeout=60
> > ping=1ms
> > BalancerMember https://192.168.1.50:8443 route=TOMCAT_SRV2 timeout=60
> > ping=500ms
> > ProxySet stickysession=JSESSIONID|jsessionid
> > ProxySet lbmethod=byrequests
> > ProxySet nofailover=off
> > 
> > For testing reasons, I have reduced the ping value to 1 ms for one server.
> >
> > During test calls Load Balancer Manager shows server status "Init Err" and
> > Apache error log shows these errors:
> > [Tue Oct 31 17:01:38.075395 2023] [proxy_http:error] [pid 151375:tid 
> > 140535126157056] (70007)The timeout specified has expired: [client
> > xxx.xxx.xxx.xxx:33855] AH01102: error reading status line from remote 
> > server 192.168.1.40:8443, referer: https://xy
> > [Tue Oct 31 17:01:38.075453 2023] [proxy:error] [pid 151375:tid
> > 140535126157056] [client xxx.xxx.xxx.xxx:33855] AH00898: Timeout on 
> > 100-Continue returned by /tomcat, referer: https://xy
> >
> > But I can still see requests from Apache in the request log of the server
> > 192.168.1.40. How do I configure the load balancer to stop sending requests
> > to the server 192.168.1.40 for a defined period of time after detecting the
> > "Init Err" status and only send them to the other server in the cluster?
> > Thank you very much in advance for your help.
> >
> >
> "failontimeout" by default is off, you may want to turn it on for your 
> testing purposes.
>
>
> --
> Daniel Ferradal
> HTTPD Project
> #httpd help at Libera.Chat

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] really basic -- maybe off-topic question

[Paul]

On 2023-11-01 10:30, bruce wrote:

I'm looking into Saas apps, and I'm seeing "frameworks". Some of these
Saas/App frameworks don't appear to use apache/nginx as a "webserver",
but the app will have a "Url" in an "env" file. So, somehow/somewhere
the app is implementing some sort of server logic/function.

Is this normal?

The frameworks I'm seeing are nodejs/Laravel/etc.

Is there a way to have the framework be "served" from a normal
"webserver" -- eg Apache?

One of the framework apps I'm looking at is
https://github.com/thedevdojo/wave


This is really not an apache / httpd question.  It *appears* after a 
very quick look, to be a cloud based commercial subscription where you 
have no choice concerning the "cloud server set-up."


Their demo at  does produce a purportedly 
html5 page, which contains 98 errors and 59 warnings according to W3.org 
at 



YMMV

Paul



Thanks for any help/comments/etc!!

or, if there are pointers/sites you can point me to on these issues --
that'll work as well!

-bruce

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] really basic -- maybe off-topic question

[bruce]

I'm looking into Saas apps, and I'm seeing "frameworks". Some of these
Saas/App frameworks don't appear to use apache/nginx as a "webserver",
but the app will have a "Url" in an "env" file. So, somehow/somewhere
the app is implementing some sort of server logic/function.

Is this normal?

The frameworks I'm seeing are nodejs/Laravel/etc.

Is there a way to have the framework be "served" from a normal
"webserver" -- eg Apache?

One of the framework apps I'm looking at is
https://github.com/thedevdojo/wave

Thanks for any help/comments/etc!!

or, if there are pointers/sites you can point me to on these issues --
that'll work as well!

-bruce

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache 2.4 Balancer still sends requests to the server with status "Init Err"

[Daniel Ferradal]

El mié, 1 nov 2023 a las 8:32,  escribió:

> Hello everybody.
>
> I use Apache 2.4.37 on Red Hat as balancer for two Tomcat servers. We have
> this configuration of balancer:
> 
> BalancerMember https://192.168.1.40:8443 route=TOMCAT_SRV1 timeout=60
> ping=1ms
> BalancerMember https://192.168.1.50:8443 route=TOMCAT_SRV2 timeout=60
> ping=500ms
> ProxySet stickysession=JSESSIONID|jsessionid
> ProxySet lbmethod=byrequests
> ProxySet nofailover=off
> 
> For testing reasons, I have reduced the ping value to 1 ms for one server.
>
> During test calls Load Balancer Manager shows server status "Init Err" and
> Apache error log shows these errors:
> [Tue Oct 31 17:01:38.075395 2023] [proxy_http:error] [pid 151375:tid
> 140535126157056] (70007)The timeout specified has expired: [client
> xxx.xxx.xxx.xxx:33855] AH01102: error reading status line from remote
> server 192.168.1.40:8443, referer: https://xy
> [Tue Oct 31 17:01:38.075453 2023] [proxy:error] [pid 151375:tid
> 140535126157056] [client xxx.xxx.xxx.xxx:33855] AH00898: Timeout on
> 100-Continue returned by /tomcat, referer: https://xy
>
> But I can still see requests from Apache in the request log of the server
> 192.168.1.40. How do I configure the load balancer to stop sending requests
> to the server 192.168.1.40 for a defined period of time after detecting the
> "Init Err" status and only send them to the other server in the cluster?
> Thank you very much in advance for your help.
>
>
"failontimeout" by default is off, you may want to turn it on for your
testing purposes.


-- 
Daniel Ferradal
HTTPD Project
#httpd help at Libera.Chat

[users@httpd] Apache 2.4 Balancer still sends requests to the server with status "Init Err"

[ficajar]

Hello everybody.

I use Apache 2.4.37 on Red Hat as balancer for two Tomcat servers. We have this 
configuration of balancer:

BalancerMember https://192.168.1.40:8443 route=TOMCAT_SRV1 timeout=60 
ping=1ms
BalancerMember https://192.168.1.50:8443 route=TOMCAT_SRV2 timeout=60 
ping=500ms
ProxySet stickysession=JSESSIONID|jsessionid
ProxySet lbmethod=byrequests
ProxySet nofailover=off

For testing reasons, I have reduced the ping value to 1 ms for one server.

During test calls Load Balancer Manager shows server status "Init Err" and 
Apache error log shows these errors:
[Tue Oct 31 17:01:38.075395 2023] [proxy_http:error] [pid 151375:tid 
140535126157056] (70007)The timeout specified has expired: [client 
xxx.xxx.xxx.xxx:33855] AH01102: error reading status line from remote server 
192.168.1.40:8443, referer: https://xy
[Tue Oct 31 17:01:38.075453 2023] [proxy:error] [pid 151375:tid 
140535126157056] [client xxx.xxx.xxx.xxx:33855] AH00898: Timeout on 
100-Continue returned by /tomcat, referer: https://xy

But I can still see requests from Apache in the request log of the server 
192.168.1.40. How do I configure the load balancer to stop sending requests to 
the server 192.168.1.40 for a defined period of time after detecting the "Init 
Err" status and only send them to the other server in the cluster? Thank you 
very much in advance for your help.

Best regards,

Fica

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] Building 32-bit Apache-httpd

[Daga, Navin (Navin)]

I'm trying to build Apache httpd RPM from the source tarball as mentioned in 
https://httpd.apache.org/docs/2.4/install.html
I need to generate 32 bit RPM. However, I could not find any documentation on 
how to build 32 bit version from the source.

Essentially, what options need to be provided to "configure" to build 32 bit 
httpd server?

Thanks

[users@httpd] Re: Weird issue with "H2Push" combined with FilesMatch

[Jose Stefan]

Hello,

I decided to re-create the problem on a fresh install. I used 2 win64 releases 
provided by apachelounge.com

  *   httpd-2.4.54-win64-VC15.zip
  *   httpd-2.4.58-win64-VS17.zip

I configured only the bare minimum needed to re-create the problem. They are 
both configured the same, and they both have ssl and http2 enabled.

I could only re-create the problem on the first build, I had no issue with 
2.4.58. Therefore, I believe my issue might be a bug that has since been 
corrected. The website doesn't archive all releases, so I can't test exactly 
which version makes the difference.

Note that 2.4.54 is newer than the one provided on Ubuntu 22.04 LTS.

I'm using the versions provided by ubuntu for simplicity. Seem my options are:

  *   Update ubuntu to a newer release and use their repo, but none feature 
2.4.58 so far, and I don't know if builds in between the ones I tested are 
fixed or not.
  *   Install the latest httpd from elsewhere and not the ubuntu repo.
  *   Redo the config in a way that doesn't trigger the bug.

--Jose Stefan

Re: [users@httpd] Unable to build Apache httpd

[Rainer Canavan]

On Tue, Oct 24, 2023 at 5:32 AM Frank Gingras  wrote:
>
> Perhaps the libtool version is older/different - what happens when you remove 
> the space?
>
> On Fri, Oct 20, 2023 at 12:19 PM Daga, Navin (Navin)  wrote:
>>
>> I'm trying to build Apache httpd RPM from the source tarball as mentioned in 
>> https://httpd.apache.org/docs/2.4/install.html
>>
>> However, it always fails with the error "libtool:   error: require no space 
>> between '-L' and '-R'"
>>
>> Complete Error :
>>
>> /usr/lib64/apr-1/build/libtool --silent --mode=link gcc   -o 
>> htpasswd  htpasswd.lo passwd_common.lo   -L -R -laprutil-1 -ldb-5.3 
>> -lexpat
>>
>> /usr/lib64/libapr-1.la -lpthread -lcrypt
>>
>> libtool:   error: require no space between '-L' and '-R'

The problem here is not the space, but the fact that -L requires a
directory as an argument - like -L/usr/local/lib - and consumes the
following argument (in this case -R) instead. You'll need to figure
out why no path is included here. -R should also have a path argument,
but I would have expected -Wl,-rpath to be used instead on Linux. All
this points to the ./configure script and its friends getting very
confused. I'd recommend re-trying the build in a clean Fedora Docker
container with only the required packages (gcc, make, ...) installed
from the distribution's default repositories. Once you have a working
build, it should be easier to determine where your current problems
actually start.

Rainer

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Weird issue with "H2Push" combined with FilesMatch

[Paul]

On 2023-10-24 14:09, Frank Gingras wrote:
[snip]


Keep in mind that nghttp2 is a build requirement for HTTP/2, which was 
outlined in the threads pertaining to CVE 2033-44487. Testing with that 
tool should be fine.


Good point, thanks. I had missed it.  In the Ubuntu world (nearly all of 
my servers)  starts with the 
statement that "The nginx developers do not consider nginx to be 
affected by this issue" and seeing that I systematically use nginx as a 
front end, I didn't read further -- my bad.  Thanks Frank.


Paul


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Weird issue with "H2Push" combined with FilesMatch

[Jose Stefan]

Hello Paul,

Sorry, that's hotmail default behavior for replies. I have tried removing all 
default quoted text for this post and quoting manually to see how it turns out.


What version of Apache / httpd? What server system / version?  I
personally had never heard of Nghttp, and their website appears to have
last been updated in 2015. ()

The Information you've asked is in the 1st post:
version: 2.4.52-1ubuntu4.6 on Ubuntu 22.04 LTS.

Nghttp, is a command line tool similar to curl which supports showing the http2 
push. I tried with curl, but while libcurl does support http2 push, the command 
line tool has no way of showing that information. AFAIK.

--Jose Stefan

Re: [users@httpd] Weird issue with "H2Push" combined with FilesMatch

[Frank Gingras]

On Tue, Oct 24, 2023 at 2:02 PM Paul  wrote:

> On 2023-10-24 13:17, Jose Stefan wrote:
>
> Please don't top-post
>
> > No, not that I am aware off. The push is only triggered by the
> > "H2PushResource" directive shown. Which I tried to showcase with the
> > 3^rd  test.
> >
> > Within fileA.php and fileB.php the stylesheet is loaded with this line:
> > 
> >
> > A tag within the html content, and not a header.
> >
> > To perform my tests I'm mostly using the command line:
> > nghttp -vn URL
>
>^^
> What version of Apache / httpd? What server system / version?  I
> personally had never heard of Nghttp, and their website appears to have
> last been updated in 2015. ()
>
>
> >
> > But to remove PHP from the equation. I've now peformed the following
> test.
> >
> >  1. saved the generated content as a static fileA.html
> >  2. changed to this line: 
> >
> > And after the test I still get the push.
> >
> > --Jose Stefan
> >
> > 
> > *From:* Paul 
> > *Sent:* Tuesday, October 24, 2023 12:55 PM
> > *To:* users@httpd.apache.org 
> > *Subject:* Re: [users@httpd] Weird issue with "H2Push" combined with
> > FilesMatch
> > On 2023-10-24 11:31, Jose Stefan wrote:
> >> Hello,
> >>
> >> I have a weird issue while using "H2Push". I'm turning it off, but
> >> depending where it's nested it doesn't work as expected. Subset of
> >> config shown at the end. I'm using version: 2.4.52-1ubuntu4.6 on Ubuntu
> >> 22.04 LTS.
> >>
> >> With the code as presented, it still triggers a push for "fileC.css". I
> >> expect NO push to happen as it is turned off before
> >> the"H2PushResource..." line.
> >
> > Quick question, not a solution.  Does you php (or other static
> > environment) have any 'rel=preload'?
> >>
> >> Here's where I'm confused. I've performed the following individual
> tests:
> >>
> >>   * If I use the "H2Push off" outside of the FilesMatch (and comment the
> >> one inside), The push doesn't happen.
> >>   *
> >> If I use both "H2Push off" and "H2PushResource..." outside of the
> >> FilesMatch (and comment the ones inside), The push doesn't happen.
> >>   * If I comment out the "H2PushResource..." inside the FilesMatch, the
> >> push doesn't happen. Therefore, I know the config is hitting that
> part.
> >>
> >> It's only when both lines are inside the FilesMatch that I don't get
> the
> >> expected results. Yet the context for h2push reads:
> >> Context: server config, virtual host, directory, .htaccess
> >>
> >> The plan, eventually, is to enable just the early hints and not the
> >> push. But I haven't even gotten to testing that part yet. My version of
> >> httpd doesn't support "H2EarlyHint".
> >>
> >> Subset of the config:
> >> --
> >> H2Push on
> >> ...
> >> 
> >> 
> >> ...
> >> 
> >> #H2EarlyHints on
> >> #H2Push off
> >> #H2PushResource /fileC.css
> >> 
> >> H2Push off
> >> H2PushResource /fileC.css
> >> #H2EarlyHint ... Available in version 2.4.58 and
> >> later.
> >> 
> >> 
> >> ...
> >> 
> >> ...
> >>
> >
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> > For additional commands, e-mail: users-h...@httpd.apache.org
> >
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
Keep in mind that nghttp2 is a build requirement for HTTP/2, which was
outlined in the threads pertaining to CVE 2033-44487. Testing with that
tool should be fine.

Re: [users@httpd] Weird issue with "H2Push" combined with FilesMatch

[Paul]

On 2023-10-24 13:17, Jose Stefan wrote:

Please don't top-post

No, not that I am aware off. The push is only triggered by the 
"H2PushResource" directive shown. Which I tried to showcase with the 
3^rd  test.


Within fileA.php and fileB.php the stylesheet is loaded with this line:


A tag within the html content, and not a header.

To perform my tests I'm mostly using the command line:
nghttp -vn URL


  ^^
What version of Apache / httpd? What server system / version?  I 
personally had never heard of Nghttp, and their website appears to have 
last been updated in 2015. ()





But to remove PHP from the equation. I've now peformed the following test.

 1. saved the generated content as a static fileA.html
 2. changed to this line: 

And after the test I still get the push.

--Jose Stefan


*From:* Paul 
*Sent:* Tuesday, October 24, 2023 12:55 PM
*To:* users@httpd.apache.org 
*Subject:* Re: [users@httpd] Weird issue with "H2Push" combined with 
FilesMatch

On 2023-10-24 11:31, Jose Stefan wrote:

Hello,

I have a weird issue while using "H2Push". I'm turning it off, but 
depending where it's nested it doesn't work as expected. Subset of 
config shown at the end. I'm using version: 2.4.52-1ubuntu4.6 on Ubuntu 
22.04 LTS.


With the code as presented, it still triggers a push for "fileC.css". I 
expect NO push to happen as it is turned off before 
the"H2PushResource..." line.


Quick question, not a solution.  Does you php (or other static
environment) have any 'rel=preload'?


Here's where I'm confused. I've performed the following individual tests:

   * If I use the "H2Push off" outside of the FilesMatch (and comment the
 one inside), The push doesn't happen.
   *
 If I use both "H2Push off" and "H2PushResource..." outside of the
 FilesMatch (and comment the ones inside), The push doesn't happen.
   * If I comment out the "H2PushResource..." inside the FilesMatch, the
 push doesn't happen. Therefore, I know the config is hitting that part.

It's only when both lines are inside the FilesMatch that I don't get the 
expected results. Yet the context for h2push reads:

Context: server config, virtual host, directory, .htaccess

The plan, eventually, is to enable just the early hints and not the 
push. But I haven't even gotten to testing that part yet. My version of 
httpd doesn't support "H2EarlyHint".


Subset of the config:
--
H2Push on
...

  
...

  #H2EarlyHints on
  #H2Push off
  #H2PushResource /fileC.css
  
H2Push off
H2PushResource /fileC.css
#H2EarlyHint ... Available in version 2.4.58 and 
later.

  

...
  
...




-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Weird issue with "H2Push" combined with FilesMatch

[Jose Stefan]

Hello Paul,

No, not that I am aware off. The push is only triggered by the "H2PushResource" 
directive shown. Which I tried to showcase with the 3rd test.

Within fileA.php and fileB.php the stylesheet is loaded with this line:


A tag within the html content, and not a header.

To perform my tests I'm mostly using the command line:
nghttp -vn URL

But to remove PHP from the equation. I've now peformed the following test.

  1.  saved the generated content as a static fileA.html
  2.  changed to this line: 

And after the test I still get the push.

--Jose Stefan


From: Paul 
Sent: Tuesday, October 24, 2023 12:55 PM
To: users@httpd.apache.org 
Subject: Re: [users@httpd] Weird issue with "H2Push" combined with FilesMatch

On 2023-10-24 11:31, Jose Stefan wrote:
> Hello,
>
> I have a weird issue while using "H2Push". I'm turning it off, but
> depending where it's nested it doesn't work as expected. Subset of
> config shown at the end. I'm using version: 2.4.52-1ubuntu4.6 on Ubuntu
> 22.04 LTS.
>
> With the code as presented, it still triggers a push for "fileC.css". I
> expect NO push to happen as it is turned off before
> the"H2PushResource..." line.

Quick question, not a solution.  Does you php (or other static
environment) have any 'rel=preload'?
>
> Here's where I'm confused. I've performed the following individual tests:
>
>   * If I use the "H2Push off" outside of the FilesMatch (and comment the
> one inside), The push doesn't happen.
>   *
> If I use both "H2Push off" and "H2PushResource..." outside of the
> FilesMatch (and comment the ones inside), The push doesn't happen.
>   * If I comment out the "H2PushResource..." inside the FilesMatch, the
> push doesn't happen. Therefore, I know the config is hitting that part.
>
> It's only when both lines are inside the FilesMatch that I don't get the
> expected results. Yet the context for h2push reads:
> Context: server config, virtual host, directory, .htaccess
>
> The plan, eventually, is to enable just the early hints and not the
> push. But I haven't even gotten to testing that part yet. My version of
> httpd doesn't support "H2EarlyHint".
>
> Subset of the config:
> --
> H2Push on
> ...
> 
>   
> ...
> 
>   #H2EarlyHints on
>   #H2Push off
>   #H2PushResource /fileC.css
>   
> H2Push off
> H2PushResource /fileC.css
> #H2EarlyHint ... Available in version 2.4.58 and
> later.
>   
> 
> ...
>   
> ...
>


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Weird issue with "H2Push" combined with FilesMatch

[Paul]

On 2023-10-24 11:31, Jose Stefan wrote:

Hello,

I have a weird issue while using "H2Push". I'm turning it off, but 
depending where it's nested it doesn't work as expected. Subset of 
config shown at the end. I'm using version: 2.4.52-1ubuntu4.6 on Ubuntu 
22.04 LTS.


With the code as presented, it still triggers a push for "fileC.css". I 
expect NO push to happen as it is turned off before 
the"H2PushResource..." line.


Quick question, not a solution.  Does you php (or other static 
environment) have any 'rel=preload'?


Here's where I'm confused. I've performed the following individual tests:

  * If I use the "H2Push off" outside of the FilesMatch (and comment the
one inside), The push doesn't happen.
  *
If I use both "H2Push off" and "H2PushResource..." outside of the
FilesMatch (and comment the ones inside), The push doesn't happen.
  * If I comment out the "H2PushResource..." inside the FilesMatch, the
push doesn't happen. Therefore, I know the config is hitting that part.

It's only when both lines are inside the FilesMatch that I don't get the 
expected results. Yet the context for h2push reads:

Context: server config, virtual host, directory, .htaccess

The plan, eventually, is to enable just the early hints and not the 
push. But I haven't even gotten to testing that part yet. My version of 
httpd doesn't support "H2EarlyHint".


Subset of the config:
--
H2Push on
...

  
...

  #H2EarlyHints on
  #H2Push off
  #H2PushResource /fileC.css
  
H2Push off
H2PushResource /fileC.css
#H2EarlyHint ... Available in version 2.4.58 and 
later.

  

...
  
...




-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] Weird issue with "H2Push" combined with FilesMatch

[Jose Stefan]

Hello,

I have a weird issue while using "H2Push". I'm turning it off, but depending 
where it's nested it doesn't work as expected. Subset of config shown at the 
end. I'm using version: 2.4.52-1ubuntu4.6 on Ubuntu 22.04 LTS.

With the code as presented, it still triggers a push for "fileC.css". I expect 
NO push to happen as it is turned off before the"H2PushResource..." line.

Here's where I'm confused. I've performed the following individual tests:

  *   If I use the "H2Push off" outside of the FilesMatch (and comment the one 
inside), The push doesn't happen.
  *
If I use both "H2Push off" and "H2PushResource..." outside of the FilesMatch 
(and comment the ones inside), The push doesn't happen.
  *   If I comment out the "H2PushResource..." inside the FilesMatch, the push 
doesn't happen. Therefore, I know the config is hitting that part.

It's only when both lines are inside the FilesMatch that I don't get the 
expected results. Yet the context for h2push reads:
Context: server config, virtual host, directory, .htaccess

The plan, eventually, is to enable just the early hints and not the push. But I 
haven't even gotten to testing that part yet. My version of httpd doesn't 
support "H2EarlyHint".

Subset of the config:
--
H2Push on
...

  
...

  #H2EarlyHints on
  #H2Push off
  #H2PushResource /fileC.css
  
H2Push off
H2PushResource /fileC.css
#H2EarlyHint ... Available in version 2.4.58 and later.
  

...
  
...

Re: [users@httpd] Unable to build Apache httpd

[Frank Gingras]

Perhaps the libtool version is older/different - what happens when you
remove the space?

On Fri, Oct 20, 2023 at 12:19 PM Daga, Navin (Navin) 
wrote:

> I'm trying to build Apache httpd RPM from the source tarball as mentioned
> in https://httpd.apache.org/docs/2.4/install.html
>
>
>
> However, it always fails with the error "libtool:   error: require no
> space between '-L' and '-R'"
>
>
>
> Complete Error :
>
> /usr/lib64/apr-1/build/libtool --silent --mode=link gcc   -o
> htpasswd  htpasswd.lo passwd_common.lo   -L -R -laprutil-1 -ldb-5.3
> -lexpat
>
> /usr/lib64/libapr-1.la -lpthread -lcrypt
>
> libtool:   error: require no space between '-L' and '-R'
>
> make[2]: *** [Makefile:48: htpasswd] Error 1
>
> make[2]: Leaving directory '/httpd-2.4.58/support'
>
> make[1]: *** [/httpd-2.4.58/build/rules.mk:75: all-recursive] Error 1
>
> make[1]: Leaving directory '/httpd-2.4.58/support'
>
> make: *** [/httpd-2.4.58/build/rules.mk:75: all-recursive] Error 1
>
>
>
> Tried Building older version and get the same error and did not find
> anything when searching for similar errors.
>
>
>
> Any help on what this could be?
>
>
>
> Thanks
>

Re: [users@httpd] CVE-2033-44487

[Frank Gingras]

Yes, you need to upgrade to 2.4.58, and make sure your system has nghttp2
.57 installed.

On Thu, Oct 19, 2023 at 7:31 PM Brian Southern 
wrote:

> Has anyone been able to definitively determine if Apache HTTP 2.4.53 is
> vulnerable to CVE-2023-44487?  I've found forums where users and apparent
> sysadmins indicate it may be, however the only reference to this CVE I've
> been able to locate on Apache.org is as a comment made within another CVE
> vulnerability fix report.
>
> thank you.
>

Re: [users@httpd] dynamic ssl cert/key selection

[Rainer Canavan]

On Fri, Oct 20, 2023 at 5:31 PM Marc  wrote:

[...]
> >ServerAlias test.*.*
[...]
> >
> > A trivial and safe way if you need a solution asap might involve declaring
> > a  for each host.
>
> I would like to have single access/error log for all these serveralias 
> matches.

That's no problem, multiple vhosts can write into the same access/error logs.

> > I’ve not seen globbing/wildcarding like this, and also makes me curious is
> > it possible to get a public key signed by a CA with this globbing pattern?
>
> yes I am getting the certs like this. I just want to prevent creating the 
> vhosts

I think what he ment is whether CAs issue wildcard certificates like
test.*.*. They don't, and that wouldn't work anyway, since only one *
is allowed, only at the beginning, and only representing a single
level of host names.

Concerning your problem, I think you're stuck with creating multiple
vhosts if you want to use httpd with multiple separate certificates.
If you can get a single certificate with all your hostnames as SAN
entries, that would work as well.

As an alternative, you could use OpenResty as an SSL offloader, and
load your certificates on demand using some lua code in
ssl_certificate_by_lua_block
(https://github.com/openresty/lua-nginx-module#ssl_certificate_by_lua_block)

Rainer

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] Unable to build Apache httpd

[Daga, Navin (Navin)]

I'm trying to build Apache httpd RPM from the source tarball as mentioned in 
https://httpd.apache.org/docs/2.4/install.html

However, it always fails with the error "libtool:   error: require no space 
between '-L' and '-R'"

Complete Error :
/usr/lib64/apr-1/build/libtool --silent --mode=link gcc   -o 
htpasswd  htpasswd.lo passwd_common.lo   -L -R -laprutil-1 -ldb-5.3 -lexpat
/usr/lib64/libapr-1.la -lpthread -lcrypt
libtool:   error: require no space between '-L' and '-R'
make[2]: *** [Makefile:48: htpasswd] Error 1
make[2]: Leaving directory '/httpd-2.4.58/support'
make[1]: *** [/httpd-2.4.58/build/rules.mk:75: all-recursive] Error 1
make[1]: Leaving directory '/httpd-2.4.58/support'
make: *** [/httpd-2.4.58/build/rules.mk:75: all-recursive] Error 1

Tried Building older version and get the same error and did not find anything 
when searching for similar errors.

Any help on what this could be?

Thanks

RE: [users@httpd] dynamic ssl cert/key selection

[Marc]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -. 
F1 Outsourcing Development Sp. z o.o.
Poland 

t:  +48 (0)12 4207 835
e:  m...@f1-outsourcing.eu

> -Original Message-
> From: Will Fatherley 
> Sent: Friday, 20 October 2023 16:04
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] dynamic ssl cert/key selection
> 
> 
>   Is there a way to chose what ssl certs/keys to load when you have
> something like
> 
>ServerAlias test.*.*
> 
>   So when host test.example.com   is serviced,
> that it will get
> 
>   SSLCertificateFile "/etc/pki/tls/certs/example.com.crt"
> 
> 
>   So when host test.example.net   is serviced,
> that it will get
> 
>   SSLCertificateFile "/etc/pki/tls/certs/example.net.crt"
> 
> 
> A trivial and safe way if you need a solution asap might involve declaring
> a  for each host.

I would like to have single access/error log for all these serveralias matches.

> I’ve not seen globbing/wildcarding like this, and also makes me curious is
> it possible to get a public key signed by a CA with this globbing pattern?

yes I am getting the certs like this. I just want to prevent creating the vhosts



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] dynamic ssl cert/key selection

[Will Fatherley]

> Is there a way to chose what ssl certs/keys to load when you have
> something like
>
>  ServerAlias test.*.*
>
> So when host test.example.com is serviced, that it will get
>
> SSLCertificateFile "/etc/pki/tls/certs/example.com.crt"
>
>
> So when host test.example.net is serviced, that it will get
>
> SSLCertificateFile "/etc/pki/tls/certs/example.net.crt"


A trivial and safe way if you need a solution asap might involve declaring
a  for each host.

I’ve not seen globbing/wildcarding like this, and also makes me curious is
it possible to get a public key signed by a CA with this globbing pattern?
If it’s not, there’s probably a good reason, and it might therefore be a
reason to avoid designing it into your configurations.

A helpful hint for you is to look at the “context” entry for each directive
you want to use in the man pages. SSLCertificateFile, as seen in the
mod_ssl man page, has “server config” and “virtual host” contexts listed.
This indicates that it can’t be used in an  directive. That doesn’t
mean it’s not possible to have some idiomatic and/or elegant solution that
involves the globbing pattern.

[users@httpd] dynamic ssl cert/key selection

[Marc]

Is there a way to chose what ssl certs/keys to load when you have something like

 ServerAlias test.*.*

So when host test.example.com is serviced, that it will get 

SSLCertificateFile "/etc/pki/tls/certs/example.com.crt"


So when host test.example.net is serviced, that it will get 

SSLCertificateFile "/etc/pki/tls/certs/example.net.crt"

[users@httpd] CVE-2033-44487

[Brian Southern]

Has anyone been able to definitively determine if Apache HTTP 2.4.53 is
vulnerable to CVE-2023-44487?  I've found forums where users and apparent
sysadmins indicate it may be, however the only reference to this CVE I've
been able to locate on Apache.org is as a comment made within another CVE
vulnerability fix report.

thank you.

[users@httpd] CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST

[Stefan Eissing]

Severity: moderate

Affected versions:

- Apache HTTP Server 2.4.17 through 2.4.57

Description:

When a HTTP/2 stream was reset (RST frame) by a client, there was a time window 
were the request's memory resources were not reclaimed immediately. Instead, 
de-allocation was deferred to connection close. A client could send new 
requests and resets, keeping the connection busy and open and causing the 
memory footprint to keep on growing. On connection close, all resources were 
reclaimed, but the process might run out of memory before that.

This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid 
Reset Exploit) with their own test client. During "normal" HTTP/2 use, the 
probability to hit this bug is very low. The kept memory would not become 
noticeable before the connection closes or times out.

Users are recommended to upgrade to version 2.4.58, which fixes the issue.

Credit:

Will Dormann of Vul Labs (finder)
David Warren of Vul Labs (finder)

References:

https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-45802

Timeline:

2023-10-12: reported


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] CVE-2023-43622: Apache HTTP Server: DoS in HTTP/2 with initial windows size 0

[Stefan Eissing]

Severity: low

Affected versions:

- Apache HTTP Server 2.4.55 through 2.4.57

Description:

An attacker, opening a HTTP/2 connection with an initial window size of 0, was 
able to block handling of that connection indefinitely in Apache HTTP Server. 
This could be used to exhaust worker resources in the server, similar to the 
well known "slow loris" attack pattern.
This has been fixed in version 2.4.58, so that such connection are terminated 
properly after the configured connection timeout.

This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57.

Users are recommended to upgrade to version 2.4.58, which fixes the issue.

Credit:

Prof. Sven Dietrich (City University of New York) (finder)
Isa Jafarov (City University of New York) (finder)
Prof. Heejo Lee (Korea University) (finder)
Choongin Lee (Korea University) (finder)

References:

https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-43622

Timeline:

2023-09-15: reported


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] CVE-2023-31122: Apache HTTP Server: mod_macro buffer over-read

[Stefan Eissing]

Severity: low

Affected versions:

- Apache HTTP Server through 2.4.57

Description:

Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue 
affects Apache HTTP Server: through 2.4.57.

Credit:

David Shoon (github/davidshoon) (finder)

References:

https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-31122

Timeline:

2023-04-04: Reported to security team


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] basic question ---

[Frank Gingras]

Can you keep the replies on-list?

Multiviews is just the simplest approach, and there is no such thing as
"everyone does X". It depends.

You can certainly solve a problem in the most convoluted way possible, but
it doesn't mean that it's the correct way.

On Mon, Oct 16, 2023 at 5:22 PM Tatsuki Makino 
wrote:

> Hello.
>
> Frank Gingras wrote on 2023/10/17 02:22:
> > That's just multiviews.
>
> For that matter, do everyone else do multiviews?
> What if we simply name the file b, and then do the following?
>
> 
>  
>   SetHandler php-script
>  
>  
>   # If it works via CGI as well.
>   SetHandler cgi-script
>  
> 
>
> Regards.
>
>

Re: [users@httpd] basic question ---

[Tatsuki Makino]

Hello.

Frank Gingras wrote on 2023/10/17 02:22:
> That's just multiviews.

For that matter, do everyone else do multiviews?
What if we simply name the file b, and then do the following?


 
  SetHandler php-script
 
 
  # If it works via CGI as well.
  SetHandler cgi-script
 


Regards.


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] basic question ---

[Frank Gingras]

That's just multiviews.

On Mon, Oct 16, 2023 at 12:49 PM bruce  wrote:

> Hi Frank.
>
> Thanks for the reply.
>
> Not converting.
>
> But I've seen example open source demo/apps
>  where the app/url
>http://www.foo.com/a
>http://www.foo.com/b
>  are valid...
>
> and when I inspect the dir, I get
>  a.php   - b.php...
>
> So I'm assuming that there's something happening in the  httpd.conf that's
>  "hiding"/handling the ".php" extension.
>
>
> So, trying to understand, so I can do my own personal test.
>
> thanks
>
> On Mon, Oct 16, 2023 at 12:25 PM Frank Gingras  wrote:
> >
> > You should use multviews, so that if you request /a, it will expand to
> a.php.
> >
> > Converting a.php to b.php makes no sense; why would you request another
> script in that case?
> >
> > You should also look at the FallbackResource directive, and use pathinfo
> to handle URI parameters, instead of the query string.
> >
> > On Mon, Oct 16, 2023 at 12:19 PM bruce  wrote:
> >>
> >> running apache2
> >> old copy of centos
> >>
> >> trying to understand how to test a few things.
> >>
> >> I can have
> >>  http://www.abc.com/a.php
> >>
> >> a.php can fire off a page to "b.php"
> >>
> >> I'm trying to figure out what to do in the httpd.conf file to
> >>  "ignore/hide" the .php
> >>
> >> so the displayed url would be
> >>  http://www.abc.com/b
> >> or
> >>  http://www.abc.com/b?qq=1=2.
> >>
> >> any pointers would be helpful!
> >>
> >> oh, the test is a subdir off the main /var/www/html/testapp <<
> >>
> >> thanks
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> >> For additional commands, e-mail: users-h...@httpd.apache.org
> >>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] basic question ---

[bruce]

Hi Frank.

Thanks for the reply.

Not converting.

But I've seen example open source demo/apps
 where the app/url
   http://www.foo.com/a
   http://www.foo.com/b
 are valid...

and when I inspect the dir, I get
 a.php   - b.php...

So I'm assuming that there's something happening in the  httpd.conf that's
 "hiding"/handling the ".php" extension.


So, trying to understand, so I can do my own personal test.

thanks

On Mon, Oct 16, 2023 at 12:25 PM Frank Gingras  wrote:
>
> You should use multviews, so that if you request /a, it will expand to a.php.
>
> Converting a.php to b.php makes no sense; why would you request another 
> script in that case?
>
> You should also look at the FallbackResource directive, and use pathinfo to 
> handle URI parameters, instead of the query string.
>
> On Mon, Oct 16, 2023 at 12:19 PM bruce  wrote:
>>
>> running apache2
>> old copy of centos
>>
>> trying to understand how to test a few things.
>>
>> I can have
>>  http://www.abc.com/a.php
>>
>> a.php can fire off a page to "b.php"
>>
>> I'm trying to figure out what to do in the httpd.conf file to
>>  "ignore/hide" the .php
>>
>> so the displayed url would be
>>  http://www.abc.com/b
>> or
>>  http://www.abc.com/b?qq=1=2.
>>
>> any pointers would be helpful!
>>
>> oh, the test is a subdir off the main /var/www/html/testapp <<
>>
>> thanks
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>>

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] basic question ---

[Frank Gingras]

You should use multviews, so that if you request /a, it will expand to
a.php.

Converting a.php to b.php makes no sense; why would you request another
script in that case?

You should also look at the FallbackResource directive, and use pathinfo to
handle URI parameters, instead of the query string.

On Mon, Oct 16, 2023 at 12:19 PM bruce  wrote:

> running apache2
> old copy of centos
>
> trying to understand how to test a few things.
>
> I can have
>  http://www.abc.com/a.php
>
> a.php can fire off a page to "b.php"
>
> I'm trying to figure out what to do in the httpd.conf file to
>  "ignore/hide" the .php
>
> so the displayed url would be
>  http://www.abc.com/b
> or
>  http://www.abc.com/b?qq=1=2.
>
> any pointers would be helpful!
>
> oh, the test is a subdir off the main /var/www/html/testapp <<
>
> thanks
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

[users@httpd] basic question ---

[bruce]

running apache2
old copy of centos

trying to understand how to test a few things.

I can have
 http://www.abc.com/a.php

a.php can fire off a page to "b.php"

I'm trying to figure out what to do in the httpd.conf file to
 "ignore/hide" the .php

so the displayed url would be
 http://www.abc.com/b
or
 http://www.abc.com/b?qq=1=2.

any pointers would be helpful!

oh, the test is a subdir off the main /var/www/html/testapp <<

thanks

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] preciso de ajuda

[Frank Gingras]

I'll answer in English for the benefit of the list (you can use google
translate).

For windows, the recommended installers are from the apache lounge site:

https://www.apachelounge.com/

Alternatively, you can install xampp, but that should not be run in
production.

On Sun, Oct 15, 2023 at 6:17 PM Endel Naiva 
wrote:

> preciso saber como RODAR CORRETAMENTE : INSTALAR , CONFIGURAR E SUBIR o
> Apache 2.4 ou a mais nova versão em meu computador
> com o WINDOWS 10 PRO
>
> Endel
>

[users@httpd] preciso de ajuda

[Endel Naiva]

preciso saber como RODAR CORRETAMENTE : INSTALAR , CONFIGURAR E SUBIR o
Apache 2.4 ou a mais nova versão em meu computador
com o WINDOWS 10 PRO

Endel

Re: [users@httpd] Peer digest using sha1 on TLS connection - Chrome fails

[Craig H Silva (Cenitex)]

Just as an update - it appears that there was a vhost config that went 
unnoticed - this from the guy who found it:

"We noticed with SSLLabs that there was 2 SSL certificates getting pulled when 
testing against the xxx.xxx.xxx.domain

Looking against the config being included in the Apache when started we found a 
vhost file which had shared the same IP listener. This was a site migrated from 
the platform under a different domain (yyy.xxx.xxx.domain), so the SSL attached 
to this vhost was expired (possibly the SHA1) but getting considered as part of 
the TLS negotiation alongside the existing certificate for xxx.xxx.xxx.domain 
(which was SHA2)."


From: Pedro Coelho Silva 
Sent: Friday, October 13, 2023 5:42 AM
To: users@httpd.apache.org 
Subject: Re: [users@httpd] Peer digest using sha1 on TLS connection - Chrome 
fails

CAUTION: Cenitex security team advise that this email did not originate from a 
source within the Australian State or Federal Government. Be cautious when 
responding and/or opening any weblinks or attachments contained within this 
email.

Is the CA cert signed with SHA-1? If so, you can try to check if the CA has a 
cross-signed CA cert with SHA2 you can use for the customer's current 
certificate chain or just tell your customer to reissue the cert with a full 
SHA2 chain.
Best Regards
/P
--
--


On Thu, 12 Oct 2023 at 04:27, Craig H Silva (Cenitex) 
 wrote:

This is probably not the most appropriate mail list to ask this question.

Basically we have apache 2.4.3 on a solaris 10 host running openssl  1.0.2zf.

This was OK up until the 117 release of Chrome, which now rejects sha1.

Funny thing is that one vhost with the same ssl config is ok, whilst one vhost 
is failing. From all that I can tell, the only difference is the certificates - 
the CA cert is different.

I'm the unix admin (typically I don't do the httpd config - that's our 
customer), but the customer wants to make it our issue. Of course this is the 
customer that has resisted upgrading the OS.


There is one available patch for openssl from Oracle (151912-22 - openssl 
1.02.zf) but I can't get any info at this point on whether that might address 
the issue.


Its only Chrome that is failing at the moment, but interested on any thoughts, 
ideas from this list as to whether there is any work around that could be 
attempted.



[cid:18b2531e1ffefe250631]



 [cid:18b2531e1ff4c6ea5362] 

  [cid:18b2531e1ff448e3d473] 

  [cid:18b2531e1ff347405d44] 


Craig Silva | Specialist Engineer – Unix & Storage Services

Level 18, 80 Collins Street, Melbourne 3000

(03) 9063 5126

cenitex.vic.gov.au





[cid:18b2531e1ff9482eb85]



Cenitex acknowledges the Traditional Owners and custodians of the land and we 
pay our respects to their Elders, past, present and emerging. We are an 
inclusive workplace that embraces diversity in all its forms.






Notice:

This email and any attachments may contain information that is personal,
confidential, legally privileged and/or copyright. No part of it should be
reproduced, adapted or communicated without the prior written consent of the
copyright owner.

It is the responsibility of the recipient to check for and remove viruses.

If you have received this email in error, please notify the sender by return
email, delete it from your system and destroy any copies. You are not authorised
to use, communicate or rely on the information contained in this email.

Please consider the environment before printing this email.

--
Notice:

This email and any attachments may contain information that is personal,
confidential, legally privileged and/or copyright. No part of it should be
reproduced, adapted or communicated without the prior written consent of the
copyright owner.

It is the responsibility of the recipient to check for and remove viruses.

If you have received this email in error, please notify the sender by return
email, delete it from your system and destroy any copies. You are not authorised
to use, communicate or rely on the information contained in this email.

Please consider the environment before printing this email.

Re: [users@httpd] Peer digest using sha1 on TLS connection - Chrome fails

[Pedro Coelho Silva]

Is the CA cert signed with SHA-1? If so, you can try to check if the CA has
a cross-signed CA cert with SHA2 you can use for the customer's current
certificate chain or just tell your customer to reissue the cert with a
full SHA2 chain.
Best Regards
/P
--
--


On Thu, 12 Oct 2023 at 04:27, Craig H Silva (Cenitex)
 wrote:

>
> This is probably not the most appropriate mail list to ask this question.
>
> Basically we have apache 2.4.3 on a solaris 10 host running openssl
>  1.0.2zf.
>
> This was OK up until the 117 release of Chrome, which now rejects sha1.
>
> Funny thing is that one vhost with the same ssl config is ok, whilst one
> vhost is failing. From all that I can tell, the only difference is the
> certificates - the CA cert is different.
>
> I'm the unix admin (typically I don't do the httpd config - that's our
> customer), but the customer wants to make it our issue. Of course this is
> the customer that has resisted upgrading the OS.
>
>
> There is one available patch for openssl from Oracle (151912-22 - openssl
> 1.02.zf) but I can't get any info at this point on whether that might
> address the issue.
>
>
> Its only Chrome that is failing at the moment, but interested on any
> thoughts, ideas from this list as to whether there is any work around that
> could be attempted.
>
>
>
> 
>
>
>
>   
> 
> 
>
> *Craig Silva *| Specialist Engineer – Unix & Storage Services
>
> Level 18, 80 Collins Street, Melbourne 3000
>
> (03) 9063 5126
>
> cenitex.vic.gov.au
>
>
>
>
>
>
>
> Cenitex acknowledges the Traditional Owners and custodians of the land and
> we pay our respects to their Elders, past, present and emerging. We are an
> inclusive workplace that embraces diversity in all its forms.
>
>
>
>
> --
> Notice:
>
> This email and any attachments may contain information that is personal,
> confidential, legally privileged and/or copyright. No part of it should be
> reproduced, adapted or communicated without the prior written consent of
> the
> copyright owner.
>
> It is the responsibility of the recipient to check for and remove viruses.
>
> If you have received this email in error, please notify the sender by
> return
> email, delete it from your system and destroy any copies. You are not
> authorised
> to use, communicate or rely on the information contained in this email.
>
> Please consider the environment before printing this email.
>

[users@httpd] Peer digest using sha1 on TLS connection - Chrome fails

[Craig H Silva (Cenitex)]

This is probably not the most appropriate mail list to ask this question.

Basically we have apache 2.4.3 on a solaris 10 host running openssl  1.0.2zf.

This was OK up until the 117 release of Chrome, which now rejects sha1.

Funny thing is that one vhost with the same ssl config is ok, whilst one vhost 
is failing. From all that I can tell, the only difference is the certificates - 
the CA cert is different.

I'm the unix admin (typically I don't do the httpd config - that's our 
customer), but the customer wants to make it our issue. Of course this is the 
customer that has resisted upgrading the OS.


There is one available patch for openssl from Oracle (151912-22 - openssl 
1.02.zf) but I can't get any info at this point on whether that might address 
the issue.


Its only Chrome that is failing at the moment, but interested on any thoughts, 
ideas from this list as to whether there is any work around that could be 
attempted.



[cid:6aa97331-adba-4ef9-a852-8a3d241df9a0]



 [cid:8384bf39-db74-4432-90ae-4333642b6464] 
  
[cid:58fc99ef-bfac-4b14-86c8-a2f6c5334a63]   
[cid:00d8edea-a344-475b-b0dd-06f9f2aeedb1] 


Craig Silva | Specialist Engineer – Unix & Storage Services

Level 18, 80 Collins Street, Melbourne 3000

(03) 9063 5126

cenitex.vic.gov.au





[cid:76723db1-425e-4452-825d-a237f76b91e8]



Cenitex acknowledges the Traditional Owners and custodians of the land and we 
pay our respects to their Elders, past, present and emerging. We are an 
inclusive workplace that embraces diversity in all its forms.




--
Notice:

This email and any attachments may contain information that is personal,
confidential, legally privileged and/or copyright. No part of it should be
reproduced, adapted or communicated without the prior written consent of the
copyright owner.

It is the responsibility of the recipient to check for and remove viruses.

If you have received this email in error, please notify the sender by return
email, delete it from your system and destroy any copies. You are not authorised
to use, communicate or rely on the information contained in this email.

Please consider the environment before printing this email.

[users@httpd] Apache dropping Content-Length header for HEAD responses where Content-Length is 0

[Piotr Dobrogost]

Hi,

Using Apache 2.4.57 on Fedora with default
configuration I'm observing that for HEAD response the Content-Length
header is not being sent for empty files (it is present for non-empty
files). When changing HEAD to GET the header is present for such
files.
Sidney Shek asked very similar question on this list in the past with
no response –
"Apache 2.2 proxy dropping content-length header for HEAD responses
where content-length is 0"
(https://lists.apache.org/thread/vlg8x9rl1ob812rhdj7zlbpgsfz7vvw4).

How I tested this:
[user@hostx ~]$ curl -I http://localhost/x.txt
HTTP/1.1 200 OK
Date: Tue, 15 Mar 2022 22:37:56 GMT
Server: Apache/2.4.52 (Fedora Linux)
Last-Modified: Tue, 15 Mar 2022 22:35:21 GMT
ETag: "0-5da4969829e4e"
Accept-Ranges: bytes
Content-Type: text/plain; charset=UTF-8

[user@hostx ~]$ curl -v http://localhost/x.txt
*   Trying 127.0.0.1:80...
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET /x.txt HTTP/1.1
> Host: localhost
> User-Agent: curl/7.79.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Tue, 15 Mar 2022 22:38:00 GMT
< Server: Apache/2.4.52 (Fedora Linux)
< Last-Modified: Tue, 15 Mar 2022 22:35:21 GMT
< ETag: "0-5da4969829e4e"
< Accept-Ranges: bytes
< Content-Length: 0
< Content-Type: text/plain; charset=UTF-8
<
* Connection #0 to host localhost left intact

How to configure Apache so that Content-Length header would be sent in
HEAD response when requested resource has no content?

Thank you in advance.

Regards,
Piotr Dobrogost

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] Logging issue piped logs vs file

[Pedro Coelho Silva]

Hello

I think I have discovered a bug, where using a log file vs using a pipe
command will not log the exact same messages.

System:
Server version: Apache/2.4.56 (Unix)
Server built:   Jul 10 2023 10:58:41
root@ns-pedros# uname -a
FreeBSD ns-pedros 11.4-NETSCALER-13.1 FreeBSD 11.4-NETSCALER-13.1 #0
a7c4dc80d(rs_131_49_4_RTM): Mon Jul 10 12:01:16 PDT 2023
root@sjc-bld-bsd114-232:/usr/obj/usr/home/build/adc/usr.src/sys/NS64  amd64

I configure the following ErrorLog Directive as follows:
-A:ErrorLog "/var/log/httperror.log"
-B:ErrorLog "|/usr/bin/logger -t httperror -p local3.error"

I have also tried option B with |$, yielding the same result.

I have to use logger and not the "syslog:facility:tag" because I need to
control the level of the log, and this doesn't provide me with that option.

I have syslog writing to a different file, /var/log/httperror_syslog.log

If I use option A, I see the following messages after /bin/httpd -k restart
-f /etc/httpd.conf several times, in order to ensure before and after
loading the config I get the same set of messages:
[Wed Oct 11 07:54:34.505202 2023] [mpm_prefork:notice] [pid 215] AH00173:
SIGHUP received.  Attempting to restart
[Wed Oct 11 07:54:34.624822 2023] [mpm_prefork:notice] [pid 215] AH00163:
Apache/2.4.56 (Unix) mod_perl/2.0.10 Perl/v5.30.2 configured -- resuming
normal operations
[Wed Oct 11 07:54:34.625678 2023] [core:notice] [pid 215] AH00094: Command
line: '/bin/httpd -f /etc/httpd.conf'

If I use option B, after several restarts I have the following set of
messages:
Oct 11 07:55:56  ns-pedros httperror: [Wed Oct 11
07:55:56.486944 2023] [mpm_prefork:notice] [pid 215] AH00163: Apache/2.4.56
(Unix) mod_perl/2.0.10 Perl/v5.30.2 configured -- resuming normal operations
Oct 11 07:55:56  ns-pedros httperror: [Wed Oct 11
07:55:56.488838 2023] [core:notice] [pid 215] AH00094: Command line:
'/bin/httpd -f /etc/httpd.conf'


Besides the obvious new prefix from syslog, we can see that the SIGHUP
message is not sent to the piped log. I will theorize that the pipe is
closed before the SIGHUP message is sent.

I believe that this message should be sent before closing the pipe. Should
I open a bug report?

Best Regards
/P
--
--

[users@httpd] How to handle memory increase when using mod_proxy module(included in apache 2.4.46)

[Shigeharu Yamamoto (Fujitsu)]

Hello Team,

The virtual memory usage of the Apache communication process increased 
endlessly when there was a large amount of HTTP communication under the 
following conditions:
 * Windows OS
 * Enable mod_proxy to use Apache 2.4.46 as a proxy server.
 * Settings so that KeepAlive does not occur for HTTP communication between the 
proxy server and the web server.
 * MaxConnectionsPerChild is unspecified.
 
 In the above state, mod_proxy gains space for the connection IP of the web 
server each time it makes a TCP/IP connection without releasing it.
 
 In respect to the virtual memory increase in the communication process, is the 
following action correct and is the intended action according to the Apache 
2.4.46 program?
 * Restart the communication process by tuning MaxConnectionsPerChild.
 * Along with the above, set Keep-Alive to an appropriate value.

---
Thanks & Regards
Shigeharu Yamamoto


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Is it true that Nginx is faster, more secure and better than Apache?

[jean-frederic clere]

On 10/4/23 21:30, Daniel Gruno wrote:

On 2023-10-04 14:01, Antony Stone wrote:

On Wednesday 04 October 2023 at 20:48:19, Jason Long wrote:


Hello,Thanks again.Why has Apache Foundation never tested Apache
performance with Nginx?


I am not affiliated with the Apache Foundation in any way, but I would 
guess
that the primary reason is that one can make statistics say almost 
whatever
one wants them to, simply by selecting the data or analysis which 
supports the
desired outcome.  Therefore nobody is going to trust numbers put out 
either by

the Apache Foundation, or by Nginx, showing how they compare against the
competition.  I'm not saying that either of these organisations would be
lying, but they'd be expected to choose the tests and scenarios which 
show

them up in the most favourable comparative light possible.

A secondary reason is that one person's use of a web server is not the 
same as
another's, so any benchmarks showing Apache vs. Nginx would be 
idealistic and
almost certainly not what any specific real-world implementation would 
achieve.


Suppose you wanted to compare two makes of cars to find out which is 
"faster,
more secure and better" (to quote from the subject line of your 
email).  Would
you want such a comparison to be done by manufacturer A, manufacturer 
B, or an
independent third party?  No matter who it's done by, does their 
definition of
"better" match with yours (assuming you're a potential purchaser of 
one of the

cars)?


The more official, canonical reason is that NGINX is a commercial 
company making an "open core" product, while the ASF is a non-profit.


The ASF cannot and does not want to compete with other products or 
companies. It is not our mission, and we frankly do not care about 
market shares or the likes. We are volunteers working on making a free 
piece of software that can be used by whomever wants to use it.


Additionally comparing NGINX with Apache HTTPD server is comparing a 
kitchen knife to a Swiss army knife... The choice depends on what you 
need to do ;-)







Antony.




-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



--
Cheers

Jean-Frederic


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Is it true that Nginx is faster, more secure and better than Apache?

[Daniel Gruno]

On 2023-10-04 14:01, Antony Stone wrote:

On Wednesday 04 October 2023 at 20:48:19, Jason Long wrote:


Hello,Thanks again.Why has Apache Foundation never tested Apache
performance with Nginx?


I am not affiliated with the Apache Foundation in any way, but I would guess
that the primary reason is that one can make statistics say almost whatever
one wants them to, simply by selecting the data or analysis which supports the
desired outcome.  Therefore nobody is going to trust numbers put out either by
the Apache Foundation, or by Nginx, showing how they compare against the
competition.  I'm not saying that either of these organisations would be
lying, but they'd be expected to choose the tests and scenarios which show
them up in the most favourable comparative light possible.

A secondary reason is that one person's use of a web server is not the same as
another's, so any benchmarks showing Apache vs. Nginx would be idealistic and
almost certainly not what any specific real-world implementation would achieve.

Suppose you wanted to compare two makes of cars to find out which is "faster,
more secure and better" (to quote from the subject line of your email).  Would
you want such a comparison to be done by manufacturer A, manufacturer B, or an
independent third party?  No matter who it's done by, does their definition of
"better" match with yours (assuming you're a potential purchaser of one of the
cars)?


The more official, canonical reason is that NGINX is a commercial 
company making an "open core" product, while the ASF is a non-profit.


The ASF cannot and does not want to compete with other products or 
companies. It is not our mission, and we frankly do not care about 
market shares or the likes. We are volunteers working on making a free 
piece of software that can be used by whomever wants to use it.





Antony.




-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Is it true that Nginx is faster, more secure and better than Apache?

[Antony Stone]

On Wednesday 04 October 2023 at 20:48:19, Jason Long wrote:

> Hello,Thanks again.Why has Apache Foundation never tested Apache
> performance with Nginx?

I am not affiliated with the Apache Foundation in any way, but I would guess 
that the primary reason is that one can make statistics say almost whatever 
one wants them to, simply by selecting the data or analysis which supports the 
desired outcome.  Therefore nobody is going to trust numbers put out either by 
the Apache Foundation, or by Nginx, showing how they compare against the 
competition.  I'm not saying that either of these organisations would be 
lying, but they'd be expected to choose the tests and scenarios which show 
them up in the most favourable comparative light possible.

A secondary reason is that one person's use of a web server is not the same as 
another's, so any benchmarks showing Apache vs. Nginx would be idealistic and 
almost certainly not what any specific real-world implementation would achieve.

Suppose you wanted to compare two makes of cars to find out which is "faster, 
more secure and better" (to quote from the subject line of your email).  Would 
you want such a comparison to be done by manufacturer A, manufacturer B, or an 
independent third party?  No matter who it's done by, does their definition of 
"better" match with yours (assuming you're a potential purchaser of one of the 
cars)?


Antony.

-- 
The Free Software Foundation was formed on this day in 1985
https://www.fsf.org

   Please reply to the list;
 please *don't* CC me.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

RE: [users@httpd] Is it true that Nginx is faster, more secure and better than Apache?

[Marc]

I know that with nginx you can't configure your chain certificate separately, 
super annoying.

> 
> Hello,
> Thanks again.
> Why has Apache Foundation never tested Apache performance with Nginx?
> 
> 
> 
> 
>   On Sat, Sep 30, 2023 at 12:00 PM, Frank Gingras
>wrote:
>   There might be some online, however, due to the different
> architectures, they are not likely to be terribly useful. Do avoid the ones
> that bash needlessly either product.
> 
>   On Sat, Sep 30, 2023 at 3:09 AM Jason Long
>  wrote:
> 
> 
>   Hello,
>   Thank you so much for your info.
>   Why are they trollish? I am curious to learn more.
>   Is there a fair comparison between Apache and Nginx?
> 
> 
> 
>   On Saturday, September 30, 2023 at 10:35:12 AM GMT+3:30, Frank
> Gingras mailto:thu...@apache.org> > wrote:
> 
> 
> 
> 
> 
>   Additionally, your recent string of questions to this mailing
> list come off as a bit trollish.
> 
>   On Sat, Sep 30, 2023 at 3:04 AM Frank Gingras   > wrote:
>   > If any of the mod_php extensions are not thread-safe, you will
> need to use the prefork mpm, which will indeed bloat every httpd worker.
> This is not the ideal nor recommended configuration.
>   >
>   > Instead, use the event mpm and proxy_fcgi to pass the request
> to php-fpm.
>   >
>   > Alternatively, you can recompile php to be thread-safe and use
> event mpm with mod_php, which will give you a small execution speed
> advantage.
>   >
>   > The statement you posted is more or less FUD which leaves out
> very important details.
>   >
>   > On Sat, Sep 30, 2023 at 2:56 AM Jason Long
>  wrote:
>   >> Hello,
>   >> Is the following sentence correct?
>   >> "The way Apache loads PHP in its standard setup (with
> mod_php) compared to Nginx alone puts it at a disadvantage. You will see
> performance gains, particularly in memory usage, just by switching to
> Nginx, given you're using a PHP-driven application."
>   >>
>   >> Thank you.
>   >>
>   >> -
> 
>   >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> 
>   >> For additional commands, e-mail: users-h...@httpd.apache.org
> 
>   >>
>   >>
>   >
> 
> 
>   
> -
>   To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> 
>   For additional commands, e-mail: users-h...@httpd.apache.org
> 
> 
> 

Re: [users@httpd] Is it true that Nginx is faster, more secure and better than Apache?

[Jason Long]

Hello,Thanks again.Why has Apache Foundation never tested Apache performance 
with Nginx?

 
 
  On Sat, Sep 30, 2023 at 12:00 PM, Frank Gingras wrote:   
There might be some online, however, due to the different architectures, they 
are not likely to be terribly useful. Do avoid the ones that bash needlessly 
either product.
On Sat, Sep 30, 2023 at 3:09 AM Jason Long  wrote:

Hello,
Thank you so much for your info.
Why are they trollish? I am curious to learn more.
Is there a fair comparison between Apache and Nginx?



On Saturday, September 30, 2023 at 10:35:12 AM GMT+3:30, Frank Gingras 
 wrote: 





Additionally, your recent string of questions to this mailing list come off as 
a bit trollish.

On Sat, Sep 30, 2023 at 3:04 AM Frank Gingras  wrote:
> If any of the mod_php extensions are not thread-safe, you will need to use 
> the prefork mpm, which will indeed bloat every httpd worker. This is not the 
> ideal nor recommended configuration.
> 
> Instead, use the event mpm and proxy_fcgi to pass the request to php-fpm.
> 
> Alternatively, you can recompile php to be thread-safe and use event mpm with 
> mod_php, which will give you a small execution speed advantage.
> 
> The statement you posted is more or less FUD which leaves out very important 
> details.
> 
> On Sat, Sep 30, 2023 at 2:56 AM Jason Long  
> wrote:
>> Hello,
>> Is the following sentence correct?
>> "The way Apache loads PHP in its standard setup (with mod_php) compared to 
>> Nginx alone puts it at a disadvantage. You will see performance gains, 
>> particularly in memory usage, just by switching to Nginx, given you're using 
>> a PHP-driven application."
>> 
>> Thank you.
>> 
>> -
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>> 
>> 
> 


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org


  

Re: [users@httpd] Is it true that Nginx is faster, more secure and better than Apache?

[Jason Long]

Hello,Thank you so much for your reply.Is the following sentence correct?

"If you did make mod_php thread safe, it wouldn’t change the fact that you’re 
going to blow up your memory usage as Apache will load PHP into every single 
worker process that spins up."

 
 
  On Sun, Oct 1, 2023 at 12:26 PM, Deepak Goel wrote:   

On Sat, 30 Sept 2023, 12:26 Jason Long,  wrote:

Hello,
Is the following sentence correct?
"The way Apache loads PHP in its standard setup (with mod_php) compared to 
Nginx alone puts it at a disadvantage. You will see performance gains, 
particularly in memory usage, just by switching to Nginx, given you're using a 
PHP-driven application."


You will have to performance benchmark both Apache, Nginx to make a statement.
We use Apache with PHP.


Thank you.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org


  

Re: [users@httpd] proxying SSL -> SSL

[Frank Gingras]

First, do not define vhosts as :PORT, but rather either *:443 or
IP:443.

Secondly, to proxy from TLS to TLS, you need both SSLEngine on and
SSLProxyEngine on.

Avoid proxying from a  block, unless strictly necessary. Use the
vhost context. You can use the Location block to set headers instead.

Lastly, your TLS vhost requires SSLCertificateFile and
SSLCertificateKeyFile.

On Wed, Oct 4, 2023 at 7:38 AM lejeczek  wrote:

>
>
> On 04/10/2023 10:40, lejeczek wrote:
>
> Hi guys.
>
> I've sroogled & have found people suggesting working examples, I thought I
> had some notes but now I'm thinking I read that it should not work..
> so I'm not sure what to think of this seemingly setup:
>
> 
>   ServerAdmin web...@lemko.xyz
>   ServerName siem.mine.priv
>
>   ErrorLog /var/log/httpd/siem.mine.priv-error_log
>   CustomLog /var/log/httpd/siem.mine.priv-access_log common
>
>   SSLProxyEngine on
>   #SSLEngine on
>   #SSLProxyVerify none
>   #SSLProxyCheckPeerCN off
>   SSLCertificateFile  /etc/pki/tls/certs/siem.mine.priv.crt
>   SSLCertificateKeyFile   /etc/pki/tls/private/siem.mine.priv.key
>   #SSLProxyCACertificateFile /etc/wazuh-indexer/certs/root-ca.pem
>   #SSLProxyMachineCertificateFile /etc/wazuh-indexer/certs/admin.pem
>
>   RequestHeader set X-Forwarded-Proto “https”
>   RequestHeader set X-Forwarded-Port “443”
>
>   ProxyRequests Off
>   #ProxyPreserveHost on
>   #ProxyPass /  https://127.0.0.1:8443/
>   #ProxyPassReverse  /  https://127.0.0.1:8443/
>
>   
> # preserve Host header to avoid cross-origin problems
> ProxyPreserveHost on
> # proxy to
> ProxyPass https://127.0.0.1:8443/
> ProxyPassReverse  https://127.0.0.1:8443/
>   
>
> 
>
> As you can see I've fiddle whit all those options in different
> combinations but nothing works for me.
> Would you know how to fix or... perhaps you have Apache rev-proxying to
> Wazuh?
>
> errors in log:
> 
> [Wed Oct 04 10:34:54.179364 2023] [proxy:error] [pid 1069029:tid 1069198]
> (20014)Internal error (specific information not available): [client
> 10.3.9.144:46858] AH01084: pass request body failed to 127.0.0.1:8443
> (127.0.0.1)
> [Wed Oct 04 10:34:54.179394 2023] [proxy:error] [pid 1069029:tid 1069198]
> [client 10.3.9.144:46858] AH00898: Error during SSL Handshake with remote
> server returned by /
> [Wed Oct 04 10:34:54.179397 2023] [proxy_http:error] [pid 1069029:tid
> 1069198] [client 10.3.9.144:46858] AH01097: pass request body failed to
> 127.0.0.1:8443 (127.0.0.1) from 10.3.9.144 ()
>
> many thanks, L.
>
> ought... sometimes systemctl's _reload_ will not do but "full" restart will
>

Re: [users@httpd] proxying SSL -> SSL

[lejeczek]

On 04/10/2023 10:40, lejeczek wrote:

Hi guys.

I've sroogled & have found people suggesting working 
examples, I thought I had some notes but now I'm thinking 
I read that it should not work..

so I'm not sure what to think of this seemingly setup:


  ServerAdmin web...@lemko.xyz
  ServerName siem.mine.priv

  ErrorLog /var/log/httpd/siem.mine.priv-error_log
  CustomLog /var/log/httpd/siem.mine.priv-access_log common

  SSLProxyEngine on
  #SSLEngine on
  #SSLProxyVerify none
  #SSLProxyCheckPeerCN off
  SSLCertificateFile /etc/pki/tls/certs/siem.mine.priv.crt
  SSLCertificateKeyFile 
/etc/pki/tls/private/siem.mine.priv.key
  #SSLProxyCACertificateFile 
/etc/wazuh-indexer/certs/root-ca.pem
  #SSLProxyMachineCertificateFile 
/etc/wazuh-indexer/certs/admin.pem


  RequestHeader set X-Forwarded-Proto “https”
  RequestHeader set X-Forwarded-Port “443”

  ProxyRequests Off
  #ProxyPreserveHost on
  #ProxyPass / https://127.0.0.1:8443/
  #ProxyPassReverse  / https://127.0.0.1:8443/

  
    # preserve Host header to avoid cross-origin problems
    ProxyPreserveHost on
    # proxy to
    ProxyPass https://127.0.0.1:8443/
    ProxyPassReverse https://127.0.0.1:8443/
  



As you can see I've fiddle whit all those options in 
different combinations but nothing works for me.
Would you know how to fix or... perhaps you have Apache 
rev-proxying to Wazuh?


errors in log:

[Wed Oct 04 10:34:54.179364 2023] [proxy:error] [pid 
1069029:tid 1069198] (20014)Internal error (specific 
information not available): [client 10.3.9.144:46858] 
AH01084: pass request body failed to 127.0.0.1:8443 
(127.0.0.1)
[Wed Oct 04 10:34:54.179394 2023] [proxy:error] [pid 
1069029:tid 1069198] [client 10.3.9.144:46858] AH00898: 
Error during SSL Handshake with remote server returned by /
[Wed Oct 04 10:34:54.179397 2023] [proxy_http:error] [pid 
1069029:tid 1069198] [client 10.3.9.144:46858] AH01097: 
pass request body failed to 127.0.0.1:8443 (127.0.0.1) 
from 10.3.9.144 ()


many thanks, L.
ought... sometimes systemctl's _reload_ will not do but 
"full" restart will

RE: [users@httpd] proxying SSL -> SSL

[Marc]

> 
> Hi guys.
> 
> I've sroogled & have found people suggesting working examples, I thought I
> had some notes but now I'm thinking I read that it should not work..
> so I'm not sure what to think of this seemingly setup:
> 
> 
>   ServerAdmin web...@lemko.xyz 
>   ServerName siem.mine.priv
> 
>   ErrorLog /var/log/httpd/siem.mine.priv-error_log
>   CustomLog /var/log/httpd/siem.mine.priv-access_log common
> 
>   SSLProxyEngine on
>   #SSLEngine on
>   #SSLProxyVerify none
>   #SSLProxyCheckPeerCN off
>   SSLCertificateFile  /etc/pki/tls/certs/siem.mine.priv.crt
>   SSLCertificateKeyFile   /etc/pki/tls/private/siem.mine.priv.key
>   #SSLProxyCACertificateFile /etc/wazuh-indexer/certs/root-ca.pem
>   #SSLProxyMachineCertificateFile /etc/wazuh-indexer/certs/admin.pem
> 
>   RequestHeader set X-Forwarded-Proto “https”
>   RequestHeader set X-Forwarded-Port “443”
> 
>   ProxyRequests Off
>   #ProxyPreserveHost on
>   #ProxyPass /  https://127.0.0.1:8443/
>   #ProxyPassReverse  /  https://127.0.0.1:8443/
> 
>   
> # preserve Host header to avoid cross-origin problems
> ProxyPreserveHost on
> # proxy to
> ProxyPass https://127.0.0.1:8443/
> ProxyPassReverse  https://127.0.0.1:8443/
>   
> 
> 
> 
> As you can see I've fiddle whit all those options in different combinations
> but nothing works for me.
> Would you know how to fix or... perhaps you have Apache rev-proxying to
> Wazuh?
> 

Have you added this 
SSLProxyEngine on

Re: [users@httpd] Is it true that Nginx is faster, more secure and better than Apache?

[Deepak Goel]

On Sat, 30 Sept 2023, 12:26 Jason Long,  wrote:

> Hello,
> Is the following sentence correct?
> "The way Apache loads PHP in its standard setup (with mod_php) compared to
> Nginx alone puts it at a disadvantage. You will see performance gains,
> particularly in memory usage, just by switching to Nginx, given you're
> using a PHP-driven application."
>

You will have to performance benchmark both Apache, Nginx to make a
statement.

We use Apache with PHP.


> Thank you.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] Is it true that Nginx is faster, more secure and better than Apache?

[Daniel Ferradal]

>
>> Why are they trollish? I am curious to learn more.
>>
>>
Perhaps because you asked the same question in 2021, you got a very
constructive response and still you are asking the same thing two years
later...

-- 
Daniel Ferradal
HTTPD Project
#httpd help at Libera.Chat

Re: [users@httpd] Is it true that Nginx is faster, more secure and better than Apache?

[Frank Gingras]

There might be some online, however, due to the different architectures,
they are not likely to be terribly useful. Do avoid the ones that bash
needlessly either product.

On Sat, Sep 30, 2023 at 3:09 AM Jason Long 
wrote:

> Hello,
> Thank you so much for your info.
> Why are they trollish? I am curious to learn more.
> Is there a fair comparison between Apache and Nginx?
>
>
>
> On Saturday, September 30, 2023 at 10:35:12 AM GMT+3:30, Frank Gingras <
> thu...@apache.org> wrote:
>
>
>
>
>
> Additionally, your recent string of questions to this mailing list come
> off as a bit trollish.
>
> On Sat, Sep 30, 2023 at 3:04 AM Frank Gingras  wrote:
> > If any of the mod_php extensions are not thread-safe, you will need to
> use the prefork mpm, which will indeed bloat every httpd worker. This is
> not the ideal nor recommended configuration.
> >
> > Instead, use the event mpm and proxy_fcgi to pass the request to php-fpm.
> >
> > Alternatively, you can recompile php to be thread-safe and use event mpm
> with mod_php, which will give you a small execution speed advantage.
> >
> > The statement you posted is more or less FUD which leaves out very
> important details.
> >
> > On Sat, Sep 30, 2023 at 2:56 AM Jason Long 
> wrote:
> >> Hello,
> >> Is the following sentence correct?
> >> "The way Apache loads PHP in its standard setup (with mod_php) compared
> to Nginx alone puts it at a disadvantage. You will see performance gains,
> particularly in memory usage, just by switching to Nginx, given you're
> using a PHP-driven application."
> >>
> >> Thank you.
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> >> For additional commands, e-mail: users-h...@httpd.apache.org
> >>
> >>
> >
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] Is it true that Nginx is faster, more secure and better than Apache?

[Jason Long]

Hello,
Thank you so much for your info.
Why are they trollish? I am curious to learn more.
Is there a fair comparison between Apache and Nginx?



On Saturday, September 30, 2023 at 10:35:12 AM GMT+3:30, Frank Gingras 
 wrote: 





Additionally, your recent string of questions to this mailing list come off as 
a bit trollish.

On Sat, Sep 30, 2023 at 3:04 AM Frank Gingras  wrote:
> If any of the mod_php extensions are not thread-safe, you will need to use 
> the prefork mpm, which will indeed bloat every httpd worker. This is not the 
> ideal nor recommended configuration.
> 
> Instead, use the event mpm and proxy_fcgi to pass the request to php-fpm.
> 
> Alternatively, you can recompile php to be thread-safe and use event mpm with 
> mod_php, which will give you a small execution speed advantage.
> 
> The statement you posted is more or less FUD which leaves out very important 
> details.
> 
> On Sat, Sep 30, 2023 at 2:56 AM Jason Long  
> wrote:
>> Hello,
>> Is the following sentence correct?
>> "The way Apache loads PHP in its standard setup (with mod_php) compared to 
>> Nginx alone puts it at a disadvantage. You will see performance gains, 
>> particularly in memory usage, just by switching to Nginx, given you're using 
>> a PHP-driven application."
>> 
>> Thank you.
>> 
>> -
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>> 
>> 
> 


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Is it true that Nginx is faster, more secure and better than Apache?

[Frank Gingras]

Additionally, your recent string of questions to this mailing list come off
as a bit trollish.

On Sat, Sep 30, 2023 at 3:04 AM Frank Gingras  wrote:

> If any of the mod_php extensions are not thread-safe, you will need to use
> the prefork mpm, which will indeed bloat every httpd worker. This is not
> the ideal nor recommended configuration.
>
> Instead, use the event mpm and proxy_fcgi to pass the request to php-fpm.
>
> Alternatively, you can recompile php to be thread-safe and use event mpm
> with mod_php, which will give you a small execution speed advantage.
>
> The statement you posted is more or less FUD which leaves out very
> important details.
>
> On Sat, Sep 30, 2023 at 2:56 AM Jason Long 
> wrote:
>
>> Hello,
>> Is the following sentence correct?
>> "The way Apache loads PHP in its standard setup (with mod_php) compared
>> to Nginx alone puts it at a disadvantage. You will see performance gains,
>> particularly in memory usage, just by switching to Nginx, given you're
>> using a PHP-driven application."
>>
>> Thank you.
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>>
>>

Re: [users@httpd] Is it true that Nginx is faster, more secure and better than Apache?

[Frank Gingras]

If any of the mod_php extensions are not thread-safe, you will need to use
the prefork mpm, which will indeed bloat every httpd worker. This is not
the ideal nor recommended configuration.

Instead, use the event mpm and proxy_fcgi to pass the request to php-fpm.

Alternatively, you can recompile php to be thread-safe and use event mpm
with mod_php, which will give you a small execution speed advantage.

The statement you posted is more or less FUD which leaves out very
important details.

On Sat, Sep 30, 2023 at 2:56 AM Jason Long 
wrote:

> Hello,
> Is the following sentence correct?
> "The way Apache loads PHP in its standard setup (with mod_php) compared to
> Nginx alone puts it at a disadvantage. You will see performance gains,
> particularly in memory usage, just by switching to Nginx, given you're
> using a PHP-driven application."
>
> Thank you.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

[users@httpd] Is it true that Nginx is faster, more secure and better than Apache?

[Jason Long]

Hello,
Is the following sentence correct?
"The way Apache loads PHP in its standard setup (with mod_php) compared to 
Nginx alone puts it at a disadvantage. You will see performance gains, 
particularly in memory usage, just by switching to Nginx, given you're using a 
PHP-driven application."

Thank you.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Child process executing tasks of parent process

[Will Fatherley]

It’s not the point of this distribution list to discuss Perl, but fork will
return the process id for both processes. A simple pattern for the source
code looks like:

pid = fork();
if (pid==0){print "do the child things";}
else {print "do parent things"}

You want to aim your script semantics according to the pid. This is because
the source code is executed by both processes.

Re: [users@httpd] Child process executing tasks of parent process

[Deepak Goel]

It might be interesting to know how "fork" works...

On Fri, 29 Sept 2023, 19:56 Sreenivasulu Alapaka, <
sreenivasulu.alapaka...@gmail.com> wrote:

> Yes, Deepak
> the parent and child process are derived from same Base class.
> i defined a function name main in base class with empty implememationa and
> same got implemented for both parent and child in their own module.
> Below is a skeleton of code. the parent process is spawned while
> bootstrapping the httpd and then child process is spawned from parent.  I
> am using fork to spawn the process
>
> package Test::Base;
>
>   #common functionalities will define here
>
>   #abstract main method. should implement in derived modules
>   sub main {}
> }
>
> 1;
> 
> package Test::Parent;
> use base qw(Test::Base);
>
> #specific functionality for Parent
>
> #task of main to spawn and monitor the child process
> sub main {
>   #spawn child process if its not spawned already
>
>   #check the spawned child process status. start the child process which
> are not alive
> }
>
> 1;
>
> -
> package Test::Child;
> use base qw(Test::Base);
>
> #specific functionality of child process
>
> sub main {
>   #check and execute the tasks of child continuously
>#use ally its never ending loop to check and execute the tsak
> #even if its come out , i will exit the child process using
> CORE::exit()
> }
>
> 1;
>
>
> On Fri, Sep 29, 2023 at 6:24 PM Deepak Goel  wrote:
>
>> Obviously there is a common function which is being called by your
>> server, client threads.
>>
>> You will have to share your code for us to find out what's going on.
>>
>> On Fri, 29 Sept 2023, 17:08 Sreenivasulu Alapaka, <
>> sreenivasulu.alapaka...@gmail.com> wrote:
>>
>>> Hi Deepak,
>>>
>>>
>>> *Client Monitor Workers is application specific log.  This message will
>>> be logged by the parent process in my application but not the child
>>> process. In the issue state, I am seeing the *
>>> *Client Monitor Workers in both parent and child logs as the child is
>>> executing the tasks of the parent instead of its own.  How can we
>>> debug this?*
>>>
>>> On Fri, Sep 29, 2023 at 4:44 PM Deepak Goel  wrote:
>>>


 On Fri, Sep 29, 2023 at 4:35 PM Sreenivasulu Alapaka <
 sreenivasulu.alapaka...@gmail.com> wrote:

> Hi Deepak,
>
>  Please find the logs below.
>  Parent task is to monitor the workers(childs) and
> then remove/start additional workers based on the load.
>   its performing its task.
> Parent process logs
>  =
> Wed Sep 27 20:36:36 2023: Started (PID: 3032)
> Fri Sep 29 16:12:07 2023: Removing some Client Monitor Workers
>

 I am not sure what is *Client Monitor Workers. *It might not be the
 same as *Client Workers.*


> Fri Sep 29 16:12:18 2023: restarting Client Monitor Worker...
> Fri Sep 29 16:12:33 2023: Starting additional Client Monitor Workers
> Fri Sep 29 16:12:54 2023: Removing some Client Monitor Workers
> Fri Sep 29 16:13:06 2023: restarting Client Monitor Worker...
> Fri Sep 29 16:13:22 2023: Starting additional Client Monitor Workers
> Fri Sep 29 16:13:36 2023: Starting additional Client Monitor Workers
> Fri Sep 29 16:13:54 2023: Removing some Client Monitor Workers
> Fri Sep 29 16:14:09 2023: Starting additional Client Monitor Workers
> Fri Sep 29 16:14:23 2023: restarting Client Monitor Worker...
> Fri Sep 29 16:14:39 2023: Starting additional Client Monitor Workers
> Fri Sep 29 16:14:54 2023: Removing some Client Monitor Workers
> Fri Sep 29 16:15:08 2023: Starting additional Client Monitor Workers
> Fri Sep 29 16:15:27 2023: Removing some Client Monitor Workers
> Fri Sep 29 16:15:42 2023: Starting additional Client Monitor Workers
>
> After spawning the child process , it works for some time properly and
> then starts performing tasks of the parent.
> Child process logs
> ==
> Wed Sep 27 20:36:43 2023: Started (PID: 5321)
> Wed Sep 27 20:41:16 2023: Synchronizing containment
> Wed Sep 27 20:41:16 2023: Synchronizing containment
> Wed Sep 27 20:41:17 2023: Sync complete; beginning audit
> Wed Sep 27 20:41:19 2023: Audit finished.
> Wed Sep 27 21:16:23 2023: Audit finished.
> Wed Sep 27 21:16:23 2023: nothing to do
> Wed Sep 27 21:43:39 2023: Removing some Client Monitor Workers
> Wed Sep 27 21:43:54 2023: Removing some Client Monitor Workers
> Wed Sep 27 21:44:09 2023: Removing some Client Monitor Workers
> Wed Sep 27 21:44:24 2023: Removing some Client Monitor Workers
> Wed Sep 27 21:44:39 2023: Removing some Client Monitor Workers
> Wed Sep 27 21:44:54 2023: Removing some Client Monitor Workers
> Wed Sep 27 21:45:09 2023: 

Re: [users@httpd] Child process executing tasks of parent process

[Sreenivasulu Alapaka]

Yes, Deepak
the parent and child process are derived from same Base class.
i defined a function name main in base class with empty implememationa and
same got implemented for both parent and child in their own module.
Below is a skeleton of code. the parent process is spawned while
bootstrapping the httpd and then child process is spawned from parent.  I
am using fork to spawn the process

package Test::Base;

  #common functionalities will define here

  #abstract main method. should implement in derived modules
  sub main {}
}

1;

package Test::Parent;
use base qw(Test::Base);

#specific functionality for Parent

#task of main to spawn and monitor the child process
sub main {
  #spawn child process if its not spawned already

  #check the spawned child process status. start the child process which
are not alive
}

1;
-
package Test::Child;
use base qw(Test::Base);

#specific functionality of child process

sub main {
  #check and execute the tasks of child continuously
   #use ally its never ending loop to check and execute the tsak
#even if its come out , i will exit the child process using CORE::exit()
}

1;


On Fri, Sep 29, 2023 at 6:24 PM Deepak Goel  wrote:

> Obviously there is a common function which is being called by your server,
> client threads.
>
> You will have to share your code for us to find out what's going on.
>
> On Fri, 29 Sept 2023, 17:08 Sreenivasulu Alapaka, <
> sreenivasulu.alapaka...@gmail.com> wrote:
>
>> Hi Deepak,
>>
>>
>> *Client Monitor Workers is application specific log.  This message will
>> be logged by the parent process in my application but not the child
>> process. In the issue state, I am seeing the *
>> *Client Monitor Workers in both parent and child logs as the child is
>> executing the tasks of the parent instead of its own.  How can we
>> debug this?*
>>
>> On Fri, Sep 29, 2023 at 4:44 PM Deepak Goel  wrote:
>>
>>>
>>>
>>> On Fri, Sep 29, 2023 at 4:35 PM Sreenivasulu Alapaka <
>>> sreenivasulu.alapaka...@gmail.com> wrote:
>>>
 Hi Deepak,

  Please find the logs below.
  Parent task is to monitor the workers(childs) and then
 remove/start additional workers based on the load.
   its performing its task.
 Parent process logs
  =
 Wed Sep 27 20:36:36 2023: Started (PID: 3032)
 Fri Sep 29 16:12:07 2023: Removing some Client Monitor Workers

>>>
>>> I am not sure what is *Client Monitor Workers. *It might not be the
>>> same as *Client Workers.*
>>>
>>>
 Fri Sep 29 16:12:18 2023: restarting Client Monitor Worker...
 Fri Sep 29 16:12:33 2023: Starting additional Client Monitor Workers
 Fri Sep 29 16:12:54 2023: Removing some Client Monitor Workers
 Fri Sep 29 16:13:06 2023: restarting Client Monitor Worker...
 Fri Sep 29 16:13:22 2023: Starting additional Client Monitor Workers
 Fri Sep 29 16:13:36 2023: Starting additional Client Monitor Workers
 Fri Sep 29 16:13:54 2023: Removing some Client Monitor Workers
 Fri Sep 29 16:14:09 2023: Starting additional Client Monitor Workers
 Fri Sep 29 16:14:23 2023: restarting Client Monitor Worker...
 Fri Sep 29 16:14:39 2023: Starting additional Client Monitor Workers
 Fri Sep 29 16:14:54 2023: Removing some Client Monitor Workers
 Fri Sep 29 16:15:08 2023: Starting additional Client Monitor Workers
 Fri Sep 29 16:15:27 2023: Removing some Client Monitor Workers
 Fri Sep 29 16:15:42 2023: Starting additional Client Monitor Workers

 After spawning the child process , it works for some time properly and
 then starts performing tasks of the parent.
 Child process logs
 ==
 Wed Sep 27 20:36:43 2023: Started (PID: 5321)
 Wed Sep 27 20:41:16 2023: Synchronizing containment
 Wed Sep 27 20:41:16 2023: Synchronizing containment
 Wed Sep 27 20:41:17 2023: Sync complete; beginning audit
 Wed Sep 27 20:41:19 2023: Audit finished.
 Wed Sep 27 21:16:23 2023: Audit finished.
 Wed Sep 27 21:16:23 2023: nothing to do
 Wed Sep 27 21:43:39 2023: Removing some Client Monitor Workers
 Wed Sep 27 21:43:54 2023: Removing some Client Monitor Workers
 Wed Sep 27 21:44:09 2023: Removing some Client Monitor Workers
 Wed Sep 27 21:44:24 2023: Removing some Client Monitor Workers
 Wed Sep 27 21:44:39 2023: Removing some Client Monitor Workers
 Wed Sep 27 21:44:54 2023: Removing some Client Monitor Workers
 Wed Sep 27 21:45:09 2023: Removing some Client Monitor Workers
 Fri Sep 29 16:13:29 2023: Removing some Client Monitor Workers
 Fri Sep 29 16:13:44 2023: Starting additional Client Monitor Workers
 Fri Sep 29 16:13:58 2023: Starting additional Client Monitor Workers
 Fri Sep 29 16:14:17 2023: Removing some Client Monitor 

Re: [users@httpd] Child process executing tasks of parent process

[Deepak Goel]

Obviously there is a common function which is being called by your server,
client threads.

You will have to share your code for us to find out what's going on.

On Fri, 29 Sept 2023, 17:08 Sreenivasulu Alapaka, <
sreenivasulu.alapaka...@gmail.com> wrote:

> Hi Deepak,
>
>
> *Client Monitor Workers is application specific log.  This message will be
> logged by the parent process in my application but not the child process.
>In the issue state, I am seeing the *
> *Client Monitor Workers in both parent and child logs as the child is
> executing the tasks of the parent instead of its own.  How can we
> debug this?*
>
> On Fri, Sep 29, 2023 at 4:44 PM Deepak Goel  wrote:
>
>>
>>
>> On Fri, Sep 29, 2023 at 4:35 PM Sreenivasulu Alapaka <
>> sreenivasulu.alapaka...@gmail.com> wrote:
>>
>>> Hi Deepak,
>>>
>>>  Please find the logs below.
>>>  Parent task is to monitor the workers(childs) and then
>>> remove/start additional workers based on the load.
>>>   its performing its task.
>>> Parent process logs
>>>  =
>>> Wed Sep 27 20:36:36 2023: Started (PID: 3032)
>>> Fri Sep 29 16:12:07 2023: Removing some Client Monitor Workers
>>>
>>
>> I am not sure what is *Client Monitor Workers. *It might not be the same
>> as *Client Workers.*
>>
>>
>>> Fri Sep 29 16:12:18 2023: restarting Client Monitor Worker...
>>> Fri Sep 29 16:12:33 2023: Starting additional Client Monitor Workers
>>> Fri Sep 29 16:12:54 2023: Removing some Client Monitor Workers
>>> Fri Sep 29 16:13:06 2023: restarting Client Monitor Worker...
>>> Fri Sep 29 16:13:22 2023: Starting additional Client Monitor Workers
>>> Fri Sep 29 16:13:36 2023: Starting additional Client Monitor Workers
>>> Fri Sep 29 16:13:54 2023: Removing some Client Monitor Workers
>>> Fri Sep 29 16:14:09 2023: Starting additional Client Monitor Workers
>>> Fri Sep 29 16:14:23 2023: restarting Client Monitor Worker...
>>> Fri Sep 29 16:14:39 2023: Starting additional Client Monitor Workers
>>> Fri Sep 29 16:14:54 2023: Removing some Client Monitor Workers
>>> Fri Sep 29 16:15:08 2023: Starting additional Client Monitor Workers
>>> Fri Sep 29 16:15:27 2023: Removing some Client Monitor Workers
>>> Fri Sep 29 16:15:42 2023: Starting additional Client Monitor Workers
>>>
>>> After spawning the child process , it works for some time properly and
>>> then starts performing tasks of the parent.
>>> Child process logs
>>> ==
>>> Wed Sep 27 20:36:43 2023: Started (PID: 5321)
>>> Wed Sep 27 20:41:16 2023: Synchronizing containment
>>> Wed Sep 27 20:41:16 2023: Synchronizing containment
>>> Wed Sep 27 20:41:17 2023: Sync complete; beginning audit
>>> Wed Sep 27 20:41:19 2023: Audit finished.
>>> Wed Sep 27 21:16:23 2023: Audit finished.
>>> Wed Sep 27 21:16:23 2023: nothing to do
>>> Wed Sep 27 21:43:39 2023: Removing some Client Monitor Workers
>>> Wed Sep 27 21:43:54 2023: Removing some Client Monitor Workers
>>> Wed Sep 27 21:44:09 2023: Removing some Client Monitor Workers
>>> Wed Sep 27 21:44:24 2023: Removing some Client Monitor Workers
>>> Wed Sep 27 21:44:39 2023: Removing some Client Monitor Workers
>>> Wed Sep 27 21:44:54 2023: Removing some Client Monitor Workers
>>> Wed Sep 27 21:45:09 2023: Removing some Client Monitor Workers
>>> Fri Sep 29 16:13:29 2023: Removing some Client Monitor Workers
>>> Fri Sep 29 16:13:44 2023: Starting additional Client Monitor Workers
>>> Fri Sep 29 16:13:58 2023: Starting additional Client Monitor Workers
>>> Fri Sep 29 16:14:17 2023: Removing some Client Monitor Workers
>>> Fri Sep 29 16:14:32 2023: Starting additional Client Monitor Workers
>>> Fri Sep 29 16:14:51 2023: Removing some Client Monitor Workers
>>> Fri Sep 29 16:15:06 2023: restarting Client Monitor Worker...
>>> Fri Sep 29 16:15:22 2023: Starting additional Client Monitor Workers
>>> Fri Sep 29 16:15:36 2023: Starting additional Client Monitor Workers
>>> Fri Sep 29 16:16:00 2023: Removing some Client Monitor Workers
>>> Fri Sep 29 16:16:10 2023: Starting additional Client Monitor Workers
>>> Fri Sep 29 16:16:30 2023: Removing some Client Monitor Workers
>>> Fri Sep 29 16:16:45 2023: Starting additional Client Monitor Workers
>>> Fri Sep 29 16:17:06 2023: Removing some Client Monitor Workers
>>> Fri Sep 29 16:17:20 2023: Starting additional Client Monitor Workers
>>> Fri Sep 29 16:17:40 2023: Starting additional Client Monitor Workers
>>> Fri Sep 29 16:17:55 2023: Starting additional Client Monitor Workers
>>> Fri Sep 29 16:18:09 2023: Starting additional Client Monitor Workers
>>> Fri Sep 29 16:18:28 2023: Removing some Client Monitor Workers
>>> Fri Sep 29 16:18:43 2023: Starting additional Client Monitor Workers
>>>
>>> Child process worked perfectly till Wed Sep 27 21:16:23 2023: and after
>>> that I didn't see any logs. Suddenly it started dumping the parent process
>>> logs from Wed Sep 27 21:43:39 2023. It's not recovering , it's required to
>>> kill the 

[users@httpd] To post the link 

[KEE MAIL]

Post the link 

Re: [users@httpd] Child process executing tasks of parent process

[Sreenivasulu Alapaka]

Hi Deepak,


*Client Monitor Workers is application specific log.  This message will be
logged by the parent process in my application but not the child process.
   In the issue state, I am seeing the *
*Client Monitor Workers in both parent and child logs as the child is
executing the tasks of the parent instead of its own.  How can we
debug this?*

On Fri, Sep 29, 2023 at 4:44 PM Deepak Goel  wrote:

>
>
> On Fri, Sep 29, 2023 at 4:35 PM Sreenivasulu Alapaka <
> sreenivasulu.alapaka...@gmail.com> wrote:
>
>> Hi Deepak,
>>
>>  Please find the logs below.
>>  Parent task is to monitor the workers(childs) and then
>> remove/start additional workers based on the load.
>>   its performing its task.
>> Parent process logs
>>  =
>> Wed Sep 27 20:36:36 2023: Started (PID: 3032)
>> Fri Sep 29 16:12:07 2023: Removing some Client Monitor Workers
>>
>
> I am not sure what is *Client Monitor Workers. *It might not be the same
> as *Client Workers.*
>
>
>> Fri Sep 29 16:12:18 2023: restarting Client Monitor Worker...
>> Fri Sep 29 16:12:33 2023: Starting additional Client Monitor Workers
>> Fri Sep 29 16:12:54 2023: Removing some Client Monitor Workers
>> Fri Sep 29 16:13:06 2023: restarting Client Monitor Worker...
>> Fri Sep 29 16:13:22 2023: Starting additional Client Monitor Workers
>> Fri Sep 29 16:13:36 2023: Starting additional Client Monitor Workers
>> Fri Sep 29 16:13:54 2023: Removing some Client Monitor Workers
>> Fri Sep 29 16:14:09 2023: Starting additional Client Monitor Workers
>> Fri Sep 29 16:14:23 2023: restarting Client Monitor Worker...
>> Fri Sep 29 16:14:39 2023: Starting additional Client Monitor Workers
>> Fri Sep 29 16:14:54 2023: Removing some Client Monitor Workers
>> Fri Sep 29 16:15:08 2023: Starting additional Client Monitor Workers
>> Fri Sep 29 16:15:27 2023: Removing some Client Monitor Workers
>> Fri Sep 29 16:15:42 2023: Starting additional Client Monitor Workers
>>
>> After spawning the child process , it works for some time properly and
>> then starts performing tasks of the parent.
>> Child process logs
>> ==
>> Wed Sep 27 20:36:43 2023: Started (PID: 5321)
>> Wed Sep 27 20:41:16 2023: Synchronizing containment
>> Wed Sep 27 20:41:16 2023: Synchronizing containment
>> Wed Sep 27 20:41:17 2023: Sync complete; beginning audit
>> Wed Sep 27 20:41:19 2023: Audit finished.
>> Wed Sep 27 21:16:23 2023: Audit finished.
>> Wed Sep 27 21:16:23 2023: nothing to do
>> Wed Sep 27 21:43:39 2023: Removing some Client Monitor Workers
>> Wed Sep 27 21:43:54 2023: Removing some Client Monitor Workers
>> Wed Sep 27 21:44:09 2023: Removing some Client Monitor Workers
>> Wed Sep 27 21:44:24 2023: Removing some Client Monitor Workers
>> Wed Sep 27 21:44:39 2023: Removing some Client Monitor Workers
>> Wed Sep 27 21:44:54 2023: Removing some Client Monitor Workers
>> Wed Sep 27 21:45:09 2023: Removing some Client Monitor Workers
>> Fri Sep 29 16:13:29 2023: Removing some Client Monitor Workers
>> Fri Sep 29 16:13:44 2023: Starting additional Client Monitor Workers
>> Fri Sep 29 16:13:58 2023: Starting additional Client Monitor Workers
>> Fri Sep 29 16:14:17 2023: Removing some Client Monitor Workers
>> Fri Sep 29 16:14:32 2023: Starting additional Client Monitor Workers
>> Fri Sep 29 16:14:51 2023: Removing some Client Monitor Workers
>> Fri Sep 29 16:15:06 2023: restarting Client Monitor Worker...
>> Fri Sep 29 16:15:22 2023: Starting additional Client Monitor Workers
>> Fri Sep 29 16:15:36 2023: Starting additional Client Monitor Workers
>> Fri Sep 29 16:16:00 2023: Removing some Client Monitor Workers
>> Fri Sep 29 16:16:10 2023: Starting additional Client Monitor Workers
>> Fri Sep 29 16:16:30 2023: Removing some Client Monitor Workers
>> Fri Sep 29 16:16:45 2023: Starting additional Client Monitor Workers
>> Fri Sep 29 16:17:06 2023: Removing some Client Monitor Workers
>> Fri Sep 29 16:17:20 2023: Starting additional Client Monitor Workers
>> Fri Sep 29 16:17:40 2023: Starting additional Client Monitor Workers
>> Fri Sep 29 16:17:55 2023: Starting additional Client Monitor Workers
>> Fri Sep 29 16:18:09 2023: Starting additional Client Monitor Workers
>> Fri Sep 29 16:18:28 2023: Removing some Client Monitor Workers
>> Fri Sep 29 16:18:43 2023: Starting additional Client Monitor Workers
>>
>> Child process worked perfectly till Wed Sep 27 21:16:23 2023: and after
>> that I didn't see any logs. Suddenly it started dumping the parent process
>> logs from Wed Sep 27 21:43:39 2023. It's not recovering , it's required to
>> kill the child process then Parent process will spawn another child process
>> to do the task and the newly spawned child will work for some time and
>> again enter into the issue state.
>>
>> On Fri, Sep 29, 2023 at 4:17 PM Deepak Goel  wrote:
>>
>>>
>>>
>>> On Fri, Sep 29, 2023 at 4:15 PM Sreenivasulu Alapaka <
>>> sreenivasulu.alapaka...@gmail.com> wrote:
>>>
 

Re: [users@httpd] Child process executing tasks of parent process

[Deepak Goel]

On Fri, Sep 29, 2023 at 4:35 PM Sreenivasulu Alapaka <
sreenivasulu.alapaka...@gmail.com> wrote:

> Hi Deepak,
>
>  Please find the logs below.
>  Parent task is to monitor the workers(childs) and then
> remove/start additional workers based on the load.
>   its performing its task.
> Parent process logs
>  =
> Wed Sep 27 20:36:36 2023: Started (PID: 3032)
> Fri Sep 29 16:12:07 2023: Removing some Client Monitor Workers
>

I am not sure what is *Client Monitor Workers. *It might not be the
same as *Client
Workers.*


> Fri Sep 29 16:12:18 2023: restarting Client Monitor Worker...
> Fri Sep 29 16:12:33 2023: Starting additional Client Monitor Workers
> Fri Sep 29 16:12:54 2023: Removing some Client Monitor Workers
> Fri Sep 29 16:13:06 2023: restarting Client Monitor Worker...
> Fri Sep 29 16:13:22 2023: Starting additional Client Monitor Workers
> Fri Sep 29 16:13:36 2023: Starting additional Client Monitor Workers
> Fri Sep 29 16:13:54 2023: Removing some Client Monitor Workers
> Fri Sep 29 16:14:09 2023: Starting additional Client Monitor Workers
> Fri Sep 29 16:14:23 2023: restarting Client Monitor Worker...
> Fri Sep 29 16:14:39 2023: Starting additional Client Monitor Workers
> Fri Sep 29 16:14:54 2023: Removing some Client Monitor Workers
> Fri Sep 29 16:15:08 2023: Starting additional Client Monitor Workers
> Fri Sep 29 16:15:27 2023: Removing some Client Monitor Workers
> Fri Sep 29 16:15:42 2023: Starting additional Client Monitor Workers
>
> After spawning the child process , it works for some time properly and
> then starts performing tasks of the parent.
> Child process logs
> ==
> Wed Sep 27 20:36:43 2023: Started (PID: 5321)
> Wed Sep 27 20:41:16 2023: Synchronizing containment
> Wed Sep 27 20:41:16 2023: Synchronizing containment
> Wed Sep 27 20:41:17 2023: Sync complete; beginning audit
> Wed Sep 27 20:41:19 2023: Audit finished.
> Wed Sep 27 21:16:23 2023: Audit finished.
> Wed Sep 27 21:16:23 2023: nothing to do
> Wed Sep 27 21:43:39 2023: Removing some Client Monitor Workers
> Wed Sep 27 21:43:54 2023: Removing some Client Monitor Workers
> Wed Sep 27 21:44:09 2023: Removing some Client Monitor Workers
> Wed Sep 27 21:44:24 2023: Removing some Client Monitor Workers
> Wed Sep 27 21:44:39 2023: Removing some Client Monitor Workers
> Wed Sep 27 21:44:54 2023: Removing some Client Monitor Workers
> Wed Sep 27 21:45:09 2023: Removing some Client Monitor Workers
> Fri Sep 29 16:13:29 2023: Removing some Client Monitor Workers
> Fri Sep 29 16:13:44 2023: Starting additional Client Monitor Workers
> Fri Sep 29 16:13:58 2023: Starting additional Client Monitor Workers
> Fri Sep 29 16:14:17 2023: Removing some Client Monitor Workers
> Fri Sep 29 16:14:32 2023: Starting additional Client Monitor Workers
> Fri Sep 29 16:14:51 2023: Removing some Client Monitor Workers
> Fri Sep 29 16:15:06 2023: restarting Client Monitor Worker...
> Fri Sep 29 16:15:22 2023: Starting additional Client Monitor Workers
> Fri Sep 29 16:15:36 2023: Starting additional Client Monitor Workers
> Fri Sep 29 16:16:00 2023: Removing some Client Monitor Workers
> Fri Sep 29 16:16:10 2023: Starting additional Client Monitor Workers
> Fri Sep 29 16:16:30 2023: Removing some Client Monitor Workers
> Fri Sep 29 16:16:45 2023: Starting additional Client Monitor Workers
> Fri Sep 29 16:17:06 2023: Removing some Client Monitor Workers
> Fri Sep 29 16:17:20 2023: Starting additional Client Monitor Workers
> Fri Sep 29 16:17:40 2023: Starting additional Client Monitor Workers
> Fri Sep 29 16:17:55 2023: Starting additional Client Monitor Workers
> Fri Sep 29 16:18:09 2023: Starting additional Client Monitor Workers
> Fri Sep 29 16:18:28 2023: Removing some Client Monitor Workers
> Fri Sep 29 16:18:43 2023: Starting additional Client Monitor Workers
>
> Child process worked perfectly till Wed Sep 27 21:16:23 2023: and after
> that I didn't see any logs. Suddenly it started dumping the parent process
> logs from Wed Sep 27 21:43:39 2023. It's not recovering , it's required to
> kill the child process then Parent process will spawn another child process
> to do the task and the newly spawned child will work for some time and
> again enter into the issue state.
>
> On Fri, Sep 29, 2023 at 4:17 PM Deepak Goel  wrote:
>
>>
>>
>> On Fri, Sep 29, 2023 at 4:15 PM Sreenivasulu Alapaka <
>> sreenivasulu.alapaka...@gmail.com> wrote:
>>
>>> Hi Deepak,
>>>
>>> I have specific logs for parent and child process and am
>>> able to see the logs of parent process dumped in child process log with
>>> child process id.
>>>
>>>
>> Please share the log files..
>>
>>
>>> On Fri, Sep 29, 2023 at 3:58 PM Deepak Goel  wrote:
>>>


 On Fri, Sep 29, 2023 at 3:52 PM Sreenivasulu Alapaka <
 sreenivasulu.alapaka...@gmail.com> wrote:

> Hi Team,
>
> I am using httpd and mod_perl libraries to spawn the process

Re: [users@httpd] Child process executing tasks of parent process

[Sreenivasulu Alapaka]

Hi Deepak,

 Please find the logs below.
 Parent task is to monitor the workers(childs) and then
remove/start additional workers based on the load.
  its performing its task.
Parent process logs
 =
Wed Sep 27 20:36:36 2023: Started (PID: 3032)
Fri Sep 29 16:12:07 2023: Removing some Client Monitor Workers
Fri Sep 29 16:12:18 2023: restarting Client Monitor Worker...
Fri Sep 29 16:12:33 2023: Starting additional Client Monitor Workers
Fri Sep 29 16:12:54 2023: Removing some Client Monitor Workers
Fri Sep 29 16:13:06 2023: restarting Client Monitor Worker...
Fri Sep 29 16:13:22 2023: Starting additional Client Monitor Workers
Fri Sep 29 16:13:36 2023: Starting additional Client Monitor Workers
Fri Sep 29 16:13:54 2023: Removing some Client Monitor Workers
Fri Sep 29 16:14:09 2023: Starting additional Client Monitor Workers
Fri Sep 29 16:14:23 2023: restarting Client Monitor Worker...
Fri Sep 29 16:14:39 2023: Starting additional Client Monitor Workers
Fri Sep 29 16:14:54 2023: Removing some Client Monitor Workers
Fri Sep 29 16:15:08 2023: Starting additional Client Monitor Workers
Fri Sep 29 16:15:27 2023: Removing some Client Monitor Workers
Fri Sep 29 16:15:42 2023: Starting additional Client Monitor Workers

After spawning the child process , it works for some time properly and then
starts performing tasks of the parent.
Child process logs
==
Wed Sep 27 20:36:43 2023: Started (PID: 5321)
Wed Sep 27 20:41:16 2023: Synchronizing containment
Wed Sep 27 20:41:16 2023: Synchronizing containment
Wed Sep 27 20:41:17 2023: Sync complete; beginning audit
Wed Sep 27 20:41:19 2023: Audit finished.
Wed Sep 27 21:16:23 2023: Audit finished.
Wed Sep 27 21:16:23 2023: nothing to do
Wed Sep 27 21:43:39 2023: Removing some Client Monitor Workers
Wed Sep 27 21:43:54 2023: Removing some Client Monitor Workers
Wed Sep 27 21:44:09 2023: Removing some Client Monitor Workers
Wed Sep 27 21:44:24 2023: Removing some Client Monitor Workers
Wed Sep 27 21:44:39 2023: Removing some Client Monitor Workers
Wed Sep 27 21:44:54 2023: Removing some Client Monitor Workers
Wed Sep 27 21:45:09 2023: Removing some Client Monitor Workers
Fri Sep 29 16:13:29 2023: Removing some Client Monitor Workers
Fri Sep 29 16:13:44 2023: Starting additional Client Monitor Workers
Fri Sep 29 16:13:58 2023: Starting additional Client Monitor Workers
Fri Sep 29 16:14:17 2023: Removing some Client Monitor Workers
Fri Sep 29 16:14:32 2023: Starting additional Client Monitor Workers
Fri Sep 29 16:14:51 2023: Removing some Client Monitor Workers
Fri Sep 29 16:15:06 2023: restarting Client Monitor Worker...
Fri Sep 29 16:15:22 2023: Starting additional Client Monitor Workers
Fri Sep 29 16:15:36 2023: Starting additional Client Monitor Workers
Fri Sep 29 16:16:00 2023: Removing some Client Monitor Workers
Fri Sep 29 16:16:10 2023: Starting additional Client Monitor Workers
Fri Sep 29 16:16:30 2023: Removing some Client Monitor Workers
Fri Sep 29 16:16:45 2023: Starting additional Client Monitor Workers
Fri Sep 29 16:17:06 2023: Removing some Client Monitor Workers
Fri Sep 29 16:17:20 2023: Starting additional Client Monitor Workers
Fri Sep 29 16:17:40 2023: Starting additional Client Monitor Workers
Fri Sep 29 16:17:55 2023: Starting additional Client Monitor Workers
Fri Sep 29 16:18:09 2023: Starting additional Client Monitor Workers
Fri Sep 29 16:18:28 2023: Removing some Client Monitor Workers
Fri Sep 29 16:18:43 2023: Starting additional Client Monitor Workers

Child process worked perfectly till Wed Sep 27 21:16:23 2023: and after
that I didn't see any logs. Suddenly it started dumping the parent process
logs from Wed Sep 27 21:43:39 2023. It's not recovering , it's required to
kill the child process then Parent process will spawn another child process
to do the task and the newly spawned child will work for some time and
again enter into the issue state.

On Fri, Sep 29, 2023 at 4:17 PM Deepak Goel  wrote:

>
>
> On Fri, Sep 29, 2023 at 4:15 PM Sreenivasulu Alapaka <
> sreenivasulu.alapaka...@gmail.com> wrote:
>
>> Hi Deepak,
>>
>> I have specific logs for parent and child process and am able
>> to see the logs of parent process dumped in child process log with child
>> process id.
>>
>>
> Please share the log files..
>
>
>> On Fri, Sep 29, 2023 at 3:58 PM Deepak Goel  wrote:
>>
>>>
>>>
>>> On Fri, Sep 29, 2023 at 3:52 PM Sreenivasulu Alapaka <
>>> sreenivasulu.alapaka...@gmail.com> wrote:
>>>
 Hi Team,

 I am using httpd and mod_perl libraries to spawn the process to
 execute the tasks. httpd will spawn a process which is parent and it will
 spawn the other child process to perform the tasks.
   The parent process job is to monitor the child process and
 the child process has to perform the functionality taks. All of sudden one
 of the child process is executing the tasks of the parent instead of 

Re: [users@httpd] Child process executing tasks of parent process

[Deepak Goel]

On Fri, Sep 29, 2023 at 4:15 PM Sreenivasulu Alapaka <
sreenivasulu.alapaka...@gmail.com> wrote:

> Hi Deepak,
>
> I have specific logs for parent and child process and am able
> to see the logs of parent process dumped in child process log with child
> process id.
>
>
Please share the log files..


> On Fri, Sep 29, 2023 at 3:58 PM Deepak Goel  wrote:
>
>>
>>
>> On Fri, Sep 29, 2023 at 3:52 PM Sreenivasulu Alapaka <
>> sreenivasulu.alapaka...@gmail.com> wrote:
>>
>>> Hi Team,
>>>
>>> I am using httpd and mod_perl libraries to spawn the process to
>>> execute the tasks. httpd will spawn a process which is parent and it will
>>> spawn the other child process to perform the tasks.
>>>   The parent process job is to monitor the child process and the
>>> child process has to perform the functionality taks. All of sudden one of
>>> the child process is executing the tasks of the parent instead of the child
>>> process tasks.
>>>
>>> How did you infer that the child process is executing the parent task?
>>
>>
>>>  I am using RHEL8 environment and these below are library
>>> versions.
>>>  Same piece of code worked in Cent 7.
>>>
>>>   httpd: 2.4.6
>>>   mod_perl: 2.0.10
>>>
>>>Could you please help here, how to debug the issue?
>>>
>>> --
>>> Thanks & Regards
>>> *Sreenivasulu Alapaka*
>>>
>>
>>
>>
>> Deepak
>> "The greatness of a nation can be judged by the way its animals are
>> treated - Mahatma Gandhi"
>>
>> +91 73500 12833
>> deic...@gmail.com
>>
>> Facebook: https://www.facebook.com/deicool
>> LinkedIn: www.linkedin.com/in/deicool
>>
>> "Plant a Tree, Go Green"
>>
>> Make In India : http://www.makeinindia.com/home
>>
>>
>>
>
>
> --
> Thanks & Regards
> *Sreenivasulu Alapaka*
>

Re: [users@httpd] Child process executing tasks of parent process

[Sreenivasulu Alapaka]

Hi Deepak,

I have specific logs for parent and child process and am able
to see the logs of parent process dumped in child process log with child
process id.

On Fri, Sep 29, 2023 at 3:58 PM Deepak Goel  wrote:

>
>
> On Fri, Sep 29, 2023 at 3:52 PM Sreenivasulu Alapaka <
> sreenivasulu.alapaka...@gmail.com> wrote:
>
>> Hi Team,
>>
>> I am using httpd and mod_perl libraries to spawn the process to
>> execute the tasks. httpd will spawn a process which is parent and it will
>> spawn the other child process to perform the tasks.
>>   The parent process job is to monitor the child process and the
>> child process has to perform the functionality taks. All of sudden one of
>> the child process is executing the tasks of the parent instead of the child
>> process tasks.
>>
>> How did you infer that the child process is executing the parent task?
>
>
>>  I am using RHEL8 environment and these below are library
>> versions.
>>  Same piece of code worked in Cent 7.
>>
>>   httpd: 2.4.6
>>   mod_perl: 2.0.10
>>
>>Could you please help here, how to debug the issue?
>>
>> --
>> Thanks & Regards
>> *Sreenivasulu Alapaka*
>>
>
>
>
> Deepak
> "The greatness of a nation can be judged by the way its animals are
> treated - Mahatma Gandhi"
>
> +91 73500 12833
> deic...@gmail.com
>
> Facebook: https://www.facebook.com/deicool
> LinkedIn: www.linkedin.com/in/deicool
>
> "Plant a Tree, Go Green"
>
> Make In India : http://www.makeinindia.com/home
>
>
>


-- 
Thanks & Regards
*Sreenivasulu Alapaka*

Re: [users@httpd] Child process executing tasks of parent process

[Deepak Goel]

On Fri, Sep 29, 2023 at 3:52 PM Sreenivasulu Alapaka <
sreenivasulu.alapaka...@gmail.com> wrote:

> Hi Team,
>
> I am using httpd and mod_perl libraries to spawn the process to
> execute the tasks. httpd will spawn a process which is parent and it will
> spawn the other child process to perform the tasks.
>   The parent process job is to monitor the child process and the
> child process has to perform the functionality taks. All of sudden one of
> the child process is executing the tasks of the parent instead of the child
> process tasks.
>
> How did you infer that the child process is executing the parent task?


>  I am using RHEL8 environment and these below are library
> versions.
>  Same piece of code worked in Cent 7.
>
>   httpd: 2.4.6
>   mod_perl: 2.0.10
>
>Could you please help here, how to debug the issue?
>
> --
> Thanks & Regards
> *Sreenivasulu Alapaka*
>



Deepak
"The greatness of a nation can be judged by the way its animals are treated
- Mahatma Gandhi"

+91 73500 12833
deic...@gmail.com

Facebook: https://www.facebook.com/deicool
LinkedIn: www.linkedin.com/in/deicool

"Plant a Tree, Go Green"

Make In India : http://www.makeinindia.com/home

[users@httpd] Child process executing tasks of parent process

[Sreenivasulu Alapaka]

Hi Team,

I am using httpd and mod_perl libraries to spawn the process to
execute the tasks. httpd will spawn a process which is parent and it will
spawn the other child process to perform the tasks.
  The parent process job is to monitor the child process and the
child process has to perform the functionality taks. All of sudden one of
the child process is executing the tasks of the parent instead of the child
process tasks.

 I am using RHEL8 environment and these below are library
versions.
 Same piece of code worked in Cent 7.

  httpd: 2.4.6
  mod_perl: 2.0.10

   Could you please help here, how to debug the issue?

-- 
Thanks & Regards
*Sreenivasulu Alapaka*

RE: [users@httpd] ? Apache support for IPv6

[Cox, Kim A-CTR (FAA)]

Ok, thank you!


From: Frank Gingras 
Sent: Thursday, September 28, 2023 4:27 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] ? Apache support for IPv6

You will need to ask the mailing lists for the projects in question. They are 
likely compatible, but don't assume.

On Thu, Sep 28, 2023 at 4:23 PM Cox, Kim A-CTR (FAA) 
mailto:kim.a-ctr@faa.gov.invalid>> wrote:
Thank you, Frank.  So the Apache related software versions I listed(being older 
than the current release) are fully supported on IPv6?

From: Frank Gingras mailto:thu...@apache.org>>
Sent: Thursday, September 28, 2023 4:16 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] ? Apache support for IPv6

This mailing list is really for the Apache HTTPd product; IPv6 has been fully 
supported on it for a long time now.

On Thu, Sep 28, 2023 at 3:10 PM Cox, Kim A-CTR (FAA) 
mailto:kim.a-ctr@faa.gov.invalid>> wrote:
Apache mail list members:  I’ve searched the archives and doc for Apache 
support for IPv6  on RedHat Linux 8.x without success.  Can anyone comment on 
support for the following Apache apps, or point me to where to find a 
compatibility matrix for the Apache products and IPv6 please?   Thanks in 
advance.
These are he Apache Apps currently running on RedHat Linux 8.x and IPv4,  I 
need to know if I move to IPv6 that that Apache will still run.

ApacheCamel 2.25.2, ApacheCommonsBeanUtils 1.9.4, ApacheCommonsCLI 1.3,
ApacheCommonsCodec  1.11,ApacheCommonsCollections 3.2.2, ApacheCommonsCompress 
1.2,
ApacheCommonsConfiguration   1.1, ApacheCommonsCSV 1.5,ApacheCommonsCXF 3.2.5
ApacheCommonsDbcp1.4, ApacheCommonsIO 2.6, ApacheCommonsLang 2.6,
ApacheCommonsLang 3.3.7, ApacheCommonsLogging1.2, ApacheCommonsNet 3.3
ApacheCommonsPool 1.6.0, ApacheCommonsPool2 2.6.0, ApacheDirectoryLDAPAPI 
1.0.0-RC1
ApacheHttpComponentsHttpClient 4.3.6, ApacheMina 2.0.13, ApacheShiro-Core 1.3.2
ApacheThrift 0.10.0, ApacheVelocity 1.7, ApacheWSS4j   2.1.4, ApacheXMLBeans 
2.6.0
ApacheXMLSchema 2.2.3, ApacheXMLSecurity(XMLSec)   2.0.6

Re: [users@httpd] ? Apache support for IPv6

[Frank Gingras]

You will need to ask the mailing lists for the projects in question. They
are likely compatible, but don't assume.

On Thu, Sep 28, 2023 at 4:23 PM Cox, Kim A-CTR (FAA)
 wrote:

> Thank you, Frank.  So the Apache related software versions I listed(being
> older than the current release) are fully supported on IPv6?
>
>
>
> *From:* Frank Gingras 
> *Sent:* Thursday, September 28, 2023 4:16 PM
> *To:* users@httpd.apache.org
> *Subject:* Re: [users@httpd] ? Apache support for IPv6
>
>
>
> This mailing list is really for the Apache HTTPd product; IPv6 has been
> fully supported on it for a long time now.
>
>
>
> On Thu, Sep 28, 2023 at 3:10 PM Cox, Kim A-CTR (FAA) <
> kim.a-ctr@faa.gov.invalid> wrote:
>
> Apache mail list members:  I’ve searched the archives and doc for Apache
> support for IPv6  on RedHat Linux 8.x without success.  Can anyone comment
> on support for the following Apache apps, or point me to where to find a
> compatibility matrix for the Apache products and IPv6 please?   Thanks in
> advance.
>
> These are he Apache Apps currently running on RedHat Linux 8.x and IPv4,
> I need to know if I move to IPv6 that that Apache will still run.
>
>
>
> ApacheCamel 2.25.2, ApacheCommonsBeanUtils 1.9.4, ApacheCommonsCLI 1.3,
>
> ApacheCommonsCodec  1.11,ApacheCommonsCollections 3.2.2,
> ApacheCommonsCompress 1.2,
>
> ApacheCommonsConfiguration   1.1, ApacheCommonsCSV 1.5,ApacheCommonsCXF
> 3.2.5
>
> ApacheCommonsDbcp1.4, ApacheCommonsIO 2.6, ApacheCommonsLang 2.6,
>
> ApacheCommonsLang 3.3.7, ApacheCommonsLogging1.2, ApacheCommonsNet 3.3
>
> ApacheCommonsPool 1.6.0, ApacheCommonsPool2 2.6.0, ApacheDirectoryLDAPAPI
> 1.0.0-RC1
>
> ApacheHttpComponentsHttpClient 4.3.6, ApacheMina 2.0.13, ApacheShiro-Core
> 1.3.2
>
> ApacheThrift 0.10.0, ApacheVelocity 1.7, ApacheWSS4j   2.1.4,
> ApacheXMLBeans 2.6.0
>
> ApacheXMLSchema 2.2.3, ApacheXMLSecurity(XMLSec)   2.0.6
>
>
>
>

RE: [users@httpd] ? Apache support for IPv6

[Cox, Kim A-CTR (FAA)]

Thank you, Frank.  So the Apache related software versions I listed(being older 
than the current release) are fully supported on IPv6?

From: Frank Gingras 
Sent: Thursday, September 28, 2023 4:16 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] ? Apache support for IPv6

This mailing list is really for the Apache HTTPd product; IPv6 has been fully 
supported on it for a long time now.

On Thu, Sep 28, 2023 at 3:10 PM Cox, Kim A-CTR (FAA) 
mailto:kim.a-ctr@faa.gov.invalid>> wrote:
Apache mail list members:  I’ve searched the archives and doc for Apache 
support for IPv6  on RedHat Linux 8.x without success.  Can anyone comment on 
support for the following Apache apps, or point me to where to find a 
compatibility matrix for the Apache products and IPv6 please?   Thanks in 
advance.
These are he Apache Apps currently running on RedHat Linux 8.x and IPv4,  I 
need to know if I move to IPv6 that that Apache will still run.

ApacheCamel 2.25.2, ApacheCommonsBeanUtils 1.9.4, ApacheCommonsCLI 1.3,
ApacheCommonsCodec  1.11,ApacheCommonsCollections 3.2.2, ApacheCommonsCompress 
1.2,
ApacheCommonsConfiguration   1.1, ApacheCommonsCSV 1.5,ApacheCommonsCXF 3.2.5
ApacheCommonsDbcp1.4, ApacheCommonsIO 2.6, ApacheCommonsLang 2.6,
ApacheCommonsLang 3.3.7, ApacheCommonsLogging1.2, ApacheCommonsNet 3.3
ApacheCommonsPool 1.6.0, ApacheCommonsPool2 2.6.0, ApacheDirectoryLDAPAPI 
1.0.0-RC1
ApacheHttpComponentsHttpClient 4.3.6, ApacheMina 2.0.13, ApacheShiro-Core 1.3.2
ApacheThrift 0.10.0, ApacheVelocity 1.7, ApacheWSS4j   2.1.4, ApacheXMLBeans 
2.6.0
ApacheXMLSchema 2.2.3, ApacheXMLSecurity(XMLSec)   2.0.6

Re: [users@httpd] ? Apache support for IPv6

[Frank Gingras]

This mailing list is really for the Apache HTTPd product; IPv6 has been
fully supported on it for a long time now.

On Thu, Sep 28, 2023 at 3:10 PM Cox, Kim A-CTR (FAA)
 wrote:

> Apache mail list members:  I’ve searched the archives and doc for Apache
> support for IPv6  on RedHat Linux 8.x without success.  Can anyone comment
> on support for the following Apache apps, or point me to where to find a
> compatibility matrix for the Apache products and IPv6 please?   Thanks in
> advance.
>
> These are he Apache Apps currently running on RedHat Linux 8.x and IPv4,
> I need to know if I move to IPv6 that that Apache will still run.
>
>
>
> ApacheCamel 2.25.2, ApacheCommonsBeanUtils 1.9.4, ApacheCommonsCLI 1.3,
>
> ApacheCommonsCodec  1.11,ApacheCommonsCollections 3.2.2,
> ApacheCommonsCompress 1.2,
>
> ApacheCommonsConfiguration   1.1, ApacheCommonsCSV 1.5,ApacheCommonsCXF
> 3.2.5
>
> ApacheCommonsDbcp1.4, ApacheCommonsIO 2.6, ApacheCommonsLang 2.6,
>
> ApacheCommonsLang 3.3.7, ApacheCommonsLogging1.2, ApacheCommonsNet 3.3
>
> ApacheCommonsPool 1.6.0, ApacheCommonsPool2 2.6.0, ApacheDirectoryLDAPAPI
> 1.0.0-RC1
>
> ApacheHttpComponentsHttpClient 4.3.6, ApacheMina 2.0.13, ApacheShiro-Core
> 1.3.2
>
> ApacheThrift 0.10.0, ApacheVelocity 1.7, ApacheWSS4j   2.1.4,
> ApacheXMLBeans 2.6.0
>
> ApacheXMLSchema 2.2.3, ApacheXMLSecurity(XMLSec)   2.0.6
>
>
>

[users@httpd] ? Apache support for IPv6

[Cox, Kim A-CTR (FAA)]

Apache mail list members:  I've searched the archives and doc for Apache 
support for IPv6  on RedHat Linux 8.x without success.  Can anyone comment on 
support for the following Apache apps, or point me to where to find a 
compatibility matrix for the Apache products and IPv6 please?   Thanks in 
advance.
These are he Apache Apps currently running on RedHat Linux 8.x and IPv4,  I 
need to know if I move to IPv6 that that Apache will still run.

ApacheCamel 2.25.2, ApacheCommonsBeanUtils 1.9.4, ApacheCommonsCLI 1.3,
ApacheCommonsCodec  1.11,ApacheCommonsCollections 3.2.2, ApacheCommonsCompress 
1.2,
ApacheCommonsConfiguration   1.1, ApacheCommonsCSV 1.5,ApacheCommonsCXF 3.2.5
ApacheCommonsDbcp1.4, ApacheCommonsIO 2.6, ApacheCommonsLang 2.6,
ApacheCommonsLang 3.3.7, ApacheCommonsLogging1.2, ApacheCommonsNet 3.3
ApacheCommonsPool 1.6.0, ApacheCommonsPool2 2.6.0, ApacheDirectoryLDAPAPI 
1.0.0-RC1
ApacheHttpComponentsHttpClient 4.3.6, ApacheMina 2.0.13, ApacheShiro-Core 1.3.2
ApacheThrift 0.10.0, ApacheVelocity 1.7, ApacheWSS4j   2.1.4, ApacheXMLBeans 
2.6.0
ApacheXMLSchema 2.2.3, ApacheXMLSecurity(XMLSec)   2.0.6

Re: [users@httpd] Apache web server httpd in Netgear Wireless Router WNR3500L

[Turritopsis Dohrnii Teo En Ming]

I will try to look for the scripts again.

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individual in Singapore

On Wed, 27 Sept 2023 at 19:03, Will Fatherley  wrote:
>>
>> But when we need to reboot the Netgear wireless router, where are the
>> Apache web server httpd autostart scripts? Do we have to manually
>> execute the httpd command every time we reboot the Netgear wireless
>> router?
>
>
> It depends on the OS distributor, but it’s a typical convention to find these 
> types of scripts in /etc/rc* or /etc/init.d/*
>
>
>> Why was httpd not running when we tried to login to the web UI? Did
>> somebody kill the httpd process or deleted the httpd autostart
>> scripts?
>
>
> Could be that. Might be use to read the router manual for further details.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache web server httpd in Netgear Wireless Router WNR3500L

[Turritopsis Dohrnii Teo En Ming]

I think BusyBox don't have the chkconfig command.

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individual in Singapore

On Wed, 27 Sept 2023 at 19:01, Deepak Goel  wrote:
>
> This might help:
>
> https://serverfault.com/questions/16839/how-do-i-get-apache-to-startup-at-bootime-on-linux
>
> You might have to do something like this:
>
> chkconfig --level 345 httpd on
>
>
> Deepak
> "The greatness of a nation can be judged by the way its animals are treated - 
> Mahatma Gandhi"
>
> +91 73500 12833
> deic...@gmail.com
>
> Facebook: https://www.facebook.com/deicool
> LinkedIn: www.linkedin.com/in/deicool
>
> "Plant a Tree, Go Green"
>
> Make In India : http://www.makeinindia.com/home
>
>
> On Wed, Sep 27, 2023 at 4:25 PM Frank Gingras  wrote:
>>
>> You should ask the Netgear / busybox folks instead of this mailing list.
>>
>> Especially the former as they ship your product.
>>
>> On Wed., Sep. 27, 2023, 6:45 a.m. Turritopsis Dohrnii Teo En Ming, 
>>  wrote:
>>>
>>> Subject: Apache web server httpd in Netgear Wireless Router WNR3500L
>>>
>>> Good day from Singapore,
>>>
>>> Release version : Netgear Wireless Router WNR3500L
>>> U12H13699/V1.0.2.35/32.1.9_TR069_0528
>>> Time : May 29 2010 10:31:41
>>> CFE version : v1.0.36
>>>
>>> We were trying to login to the Netgear wireless router but the web UI
>>> was not available. Then we managed to telnet (TCP port 23) into the
>>> Netgear wireless router.
>>> The operating system is BusyBox. I am sorry I did not note down the
>>> version of BusyBox. BusyBox is a stripped-down version of the Linux
>>> operating system. When I run the Linux command "httpd", the Apache web
>>> server started and we managed to login to the web UI already.
>>>
>>> But when we need to reboot the Netgear wireless router, where are the
>>> Apache web server httpd autostart scripts? Do we have to manually
>>> execute the httpd command every time we reboot the Netgear wireless
>>> router?
>>>
>>> Why was httpd not running when we tried to login to the web UI? Did
>>> somebody kill the httpd process or deleted the httpd autostart
>>> scripts?
>>>
>>> Please advise.
>>>
>>> Thank you.
>>>
>>> Regards,
>>>
>>> Mr. Turritopsis Dohrnii Teo En Ming
>>> Targeted Individual in Singapore
>>> Blogs:
>>> https://tdtemcerts.blogspot.com
>>> https://tdtemcerts.wordpress.com
>>> GIMP also stands for Government-Induced Medical Problems.
>>>
>>> I have configured, setup and deployed 22 Fortigate firewall appliances
>>> for 20 companies/organizations in Singapore so far as of 27 Sep 2023
>>> Wed.
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>>> For additional commands, e-mail: users-h...@httpd.apache.org
>>>

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache web server httpd in Netgear Wireless Router WNR3500L

[Turritopsis Dohrnii Teo En Ming]

Noted, I will try contacting Netgear.

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individual in Singapore

On Wed, 27 Sept 2023 at 18:55, Frank Gingras  wrote:
>
> You should ask the Netgear / busybox folks instead of this mailing list.
>
> Especially the former as they ship your product.
>
> On Wed., Sep. 27, 2023, 6:45 a.m. Turritopsis Dohrnii Teo En Ming, 
>  wrote:
>>
>> Subject: Apache web server httpd in Netgear Wireless Router WNR3500L
>>
>> Good day from Singapore,
>>
>> Release version : Netgear Wireless Router WNR3500L
>> U12H13699/V1.0.2.35/32.1.9_TR069_0528
>> Time : May 29 2010 10:31:41
>> CFE version : v1.0.36
>>
>> We were trying to login to the Netgear wireless router but the web UI
>> was not available. Then we managed to telnet (TCP port 23) into the
>> Netgear wireless router.
>> The operating system is BusyBox. I am sorry I did not note down the
>> version of BusyBox. BusyBox is a stripped-down version of the Linux
>> operating system. When I run the Linux command "httpd", the Apache web
>> server started and we managed to login to the web UI already.
>>
>> But when we need to reboot the Netgear wireless router, where are the
>> Apache web server httpd autostart scripts? Do we have to manually
>> execute the httpd command every time we reboot the Netgear wireless
>> router?
>>
>> Why was httpd not running when we tried to login to the web UI? Did
>> somebody kill the httpd process or deleted the httpd autostart
>> scripts?
>>
>> Please advise.
>>
>> Thank you.
>>
>> Regards,
>>
>> Mr. Turritopsis Dohrnii Teo En Ming
>> Targeted Individual in Singapore
>> Blogs:
>> https://tdtemcerts.blogspot.com
>> https://tdtemcerts.wordpress.com
>> GIMP also stands for Government-Induced Medical Problems.
>>
>> I have configured, setup and deployed 22 Fortigate firewall appliances
>> for 20 companies/organizations in Singapore so far as of 27 Sep 2023
>> Wed.
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>>

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache web server httpd in Netgear Wireless Router WNR3500L

[Will Fatherley]

>
> But when we need to reboot the Netgear wireless router, where are the
> Apache web server httpd autostart scripts? Do we have to manually
> execute the httpd command every time we reboot the Netgear wireless
> router?


It depends on the OS distributor, but it’s a typical convention to find
these types of scripts in /etc/rc* or /etc/init.d/*


Why was httpd not running when we tried to login to the web UI? Did
> somebody kill the httpd process or deleted the httpd autostart
> scripts?


Could be that. Might be use to read the router manual for further details.

>

Re: [users@httpd] Apache web server httpd in Netgear Wireless Router WNR3500L

[Deepak Goel]

This might help:

https://serverfault.com/questions/16839/how-do-i-get-apache-to-startup-at-bootime-on-linux

You might have to do something like this:

chkconfig --level 345 httpd on


Deepak
"The greatness of a nation can be judged by the way its animals are treated
- Mahatma Gandhi"

+91 73500 12833
deic...@gmail.com

Facebook: https://www.facebook.com/deicool
LinkedIn: www.linkedin.com/in/deicool

"Plant a Tree, Go Green"

Make In India : http://www.makeinindia.com/home


On Wed, Sep 27, 2023 at 4:25 PM Frank Gingras  wrote:

> You should ask the Netgear / busybox folks instead of this mailing list.
>
> Especially the former as they ship your product.
>
> On Wed., Sep. 27, 2023, 6:45 a.m. Turritopsis Dohrnii Teo En Ming, <
> tdtemc...@gmail.com> wrote:
>
>> Subject: Apache web server httpd in Netgear Wireless Router WNR3500L
>>
>> Good day from Singapore,
>>
>> Release version : Netgear Wireless Router WNR3500L
>> U12H13699/V1.0.2.35/32.1.9_TR069_0528
>> Time : May 29 2010 10:31:41
>> CFE version : v1.0.36
>>
>> We were trying to login to the Netgear wireless router but the web UI
>> was not available. Then we managed to telnet (TCP port 23) into the
>> Netgear wireless router.
>> The operating system is BusyBox. I am sorry I did not note down the
>> version of BusyBox. BusyBox is a stripped-down version of the Linux
>> operating system. When I run the Linux command "httpd", the Apache web
>> server started and we managed to login to the web UI already.
>>
>> But when we need to reboot the Netgear wireless router, where are the
>> Apache web server httpd autostart scripts? Do we have to manually
>> execute the httpd command every time we reboot the Netgear wireless
>> router?
>>
>> Why was httpd not running when we tried to login to the web UI? Did
>> somebody kill the httpd process or deleted the httpd autostart
>> scripts?
>>
>> Please advise.
>>
>> Thank you.
>>
>> Regards,
>>
>> Mr. Turritopsis Dohrnii Teo En Ming
>> Targeted Individual in Singapore
>> Blogs:
>> https://tdtemcerts.blogspot.com
>> https://tdtemcerts.wordpress.com
>> GIMP also stands for Government-Induced Medical Problems.
>>
>> I have configured, setup and deployed 22 Fortigate firewall appliances
>> for 20 companies/organizations in Singapore so far as of 27 Sep 2023
>> Wed.
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>>
>>

Re: [users@httpd] Apache web server httpd in Netgear Wireless Router WNR3500L

[Frank Gingras]

You should ask the Netgear / busybox folks instead of this mailing list.

Especially the former as they ship your product.

On Wed., Sep. 27, 2023, 6:45 a.m. Turritopsis Dohrnii Teo En Ming, <
tdtemc...@gmail.com> wrote:

> Subject: Apache web server httpd in Netgear Wireless Router WNR3500L
>
> Good day from Singapore,
>
> Release version : Netgear Wireless Router WNR3500L
> U12H13699/V1.0.2.35/32.1.9_TR069_0528
> Time : May 29 2010 10:31:41
> CFE version : v1.0.36
>
> We were trying to login to the Netgear wireless router but the web UI
> was not available. Then we managed to telnet (TCP port 23) into the
> Netgear wireless router.
> The operating system is BusyBox. I am sorry I did not note down the
> version of BusyBox. BusyBox is a stripped-down version of the Linux
> operating system. When I run the Linux command "httpd", the Apache web
> server started and we managed to login to the web UI already.
>
> But when we need to reboot the Netgear wireless router, where are the
> Apache web server httpd autostart scripts? Do we have to manually
> execute the httpd command every time we reboot the Netgear wireless
> router?
>
> Why was httpd not running when we tried to login to the web UI? Did
> somebody kill the httpd process or deleted the httpd autostart
> scripts?
>
> Please advise.
>
> Thank you.
>
> Regards,
>
> Mr. Turritopsis Dohrnii Teo En Ming
> Targeted Individual in Singapore
> Blogs:
> https://tdtemcerts.blogspot.com
> https://tdtemcerts.wordpress.com
> GIMP also stands for Government-Induced Medical Problems.
>
> I have configured, setup and deployed 22 Fortigate firewall appliances
> for 20 companies/organizations in Singapore so far as of 27 Sep 2023
> Wed.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

[users@httpd] Apache web server httpd in Netgear Wireless Router WNR3500L

[Turritopsis Dohrnii Teo En Ming]

Subject: Apache web server httpd in Netgear Wireless Router WNR3500L

Good day from Singapore,

Release version : Netgear Wireless Router WNR3500L
U12H13699/V1.0.2.35/32.1.9_TR069_0528
Time : May 29 2010 10:31:41
CFE version : v1.0.36

We were trying to login to the Netgear wireless router but the web UI
was not available. Then we managed to telnet (TCP port 23) into the
Netgear wireless router.
The operating system is BusyBox. I am sorry I did not note down the
version of BusyBox. BusyBox is a stripped-down version of the Linux
operating system. When I run the Linux command "httpd", the Apache web
server started and we managed to login to the web UI already.

But when we need to reboot the Netgear wireless router, where are the
Apache web server httpd autostart scripts? Do we have to manually
execute the httpd command every time we reboot the Netgear wireless
router?

Why was httpd not running when we tried to login to the web UI? Did
somebody kill the httpd process or deleted the httpd autostart
scripts?

Please advise.

Thank you.

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individual in Singapore
Blogs:
https://tdtemcerts.blogspot.com
https://tdtemcerts.wordpress.com
GIMP also stands for Government-Induced Medical Problems.

I have configured, setup and deployed 22 Fortigate firewall appliances
for 20 companies/organizations in Singapore so far as of 27 Sep 2023
Wed.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Information Request | RFC- 7919 Support

[Pankaj Pradhan]

Hi,

Thanks for the response. I went through the documentation, it does specify
the support of the custom and standard DH parameters. On the selection of
the parameter the documentation says " hands them out to clients based on
the length of the certificate's RSA/DSA key"

Where as per the RFC7919 (https://www.rfc-editor.org/rfc/rfc7919.html#page-8
)

   - A compatible TLS server that receives the Supported Groups extension
   with FFDHE codepoints in it and that selects an FFDHE cipher suite MUST
   select one of the client's offered groups
   -

   if none of the client-proposed FFDHE groups are known and
acceptable to the server, then the server MUST NOT select an FFDHE
cipher suite

   -

   ...


Is the server behavior then compliant to the specification? This
information was not so clearly documented/ or couldn't be interpreted. Any
help in this regard is highly appreciated.

Regards,
Pankaj

On Wed, Sep 20, 2023 at 11:44 PM Will Fatherley 
wrote:

>
> It would be very helpful if someone can help in some way or some
>> documentation link that gives some more information on RFC-7919 support in
>> apache httpd server.
>>
>
> Maybe you’re looking for mod_ssl—
> https://httpd.apache.org/docs/2.4/mod/mod_ssl.html
>
>>

Re: [users@httpd] Apache on the different platforms

[Frank Gingras]

Greg,

The question was aimed at the original poster.

On Sun, Sep 24, 2023 at 8:40 PM Gregory Kuzmicki 
wrote:

> 8:38 PM EDT (Sunday)
>
> Jason:
> A dynamic link library on windows(. dll) is like a shared library(. so)
> on linux
> -Greg
>
> Frank:
>
> For me personally, what I am working on is PCI compliant payment
> processing. I am trying to process Visa, MasterCard, AMEX, in compliance
> with PCI standards for a series of *NAS VENDING MACHINES* -- I am the lead
> R/owner in my team; I have research assts. and several volunteers.
> Similarly, I am trying to create bank accounts/retirement accounts for my
> employees and manage their company spend budget with a terminal card /
> debit card / or other payment card. Ideally we would like to keep iterating
> on a system such that we can move beyond the "expiration date"
> feature/security tool and issue a card that expires naturally with its user.
>
>
> -Greg
>
> On Sunday, September 24, 2023, Frank Gingras  wrote:
>
>> This sounds like a homework question... what problem are you trying to
>> solve, exactly?
>>
>> On Sun, Sep 24, 2023 at 2:16 PM Jason Long 
>> wrote:
>>
>>> Hello,
>>> Thank you so much for your reply.
>>> Which libraries are common between the Linux and Windows operating
>>> systems?
>>>
>>>
>>> On Sun, Sep 24, 2023 at 9:29 PM, Frank Gingras
>>>  wrote:
>>> It depends on the vulnerability, and if some library is the culprit, and
>>> if that library is present on that operating system.
>>>
>>> On Sun, Sep 24, 2023 at 1:56 PM Jason Long 
>>> wrote:
>>>
>>> Hello,
>>> If a vulnerability is found in the Apache web server, then does that
>>> vulnerability work both in Apache under Linux and Windows operating systems?
>>>
>>>
>>> Thank you.
>>>
>>>
>
> --
> Sent from my iPhone
>

[users@httpd] Apache on the different platforms

[Gregory Kuzmicki]

8:38 PM EDT (Sunday)

Jason:
A dynamic link library on windows(. dll) is like a shared library(. so) on
linux
-Greg

Frank:

For me personally, what I am working on is PCI compliant payment
processing. I am trying to process Visa, MasterCard, AMEX, in compliance
with PCI standards for a series of *NAS VENDING MACHINES* -- I am the lead
R/owner in my team; I have research assts. and several volunteers.
Similarly, I am trying to create bank accounts/retirement accounts for my
employees and manage their company spend budget with a terminal card /
debit card / or other payment card. Ideally we would like to keep iterating
on a system such that we can move beyond the "expiration date"
feature/security tool and issue a card that expires naturally with its user.


-Greg

On Sunday, September 24, 2023, Frank Gingras  wrote:

> This sounds like a homework question... what problem are you trying to
> solve, exactly?
>
> On Sun, Sep 24, 2023 at 2:16 PM Jason Long 
> wrote:
>
>> Hello,
>> Thank you so much for your reply.
>> Which libraries are common between the Linux and Windows operating
>> systems?
>>
>>
>> On Sun, Sep 24, 2023 at 9:29 PM, Frank Gingras
>>  wrote:
>> It depends on the vulnerability, and if some library is the culprit, and
>> if that library is present on that operating system.
>>
>> On Sun, Sep 24, 2023 at 1:56 PM Jason Long 
>> wrote:
>>
>> Hello,
>> If a vulnerability is found in the Apache web server, then does that
>> vulnerability work both in Apache under Linux and Windows operating systems?
>>
>>
>> Thank you.
>>
>>

-- 
Sent from my iPhone

Re: [users@httpd] Apache on the different platforms

[Frank Gingras]

This sounds like a homework question... what problem are you trying to
solve, exactly?

On Sun, Sep 24, 2023 at 2:16 PM Jason Long 
wrote:

> Hello,
> Thank you so much for your reply.
> Which libraries are common between the Linux and Windows operating systems?
>
>
> On Sun, Sep 24, 2023 at 9:29 PM, Frank Gingras
>  wrote:
> It depends on the vulnerability, and if some library is the culprit, and
> if that library is present on that operating system.
>
> On Sun, Sep 24, 2023 at 1:56 PM Jason Long 
> wrote:
>
> Hello,
> If a vulnerability is found in the Apache web server, then does that
> vulnerability work both in Apache under Linux and Windows operating systems?
>
>
> Thank you.
>
>

Re: [users@httpd] Apache on the different platforms

[Gregory Kuzmicki]

After working over ten years on Apache systems, many different distros,
many different OS's and vers., I can say that more than anything my biggest
vulnerability has been the ever-changing landscape of the internet itself,
constant updates and browser changes, and continuous EOL and lack of
product support.

Nevetheless, I try to preserve the technology that works. A good firewall
and smart policies go a long way. I also use nmap to continuously monitor
networks and custom scripts for alerts and other recognitions.

Greg

On Sunday, September 24, 2023, Jason Long 
wrote:

> Hello,
> Thank you so much for your reply.
> Which libraries are common between the Linux and Windows operating systems?
>
>
> On Sun, Sep 24, 2023 at 9:29 PM, Frank Gingras
>  wrote:
> It depends on the vulnerability, and if some library is the culprit, and
> if that library is present on that operating system.
>
> On Sun, Sep 24, 2023 at 1:56 PM Jason Long 
> wrote:
>
> Hello,
> If a vulnerability is found in the Apache web server, then does that
> vulnerability work both in Apache under Linux and Windows operating systems?
>
>
> Thank you.
>
>

-- 
Sent from my iPhone

Re: [users@httpd] Apache on the different platforms

[Jason Long]

Hello,Thank you so much for your reply.Which libraries are common between the 
Linux and Windows operating systems?

 
 
  On Sun, Sep 24, 2023 at 9:29 PM, Frank Gingras wrote:   It 
depends on the vulnerability, and if some library is the culprit, and if that 
library is present on that operating system.
On Sun, Sep 24, 2023 at 1:56 PM Jason Long  wrote:

Hello,If a vulnerability is found in the Apache web server, then does that 
vulnerability work both in Apache under Linux and Windows operating systems?

Thank you.

  

Re: [users@httpd] Apache on the different platforms

[Frank Gingras]

It depends on the vulnerability, and if some library is the culprit, and if
that library is present on that operating system.

On Sun, Sep 24, 2023 at 1:56 PM Jason Long 
wrote:

> Hello,
> If a vulnerability is found in the Apache web server, then does that
> vulnerability work both in Apache under Linux and Windows operating systems?
>
>
> Thank you.
>
>

[users@httpd] Apache on the different platforms

[Jason Long]

Hello,If a vulnerability is found in the Apache web server, then does that 
vulnerability work both in Apache under Linux and Windows operating systems?

Thank you.

Re: [users@httpd] mod_cluster in Apache 2.4.x

[Deepak Goel]

This might help: https://httpd.apache.org/docs/2.4/mod/mod_proxy.html


Deepak
"The greatness of a nation can be judged by the way its animals are treated
- Mahatma Gandhi"

+91 73500 12833
deic...@gmail.com

Facebook: https://www.facebook.com/deicool
LinkedIn: www.linkedin.com/in/deicool

"Plant a Tree, Go Green"

Make In India : http://www.makeinindia.com/home


On Thu, Sep 21, 2023 at 2:46 PM Gillis J. de Nijs 
wrote:

> mod_cluster is open source.  You can add it yourself to your Apache
> instance.
>
> https://www.modcluster.io/
>
> Regards,
> Gillis
>
> On Thu, Sep 21, 2023 at 8:04 AM vicky chb  wrote:
>
>> Hi all,
>>
>> Does Apache 2.4.x have mod_cluster module available? I checked
>> https://httpd.apache.org/docs/2.4/mod/ but did not find. I also checked
>> and found that enterprise based Apache like JBCS etc provides this package.
>>
>> If mod_cluster is currently not supported then what is the alternate
>> option available?
>>
>> Cheers,
>> Vikky
>>
>

Re: [users@httpd] mod_cluster in Apache 2.4.x

[Gillis J. de Nijs]

mod_cluster is open source.  You can add it yourself to your Apache
instance.

https://www.modcluster.io/

Regards,
Gillis

On Thu, Sep 21, 2023 at 8:04 AM vicky chb  wrote:

> Hi all,
>
> Does Apache 2.4.x have mod_cluster module available? I checked
> https://httpd.apache.org/docs/2.4/mod/ but did not find. I also checked
> and found that enterprise based Apache like JBCS etc provides this package.
>
> If mod_cluster is currently not supported then what is the alternate
> option available?
>
> Cheers,
> Vikky
>

[users@httpd] mod_cluster in Apache 2.4.x

[vicky chb]

Hi all,

Does Apache 2.4.x have mod_cluster module available? I checked
https://httpd.apache.org/docs/2.4/mod/ but did not find. I also checked and
found that enterprise based Apache like JBCS etc provides this package.

If mod_cluster is currently not supported then what is the alternate option
available?

Cheers,
Vikky

Re: [users@httpd] Information Request | RFC- 7919 Support

[Jeff Cox]

unsubscribe



On Wed, Sep 20, 2023 at 1:14 PM Will Fatherley 
wrote:

>
> It would be very helpful if someone can help in some way or some
>> documentation link that gives some more information on RFC-7919 support in
>> apache httpd server.
>>
>
> Maybe you’re looking for mod_ssl—
> https://httpd.apache.org/docs/2.4/mod/mod_ssl.html
>
>>

Re: [users@httpd] Information Request | RFC- 7919 Support

[Will Fatherley]

> It would be very helpful if someone can help in some way or some
> documentation link that gives some more information on RFC-7919 support in
> apache httpd server.
>

Maybe you’re looking for mod_ssl—
https://httpd.apache.org/docs/2.4/mod/mod_ssl.html

>

[users@httpd] Information Request | RFC- 7919 Support

[Pankaj Pradhan]

Hello,
I was looking for documentation related to  RFC-7919 support in the apache
http server.
I couldn't find any reference in the existing documentation and neither a
google search resulted in any concrete answers.

It would be very helpful if someone can help in some way or some
documentation link that gives some more information on RFC-7919 support in
apache httpd server.

We are using version 2.4.37 but if the support is available in the latest
version we can upgrade as well.

Regards,
Pankaj

Re: [users@httpd] Inquiry about apache httpd compile option

[Daniel Ferradal]

El mié, 20 sept 2023 a las 9:03, (대학원생) 양성현 (컴퓨터공학과) ()
escribió:

> I appreciate you for your response.
>
> I understand that some ./configure flags can affect the httpd executable.
>
> May I know some examples which ./configure flag affects the httpd
> executable?
> --
> *보낸 사람:* Eric Covener 
> *보낸 날짜:* 2023년 9월 19일 화요일 오전 1:39
> *받는 사람:* users@httpd.apache.org 
> *제목:* Re: [users@httpd] Inquiry about apache httpd compile option
>
> > Does apache httpd binary depend on the compile options?
>
> It may, but a change to a ./configure flag will not necessarily affect
> the httpd executable.
>
>
>
What you need to understand is that httpd is quite modular and most
configure options (just run ./configure --help to see the available
options) will probably just impact the modules that end up being compiled
along with httpd.

So check the output of ./configure --help and test different options
according to your needs and test in a non system path (at least at first
until you get to know what you are doing), that is:

 ./configure --prefix=/home/your-user/httpd-test ..

-- 
Daniel Ferradal
HTTPD Project
#httpd help at Libera.Chat

Re: [users@httpd] Inquiry about apache httpd compile option

[Eric Covener]

Adding any module statically is an example, as is setting many flags
that shows up in `grep AC_DEFINE configure.in` to a non-default value,
such as --enable-v4-mapped or installation paths.
--enable-maintainer-mode is another example that drastically changes
compile flags.


On Wed, Sep 20, 2023 at 2:27 AM (대학원생) 양성현 (컴퓨터공학과)
 wrote:
>
> I appreciate you for your response.
>
> I understand that some ./configure flags can affect the httpd executable.
>
> May I know some examples which ./configure flag affects the httpd executable?
> 
> 보낸 사람: Eric Covener 
> 보낸 날짜: 2023년 9월 19일 화요일 오전 1:39
> 받는 사람: users@httpd.apache.org 
> 제목: Re: [users@httpd] Inquiry about apache httpd compile option
>
> > Does apache httpd binary depend on the compile options?
>
> It may, but a change to a ./configure flag will not necessarily affect
> the httpd executable.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>


-- 
Eric Covener
cove...@gmail.com

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org