[users@httpd] Rate limiting
How can i rate limit no. Of requests per ip for a particular url to prevent DoS?
Re: [users@httpd] How to Proxy Requests
We don't use htaccess file. Will rewriterules work for POST requests? On 25 Aug 2013 16:00, "Aarti Sawant" wrote: You can use htaccess to serve this purpose, use Rewrite rule for redirecting from one url to another url. Thanks, Aarti Sawant On Sun, Aug 25, 2013 at 10:47 AM, Akash Jain wrote: > > Hi, > > Users o...
[users@httpd] How to Proxy Requests
Hi, Users of my website hit a AJAX POST call for validation of User ID. The URL formed is http://dummy.com//handler/validateId?userid= ** RandomNumber is any random number based on the instance the request gets hit. Now, at webserver level, I want that request to be processed by another URL : http://internalURL.com/handler/validateId?userid= How can I achieve this type of POST proxy ? Thanks.
Re: [users@httpd] GZIP DEFLATE and HTTPD
Thanks a lot Ben. That helped. On Thu, Aug 8, 2013 at 3:12 AM, Ben Reser wrote: > On Wed, Aug 7, 2013 at 1:59 PM, Akash Jain > wrote: > > Per Akamai Guy, Vary shows akamai that content can vary so akamai is not > > caching, and this leading akamai to make requests to our webversion ... > > We mostly just use JS and CSS to be served from akamai .. > > I think whoever you're talking about at Akamai isn't being very > helpful. I know at a minimum you can simply not use compression > between you and Akamai and then turn on content-acceleration and Akmai > will do the compression for you. But I'm pretty sure they can also > support compression from the origin as well. > > Using a random css file from Godady's website: > http://img2.wsimg.com/pc_css/1/gd_H_20130624_http.min.css > > If I do the following with and without the --compressed I see that the > file is cached: > $ curl -H 'Pragma: akamai-x-cache-on, akamai-x-get-cache-key, > akamai-x-get-true-cache-key, akamai-x-serial-no' -v -o /dev/null > http://img2.wsimg.com/pc_css/1/gd_H_20130624_http.min.css > (note the X-Cache response with TCP_MEM_HIT). > > Using the X-Cache-Key header you can find the origin server which is > images.secureserver.net in this case... > > Hitting it like so: > $ curl --compressed -v -o /dev/null > http://img2.wsimg.com/pc_css/1/gd_H_20130624_http.min.css > > I see that they are using Content-Encoding: gzip and Vary: Accept-Encoding. > > I'm not sure if there's some config they have on their side to avoid > Akamai request compression or for their origin server to refuse to > give Akamai gzip. Unfortunately I don't have an Akamai setup anymore > to play with. > > Thing is Akamai benefits from properly supporting this because their > bandwidth bill to retrieve data from the origin server goes down. > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
Re: [users@httpd] GZIP DEFLATE and HTTPD
Per Akamai Guy, Vary shows akamai that content can vary so akamai is not caching, and this leading akamai to make requests to our webversion ... We mostly just use JS and CSS to be served from akamai .. On Thu, Aug 8, 2013 at 2:09 AM, Nick Kew wrote: > > On 7 Aug 2013, at 21:02, Akash Jain wrote: > > > But all modern browsers support it, right ? > > Are there any downsides for not using Vary:Accept Encoding with > mod_deflate? > > If you omit a Vary header, you're telling the cache you can't supply > other variants. That leaves the cache the choice of returning the > wrong contents to some clients, or returning an error. Or perhaps > ignoring the HTTP spec and asking the backend every time, > which would undermine all the benefits of HTTP cacheing. > > Sounds like akamai is broken. Or rather, not configured to cache > negotiated contents. Does it also refuse to cache multilingual pages? > > -- > Nick Kew > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
Re: [users@httpd] GZIP DEFLATE and HTTPD
But all modern browsers support it, right ? Are there any downsides for not using Vary:Accept Encoding with mod_deflate? On Thu, Aug 8, 2013 at 1:23 AM, Eric Covener wrote: > On Wed, Aug 7, 2013 at 3:48 PM, Akash Jain > wrote: > > We had a weird issue of Akamai not caching static content like JS, CSS > etc. > > On debugging, they reported that we are sending "Vary:Accept Encoding" is > > causing issue. > > But I think that mod_deflate automatically sends that (for proxies) > > > > However, I have explicitly unset that header so that Akamai can cache. > Are > > there any downsides of this ? > > If someone requests a file from a browser not capable of gzip > compression, they'll get an unreadable file, because it will be served > out of the cache in gzipped form. > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
[users@httpd] GZIP DEFLATE and HTTPD
We had a weird issue of Akamai not caching static content like JS, CSS etc. On debugging, they reported that we are sending "Vary:Accept Encoding" is causing issue. But I think that mod_deflate automatically sends that (for proxies) However, I have explicitly unset that header so that Akamai can cache. Are there any downsides of this ? Also do I need to turn off the compression also in case the same compressed file is not returned by HTTPD for the same uncompressed file. Thanks, Akash
Re: [users@httpd] How to run httpd server on random port on every bootup
@Mandar : Like Pete said, can you shed some light on the use case ?
On Tue, Mar 26, 2013 at 5:54 PM, Mandar Nandale wrote:
> Thanks Eric setting up environment variable worked for me
>
>
>
>
> On Tue, Mar 26, 2013 at 5:33 PM, Eric Covener wrote:
>
>> On Tue, Mar 26, 2013 at 7:51 AM, Mandar Nandale
>> wrote:
>> > Hi Guys,
>> >
>> > I am using Apache httpd 2.4.3 server on my linux machine and my
>> > requirement is to run server on some random port on every bootup which
>> is
>> > available in one text file to me . I have port.txt file under
>> /home/mandar/
>> > directory , i dont see any command line option to httpd to provide
>> listen
>> > port( is there any?) so only way is to edit httpd.conf file. What are
>> the
>> > ways i can achieve this.
>> > Thank You,
>> >
>>
>> You can add any directive on the command-line with -C or -c, or make
>> your port.txt Include'able, or make it set an environment variable
>> read by apachectl and use ${PORT} in your conf...
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>>
>>
>
>
> --
> Regards ,
>
> Mandar Nandale
> Embedded Software Engineer
> Mindteck India Ltd, Banglore
>
[users@httpd] Query on SSL Handshake
Hi, Is it possible to know if Apache is doing SSL handshake? We have moved certs to netscalar ... but we want to check if SSL handshake is still done by apache provided Netscalar still uses the same Vhost as previously. I checked using Custom logging in both and , butstill not sure if SSL handshake is done Apache : 2.2.3 (Oracle Build) OpenSSL : 0.9.8f Thanks ! Akash - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] question with apache rewriterules (working using crome, but not FF)
what does the rewrite logs say ?
On Sat, Jan 12, 2013 at 8:49 PM, Robert Rottermann wrote:
> Hi there,
> we are about to go live with a site we reimplemented.
> The site structure is different between the two sites.
>
> What I now would like to do is that old content is fetched from the old
> site.
> This I try to do with apache redirect rules:
>
> Here they are:
> #
> # old site
> #
> RewriteRule ^/web(.*)
> http://127.0.0.1:8181/VirtualHostBase/http/%{SERVER_NAME}:80/ecweb/ecweb/web/VirtualHostRoot/$1
> [L,P,R]
> ...
>
> #
> # new site
> #
> RewriteRule /(.*)/$
> http://127.0.0.1:8192/VirtualHostBase/http/%{SERVER_NAME}:80/ecweb/ecweb5/VirtualHostRoot/$1
> [L,P,R]
> RewriteRule ^/(.*)
> http://127.0.0.1:8192/VirtualHostBase/http/%{SERVER_NAME}:80/ecweb/ecweb5/VirtualHostRoot/$1
> [L,P,R]
>
> Now this works fine using google chrome V23 and safari (version unknown), but
> fails on firefox and IE
>
> you can try it yourself
> with:http://www.energie-cluster.chhttp://www.energie-cluster.ch/web
>
> I do not have yet a proxy (like varnish) installed
>
> thanks for any pointers
> robert
>
>
>
> --
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
> MVPs and experts. SALE $99.99 this month only -- learn more
> at:http://p.sf.net/sfu/learnmore_122912
> ___
> Plone-Users mailing
> listPlone-Users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/plone-users
>
>
Re: [users@httpd] Re: Compiling Apache httpd 2.4 with FIPS capable OpenSSL on Solaris
Thanks Jerry for the solution. On Fri, Jan 11, 2013 at 2:35 AM, Jerry Blasdel wrote: > My issue has been resolved. In my case I was statically linking the > OpenSSL so I needed to do the following before calling httpd configure: > > export CC=fipsld > export FIPSLD_CC=gcc > > > > This is a PRIVATE message. If you are not the intended recipient, please > delete without copying and kindly advise us by e-mail of the mistake in > delivery. > NOTE: Regardless of content, this e-mail shall not operate to bind CSC to > any order or other contract unless pursuant to explicit written agreement > or government initiative expressly permitting the use of e-mail for such > purpose. > > > > From:Jerry Blasdel/USA/CSC > To:users@httpd.apache.org > Date:01/09/2013 11:00 AM > Subject:Compiling Apache httpd 2.4 with FIPS capable OpenSSL on > Solaris > -- > > > We are trying to get an Apache 2,4 HTTPD executable created from a > Fips-capable OpenSSL on Solaris. > > After building and running the tests on fips-2 and OpenSSL 1.0.1c we > build Apache and when we try to start it up we get the following in the > error_log: > > [Wed Jan 09 16:21:30.066478 2013] [ssl:emerg] [pid 23726:tid 1] SSL > Library Error: error:2D06B06F:FIPS > routines:FIPS_check_incore_fingerprint:fingerprint does not match > [Wed Jan 09 16:21:30.066487 2013] [ssl:emerg] [pid 23726:tid 1] AH02312: > Fatal error initialising mod_ssl, exiting. > > Can anyone please provide me a place to start looking for a resolution? > > Thanks in advance > > >
[users@httpd] Client Side negotiation
Hi All, I have -MultiViews set and SSLInsecureNegotation off ( in ifmodule of mod_ssl.c) in Apache. But still vulnerability report says I am vulnerable to client side negotiation. Any pointers ? The same configuration works on our TEST environments. THe only difference is the build release versions. The systems where it is vulnerable has 31 around release build and in our TEST environment we have 53 release build version) All on apache 2.2.3 (Oracle provided) Thanks !
Re: [users@httpd] mod_rewrite Question
RewriteRule ^/cmdbnew/(.*)/(.*)$ http://ckcftpa2/cmdbnew/assetdetail.php?srv=$1&cust=$2 [R,L] If you have any L rule preceeding it, then it may be overwriting it. Can you try putting the rule i gave you above , and see what the rewrite logs say. On Sat, Dec 29, 2012 at 10:02 AM, Martin, Stanley G < stanley.mar...@capgemini.com> wrote: > It didn’t work. > > ** ** > > It’s obvious I subbed in some bogus names, but since I’m trapped behind a > firewall and this data isn’t sensitive, my real URl is: > > ** ** > > http://ckcftpa2/cmdbnew/assetdetail.php?server=Server1&cust=XXX > > ** ** > > I want them to click on a link that has an href like this: > > ** ** > > /cmdbnew/Server1/XXX > > ** ** > > And redirects them to the first one. > > ** ** > > Head getting flatter. > > ** ** > > Thanks for the quick first response. > > ** ** > > ___*** > * > > **[image: Email_CBE.gif]***Stanley Martin* > > System Administrator | IM DCS US Wintel Server Team | Outsourcing Services > > > ** ** > > Capgemini "US" | KCSC Service Center > > Tel.: (816) 347-7692 – Mob.: (816) 284-7415 > > www.capgemini.com > > ** ** > > 777 NW Blue Pkwy > > Lee's Summit, MO64086 > > *People matter, results count.*** > > ___*** > * > > ** ** > > *From:* Igor Cicimov [mailto:icici...@gmail.com] > *Sent:* Friday, December 28, 2012 10:19 PM > *To:* users > *Subject:* Re: [users@httpd] mod_rewrite Question > > ** ** > > > On 29/12/2012 3:12 PM, "Martin, Stanley G" > wrote: > > > > I have been banging my head against the wall on this and when I think I > finally have it, it doesn’t work. I’ve been able to get some basic stuff > to work like: > > > > > > > > Setting DirectoryIndex > > > > And doing a simple redirect. > > > > > > > > But, what I really want to do is make the URI cleaner so that the users > don’t see the name of the program. > > > > > > > > If I have a link in my code to: > > > > > > > > /folder1/ServerName1/CustomerA > > > > > > > > I would like them silently redirected to: > > > > > > > > /folder1/detail.php?srv=ServerName1&cust=CustomerA > > > > > In nutshell: > > RewriteRule ^/folder1/(.*)/(.*)$ /folder1/detail.php?srv=$1&cust=$2 [L]*** > * > > > > > > > > > This message contains information that may be privileged or confidential > and is the property of the Capgemini Group. It is intended only for the > person to whom it is addressed. If you are not the intended recipient, you > are not authorized to read, print, retain, copy, disseminate, distribute, > or use this message or any part thereof. If you receive this message in > error, please notify the sender immediately and delete all copies of this > message. > <>
