Re: [us...@httpd] Getting HTTP Headers from CGI program

[André Warnier]

Scott Gifford wrote:

André Warnier  writes:


Tushar Joshi wrote:

Hi thanks for the reply. I'm writing my applications in C so would
have thought there might be a low level way of doing this.


[...]


But, in general, if this is a CGI program, then it is running as a
separate process from Apache itself, and it does not have access to
Apache internals.
What your program gets is the CGI environment as set up by Apache, but
you do not get all the HTTP request headers that way (only some are
"translated" by Apache as environment variables for your CGI
program).


It would be fairly straightforward to copy additional information from
Apache to the environment with a little bit of mod_perl or a simple
module, to make it available to CGI scripts.


Allright, how ?  We're all ears.
If the OP does not use mod_perl right now, and this being the day which 
it is, I cannot for myself think of a quickie solution for the next 24 
hours or so...

 ;-)
Happy New Year.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Getting HTTP Headers from CGI program

[André Warnier]

Tushar Joshi wrote:
Hi thanks for the reply. I'm writing my applications in C so would have 
thought there might be a low level way of doing this.


I was asking, just in case you were using Perl.  I would then have 
pointed you to mod_perl and the CGI module, which together allow you to 
do that kind of thing easily.


But, in general, if this is a CGI program, then it is running as a 
separate process from Apache itself, and it does not have access to 
Apache internals.
What your program gets is the CGI environment as set up by Apache, but 
you do not get all the HTTP request headers that way (only some are 
"translated" by Apache as environment variables for your CGI program).


It would be different if your application, instead of a CGI program, was 
written as an Apache add-on module. That is possible, but I cannot help 
you there (other than with Perl).


There may be a possibility however, by using one of the existing Apache 
modules as a filter, which would take the content of a HTTP request 
header and turn it into an environment variable which your CGI could 
then see.
I cannot give you any specifics, but I would look at modules such as 
mod_setenvif, mod_headers, mod_rewrite.

I would start the search here :
http://httpd.apache.org/docs/2.2/mod/mod_setenvif.html#setenvif

Be a bit careful however when you see words like "environment 
variables".  These words do not necessarily have the meaning 
"environment variables for CGI programs".



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Logs of uploaded files from browser

[André Warnier]

Manoj Singh wrote:

Hi Devraj,

Actually i mean by files uploaded through the client side by any browser? I
have the web site through which I am providing the facility to upload the
files. 


And how exactly are you doing this ?


Now I want to check out how many files were uploaded and details

through apache web server logs. Please advice me how to do this.


Apart from DAV, Apache does not provide a method to upload files.
DAV (mod_dav) will log any file upload (look for PUT requests).
If you do it via some other method, then your method is the one that 
should log the uploads.



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] "Script GET /cgi-bin/foo" doesn't apply to all GET requests

[André Warnier]

Michael Stillwell wrote:

The documentation at

http://httpd.apache.org/docs/2.2/mod/mod_actions.html#script

says that "Script with a method of GET will only be called if there are query 
arguments present."  Is there any way to work around this limitation?  I would like 
a GET request for e.g.

http://example.com/user/foo

to be passed through to the specified CGI script irrespective of whether query 
arguments are present or not.


Just don't use the Script directive then.

ScriptAlias /cgi-bin/ /var/www/cgi-bin/


  Options ExecCGI



will allow any file within that directory to be executed as a CGI 
script, no matter the method or the arguments.

Just make sure that what you put there is safe.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Getting HTTP Headers from CGI program

[André Warnier]

Tushar Joshi wrote:
Hi, 


I'm trying to get a HTTP header from my CGI program, in this particular
example it's SOAPAction, however I'm not sure how to do this as you can
only getenv some of the headers. Is there a way to get all the headers
sent from the client or a way in maybe the apache config to set the
environment variable manually. I've lookever all over for this and
couldn't find anything so either it's dead easy or I have to write an
apache module to do this?

Cheers if you can shed any light on this one, 


What is your CGI program written in ? (language)

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Redirect permanent http to https fails

[André Warnier]

Jeff Shearer wrote:

The following redirect fails:

Redirect permanent http://192.168.0.200/private https://192.168.0.200/private


That may be because you have not read the (excellent) on-line 
documentation, which states :


http://httpd.apache.org/docs/2.2/mod/mod_alias.html#redirectpermanent
is exactly equivalenent to "Redirect permanent", which itself

http://httpd.apache.org/docs/2.2/mod/mod_alias.html#redirect
states that the URL is a URL *path*, starting with "/".

So, what happens if you just say

Redirect permanent /private https://192.168.0.200/private

?

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Configuration leads to error

[André Warnier]

R. M. Pretzlaw wrote:

Whats so confusing about my configutation?


Maybe the first thing is : why use a .htaccess file, when you evidently 
have access to the main server configuration.
.htaccess files are probably to most over-used thing in Apache 
configurations, and they are quite inefficient, and often quite confusing.
The reason is basically that you are asking Apache to first walk down 
the whole file hierarchy, applying all applicable  and 
 rules as it is doing so.
Then at the last level, Apache finds a .htaccess file that tells it to 
do something else. So it now has to restart at the beginning, and do it 
all over again.
If you need Rewrite rules, you can also put them right at the beginning 
of your Apache configuration file, or inside of a  section.
In my opinion, .htaccess files make sense only in the case where your 
system's main configuration is not accessible, and you only can use a 
.htaccess file inside a directory to which you do have access.


I am also a bit puzzled by your Rewrite rules :
RewriteRule ^[.]{0}$ _index.php?u= [L,QSA]
RewriteRule ^([^_]+)$ _index.php?u=$1 [L,QSA]

what is the first one supposed to match ? to me it looks like matching a 
URL composed of "a dot character, zero times". ??

What are you trying to match ?
Can you give an example of a URL, and what you would like it to be 
rewritten as ?







-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] HoloCMS

[André Warnier]

Peter Maguire wrote:

Ok but how do I make a database?


That seems more of a question for the HoloCMS help forum, than for the 
Apache one.




Sent from my iPod

On 26 Dec 2009, at 17:38, Marcin 'Rambo' Roguski  wrote:

How can you get HoloCMS to work with apache.

According to their website you just need a working PHP and database
access. Then copy the CMS files to a directory served by Apache, create 
database and set up CMS to use it and you're set.







-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] HTTPD Logwatch

[André Warnier]

Kaustubh Deorukhkar wrote:

I am naive user..but this is what comes to my mind...please see if this
helps

- create seperate logs per website...

SetEnvIf Referer www\.mydomain1\.com site1_request
CustomLog logs/mydomain1_log common env=site1_request

SetEnvIf Referer www\.mydomain2\.com site2_request
CustomLog logs/mydomain2_log common env=site2_request
...

This won't work. The "referer" is the name of the system the request 
comes *from*, not the host who serves it.
As Lukreme mentions, you can have (and probably the OP has) different 
logfiles for each website, with Virtual Hosts.
But I believe the OP's issue is different.  The "logwatch" he's talking 
about is probably some utility which monitors several logfiles at once.

But let him explain.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] HTTPD Logwatch

[André Warnier]

Asai wrote:
I manage about 20 websites.  So I need to see which ones are reporting 
which things.  I've checked the custom log in the past, it didn't do 
what I wanted, but perhaps I didn't understand what I was doing--which 
is quite likely.


Maybe you want to explain what you mean by "logwatch" then ?
If this is a separate program from the Apache httpd suite, do not assume 
anyone here knows what you are talking about.


As indicated below, you can change the format of the CustomLog to 
include pretty much anything you want.  Did you actually go look at 
these pages ?




André Warnier wrote:

Asai wrote:

Greetings,

Is there a way which I can expand the logwatch entries for httpd 
which will allow me to view the entire domain name instead of just 
the relative uri?  Like I have /this/page instead of 
www.mysite.com/this/page.



Can you explain what would be the point ?
Presumably, if clients access your site, you already know the name of 
the site, no ?


Or maybe you want to look at this page :
http://httpd.apache.org/docs/2.2/mod/directives.html
and lookup the "CustomLog" and "LogFormat" directives.


-
The official User-To-User support forum of the Apache HTTP Server 
Project.

See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org






-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] HTTPD Logwatch

[André Warnier]

Asai wrote:

Greetings,

Is there a way which I can expand the logwatch entries for httpd which 
will allow me to view the entire domain name instead of just the 
relative uri?  Like I have /this/page instead of www.mysite.com/this/page.



Can you explain what would be the point ?
Presumably, if clients access your site, you already know the name of 
the site, no ?


Or maybe you want to look at this page :
http://httpd.apache.org/docs/2.2/mod/directives.html
and lookup the "CustomLog" and "LogFormat" directives.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Searching for a powerfull apache log analizer

[André Warnier]

Frank Bonnet wrote:

Hello

As described uin the subject I'm searching for such piece of software
it might be freeware or commercial but must runs with Linux.

A highly configurable software is a must as we need to do a lot
of statistics ( per user, IP , auth successful , auth not successful ...)

Graphical reports of course.

Any info, links, welcome


http://lmgtfy.com?q=web+log+analyzer


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Alias for htaccess

[André Warnier]

Eric Covener wrote:

On Mon, Dec 21, 2009 at 7:12 AM, Jaap A. Haitsma  wrote:

Hi,

I know you cannot use the Alias directive in htaccess but I was
wondering if I can achieve something similar to that.

I have the following problem. With my hosting provider I can add more
domains to my main domain with which I registered. However they have
to be in subdirectories

To be more precise, my main domain (e.g www.maindomain.com) is in the directory
/public_html
and my add on domain can then be in
/public_html/www.addondomain.com

What I want is that my main domain is in
/public_html/www.maindomain.com


for .htaccess in your document root this will probably give you a good start:

RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_HOST} ^(www\.)maindomain.com$


or rather :
RewriteCond %{HTTP_HOST} ^(www\.)?maindomain.com$

?


RewriteCond %{REQUEST_FILENAME} !www.maindomain.com
RewriteRule (.*)  /public_html/www.maindomain.com/$1




-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] protecting directories

[André Warnier]

Zachary Uram wrote:

I am running Apache 2 in Linux and have several websites.

Say site A is in /var/www/a and there is a directory /var/www/a/foo/
and foo/ has 3 .html files but I only wish to serve index.html
so how do I protect the other files so that people can't fish for the
name to find them. Also how do I prevent visitors from browsing other
directories?
And what if I am using CSS and PHP how can I protect that also? I have
heard about .htaccess but I don't know how to set this up. Can I see
someone's file?

It looks like you have a lot of reading of the Apache documentation to 
do, to occupy your Christmas holidays.

Maybe forget .htaccess for now, and look at these :

Your basic page is http://httpd.apache.org/docs/2.2/mod/directives.html
Look at :
Location
Directory
Files
DirectoryIndex
Options  (Indexes)
Allow
Deny

There are plenty of examples in the documentation, written by people who 
really know how Apache works.  They have spent a lot of time writing the 
docs and the examples.  The best way to get on the right path is to 
acknowledge their efforts, and make an effort yourself at reading the 
on-line documentation. All the answers to all your questions above are 
there.


Merry Christmas.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] How to remove an environment variable...

[André Warnier]

Krist van Besien wrote:
...



Maybe I could use some mod_perl to manipulate this internal
representation. 


Yes of course.
Maybe try this


PerlFixupHandler "sub {   \
use Apache2::Const qw(:common);
  my $r = shift; \
  $r->user(undef); \
  return Apache2::Const::OK; \
}"


Note : that's really rough, and I haven't tried it. Use at your own 
risk.  Let me know though.

;-)

Or just use a custom "index.php" which unsets this
variable. 

Hèèèk.



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Counting requests

[André Warnier]

ricardo figueiredo wrote:

hi,

How Can I count the number of requests processed ?

For example,
I would like to count the number of requests were processed each ten
seconds. Like as monitor
Maybe first look at tools such as munin 
(http://munin.projects.linpro.no/) and webalizer.


In a very generic way, I would recommend looking at it this way : Apache 
can already generate an access log (CustomLog) with basically all the 
information you need or want for analysing your webserver traffic, and 
this log generation is fairly-well optimised.
Anything that you would introduce in addition in the webserver is likely 
to have a significant impact on performance.
So look at existing tools which analyse the access log after the fact 
and present it nicely, rather than re-inventing the world.




-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: AW: [us...@httpd] Silent Installation Apache HTTP Server

[André Warnier]

William A. Rowe Jr. wrote:

Buchbauer Thomas wrote:

Platform: Windows
Version: latest release (>= 2.2.13)


I recently updated the docs; see
http://httpd.apache.org/docs/trunk/platform/windows.html#advinst


That is a great page. Thanks.
But it does not seem to be the same one as one gets when following from 
the httpd 2.2 docs main page, namely

http://httpd.apache.org/docs/2.2/platform/windows.html
When do these get reconciled ?


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: AW: [us...@httpd] Silent Installation Apache HTTP Server

[André Warnier]

Buchbauer Thomas wrote:

Platform: Windows
Version: latest release (>= 2.2.13)

I really don't know if the MSI version of the Apache installer offers 
such a scripting option by itself.

But there exist multiple Windows packages which offer this kind of thing.

http://lmgtfy.com?q=windows+installer+package

Usually, you call up such a program, and give it the name of the MSI 
file you want to install. It then "captures" the answers you are giving, 
and creates an automatic script out of it.

(They are usually more sophisticated that that, too).
For Windows, that may be your easiest solution.

This being said, installing Apache under Windows does not really require 
that much user input.  You may get away with just providing a small 
README file.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] How to enable PUT request on Apache/2

[André Warnier]

Yetkin Degirmenci wrote:

Hello everyone,

I need to enable PUT request on my VPS server because I bought a 
comercial cms.

Even my service provider can't figure it out.
I'm not so familar those kind of things.
Only thing we tried made a alias with Davlock it were PUT work under 
subdirectory
but I need to work under publich_html but we can't define alias to "/" 
root directory.

any help realy apreciated.


As far as I understand things, PUT requests are not disabled in Apache.
They are enabled, as long as there is a handler capable of processing them.
By installing mod_dav, you install one such handler.
If your CMS is supposed to allow and handle PUT requests, then it is the 
job of your CMS to provide that handler.



Let me say this another way :
By default, to serve HTTP requests for any directory, Apache installs 
and uses its own "default handler".  That one handles GET requests, 
normally by returning the document which corresponds to the request URL.
So the fact that Apache does not normally accept PUT requests, is simply 
because Apache's default handler does not accept them.
If you place a directory under control of another handler however (like 
mod_dav), then it depends on this handler whether PUT requests are 
accepted or not.
The same if your CMS uses PUT requests.  Your CMS should then provide a 
handler which accepts PUT requests.

It is basically its problem, not Apache's.
Your CMS is then also responsible for the security aspects of allowing 
users to upload files to your server via PUT requests.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Silent Installation Apache HTTP Server

[André Warnier]

Buchbauer Thomas wrote:

Hi,

Does anybody know, if there is a way to install Apache HTTP Server
silent, with something like a response-files as input?
With response-file I mean, a file as input for the setup, which contains
values for all configurable settings in the setup (e.g. location,
repositories-path, port, ...).

I would think that at least for this kind of question, you may want to 
specify which version of Apache httpd you are talking about, and on 
which platform.  No ?



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] best way to modify a URL

[André Warnier]

2. major issue: form POST problem: form POST should probably not get 
redirected either, but so far I can't find what condition to test for



Purely as an aside :

Redirecting a POST internally is not a problem, because it happens 
early, before Apache even starts to read the request body (so to speak).


Redirecting a POST externally (through a browser re-direct response) is 
more of a problem, because then the browser has to re-submit the entire 
POST a second time, and browsers are inconsistent about that.


But POST is not a problem with Virtual Hosts, because if your website is 
correctly structured, browser will be talking to the correct Host right 
away.





-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] best way to modify a URL

[André Warnier]

Oliver Schoenborn wrote:

RewriteCond   %{HTTP_HOST} ^dodo\.foo\.com$
RewriteRule   ^/bar/(.*)   /$1[R,L]

RewriteCond   %{HTTP_HOST} ^dodo\.foo\.com$
RewriteRule   ^(.+)%{HTTP_HOST}$1  [C]
RewriteRule   ^dodo\.foo\.com/(.*)http://foo.com/bar/$1   [P]


Also, in your example above, for me instinctively the last 3 rules look
like you are doing some extra work that should not be necessary :
- you test if the host name is "dodo.foo.com"
- then you modify the URL to add this hostname in front of the URL
- only to strip it out again and redirect to "foo.com/bar/" with a proxy
rule


Good point. I'll have to see if I can combine them, I based those two rules on an example, but I may be able to get away with 


RewriteCond   %{HTTP_HOST} ^dodo\.foo\.com$
RewriteRule   ^(.*)http://foo.com/bar/$1   [P]

There are a couple other issues: 
1. minor performance issue: all CSS and javascript etc (which all start with /bar/ in URL) do not need a redirect so I should probably filter those out if possible

2. major issue: form POST problem: form POST should probably not get redirected 
either, but so far I can't find what condition to test for


Considering your latest answer, I am also now inclined to think that
using  sections would be much cleaner.


More efficient, more maintainable, or less code to write to obtain same effect?


Probably all of the above.
General idea :

Listen *:80
NameVirtualHost *:80


  Servername foo.com
  DocumentRoot /var/www/foo.com/docs

... (anything belonging to foo.com)




  Servername dodo.foo.com
  DocumentRoot /var/www/dodo.foo.com/docs   (**)

... (anything belonging to dodo.foo.com)



and just forget about redirecting/proxying from dodo.foo.com to foo.com/bar.

Now go read about Virtual Hosts.  That's what this stuff was created for 
: run 2 or more websites on the same Apache.  Your recently acquired 
knowledge about proxying and rewriting URLs will not be lost.  But maybe 
this is not the best place to use it.


http://httpd.apache.org/docs/2.2/vhosts/

(**) if you really insist, this could be
  DocumentRoot /var/www/foo.com/docs/bar
but I believe that this complicates the maintenance and programming.




-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] best way to modify a URL

[André Warnier]

Oliver Schoenborn wrote:


In order to apply the proxying just for dodo.foo.com only, I use a rewrite rule. Here is what I have so far, seems to work completely: 


RewriteCond   %{HTTP_HOST} ^dodo\.foo\.com$
RewriteRule   ^/bar/(.*)   /$1[R,L]

RewriteCond   %{HTTP_HOST} ^dodo\.foo\.com$
RewriteRule   ^(.+)%{HTTP_HOST}$1  [C]
RewriteRule   ^dodo\.foo\.com/(.*)http://foo.com/bar/$1   [P]

The [R,L] of first rule causes a redirect to client and the rule processing 
ends so client will just make a new request with the /bar/ stripped out, AND 
client browser will show the redirected URL. The [P] in second rule will cause 
proxying, but only for requests to dodo.foo.com, so client will NOT see that 
foo.com/bar is really the URL used. Time will tell if there are any corner 
cases that this doesn't cover. But boy, that rewrite module is powerful stuff!


The main aspect is that you understand what is going on.
Now you can fly with your own wings.
In the second part of my answer, I was trying to avoid doing an external 
redirect, because :
- it is less efficient in terms of bandwidth : you add a round-trip to 
the browser and back
- it is less efficient in terms of your server : you have to process 2 
consecutive requests, instead of just one
- even for a fleeting moment, the browser is aware of the redirection, 
while if you do the redirection entirely inside of Apache, the browser 
never sees anything, and thinks the whole time that it is talking to 
dodo.foo.com


Also, in your example above, for me instinctively the last 3 rules look 
like you are doing some extra work that should not be necessary :

- you test if the host name is "dodo.foo.com"
- then you modify the URL to add this hostname in front of the URL
- only to strip it out again and redirect to "foo.com/bar/" with a proxy 
rule

It may all work, but it seems terribly heavy.
Maybe I'm wrong though.


Considering your latest answer, I am also now inclined to think that 
using  sections would be much cleaner.





-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] best way to modify a URL

[André Warnier]

Much, much better, and really clear this time.

Oliver Schoenborn wrote:

Sorry I didn't notice the html format, I'm amazed that some people were able to 
understand my question!

(only the smart ones)
 Hopefully it works now. Here is what I am trying to do, 2 separate cases:


1. Client goes to http://dodo.foo.com: 
  A. server changes this to http://foo.com/bar

  B. server returns content (which will be http://foo.com/bar/index.html)
  C. client sees the content in browser
  D. AND the client's browser shows the URL (in Location text field) as being 
http://dodo.foo.com (rather than http://foo.com/bar/index.html)



As someone else indicated previously, this is a standard feature of 
mod_proxy.
First, let's assume for a moment that "dodo.foo.com" and "foo.com" are 
really two different machines, with each its own Apache on it.


If you want to use mod_proxy, use ProxyPass to forward the call to the 
backend server.


ProxyPass / http://foo.com/bar/

The client sees only the front-end server, so he should never see the 
URL of the back-end.

However, there are exceptions :

a) if the back-end server itself sends a re-direct response (to the 
front-end server, but passed by the front-end server back to the 
client), then normally that re-direct response will refer to the 
back-end server (foo.com).
But luckily, that's what the proxyPassReverse directive is for, to 
correct that situation.

So, if you do :

ProxyPass / http://foo.com/bar/
ProxyPassReverse / http://foo.com.bar/

that would work.
(However, this is all a bit silly, because it means that you have one 
front-end system that does nothing else than passing everything to the 
back-end and back; so why have a front-end ?)


and b) for links inside of html pages. That is your case below.



2. Client clicks on a link that is on the page just received:
  A. the href will be, say, http://foo.com/bar/someotherpage.html
  B. server returns content
  C. client sees the content in browser
  D. AND the client's browser shows the URL (in Location text field) as being 
http://dodo.foo.com/someotherpage.html (rather than 
http://foo.com/bar/someotherpage.html)



(First note that what you want above is not really possible. If the link 
in the page that the client gets is really 
"http://foo.com/bar/someotherpage.html";, then that is what the client 
will see in the URL bar after he clicks on it). (Unless you want to have 
"foo.bar" redirect to "dodo.foo.bar" via a redirect response, but there 
you are really getting complicated).

So I will rectify A above as follows :

>   A. the href will be "http://dodo.foo.com/someotherpage.html";

The easiest way to do that, would be for all your pages to use only 
links without a hostname, like :

go there

If the broser got such a page via an original URL like 
"http://dodo.foo.com";, and he gets a page that contains a link to
"/someotherpage.html", then the browser will continue to address the 
same server to get that page, like :

"http://dodo.foo.com/someotherpage.html";

And that will work, because of the Proxy rules above (he will get the 
content of the file "http://foo.com/bar/someotherpage.html"; )


-

So now let's take the situation where "foo.com" and "dodo.foo.com" are 
really the same machine and the same Apache.

That is in fact easier.

First, you would have to define (in the DNS system), that "foo.com" and 
"dodo.foo.com" resolve to the same IP address, the one of your server.

That is the first indispensable step.

Then, you would make it so that your Apache server knows to answer to 
both these names.  That, you do simply with :


ServerName dodo.foo.com
ServerAlias foo.com

So now, whether the client addresses "http://dodo.foo.com"; or 
"http://foo.com";, he really comes to the same place.


Let's also say that the DocumentRoot is
DocumentRoot /var/www/foo.com/

and that there is a document called "index.html" there.

So when the client addresses "http://dodo.foo.com"; OR "http://foo.com";, 
he always gets the file /var/www/foo.com/index.html.


That is getting closer, but still not entirely what you want.
You want that when he asks for "http://dodo.foo.com";, he would actually 
get the document that is located at


/var/www/foo.com/bar/index.html

For that, we need mod_rewrite and a a RewriteRule

RewriteRule "^/(.*)$" "/bar/$1"

So now when the client addresses "http://dodo.foo.com"; OR 
"http://foo.com";, he always gets the file /var/www/foo.com/bar/index.html.
(In fact,  no matter what URL he asks, he will always get a "/bar/" 
added in front.)


That's good, but still not correct maybe, because maybe you want that 
this only happens when the client asks for "http://dodo.foo.com";, and 
NOT when he asks for "http://foo.com";.

No problem, we can put a condition on the above Rewrite :

RewriteCond %{HTTP_HOST} "dodo.foo.com"
RewriteRule "^/(.*)$" "/bar/$1"

So now we *only* do this when he asks for "dodo.foo.com" and NOT when he 
asks for another server name (like "foo.com").


Ok for

Re: [us...@httpd] mod_proxy(_ajp) key=value explanation

[André Warnier]

Eric Covener wrote:

On Wed, Dec 16, 2009 at 4:42 PM, André Warnier  wrote:

Hi.

In the following kind of directive

ProxySet ajp://backend:7001 timeout=15

mentioned in :
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxyset

to what do the "keys" (in this case, "timeout") really correspond ?
To the attribute names of the AJP Connector in Tomcat ?
Or to some more obscure reference somewhere ?



The keys are defined in the ProxyPass directives documentation.


Thanks. I missed that one.
I have not yet read the whole thing in detail (there is quite a lot), 
but scanning the keys, I do not see one corresponding to the 
"request.secret" attribute of the Tomcat AJP Connector.

Does that mean I can't use it for now with mod_proxy_ajp ?


Actually, the problem is one posed by someone on the Tomcat list.
The OP there was wondering how it would be possible to selectively 
allow/disallow some front-end Apache's from proxying to the Tomcat AJP 
port.  A RemoteAddressValve in Tomcat won't do, because it filters on 
the base of the original client address.

He is using mod_proxy_ajp at the Apache level.
Any idea ?


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[us...@httpd] mod_proxy(_ajp) key=value explanation

[André Warnier]

Hi.

In the following kind of directive

ProxySet ajp://backend:7001 timeout=15

mentioned in :
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxyset

to what do the "keys" (in this case, "timeout") really correspond ?
To the attribute names of the AJP Connector in Tomcat ?
Or to some more obscure reference somewhere ?

As a precise example, I would like to set the secret key referenced by 
the "request.secret" attribute of the AJP Connector.

(see : http://tomcat.apache.org/tomcat-5.5-doc/config/ajp.html)

How would I do that ?

Thanks

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] MaxRequestsPerChild limit is never reached

[André Warnier]

Damian Montaldo wrote:

On Wed, Dec 16, 2009 at 4:14 PM, Eric Covener  wrote:

On Wed, Dec 16, 2009 at 2:07 PM, Damian Montaldo
 wrote:

Hi! I have a little doubt.

I've setup MaxRequestsPerChild to 1. But when I check how many
requests a child served, it never gets to that number, intstead seems
to die earlier. Is there some kind of 'idle time' or something?

I've looked into the prefork.c and it was too big for me. Any suggestions?

MaxSpareServers?



StartServers 150
MinSpareServers 5
MaxSpareServers 20
ServerLimit 250
MaxClients 200
MaxRequestsPerChild 1



(Saving Eric some typing maybe)
(The following is all by the way in the on-line docs, see
http://httpd.apache.org/docs/2.2/mod/directives.html

> StartServers 150
At start, Apache will start 150 children.

After a while, if they have nothing to do, Apache will start killing off 
some, in function of :


> MinSpareServers 5
It will always leave at least 5 living ones, even if they have nothing 
to do.  Just so that if a few requests come in suddenly, it has a few 
children ready to server these requests.


> MaxSpareServers 20
As more requests come in, Apache will start more children, to nhandle 
the increased present and future load.

But it will never leave more than 20 children doing nothing.

> ServerLimit 250
That is the absolute maximum number of children it will ever start.  But 
read the doc at 
http://httpd.apache.org/docs/2.2/mod/mpm_common.html#serverlimit


> MaxClients 200
That is the maximum number of requests that will be processed at any one 
time. It slimit is ServerLimit.

But again, read the doc above.

> MaxRequestsPerChild 1
Independently of the above, any child that has handled 1 requests 
already, will die.  But it could have been killed before by virtue of 
one of the directives above.




-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Help with redirects and port-forwarding.

[André Warnier]

Philip Wigg wrote:

Hi,

I'm using Apache/1.3.36 and I don't have any room to change the
version at the moment. I have a separate Virtual Host listening on
port 8001:-


DocumentRoot "/opt/apache_1.3.36/htdocs"
ServerName www.example.co.uk
ErrorLog /var/log/http/example_error_log
TransferLog /var/log/http/example_access_log

RewriteCond %{REQUEST_URI} !^/portal.*
RewriteCond %{REQUEST_URI} !^/static.*
RewriteCond %{REQUEST_URI} !^/graphics.*
RewriteCond %{REQUEST_URI} !^/css.*
RewriteCond %{REQUEST_URI} !^/cgi-bin/.*
RewriteCond %{REQUEST_URI} !^/favicon.ico
RewriteCond %{REQUEST_URI} !^/robots.txt
RewriteRule ^(.*)$ /portal [R=301]


There is a firewall which is port-forwarding from port 80 to port 8001
on the web servers. The problem is that Apache is constructing
self-referential URLs with the 8001 port number. For example, it's
redirecting from http://www.example.co.uk to
http://www.example.co.uk:8001/portal which is not what I want, I want
it to keep port 80. I have tried using 'UseCanonicalName off' inside
my Virtual Host block to no avail (UseCanonicalName is turned on in
the main host block).

Are there any other suggestions other than writing explicit redirects?
Would UseCanonicalPhysicalPort fix my issue if I were using a later
version?


What happens if you just replace you last RewriteRule by
 RewriteRule ^(.*)$ http://www.example.co.uk/portal [R=301]

By doing the [R=301], you are forcing a 301 response back to the browser 
anyway, so you might as well make it explicit, and it should not add any 
extra overhead.


Otherwise, the easiest solution would be to have your firewall forward 
to port 80, not 8001, and change your VirtualHost to use 80.
(And maybe add another listening IP address to your server, if you need 
that to distinguish with another existing Apache instance on port 80).


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] best way to modify a URL

[André Warnier]

Oliver Schoenborn wrote:

I have a simple problem:   the URL root for a client website we are setting up is 
http://foo.com/bar/*, but our client wants access to be it via 
http://dodo.foo.com/*, how would I set this up? I have used 
mod_proxy in the past for something similar but this doesn't seem to be applicable 
here. I think mod_rewrite could handle it but it is rather complicated to learn in 
short time, if there is a simpler way or an example somewhere a link would be greatly 
appreciated. Cheers,
Oliver



Hi.
Please post your messages to the list (and preferably any list) in plain 
text, not in html.
As it is, your question is not really understandable.  There are 3 
different hostnames mentioned, and it is not very clear what you mean.

A "URL root" (whatever that really means), certainly never ends in "*".
Your problem may be simple, but the way you explain it does not make it 
simple to understand.

Try again ?




-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Request Counting algorithm

[André Warnier]

ricardo figueiredo wrote:

Hi,

I was trying to implement Round Robin in mod_proxy, but I realized that
Request Counting is like as Round Robin when all values of lbfactor are
equal.

Is That right ???


That sounds like a valid deduction.
It don't think that it is necessarily of the same level as e=Mc2 however.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] A question about configuration of "workers.properties"

[André Warnier]

thomas2004 wrote:

I have 2 questiuons.


I'll just give my opinion on the first one.



1.
I see many examples as follow:
[code]
worker.list=worker1,worker2
# Set properties for worker1
worker.worker1.type=ajp13
worker.worker1.host=localhost
worker.worker1.port=8009
# Set properties for worker2
worker.worker2.type=ajp13
worker.worker2.host=localhost
worker.worker2.port=8109
[/code]

But can I configure all workers to access the same port as follow?
[code]
worker.list=worker1,worker2
# Set properties for worker1
worker.worker1.type=ajp13
worker.worker1.host=localhost
worker.worker1.port=8009
# Set properties for worker2
worker.worker2.type=ajp13
worker.worker2.host=localhost
worker.worker2.port=8009
[/code]



What would be the point ?
Normally, the point of having more than one worker, is when you have 
more than one Tomcat back-ends, and you want to distribute the requests 
between them (either by load-balancing, or just by selecting one or the 
other based on the request URL).


If you configure different workers, but all of them point to the same 
back-end host and port, then all the requests anyway will go to the same 
Tomcat, and to the same Connector within Tomcat.

It is at best an increase in the overhead.
At worst, by doing this, you probably ruin the mod_jk calculation of how 
many connections to Tomcat it should manage and keep alive.






-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Why does mod_proxy_balancer ajp:// crash apache tomcat?

[André Warnier]

Andrew Harvey wrote:
 

Using mod_proxy_balancer.so on apache 2.2.14 


to balance tomcat 5.5.27

 


 
BalancerMember http://192.168.1.190:8080 route=jvm1
BalancerMember http://192.168.1.191:8080 route=jvm1



 


causes tomcat to coredump with

 


Dec 11, 2009 10:40:22 AM org.apache.catalina.core.ApplicationContext log
INFO: SessionListener: contextDestroyed()
Dec 11, 2009 10:40:22 AM org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: contextDestroyed()


 


[Q1]

Why does apache 2.214 mod_proxy_balancer.so cause tomcat to coredump

 


[Q2] Is there a known fix (apart from not using ajp://)

 

Dunno. Maybe here : http://lmgtfy.com/?q=asking+smart+questions


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] http video streaming

[André Warnier]

János Löbb wrote:


On Dec 10, 2009, at 3:48 PM, André Warnier wrote:


Ted Byers wrote:
Presently running Apache's httpd v 2.2.9 on Windows Server (and also 
on XP,

but my tests in question were run on the server).
I have attempted to get httpd video streaming working by making a wvx 
file
pointing at the video file I want to stream.  When I then point my 
browser
at it, the dialog asking to open media player appears, and when I 
click ok,

th eplayer opens immediately, but it waits until the entire file (a WMV
file) has been transferred, showing the progress of its being 
buffered by

the player, before it actually plays the file.

...
I don't really know, and I am also interested in an authoritative answer.

But I will dare a guess, based on what I think I know of HTTP.
My guess would be that streaming video (or audio) would rely on the 
capability, both of the client and the server, to handle "range" 
requests.  The client can ask for an object, but also specify "from 
byte x to byte y". The server then sends that part, and the client 
starts plaing it. At the same time, the client issues more requests 
for subsequent ranges, and the server sends these chunks, etc..
I guess that this must also mean that the format of the media itself 
lends itself to it, in the sense that the information needed to play 
the thing is sent at the beginning or with each chunk, and not at the 
end.
All in all, I would thus guess that to do real streaming, both the 
client and the server have to be rather specialised for that task.





There is more info here: http://dss.macosforge.org/


Seems so, thanks.
Particularly this link : http://soundscreen.com/streaming/compress_hint.html

That kind of confirms that one needs specialised stuff (as opposed to 
just Apache and Media Player).




-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org





-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] http video streaming

[André Warnier]

Ted Byers wrote:

Presently running Apache's httpd v 2.2.9 on Windows Server (and also on XP,
but my tests in question were run on the server).

I have attempted to get httpd video streaming working by making a wvx file
pointing at the video file I want to stream.  When I then point my browser
at it, the dialog asking to open media player appears, and when I click ok,
th eplayer opens immediately, but it waits until the entire file (a WMV
file) has been transferred, showing the progress of its being buffered by
the player, before it actually plays the file.


...
I don't really know, and I am also interested in an authoritative answer.

But I will dare a guess, based on what I think I know of HTTP.
My guess would be that streaming video (or audio) would rely on the 
capability, both of the client and the server, to handle "range" 
requests.  The client can ask for an object, but also specify "from byte 
x to byte y". The server then sends that part, and the client starts 
plaing it. At the same time, the client issues more requests for 
subsequent ranges, and the server sends these chunks, etc..
I guess that this must also mean that the format of the media itself 
lends itself to it, in the sense that the information needed to play the 
thing is sent at the beginning or with each chunk, and not at the end.
All in all, I would thus guess that to do real streaming, both the 
client and the server have to be rather specialised for that task.




-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] using mod_filter on non-200 responses

[André Warnier]

Andrew Huntwork wrote:

the 404 content is coming from mod_proxy_http, so it's not under my control


Ok, I take it back.  That sounds like a good reason..




On Thu, Dec 10, 2009 at 12:20 PM, André Warnier  wrote:

Andrew Huntwork wrote:

I'm trying to use mod_filter (specifically mod_substitute) on non-200
responses, specifically with a 404 response.  After playing around for
a while and assuming that i had screwed something up, i discovered
that mod_filter specifically skips non-200 responses [1].  Is there an
important reason for skipping such responses?

I am not the developer here, but I would imagine that one reason would be
that 4xx responses are generally configurable anyway, so why go through the
additional overhead of filtering them ?


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org




-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org





-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] using mod_filter on non-200 responses

[André Warnier]

Andrew Huntwork wrote:

I'm trying to use mod_filter (specifically mod_substitute) on non-200
responses, specifically with a 404 response.  After playing around for
a while and assuming that i had screwed something up, i discovered
that mod_filter specifically skips non-200 responses [1].  Is there an
important reason for skipping such responses? 


I am not the developer here, but I would imagine that one reason would 
be that 4xx responses are generally configurable anyway, so why go 
through the additional overhead of filtering them ?



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Doubt about mod_status

[André Warnier]

Eric Covener wrote:

On Wed, Dec 9, 2009 at 7:03 AM, ricardo13  wrote:

Hi,

I'm doing some tests with a web server and using HTTPERF.
My doubt is, when HTTPERF finishes the test I see the output page of
mod_status and there are some busy_workers, for example, 30 workers are
busy.

Why are there workers busy if HTTPERF have finished the test ??


Example?


KeepAliveTimeOut ?


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] disable Accept-Ranges

[André Warnier]

Evuraan wrote:

How do I disable Accept-Ranges?


  Origin servers that accept byte-range requests MAY send

  Accept-Ranges: bytes

  Servers that do not accept any kind of range request for a
  resource MAY send

  Accept-Ranges: none




if you do not find a more direct way, you could always use mod_headers 
to remove or change the response headers.

http://httpd.apache.org/docs/2.2/mod/mod_headers.html

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: AW: [us...@httpd] Problems with mod_ssl and mod_proxy

[André Warnier]

Jan Luca Naumann wrote:




Some additional tips :

You also need a line

Listen :443
...


NameVirtualHost :443

:443>



Start Apache.
Open a command window, and enter : netstat -an | more
You should see a line like :

  TCP:4430.0.0.0:0  ABHÖREN

do you ?

Is the Windows firewall enabled ?
If yes, does it allow incoming connections on port 443 ?
(or turn off the firewall)



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Re: Building Apache 2.2 without IPv6

[André Warnier]

Tom Evans wrote:

On Mon, Dec 7, 2009 at 8:38 AM, Krist van Besien
 wrote:

On Sun, Dec 6, 2009 at 12:49 PM, Tom Evans  wrote:


"Hello, I'd like to stop receiving messages about Christianity"
"Ooh, no, you just dont understand how great Christianity is going to
be for you..."

How about someone asking "I'm looking for an alternative to
Christianity because I want to be allowed to eat pork". What would you
consider a usefull answer to such a question :-)

Krist




Church of the SubGenius, gotta be :)


No way, you pagan.
Here is the (one and only) truth : http://www.venganza.org/

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Re: Building Apache 2.2 without IPv6

[André Warnier]

Krist van Besien wrote:

On Sun, Dec 6, 2009 at 12:49 PM, Tom Evans  wrote:


"Hello, I'd like to stop receiving messages about Christianity"
"Ooh, no, you just dont understand how great Christianity is going to
be for you..."


How about someone asking "I'm looking for an alternative to
Christianity because I want to be allowed to eat pork". What would you
consider a usefull answer to such a question :-)

What would be really helpful here is a comparison table, listing (as 
rows) the various things you are/are not allowed to do, and as columns 
the various religions.  Then you could just check yes/no at the 
intersections.  That would make the choice easier.



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] multiple rewrite rules

[André Warnier]

Jeff Shearer wrote:
 I have been trying without success to rewrite multiple css files with on RewriteCond.  Here is my latest attempt to give y'all an idea of what I am trying to do.  


Please help.

Thanks.

RewriteEngine on
  RewriteLog /var/log/httpd-rewrite.log
  RewriteLogLevel 2
  RewriteCond %{HTTP_USER_AGENT}  .Windows.*Firefox\/3.*
  RewriteRule ^/styles/progclean.css 
http://progressive.trustedtechpro.com/styles/winff3/progclean.css
  RewriteRule ^/styles/terms.css 
http://progressive.trustedtechpro.com/styles/winff3/terms.css  [L]
  RewriteCond %{HTTP_USER_AGENT}  .MSIE\ 7.*
  RewriteRule ^/styles/progclean.css 
http://progressive.trustedtechpro.com/styles/winie7/progclean.css
  RewriteRule ^/styles/terms.css 
http://progressive.trustedtechpro.com/styles/winie7/terms.css  [L]
  RewriteRule ^/styles/progclean.css 
http://progressive.trustedtechpro.com/styles/unsupported/progclean.css
  RewriteRule ^/styles/terms.css 
http://progressive.trustedtechpro.com/styles/unsupported/terms.css  [L]


What seems to be missing above is :
- what is the hostname of the server on which you do the above ? is it 
also "progressive.trustedtechpro.com" ?

- what is the problem ?


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Using Virtual hosts for all the websites in one instance of Apache

[André Warnier]

Charan wrote:

Hi,

we have hundreds of websites and each website has multiple sub
domains. All the sites are running under sun web server 7.0
For example, www.hosting.com is the main domain, it also has sub
domain as www.hasting.com. www.hasting.com will be redirected back to
www.hosting.com. sometimes, if the domain name is
www.hostingforyou.com then it is redirected to a deep link of
www.hosting.com like www.hosting.com/docs/newdomain.html or else some
external link. All these redirections should be 301 and also non 
to www. These domain names have been setup at the DNS level.

Instead of adding virtual host for hasting.com in sun web server. Our
company wants to add all these subdomains of all websites in one
instance of apache web server. Is it possible to do?

-
Probably, but it would help if you stopped using words like "subdomain" 
in a context that does not seem to make sense.
In no way is for example www.hasting.com a subdomain of www.hosting.com, 
and talking of subdomains of a website makes no sense at all.
You may want to have a look at the on-line Apache documentation, and 
particularly at directives such as ServerName and ServerAlias, and at 
the virtual host documentation at http://httpd.apache.org/docs/2.2/vhosts/
and also maybe at mod_rewrite : 
http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html




-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] mod_rewrite/rewriterule - forcing a HTTP 500 code on all access attempt?

[André Warnier]

Frank Z wrote:
is there a way via RewriteRule to force all access to a certain URL to return with a HTTP 500 


e.g.  i have a number 3 applications that are or will be obsoleted and is 
expected to return a 500 to all callers who try to access it.

so when someone tries to access a deprecated URL such as http://myserver/myApp1 
 I would like to send back a 500 and preferably some textual information (nice 
to have).

Will it be possible to do this via mod_rewrite?

It is certainly possible with mod_rewrite, but why don't you just create 
a little cgi script which returns whatever you want ?

Or just set an Alias ?
Alias /my/former/page "/var/www/docs/special/my-error-page.html"

Otherwise, a 500 is a "server error", which is probably not appropriate 
here.  You should look for a more appropriate error code, maybe in the 
300 series ? See RFC 2616.  According to the HTTP specs, not all error 
codes admit a response body.  Also a tip : if you return an error page, 
make sure it is larger than 1024 bytes or so, otherwise Internet 
Explorer will substitute it with a "friendly error page" which doesn't 
say anything helpful.




-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Re: Ampersand extends to the left part of regexes with RewriteRule, RedirectMatch and SetEnvIf: is that expected?

[André Warnier]

Francis GALIEGUE wrote:

On Fri, Dec 4, 2009 at 09:55, Francis GALIEGUE  wrote:

Hello everyone,

I've had the request to redirect a particular URI, say /foo or /foo/
to http://some.external.site/?var1=val1&var2=val2&var3=val3. The
Apache server version is 2.0.52 used on RHEL 4.x. I have tested with
2.2.3 on RHEL 5.x and the behaviour below is the same...



This has also been tested on the latest Debian stable: the behavior is
exactly the same. It seems that it is the core Apache regex mechanism
which is in cause here.

Now, the question is, is it intended.

First, I believe that one mistake is to include the trailing question 
mark into the URL which you redirect.

In http://my.server.com/foo/?var1=val1...
The "?" is not actually part of the URI. It is a separator between the 
URI and the query string. So the URI to test is "/foo/", and not "/foo/?".
Second, in "RedirectMatch", "RewriteCond" and "RewriteRule", the 
argument is a regexp, not a string. So when you write "/foo/?$", you 
mean actually : "/foo", possibly followed by "/", followed by the end of 
the string.

If you really wanted to test for a "?", you would have to escape it as "\?".

I do not know if this is the source of your particular problem, but it 
may contribute to the strange results which you are seeing later.



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] .htaccess restricts write permission from webdav

[André Warnier]

J. Bakshi wrote:


windows client simply throws error as permission denied. 


...


Does any one know why .htaccess prevents  write access from webdav ?


Hi.
I am not saying that this /is/ your problem, but you should be aware of 
the fact that all DAV client implementations in Windows are notoriously 
buggy and unreliable.

Search Google for this : windows +dav +miniredirector
to get an idea of the dimension of the problem.

We use "web folders" heavily in our own applications.  We have learned 
by experience that, depending on the version of Windows, the patches 
applied, whether or not there is MS-Office installed, etc.. the 
behaviour of the webfolders <-> Apache DAV dialog is quite variable.
All in all, this is quite frustrating, and can be very time-consuming to 
track down precisely.
Since you can probably never insure that all client workstations have 
exactly the same versions, basically these different behaviours will 
always hit you.
To avoid this kind of trouble, try to keep the interface as basic as 
possible.
If a .htaccess does not work, try for example to set up the same access 
rules outside of a .htaccess file, e.g. in your server config inside of 
a  section.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Apache module to handle form-based Authentication

[André Warnier]

Nick Kew wrote:

On 2 Dec 2009, at 23:16, André Warnier wrote:


Does someone know of a current module (internal or external to Apache itself), 
which offers this ?


Subsidiary question : I remember from the last ApacheCON Europe in Amsterdam, 
that there was some talk about an Apache session module (mod_session ?), which 
I suppose could have this as a part. But I have never heard again of that 
Apache session module.
Is there any news on that ?


It's in trunk (and 2.3.4).

Apologies for my lack of knowledge of such matters, but what does that 
mean from a practical, Apache user's point of view ?

Is it available to be used ?
Can it be used with Apache 2.2.14 ?
Is it "safe" to use ?
Any wild guesstimate about a possible timeframe for the release of 
Apache 2.4 ?


You are also not contradicting my guess that mod_session might include a 
form-based login scheme, but not explicitly confirming it either.  Does it ?


Thanks


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[us...@httpd] Apache module to handle form-based Authentication

[André Warnier]

Hi.
On the Tomcat users lists, a problem was submitted which does not have 
an easy solution at the Tomcat level.
In the course of attempting to resolve the problem, a suggestion came 
up, to use an Apache httpd front-end to Tomcat, perform the 
authentication there, and pass the authenticated id to Tomcat.

In the principle, this is entirely feasible, and is not the issue.

But the issue is that the authentication mechanism in certain cases, 
requires a html form based login, and that there does not seem to exist 
a standard module, part of the standard Apache distribution, which 
offers such a form-based login.


Does someone know of a current module (internal or external to Apache 
itself), which offers this ?



Subsidiary question : I remember from the last ApacheCON Europe in 
Amsterdam, that there was some talk about an Apache session module 
(mod_session ?), which I suppose could have this as a part. But I have 
never heard again of that Apache session module.

Is there any news on that ?

Thanks
André

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Reverse proxying is problematic

[André Warnier]

Robert Schenck wrote:

*I know this is a long read...but I really need help, and felt the best way
for anyone to help me remotely is to explain the issues in their entirety. *

Hello,

I'm trying to set a reverse proxy, but first, some context:

My office is subscribed to few academic journals. These journals verify the
subscription via IP, such that anyone connected to the internet through our
connection can access the journals. However, some individuals would like to
access the journals away from the office as well. 


Hi.
I know that there is already a long list of answers to this, at the 
technical level. And you were right to provide some background like you 
did above.


Before solving the problem at the technical level, I would /strongly/ 
recommend getting in touch with the publishers of these journals, and 
talk to them about your idea (or your boss' idea) first.
This is just in case one of them would object, and consider that by 
doing this you are violating the commercial agreement your office has 
with them, and your office thus becomes a target for a copyright 
infringement lawsuit.
Publishers, who live from these copyright fees, tend to not joke about 
such matters.


Background :

A publisher made a contract with your office, whereby a certain number 
of people have access to a certain number of published journal articles, 
against a flat fee.  That flat fee replaces, under certain 
circumstances, a per-article, per-person fee which would normally have 
to be paid.  The number of people to which this arrangement applies, and 
the corresponding fee, is estimated by the supplier on the base of some 
reasonable number of users.  This number of users is limited, 
approximately, by the number of people which the supplier roughly 
calculated would be accessing these articles from within your corporate 
network, and would thus look like originating from the IP address of 
your firewall/proxy.


Your scheme would basically break the assumptions of the supplier, by 
potentially providing access to an uncontrolled number of people from 
outside of the network for which these assumptions were calculated.

The supplier may get very unhappy about this.

On the other hand, a case such as you describe is not that uncommon, and 
I am sure that the suppliers of these articles have other solutions 
available, which do not contravene the commercial agreements.




-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] tomcat 6 as a windows service fails to start with -server option

[André Warnier]

olivier giorgi wrote:



Hello to all,
 
struggling to enable UTF-8 encoding  on apache tomcat 6 Windows service.
The option we used to activate (within startup.bat) was 
  -Dfile.encoding=UTF-8 -server

Looks like tomcat is able to start when launched from startup.bat, but, if we 
intend to configure tomcat as a service, the -server flag causes the process to 
abort
[395 javajni.c] [error] CreateJavaVM Failed
[1000 prunsrv.c] [error] Failed initializing java 
...\intel_a\code\tomcat\current\bin\bootstrap.jar
[1269 prunsrv.c] [error] ServiceStart returned 2
[info] Run service finished.
[info] Procrun finished.
 
Despite several threads around this Procrun/prunsrv.c story, it's hard to figure out what are the limitations/fixes to these kind of pbs. 
Any gourou who would have a clue? Thxs in advance.



Try this list instead : us...@tomcat.apache.org


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Re: Apache httpd does not respect the HTTP RFCs !

[André Warnier]

Eric Covener wrote:

On Sat, Nov 28, 2009 at 7:23 PM, Carsten Wiedmann  wrote:

André Warnier schrieb:

So how do you enumerate invalid hosts explicitly then ?

Right, it's a little bit curious, that you can't set 400 with mod_rewrite
(or header), only 403 (or 410).


In 2.2.x you can probably use  [R=400]

My original post was more like a jest or a provocation, rather than a 
real question.
But is is interesting to see how in the end, a document such as RFC2616 
which is meant to "specify" a relatively strict set of rules, and of 
which I am sure the phrasing is examined carefully and repeatedly (it 
being after all a revision of an earlier document on the same topic), 
still leaves areas open to interpretation, or downright inconsistent.
What is for example, in this case, a hostname which is /invalid/ on this 
host ?
If the request reached this host, then it must be that for the DNS 
system, the hostname resolved to one of this physical host's IP 
addresses.  In that sense, any HTTP request which reaches the host could 
be deemed to address a valid hostname.
Yet the HTTP server listening on that host (and port), may be configured 
to accept requests for several specific hostnames, but not the one 
mentioned in the request.  In that sense, Apache's defaulting to a 
"default" host whose name does not match the request hostname would be 
in contravention of the RFC.  Yet by the same token, Apache's defaulting 
to the default host and accepting the request, would seem to make the 
request's hostname "valid", since the request is accepted.
So basically, the HTTP RFC obliges the server to send a 400 response for 
an invalid host, but what is an invalid host is decided by the server.

Kind of circular as far as arguments go.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Apache httpd does not respect the HTTP RFCs !

[André Warnier]

Eric Covener wrote:

On 11/28/09, André Warnier  wrote:

;-)
 I just wanted, once, to use a subject line with capitals and an
 exclamation mark.

 It seems however that in this particular case, neither Tomcat nor Apache
 httpd follow the rules, when they default to the .. default virtual host
 in the case where they cannot find a match between the Host: header and
 one of their defined virtual hosts.
 Doesn't the following say that they MUST return a 400 status ?

http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html#sec5.2


No, they only have to return a 400 when they believe the provided Host
is invalid on the server.  Neither server treats hostnames that have
not been explicitly enumerated as being invalid on the server, and
this is not a requirement of the RFC.



Aha. Thanks for the clarification.

So how do you enumerate invalid hosts explicitly then ?





-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[us...@httpd] Apache httpd does not respect the HTTP RFCs !

[André Warnier]

;-)
I just wanted, once, to use a subject line with capitals and an
exclamation mark.

It seems however that in this particular case, neither Tomcat nor Apache
httpd follow the rules, when they default to the .. default virtual host
in the case where they cannot find a match between the Host: header and
one of their defined virtual hosts.
Doesn't the following say that they MUST return a 400 status ?

http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html#sec5.2



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] When it rains it pours...

[André Warnier]

Krist van Besien wrote:


We have a more sofisticated coffee machine. It even runs on Linux (as
we could witness when the power came back), but don't know if it has
Apache installed...


Maybe. But does it support the official RFC ?
http://www.rfc-editor.org/rfc/rfc2324.txt


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Re: When it rains it pours...

[André Warnier]

Krist van Besien wrote:

On Fri, Nov 27, 2009 at 4:51 PM, André Warnier  wrote:


Please don't.  It was an entertaining story, better than many on this list.


Well, It was a strange feeling to basically press enter to complete a
command, and as a result see all the lights go out...

Java stuff does that quite often.  We have this Tomcat app, each time we 
start it, the lights get dimmer and the elevators slow down.

We tried a load-balancer before, but it did not really help.
So now we got low-power memory boards in our servers, and start or stop 
the apps manually one by one.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Re: When it rains it pours...

[André Warnier]

Krist van Besien wrote:

I really should not have two mailing lists with adresses starting with
"us...@...". Sorry list.

(Or how do I disable email completion in Gmail.)

Please don't.  It was an entertaining story, better than many on this 
list.  The UPS for the coffeee machine is a great idea. I'll suggest 
that here, as we are about to move our servers to new premises.

:-)

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] limiting diretory/file content?

[André Warnier]

Zachary Uram wrote:

I wish to use Apache 2.2 to limit where users may go. I wish to avert
the so-called "fishing" where a user sees:

(note that I will be using name based virtual hosts to host multiple
domains on the same physical server/same ip)

http://www.site.org/whatever/something.html and tries to access
http://www.site.org/whatever/

I would like it on a directory basis, a file basis may be needed later
but not for now.

How may I achieve this? A sample config info would be appreciated
since I never did this before :)

If a user tries to access a forbidden directory I wish to display a
custom message to them like "Stop that!" or something so also how may
I do that?


the easiest way :
http://httpd.apache.org/docs/2.2/mod/mod_dir.html#directoryindex

set a global DirectoryIndex to the error page you want, and override it 
in  sections where you want something else.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Re: RewriteRule in neither "foo/.htaccess" nor ".htaccess" can match http://example.com/.../foo

[André Warnier]

Jack Bates wrote:
...
Hi again.
I am not saying here that you are necessarily wrong, or that there is
not a good justification to what you are trying to do, or to what you
asserted at the end of the previous post.

But one thing you should be aware of, is that when you place
instructions in a .htaccess file, you are in fact asking Apache
to walk down the whole directory tree, applying all its configuration
rules level by level as it does so, until it gets to the level of the 
directory where it finds the first .htaccess file.

Then, because this .htaccess rewrites the URL, you are basically telling
Apache to throw away all the result of its previous work, and to start
again at the top with the new URL.  Then, in your case and assuming
everything works down to that level, it will end up at the level of the
subdirectory, and find again a .htaccess with rewrite rules. So it will
again rewrite the URL, and again restart at the top.
In the best of cases, that is rather inefficient.
In the less best case, you have missed an intermediate transformation
somewhere, which is leading to a series of rules being applied, that is
different from what you expect.

My personal point of view is that one should avoid .htaccess files if 
one can, which is most of the time when one has access and can modify 
the main server configuration files, as you seem to be able to.
.htaccess should be reserved for cases where one does not have access to 
the server condiguration, and only to one's own directory for instance.


I have not followed your rules step by step, and do not really wish to, 
and do not have access to your full configuration sequence of directives 
anyway.  But given that Apache is being used on hundreds of thousands of 
sites, many of them using mod_rewrite and .htaccess files, and 
apparently seems to be doing fine most of the time, my current odds 
would be in the order of magnitude Apache 10 / Jack 1.


It may be so for instance that what is interpreted the first way around 
as the request filename, is no longer considered as such if there is a 
subdirectory below the current one. Or some other such apparently 
obscure side-effect.


So anyway, if it does not work the way you want when you have a 
hierarchical set of rewrite rules in .htaccess files, it may be worth 
asking yourself if it is not possible to remove one such level and move 
the corresponding rules into the main part of the configuration, which 
would probably be more efficient anyway.





-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Apache httpd replication / proxy mirror server?

[André Warnier]

nino martinez wael wrote:

It's a bit complicated. So I'll try to explain it in a simple way.

The user are calling(via phone) an IVR application which in turns interprets
vxml. The vxml page then has an option to record and save the recording.
When the vxml page saves the recording it saves towards tomcat which then
places the file in a repository which then are served by Apache httpd, we
have more apache http servers for failover and it's here the need for
replication comes.

All this we can code our way out of, but if there's something already that
does this it would be nice with some recycling. I was thinking that the
Apache http server that got the new file could push it to the others.

Allright. I have no idea what IVR is and no wish to look up another 
acronym, but I think I get the idea.
So, the answer is still no, there isn't a standard Apache module that 
will do that kind of synchronisation.  Specially since the way you 
explain it, Apache itself has no idea that this file has been loaded in 
the first place, nor where.
So it is either taking care of it at the level of your own code, or use 
rsync as someone else suggested earlier (and which is probably the best 
idea overall).

rsync also works under Windows, we use it.
And if you have trouble setting it up, nowadays setting up a Linux box 
is really not difficult.  You could set up one just to do that, which 
would take care of synchronising between all your servers.  It is very 
efficient, as it will only copy whatever changes, even within files.


As for the ideas I was referring to earlier, it would have been 
different if the files were uploaded via DAV for example, because then 
Apache /would/ know.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Apache httpd replication / proxy mirror server?

[André Warnier]

nino martinez wael wrote:

hmm yeah I know, but it's on windows :/ Just wanted to know if we could stay
withing httpd for this one...


Well, exactly /how/ do the users put files on this server ?

You have not even explained if they put these files there using Apache 
somehow.
There is nothing that I know of in Apache itself that will do that, but 
it may be possible to add something.  Describe your issue a bit more in 
detail, and it may give ideas to someone.



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] ProxyPass - mod_proxy

[André Warnier]

Aruna Gummalla wrote:
client y is on the same host as apache. 
only client x is on a different host.


it does not matter. The point is that Apache will forward a HTTP 
*request* to the "client y", and expect it to act like a HTTP server.

Unless your "client y" is really a HTTP server, it will not work.

And if your "client y" is really a HTTP server, then why don't you have 
client x talk directly to client y ?



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] ProxyPass - mod_proxy

[André Warnier]

Aruna Gummalla wrote:

Hi,

I am trying to configure mod_proxy. I want Apache to be the proxy server.
There is a client x which talks to Apache and Apache in turn passes on this request to other client y. 


Taking you by the letter, that is not really what mod_proxy is supposed 
to help you with.  The "other client y" is supposed to be another HTTPd 
server, not a client.




-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] RewriteRule in neither "foo/.htaccess" nor ".htaccess" can match http://example.com/.../foo

[André Warnier]

Jack Bates wrote:

I'm struggling a bit with this mod_rewrite rule,

I am a bit intimidated by your detailed explanation and the level of 
expertise required to fully understand your requirements, never mind 
finding a solution. But reading your post in diagonals gives me the 
feeling that maybe the sum of your requirements is just a bit too much 
to be covered by generic modules like mod_rewrite et al., which after 
all are generic tools and not specifically designed to cover all 
possible cases and countercases one could come up with.

It seems like what you want is something like
/foo to deliver /foo.html
except if /foo really exists and is a directory, then you would want 
/foo/index.html to be delivered
except if the directory /foo contains a .htaccess, in which case you 
want the .htaccess-contained rewrite rules to apply
except if /foo is a sub-directory of another directory already 
containing a .htaccess with rewrite rules in it, in which case these 
should apply too

I may be jesting a bit, but don't you think this is a bit much to ask ?

In a case like this, maybe it is the layout of the site that needs to be 
revisited, or an ad-hoc custom fixup module (mod_perl ?) may be the 
second choice.

Purely personal opinion of course.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Testing virtual hosts on a virtual machine

[André Warnier]

Florent Georges wrote:

  Hi,

  I am using a virtual box (Ubuntu server 9.10 with VMware Fusion)
to test a web server.  No problem to install Apache on this
Ubuntu box, of course.  And I can access the default page after
an install by using http://xxx.xxx.xx.xx/ in my browser (on the
host machine.)

  But the web server will use named virtual hosts.  I guess that
won't work as the browser won't send the correct domain name.

  Is there any tool to test an Apache instance with virtual hosts
on a virtual machine?  Any best practice or advice to follow in
that configuration?



Because the information available when searching for this on Google or 
on Wikipedia, and even on the Apache website is rather confusing, let me 
try to give you an explanation of how this stuff really works.


It is a bit long, but I believe that if you understand the explanation 
below, you will never have trouble again with Virtual Hosts.

And also a lot less trouble with browsers and http in general.
Still with me ?


When you ask a browser to access "http://myhost.company.com";, what 
really happens ?


1) the browser asks the local operating system to "translate" the name 
"myhost.company.com" into an IP address.

The operating system, to do that, works in 2 steps :

1.1) the OS looks into the local "hosts" file, to see if it finds a line 
like

aaa..ccc.ddd  myhost.company.com
If it does, then it returns the IP address "aaa..ccc.ddd" to the 
browser, as a translation for the name "myhost.company.com", and it is 
finished.


1.2) if the above did not work, then the OS will ask, over the network, 
to a DNS server to do the same translation.  The DNS server will look up 
its own tables, and in the end it can either answer with an IP address, 
or with "not found".
The OS will then pass back this same answer to the browser, and it is 
finished.
(Of course, this supposes that the OS has a working DNS server to talk 
to, otherwise it will return an error to the browser right away).


2) Now the browser has an answer, which is either a "host not found", or 
an IP address.


2.1) If it was a "host not found", the browser tells the user and that's it.

2.2) If the browser has received an IP address however, then the process 
continues.


3) the browser establishes a TCP/IP connection with the received IP 
address, on port 80.

That either works, or doesn't.

3.1) If it doesn't work, the browser sends an error message to the user 
: cannot connect to "myhost.company.com", and again that's it.
(It may fail to work, for example because there is no host at that IP 
address, or because there is a host, but there is no program there 
listening to connections on port 80; or for many other reasons).


3.2) If it works, the process continues.
(That it works, implies that on the target server there is a process 
which actually listens to connection requests on port 80, and accepts 
them.  That will generally be a webserver like Apache).


4) the browser, over this now established TCP connection to the server 
at that IP address:port 80, sends a HTTP request to that server.  This 
HTTP request consists of minimum 2 lines of text, as follows :

GET / HTTP/1.1
Host: myhost.company.com

The first line indicates, in the middle, what resource the browser 
wants.  In this case, it just wants the default home page, so the 
resource URL is "/".
The second line indicates which "virtual host" the browser wants to talk 
to, on the target server (with whom it already has a TCP connection).
After sending that request, the browser starts waiting for a server 
answer over that same TCP connection.


5) the receiving Apache HTTP server receives the above request, and 
looks at the "Host:" line.
Now the receiving Apache HTTP server is going to try to "match" this 
hostname, with the name of one of the VirtualHost's that are defined in 
its configuration.  It either finds a match, or it does not.


5.1) if it does find a match, then it will process this request using 
the "personality" of the VirtualHost that is defined for that name.


5.2) if it does not find a match, then it will process this request 
using the personality of the first defined VirtualHost, from top to 
bottom of the configuration file.  (It does not matter in that case if 
the hostname matches or not, it will use this first VirtualHost as the 
"default host".)



To give you a practical example :

Suppose you have a server with an IP address of 192.168.100.100.
On that server, you install Apache.
In Apache, you define a new (additional) , and you give it 
the configuration lines


ServerName www.google.com# (really, for the example)
DocumentRoot /var/www/some-new-dir
DirectoryIndex index.html

In that new directory /var/www/some-new-dir, place a html page named 
"index.html", containing a "Hello, I'm Google !" message.


And you restart Apache.

Then, on your local workstation, edit the "hosts" file (under Windows, 
this is at c:/windows/system32/drivers/etc/hosts; under Unix

Re: [us...@httpd] [SOLVED] strange random delays in a proxy configuration

[André Warnier]

André Warnier wrote:

Hi guys.

A customer of ours have an internal Apache 2.2 server

...
Never mind, I believe we found the problem, and it has nothing to do 
with the network or Apache or proxying per se.

Sorry to have wasted your time if I did.

It seems to be the application that is misbehaving, reloading some big 
table in each Apache child from time to time, when it has no reason to.
That explains why the pattern seemed random too, because when it happens 
depends on how many requests are sent by each client and directed to 
which Apache child, and the settings of MaxKeepAliveRequests and so on 
with which I have been fiddling in attempts to circumscribe the issue.




-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[us...@httpd] strange random delays in a proxy configuration

[André Warnier]

Hi guys.

A customer of ours have an internal Apache 2.2 server under Linux 
Debian.  Static pages of their applications are located on their own server.
Some URLs are proxied by their server to our own Apache 2.2 server 
(Linux Debian), through the Internet, by means of a line like


ProxyPass /getthumb http://our-server.company.com
and the URLs are like
/getthumb?id=(thumb-id)

These URLs obtain thumbnails from our server, corresponding to 
documents.  Each thumbnail is generated on the fly and is about 10 KB in 
size. It takes our server on average 150 ms to process such a URL and 
return the thumbnail to their server.
The number of thumbnails to serve for one customer application page is 
variable, between just a few and sometimes several hundred, with an 
average of 20-30 per page.
In the vast majority of cases, each thumbnail request is served in 
around 150 ms, and we serve thousands such requests per day.


Yet sometimes, for no apparent reason that we can link to the process of 
generating and returning the thumbnail, nor to any load of our own 
Apache server or theirs, returning one arbitrary thumbnail in the series 
takes about 30 seconds.
It is always either about 150 ms, or about 3 ms.  It is never 
in-between, like 10 or 20 seconds or so.


The delay does not always affect the same thumbnails either.  For the 
same requested page with the same series of thumbnails, sometimes the 30 
seconds delay will happen at the first and second thumbnail, sometimes 4 
of them in the middle, and so on. Sometimes the whole page-worth of 
thumbnails loads in exactly (number of thumbnails X 150 ms), which is 
what it should always be.


If I watch our server's processes with "top", and simultaneously the end 
of the access log or the screen of one of their workstations, I can see 
nothing untoward when the browser suddenly "hangs" for 30 seconds 
waiting fo the next thumbnail.  The Apache processes on our side seem 
mostly idle at that time, and there are plenty of Apache processes 
available to serve any request.
It looks as if the browser on the customer side just hangs waiting for 
the thumbnail, and our server is just idle.


These times are per our own server's access log, and per their Firefox 
browser, to which we added the HttpFox add-on, to see what happens from 
their side.
Their browsers do issue the requests (almost all at once), and the 
symptoms are the same whether they use IE or Firefox.


My first question is : does there exist any tool in Apache itself, that 
would show me what is happening during such a 30-second pause ?
The access log does not, as it just adds a line at the end of the 30 
seconds, when the request is terminated, which is too late.  There are 
no errors in our error log.
mod_log_io and mod_forensic, from their documentation, do not seem to 
provide much more relevant info.


For example, since their server proxies these calls to ours, and we see 
nothing in our logs, is there a way whereby I can set the logging of the 
proxy calls (and only those, preferably) to some "debug" setting ?


(I have full access to their and our Apache servers configurations)

My second question would be : does anyone have an idea of what could 
explain sudden random 30 second pauses in such a schema ?


I am trying to avoid having to go through a TCP protocol analyser, 
because I am unfamiliar with them, at least at the Linux level.



Thanks

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Information missing with piped Log setting for ErrorLog

[André Warnier]

Shibi NS wrote:

Hello All,

Error log setting without piped logging feature

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
common
TransferLog '| rotatelogs \logs\access_log.%y%m%d 1M  common';
ErrorLog  '| rotatelogs \logs\error_log.%y%m%d 1M  ';

Error log setting with piped logging feature

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
common
TransferLog '\logs\access_log.%y%m%d';
ErrorLog  ' \logs\error_log.%y%m%d';


I believe you mixed things up a bit above.
1) the first settings look like a piped log, and vice-versa.
2) The "common" at the end of TransferLog will be ignored.
Read this again :
http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#transferlog
(and the preceding LogFormat, and also the CustomLog directive)

Also check the note in CustomLog about file paths :

When entering a file path on non-Unix platforms, care should be taken to 
make sure that only forward slashed are used even though the platform 
may allow the use of back slashes. In general it is a good idea to 
always use forward slashes throughout the configuration files.



I suggest you correct all the above first, then test again, and get back 
here if you still have a problem.



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Request concurrency issue

[André Warnier]

Toomas Aas wrote:

Hello!

I run Apache 2.2.11 with prefork MPM on FreeBSD 6.4. This is a pretty standard 
installation done from FreeBSD ports. It has a behaviour that makes me 
curious.


Say, I open a browser and enter request for 
http://mysite.com/LargeTextFile.txt


The file begins to load in the browser window.

While the file is loading, I open another browser tab and enter the same 
request there.
The file in second tab doesn't begin to load until it has completed loading in 
the first tab.


So - if the same client requests the same resource from the server multiple 
times, the requests are not handled in parallel, but sequentially.


If the same client requests different resources, the requests are handled in 
parallel, i.e. I can load LargeTextFile.txt and LargeTextFile2.txt 
simultaneously.


There is no problem with available child processes, if I look the output of 
server-status I see multiple idle child processes waiting for requests.


The reason why I'm investigating this is that we have a web app written in 
JavaScript/PHP which sends multiple concurrent requests from browser to 
server, and developers are worried that this kind of behaviour slows down the 
application. I've been told that this kind of behaviour isn't observed on 
other servers but only on this particular server set up by me. The only other 
web server I currently have access to is Apache 2.2.13 running on FreeBSD 7.2 
(also set up by me) and it seems to behave the same. So maybe the problem is 
me ;)


In addition to simply loading .txt files I've also tried with .php scripts, 
and the results are identical. So I guess the problem is not specific to a 
handler but is more generic.


What do I have to do to achieve the wanted behaviour (concurrent handling of 
identical requests from the same client)?



Are you absolutely sure that it is not just a behaviour from the browser ?
For example, if you open two separate command windows, and start in each 
a "wget" for the same file (or curl, or lwp-request), do you observe the 
same behaviour ?


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Memory / Process leak

[André Warnier]

Peter N Lewis wrote:


I already have:

MaxRequestsPerChild   1000

So the worker processes should die and clean that out.

I'm suspicious that the worker threads are not dieing because I've seen cases 
where there are worker threads listed in ps but not listed in server-status 
(that will probably show up tomorrow or the next day when the server has been 
running a bit longer, and I'll post details of that if I haven't got a response 
by then).


You are talking about threads. What MPM are you using, on which platform ?
Read http://httpd.apache.org/docs/2.2/mpm.html
and try ./httpd -l

You may need MaxRequestsPerThread instead.
Also, there are subtleties as to when Perl interpreter threads/instances 
are created/re-used/killed, depending on the mod_perl configuration.

You may want to investigate that a bit more in-depth.

All this is still a plaster over a real issue though.  The real issue is 
that some module is leaking memory, and you should really find out which 
one and go from there.  There may be an alternate module available or 
not, depending on the case.
It may also just be an application, not a Perl library module, that 
leaks memory.  I would consider that in fact much more likely.

What /are/ your "mod_perl pages" and what do they do ?
Is there any possibility to narrow down the search to some likely suspects ?
In the order of probabilities for memory leaks, I would consider, from 
most to least likely culprits :

1) perl application modules/pages
2) perl standard library modules handling XML
3) other perl standard library modules
4) Apache standard modules
5) Apache core code


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] [debug] proxy_util.c(1820): proxy: worker proxy:reverse already initialized

[André Warnier]

Another thing, nothing to do with your original question, but which 
puzzles me :


In your config, you seem to be "proxying away" links with "/weather/", 
yet right after that you have a .  Is this Location 
section then ever used at all ?



Peter de Groot wrote:


No ...
Log Level is set to warn.



André Warnier wrote:

Peter de Groot wrote:


Another question.

Why does this in the config  fill the log files with the  errors below.


Maybe just because you set the log level to "debug" ?
They do not look like error messages.

-
The official User-To-User support forum of the Apache HTTP Server 
Project.

See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org






-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Memory / Process leak

[André Warnier]

Peter N Lewis wrote:

I am having a serious problem with my site running out of memory.  apache is 
leaking memory/processes.


Probably a lot more likely : your "mod_perl pages" are leaking memory.
Perl will grab memory as needed, and once grabbed, will never release it 
to the OS until perl itself terminates, which rarely happens under 
Apache/mod_perl.
Some perl modules do leak memory.  In my experience, for example various 
XML-parsing modules do.  It can be tricky to track down, because one 
"innocent" module may "use" another "not innocent" module etc..
If/when you track it down, it may be possible (although inefficient) to 
isolate the bit which leaks memory, by converting it to a call to an 
external process.
Another possible solution is to work with a prefork version of Apache, 
and make it so that each child handles only a number of requests, and 
then is killed and restarted.  I don't remember the details, but in most 
configurations this will also restart that child's perl interpreter, 
ergo free its memory back to the OS.

Look up this :
http://httpd.apache.org/docs/2.2/mod/mpm_common.html#maxrequestsperchild


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] [debug] proxy_util.c(1820): proxy: worker proxy:reverse already initialized

[André Warnier]

Peter de Groot wrote:


Another question.

Why does this in the config  fill the log files with the  errors below.


Maybe just because you set the log level to "debug" ?
They do not look like error messages.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Apache/2.2.8 authenticate LDAP AD SSL or TLS - ubuntu(debian)

[André Warnier]

Simon Walter wrote:
...



My questions is: Does anyone know of a document that describes what I 
need to make Apache authenticate via LDAP over SSL or TLS connecting to 
a MS AD server?



Greetings.

There are so many variations of authentication and so many 
misunderstandings in that domain, that I'd like to figure out first if 
you are not chasing the wrong rabbit.
Can you describe a bit more what exactly is the issue you are trying to 
solve, overall ?
I presume that what you mean above, is not that Apache itself would 
authenticate to an AD server for some internal Apache functional reason;
but rather that Apache should authenticate /the client/ (browser) by 
means  of a check with an AD server, right ?


Some specific questions in that direction :
- what are the clients which, ultimately, need to be authenticated ?
- how is the link between the Ubuntu Apache host, and the MS AD server ?
Is it a purely internal (and thus relatively secure) network link, or 
does it go through some insecure network section (like the Internet) ?
- since an MS AD back-end system is involved, there is a good chance 
that what you ultimately want, is that the clients (browsers) would be 
authenticated via their MS Windows Domain user-id. Is that correct ?
(Or do there exist clients, which need to access Apache-controlled 
resources, but which are NOT already logged-in in a Windows Domain ?)
- do the users accept to have a login page the first time they access an 
Apache application, or do they expect not having to login, considering 
that they are already logged-in with their workstation in the Domain ?




-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Re: Apache error if using Basic AuthType under Location directive

[André Warnier]

LuKreme wrote:
...



To do hat you want though, the simplest solution is to put a htaccess file in 
the folder you want to protect.

No, it is not, because in the OP's case there is not really a directory 
to protect and to put a .htacess file inside of.
It is a URL that needs protecting, so it has to be done via a  
section.
Unfortunately, if the Ophas no access to the Apache configuration files, 
then he has a problem.



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Can't get Apache 2.2 to display anything

[André Warnier]

Trolle Yew wrote:

I'm trying to get the webserver to display my index page. I placed
everything required 

meaning what ?

in \htdocs\ inside the default Apache installation

directory. However, when I try localhost in my browser, all I see is "It
Works!". What could be the problem?


what is the content of the file
"C:/Program Files/Apache Software Foundation/Apache2.2/htdocs/index.html" ?



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Regarding 1 Webserver Multiple Web App project

[André Warnier]

Henry Loke wrote:

Which method is good to support 1 WebServer with Multiple Web App project?

Method 1: domain Changes

When user type in 
1. http://webapp1.example.com will go to webapp1 project

2. http://webapp2.example.com will go to webapp2 project
etc etc


That would be in the area of Virtual Hosts
See : http://httpd.apache.org/docs/2.2/vhosts/


Method 2 : using same domain but append different file structure

When user type in
1. http://www.example.com/webapp1/ will go to webapp1 project
2. http://www.example.com/webapp2/ will go to webapp2 project


That would be more like.. err.. a basic configuration.
See here : http://httpd.apache.org/docs/2.2/urlmapping.html

Method 1 is a bit more flexible, particularly if you want to have 
different kinds of behaviours, authentication, pre-defined settings 
etc.. for each "webapp".

Each VirtualHost pretty much behaves like a separate server.

Method 2 is probably more appropriate if your webapps have to share 
things between them (e.g. you want one authentication to be valid for 
all of them).


The above are very general and rough ideas, and there is no clear-cut 
distinction, as your question seems to imply.
Let's say that if what you above call "webapps", were different 
applications for different customers (or group of people), I would 
incline to method 1.
If they are just different facets of an application for one customer 
(group of people), I would incline to method 2.



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Re: setting up webdav

[André Warnier]

LuKreme wrote:


any file named .ht* is never served by apache, and there's really nowhere else 
to place the .htdavpass file.


What do you mean there is nowhere else ?
What about under /usr/local/www, and name it example.com.davpasswd for 
instance. At least it would not be directly under your DocumentRoot, in 
an area potentially accessible by users.

Apache will never serve a file starting with a dot, maybe.
But since you have the / locations open to DAV, have you checked if 
someone (authenticated) can upload a file called .htdavpass ?

Or download it through DAV ?
(I don't know the answer, but it might be interesting)

Now about the rest :

...
The .htdavpass file for the second domain contains the user jeans and a 
password and was setup with the command


htpasswd -bc /usr/local/www/jenandersontarver.com/.htdavpass jeans 



but then :
   
   ...
  AuthUserFile /usr/local/www/example.net/.htdavpass

So it is not really surprising if user jeans cannot acces a site for 
which the password file is not the same as the one user jeans' password 
was created in, is it ?




-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd]

[André Warnier]

Jonathan Zuckerman wrote:

On Wed, Nov 11, 2009 at 1:56 PM, Brian Mearns  wrote:

cookies.
cookies.
COOKIES. For god sake just listen to somebody. 

...

I believe that the OP does.
Unfortunately, it does not seem to be to the people on this list.



Stephen Love I followed the advice on your email signature and decided
to see you online at http://www.LOVEnCompany.com,

...


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] setting up webdav

[André Warnier]

LuKreme wrote:



...

   DocumentRoot /usr/local/www/example.com/

...

 AuthUserFile /usr/local/www/example.com/.htdavpass


I think that you have managed to do what no developer of Apache ever 
thought that a user would ever do : place the file containing the users 
passwords inside the very directory that this file is supposed to help 
protect.

You might thus be exploring code pathways which nobody trod before.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd]

[André Warnier]

Rich Bowen wrote:


On Nov 10, 2009, at 22:29 , Stephen Love wrote:

Ok, now we're getting somewhere... just ENOUGH to eliminate the path 
inbetween... I'd just like to ask APACHE for a unique signature of the 
machine sending the message to compare it against others. Nothing 
more, nothing less.



Take a look at mod_usertrack: 
http://httpd.apache.org/docs/2.2/mod/mod_usertrack.html

If you don't trust cookies, then you're out of luck.

(many) People on this forum have been trying to convince the OP in 
(many) previous messages, some of them containing a wealth of 
information and having required significant time to write, that the only 
practical technical solution for what he seems to want to do, was using 
cookies.

It is just that somehow he seems not to be of the believing kind.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd]

[André Warnier]

Stephen Love wrote:

Ok, now we're getting somewhere... just ENOUGH to eliminate the path 
inbetween... I'd just like to ask APACHE for a unique signature of the machine 
sending the message to compare it against others. Nothing more, nothing less.


See us online at http://www.LOVEnCompany.com.

Well, it looks like this list already gave you all the possible 
human-level help. If that does not solve your problem, maybe you should 
ask for some higher-level intervention.



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd]

[André Warnier]

Mark H. Wood wrote:
...


It's thus very unlikely that you will get any help from hardware
manufacturers in identifying remote users or hosts in the manner you
specified.  You'll need cooperation from your users.

And I would add that, from a user point of view, I would be very 
reluctant to help at any system that would let me be identified in any 
way other than me voluntarily and knowingly providing my id by means of 
some obvious login page or certificate, and then only to some party I 
trust not to disseminate that information outside of my control.
And enough recent cases have shown that such trustable parties are not 
very thick on the ground.
So independently of the technical issues, you are up against some 
guaranteed and well-founded resistance.



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] DAV access control

[André Warnier]

skrishnam...@bloomberg.com wrote:

Hi,

We are looking to setup SVN over apache, but it requires the use of DAV. There 
are apparently security concerns over the use of DAV over apache 2.2., in the 
sense that it would allow users to anonymously write content to apache, even 
outside of the context of SVN. Are there any workarounds to securely enable DAV 
and disallow anonymous writes etc... Pointers to relevant literature would be 
appreciated.

There is nothing to stop you securing a  handled by DAV, just 
like you would secure any other section of your webspace.



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Apache shows code when using IP address

[André Warnier]

Tanner Bachman wrote:
So far everything seems to be working normally. I'm aware of Apache using the first VirtualHost directive as the default...and that's fine with me. Since the sites hosted on this server both belong to the same company, I'd rather have it default to the public site if the IP address is used. The main problem was the Servlet Container (Resin) tied to Apache. It wasn't defaulting to the first VirtualHost like Apache does, so it would just spit the code directly back to Apache and display it. Once I told it how to handle the IP address...all was right with the world. :) 

I didn't, however, ever think about adding an extra zero into the IP address. Great idea! 

Here are the results of my test (using 10.10.010.200 as my test IP) 

Firefox 3.5.5 - Gives a stock "Problem loading page" message. 
IE 8 - Converts it too 10.10.8.200 and then sends it through Google. 
Safari 3.1.2 - Gives a stock "Can't open the page" message. 
Opera 9.62 - Also gives a stock error message. 

Did you try to use your real IP (modified with an extra 0) ? or isn't it 
one that lends itself to this ?


When I do that with my (real) IP address, I do get my default host.
The IP I am using is like xxx.yyy.38.zzz, and I change the 38 to 038.
But neither with FF 3.5 nor IE 7 does it interpret 038 as octal (which, 
granted, would be kind of difficult).
Unfortunately, I do not have right now an IP available to test with, 
where the octal conversion would be possible.


What happens in fact is that the server takes the IP address as given 
(and which arrives in a "Host:" header) /as a string/, and compares that 
string to the various ServerName and ServerAlias, thus defaulting to the 
default host most of the time.


To get back to your case, my personal view is that letting things 
"default", is running a risk of forgetting this after a while, and then 
get into some kind of vicious unplanned situation some day in the 
future, when you make what you believe is a harmless change.



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Apache shows code when using IP address

[André Warnier]

Tanner Bachman wrote:
Sorry for wasting your time...I got it figured out. Apparently the IP address must be added to the Resin server as a virtualhost, so that Resin knows what to do with those requests. 


That may be a "patch", but it is not the correct explanation.
See my previous post.

To see why it may not be the correct patch, try to enter your IP address 
with an extra zero that should not normally matter, for example :

if your IP address was
100.200.21.123
then try
http://100.200.021.123/...



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Apache shows code when using IP address

[André Warnier]

Tanner Bachman wrote:
Hi Everyone, 

Forgive me if this seems like a stupid oversight on my part, but I've setup an Apache 2.2.x server with Resin and Railo for my ColdFusion site. This is all running on Ubuntu 9.04 Server. When I call the site by it's domain name, all is well. However, if I use the IP address of the site, it just shows the ColdFusion code of my page. I know this is probably just a simple config error on my part, but I'm stumped. I'm using virtual hosting like this: 



NameVirtualHost x.x.x.x:80 (x.x.x.x being my IP address) 
NameVirtualHost x.x.x.x:443 

# MYSITE.COM (NON-SSL) 
 
ServerAdmin m...@mysite.com 
ServerName www.mysite.com 
ServerAlias mysite.com 

DocumentRoot /var/www/mysite.com/www/ 

 
Options -Indexes FollowSymLinks 
AllowOverride None 
Order allow,deny 
Allow from all 
 

 

# MYSITE.COM (SSL) 
 
ServerAdmin m...@mysite.com 
ServerName www.mysite.com 
ServerAlias mysite.com 

DocumentRoot /var/www/mysite.com/www/ 

 
Options -Indexes FollowSymLinks 
AllowOverride None 
Order allow,deny 
Allow from all 
 

In very summary (and you should *really* read the VirtualHost 
documentation on the Apache website) :


Within each listening port (above : 80 and 443), the first VirtualHost 
which you define (top to bottom) is also the *default* VirtualHost.
That means that, whichever way the browser establishes a connection to 
your server, Apache will use that default VirtualHost configuration, 
/unless/ it finds an exact match between the hostname requested, and one 
of the defined VirtualHost "ServerName" or "ServerAlias".


In other words, when you enter in your browser
http://(ip-address):80/
it will look at all VirtualHosts defined for port 80, trying to match 
(ip-address) with a ServerName or ServerAlias.

Since it does not find any, it will default to the first VirtualHost.

That is the first issue.
The second one is that in your configuration, you use the same 
DocumentRoot for both your VirtualHosts.

But the configuration of these hosts is different.
In other words, anyone can bypass whatever you put as directives in the 
second host, by adressing the first one.


Suggestion :
- define a new first VirtualHost :80, before the existing one for port 
80, and set its DocumentRoot to something harmless (create a directory 
with just a dummy page), and use that directory as DocumentRoot.

Give it a
ServerName www.mysite.default
(it does not matter which name, as long as it is not www.mysite.com).
This new host will then (by virtue of being the first one named) become 
the default host, and people will get that one when they input an IP 
address instead of the registered hostname.


Then let's take it from there.
But read the doc first. There is a special page dedicated to VirtualHosts.



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Apache as File Server

[André Warnier]

Nitin Gupta wrote:

Hi All

 


In my application, I have a scenario in which user can upload various files.
I am persisting these files on the File System itself. I need to make a http
interface on these saved files. Can I make use of Apache web server to serve
these files from the file system over http protocol? If yes, then please
suggest a optimal configuration to make Apache a typical file server.


Suggestion for an optimal configuration :
- read the documentation at httpd.apache.org
- install Apache as per the documentation
- call up the starting page as per the documentation
- use the documentation to find out where this page is located on disk
- make some judicious logical deduction to figure out the answer to your 
question


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] core_output_filter errors... 404s on the site.

[André Warnier]

Vasiliy Boulytchev wrote:

Dear Apache Users...

We are seeing this in our web logs... along with users receiving 404s on the
site... The site is a php/mysql application.

[Fri Nov 06 00:52:31 2009] [info] [client 67.195.115.125] (32)Broken pipe:
core_output_filter: writing data to the network
[Fri Nov 06 00:52:32 2009] [info] [client 67.195.115.125] (32)Broken pipe:
core_output_filter: writing data to the network
[Fri Nov 06 00:52:32 2009] [info] [client 67.195.115.125] (32)Broken pipe:
core_output_filter: writing data to the network
[Fri Nov 06 00:52:32 2009] [info] [client 67.195.115.125] (32)Broken pipe:
core_output_filter: writing data to the network
[Fri Nov 06 00:52:33 2009] [info] [client 67.195.115.125] (32)Broken pipe:
core_output_filter: writing data to the network
[Fri Nov 06 00:52:34 2009] [info] [client 65.55.106.230] (104)Connection
reset by peer: core_output_filter: writing data to the network
[Fri Nov 06 00:52:36 2009] [info] [client 67.195.114.249] (32)Broken pipe:
core_output_filter: writing data to the network
[Fri Nov 06 00:52:37 2009] [info] [client 65.55.106.203] (104)Connection
reset by peer: core_output_filter: writing data to the network
[Fri Nov 06 00:52:37 2009] [info] [client 74.69.0.152] (32)Broken pipe:
core_output_filter: writing data to the network
[Fri Nov 06 00:55:52 2009] [info] [client 74.100.12.135] (32)Broken pipe:
core_output_filter: writing data to the network
[Fri Nov 06 00:56:18 2009] [info] [client 74.100.12.135] (32)Broken pipe:
core_output_filter: writing data to the network
[Fri Nov 06 00:57:26 2009] [info] [client 93.23.15.202] (70007)The timeout
specified has expired: core_output_filter: writing data to the network
[Fri Nov 06 00:57:37 2009] [info] [client 122.249.242.130] (70007)The
timeout specified has expired: core_output_filter: writing data to the
network
[Fri Nov 06 00:58:50 2009] [info] [client 65.48.150.43] (32)Broken pipe:
core_output_filter: writing data to the network
[Fri Nov 06 00:58:58 2009] [info] [client 112.135.234.199] (104)Connection
reset by peer: core_output_filter: writing data to the network
[Fri Nov 06 00:59:09 2009] [info] [client 93.23.15.202] (32)Broken pipe:
core_output_filter: writing data to the network
[Fri Nov 06 00:59:33 2009] [info] [client 112.135.234.199] (104)Connection
reset by peer: core_output_filter: writing data to the network



Forget the user-experienced 404 messages for a moment..

What you are seeing in the logs above is nothing really exceptional.
It means what it says : the server tried to send a response to the 
client, but the client was not there anymore.
That can happen when a user clicks the CANCEL or BACK button, or clicks 
on another link before this page is fully loaded.
A lot of users do that, all the time.  They just can not stop themselves 
from clicking all over.

Particularly if your site is slow to send the response to the user.

And in your log above, sometimes there are a few seconds between such 
events, and sometimes a few minutes.


This being said, it can also be that there is some problem in your 
network : for example a router or switch or firewall which closes the 
connections when it should not.


You need to run a tool like wireshark on a user station, to find out 
what happens, and how come the connection gets closed before pages are 
finished loading.


Now about the user 404 status.
You need to check in your access log, and error log, if the 404 
responses happen together with the broken pipes.
I think a 404 is a server response which means "the requested 
object/page does not exist".  It seems a bit strange that this would 
occur together with a broken connection.  I mean, if the server can send 
a 404 response to the client, then obviously the connection is not broken.

Or else, where does that 404 response come from ? a proxy ?
Installing a browser add-on like HttpFox (for Firefox) or Fiddler2 (for 
IE) would also help, on the client side, to see precisely what happens.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] http redirection to httpd

[André Warnier]

sangfroid wrote:

 Hi John,

Thank you for the reply. I also found one more way to do it ...

Added the following directive in httpd.conf



   RewriteEngine On
   ReWriteCond %{HTTPS} !=on
   RewriteRule .* https://%{HTTP_HOST}:443%{REQUEST_URI} [QSA,R=permanent,L]


However, now the problem is, I also needed the users to authenticate by
htaccess file. But keeping .htaccess file in /var/www/html/private is not
working. I mean in that case, first the system asks password in an unsecured
mechanism and then only https redirection is working. I wanted just the
reverse...first establish secure connection and then  only ask the user for
password...

Any clue on it ?? 

Then you will probably have to create 2 VirtualHost, and place your 
authentication in the HTTPS host.


Listen *:80
Listen *:443
...

  your HTTP host config


  your HTTPS host config

 
  AuthType Basic
  AuthName private
  ...
 



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Apache2 content generators

[André Warnier]

antoine wrote:

Eric Covener wrote:

On Thu, Nov 5, 2009 at 10:25 AM, antoine  wrote:
 

The first one(mine) adds some stuff to the html body and the
second one is the mod_php that takes the first's results and gives the
client the final page.




Is running PHP as a filter deprecated?  That'd be an option.

  

Sorry can you explain better. Thanks



Let me roll back a little bit, and then get back to Erik's question above.

Basically, there can only be one Apache "response generator" module.

There can be "input" filters before : they filter the HTTP request and 
can do something to the request, but not to the result yet, because it 
is not yet created.


Then there is one "response generator".  That is the one which (usually) 
gets the basic document from disk (or creates it from scratch), modifies 
it or not, and produces the HTTP response.


Then there can be more "output" filters, which act on the response 
already produced by the response generator above, and can modify it some 
more.


I am unfamiliar with mod_php, but I imagine that it usually functions 
itself like the "response genrator" above.  Thus, it picks up a document 
from disk, examines it to see if it contains any php to process, and if 
yes it processes this php and modifies the original document 
accordingly. Then it sends out the result as an HTTP response.


If that is how it works, then it is going to be difficult for you to 
insert something else before it.  Because then, your module would have 
to pick up the page from disk, do something to it, and then figure out a 
way to pass that modified document to mod_php to process.  But mod_php 
wants to pick up the original from disk also, so you have a problem.


On the other hand, if mod_php, like Erik mentions above, can also be 
configured to work as an output filter (instead of as the content 
generator), then this may be the solution.
Your module could then be "content generator" : pick up the original 
document from disk, produce a HTTP response, and that response would 
then be processed by mod_php acting as an output filter.


Got it ?
Now you have to check yourself if mod_php /can/ be configured to work as 
an output filter, like Erik seems to hint that it can, or could.




-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] pdf report generation - content type text/html

[André Warnier]

b k wrote:

Thanks!! Actually, it's a java based app on the WebSphere app server that
sends the response to Apache web server which in turn sends the response to
the browser. I tested the reports directly on the App server which are
working fine. I suspect something is wrong in the apache config. I also
checked mime.types file which includes pdf entry.


Apache will only generate itself the "Content-Type" and 
"Content-Disposition" response headers, if the file being served is a 
file that Apache itself picks up from the filesystem.  That is also when 
it uses the mime.types file (to try and guess the type).


When it is an application which generates this data (or file), then it 
is the responsibility of the application to add these 2 headers to the 
response (at least the Content-Type).
When Apache sees a response about to go out, without a Content-Type 
header, it will add one of it's own, but that is a default set in the 
configuration, usually set to

Content-Type: text/html
(because that is the most likely on a webserver)

So, whatever your application is, it is probably not producing this or 
these HTTP headers, which is why Apache adds its own default 'text/html' 
header, and that is the reason for the problem.


To my knowledge, there is nothing in Apache that will remove a 
Content-Type header set by an application and replace it by another one, 
unless you have specifically configured it to do that.


There are additional miseries in this due to the inconsistency of IE 
versions in interpreting the content coming from a webserver, but I 
believe that would be a second step, and you need to resolve the one 
above first.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Unexplained unresponsiveness of Apache httpd

[André Warnier]

Raj Iyer wrote:


I am currently dealing with a situation where the Apache httpd process
becomes unresponsive for some time. At the end of this time, the Apache
error log shows: 


[Mon Nov 2 13:27:49 2009] [warn] child process 7310 did not exit,
sending another SIGHUP
[Mon Nov 2 13:27:49 2009] [warn] child process 27558 did not exit,
sending another SIGHUP
[Mon Nov 2 13:27:49 2009] [warn] child process 751 did not exit, sending
another SIGHUP

. . . 


[Mon Nov  2 13:27:50 2009] [warn] child process 7164 still did not exit,
sending a SIGTERM

[Mon Nov  2 13:27:50 2009] [warn] child process 13494 still did not
exit, sending a SIGTERM

[Mon Nov  2 13:27:54 2009] [error] child process 26222 still did not
exit, sending a SIGKILL

[Mon Nov  2 13:27:54 2009] [notice] SIGHUP received.  Attempting to
restart

 

After this restart, the process resumes normal operation. 

It is not very clear if the messages above happen before, or after you 
have sent a "restart" command to your server.
Can you give a bit more details about what you are doing exactly, step 
by step, and what you mean by being "unresponsive" ?


Also, some additional information about the Apache version, the platform 
on which is running, etc.. would probably not be superfluous.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] mod_proxy port-based passthru

[André Warnier]

Marcos Mendez wrote:

Hi,

Is there an easy way to configure mod_proxy to let certain ports
passthru? I've got a couple of rewrite rules on port 80, but don't
know how to do that for SSL/443 for example so that the proxy does not
get involved.


For a simple answer, without digging into what you are really up to, see
http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#rewritecond
e.g.

RewriteCond %{HTTPS} !"^on$"

before your RewriteRule(s)

Now, I do not really understand how all requests to your server, both to 
HTTP (port 80) and to HTTPS (port 443), would end up going through the 
same RewriteRule(s), rather than being separated in more distinct area 
of your configuration.
So if you have further questions, I would suggest to provide a bit more 
information about your configuration and what you are trying to achieve.



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] mod security turned on, but having some issues

[André Warnier]

b k wrote:

Thanks for the immediate reply Andre!! I just installed HTTPFox and ran the
test again. You were right.
Content-Type on the working server is application/pdf
Content-Type on the non-working server is text/html

May I know why this is happening?


Unfortunately, about that I don't have a clue.
But now, with the above information, maybe someone else more familiar 
with mod_security will be able to help you.



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] mod security turned on, but having some issues

[André Warnier]

b k wrote:

Hi all,
The web application which I am currently supporting incorporates reports
generating functionality using Java Reporting Component which worked fine on
WebSphere App server and also Apache 2.2 before turning on the mod security
configuration. The app used to generate reports in a PDF format on both IE
and Firefox browsers pretty well. Now that the mod security config is turned
on, reports could not be generated properly on any browser. I have these
issues:
On IE: I get the File Download dialog with the warning "The file you are
downloading cannot be opened by the default program. It is either corrupted
or has an incorrect file type." Instead, the report should open Adobe Report
automatically.

On Firefox: All weird characters show up on the browser - looks like
encoding issue.

When I tested the above issue directly on the App server, there is no
problem which led me to suspect that Apache 2.2 configuration is the CAUSE
for this ISSUE.

Please help ASAP!!!

ASAP is never a good word to use on a forum where contributors donate 
their time to help. Specially not in UPPERCASE.


Maybe you should start by getting the following add-ons to your 
browsers, and then carefully examine the HTTP headers which they are 
receiving along with the problematic documents :

For IE : Fiddler2
For Firefox : HTTPFox of LiveHttpHeaders

If possible, compare these received headers with the ones you were 
receiving before.

That will really allow someone here to help you efficiently.

The headers to focus on are probably

Content-type
Content-disposition



-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] Apache on F11. ANY APPROACH ?excluding images pdfs etc from Https ( ssl ) routing

[André Warnier]

sieger...@gmail.com wrote:

Hi Folks

   - I am a squat on advanced Apache work. I would get a basic SSL
   functionality to work.

So https://foobar.com works fine and gets me all the login windows I
designed. however currently all the images and other extensions like .pdf
are also using the https routing.
some image referred on that https link
e.g. https://foobar.com/loginhere.jpeg c
can be displayed using https but not http
I would like to JUST limit https usage to the login window html and ALL
other images pdf's not secured html ( one that do not need password ) should
use HTTP NOT HTTPS
What I cannot really find ( and Apache modules make a graduate course , as I
am realizing with all the futile digging in ) is HOW do I tell apache that
if you find an image file ( .jpeg or .pdf ) if it comes to https convert all
that into http .Has that something to do with rewrite or redirect modules .



I think there is something basic which you should understand first :
Apache does not "decide" to send this or that via HTTPS.
Apache responds to a request from the browser.  If the browser requests 
an object with a https://.. URL, then Apache will respond that way.  If 
the browser requests an object using a http://... URL, then Apache will 
respond that way.


In other words, you have to make sure, in the pages *you* send back to 
the browser, that the links, from the browser point of view, evaluate to 
"http://.."; and not "https://..";.


Let me give you a simplified example.

1) The browser initially requests a page from the server, using (e.g.) a 
URL like

https://server.mycompany.com/login-page.html
That means that this browser is
  a) setting up a https connection to "server.mycompany.com"
  b) on that connection, sending a request for host 
"server.mycompany.com" and page "/login-page.html"


2) the server sends back the page, on the same https connection.
(Note that the connection is the one initiated by the browser. The 
server never initiates a connection to the browser. It just responds on 
the same connection which the browser has set up).


3) in that page, are links like :


4) the browser is going to "evaluate" these URLs, make them into "full" 
URLs, and then send new requests for those objects to the server.
In this case, the browser see that the URL is missing a protocol and a 
servername, so it will add them first.

What will it add ?
It will take the protocol and the servername from which this page 
(login-page) has "arrived". In other words, *the browser* here will take 
the URL "/images/myimage.gif", and add the protocol and the server, to give
"https://server.mycompany.com/images/myimage.gif";, and then *the 
browser* will requests this URL from the server.


5) the server gets this request and answers appropriately.

If, instead, the links to the images, in the page login-page.html, had 
been like

http://myserver.company.com/images/myimage.gif";>
then the browser would request this image on a non-https channel, and 
the server would respond on that non-https channel.


In other words, what happens is basically your problem, not Apache's.

The above is the simple way.
There are other, less efficient ways.

You can arrange, at the server level, that when it receives a request 
for "https://server.company.com/images/something";, it would *send a 
REDIRECT response* to the browser, telling the browser essentially : 
hey, that's the wrong address for that thing, please use this one instead.

That is called a 301 response, and you can do that with mod_rewrite.
The browser, when it receives this message, will then automatically 
initiate a *new connection* with the server, and re-request the same 
object using the URL which the 301 Apache response contained.


But consider that it is always less efficient than sending the correct 
link in the page in the first place, because you need a first request to 
the server, a server response, then a new request from the browser to 
the server before you get your image.


What Apache cannot do, at level (5) above, in the middle of the 
conversation, is decide to change the protocol of the connection from 
HTTPS to HTTP.  That would break the existing connection. And how would 
the browser know that it suddenly is going to receive a response on a 
new connection, set up by the server ?

That is not how HTTP works.
And that is also why you do not find anything that replies to your 
question in the Apache documentation or code : because, from a HTTP 
protocol point of view, it does not make any sense, so it's just not there.

Yes ?




-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] mod_rewrite and setenv

[André Warnier]

Andrei Iarus wrote:

Thanks very much for the fast responses. Can this info be added in the 
mod_rewrite documentation, as this is very important for future questions?
 

It's already there, see :
http://httpd.apache.org/docs/2.2/env.html
Some Caveats


OR: can the order of processing be changed?


Are you kidding ?

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] mod_proxy_ajp (2.2.13) + Tomcat 6.0.20 - APR does not understand this error code: proxy: read response failed

[André Warnier]

Damian Traverso wrote:

Hi,
we have one Apache-2.2.13 running mod_proxy_ajp + mod_proxy_balancer,
connected to (3) Tomcat-6.0.20 instances under Fedora release 8. We
are experiencing some issues with high CPU load on the Tomcat side,
and Apache starts logging errors like these

[Fri Oct 30 14:47:43 2009] [error] (70007)The timeout specified has
expired: ajp_ilink_receive() can't receive header
[Fri Oct 30 14:47:43 2009] [error] ajp_read_header: ajp_ilink_receive failed
[Fri Oct 30 14:47:43 2009] [error] (120006)APR does not understand
this error code: proxy: read response failed from

On Tomcat side we are using the APR Native Connector, with this settings:

 

Apache MPM conf:

ServerLimit 100

   StartServers 30
   MaxClients 2500
   MinSpareThreads  50
   MaxSpareThreads 100
   ThreadsPerChild  25
   MaxRequestsPerChild   0


mod_proxy_ajp conf:


   BalancerMember ajp://xxx.xxx.xxx.xxx:8009 route=app01 ttl=30 max=2
   BalancerMember ajp://xxx.xxx.xxx.xxx:8009 route=app02 ttl=30 max=2
   BalancerMember ajp://xxx.xxx.xxx.xxx:8009 route=app03 ttl=30 max=2


Apache specs:

Server version: Apache/2.2.13 (Unix)
Server built:   Sep 29 2009 11:12:35
Server's Module Magic Number: 20051115:23
Server loaded:  APR 1.3.8, APR-Util 1.3.9
Compiled using: APR 1.3.8, APR-Util 1.3.9
Architecture:   32-bit
Server MPM: Worker
 threaded: yes (fixed thread count)
 forked: yes (variable process count)


I've beeng testing different settings for mod_proxy_ajp, but I am not
sure what is the exact relation between the max option for mod_proxy
and ThreadsPerChild. Should I set max to 1? I understand I would have
as many connections to each Tomcat box as
max*(MaxClients/ThreadsPerChild), is this correct?

BTW, is the total number of connections that mod_proxy_ajp will
forward to Tomcat related with MaxThreads ? I don't fully understand
how APR connector works in this case.


Hi.
No great specialist here, but I'll go by the numbers above and give you 
my interpretation.


MaxClients 2500
on your webserver/balancer indicates how many requests you are willing 
to accept and process at the same time, at the Apache level.

ThreadsPerChild 25
means that, if you ever reach these 2500 simultaneous requests, Apache 
will create 100 children processes to handle them, since each child is 
limited to 25 threads, and 2500 / 25 threads -> 100 children.

(Which seems to match the ServerLimit. Good.)

It is so with the mod_jk connector, and probably also with mod_proy_ajp, 
that the connector will automatically calculate how many connections to 
make to Tomcat, based on the number of threads/processes above.


At the Tomcat level, the AJP Connector says
maxThreads="130"
and you have 3 Tomcats, thus for a total maximum number of threads of 
130 X 3 = 390.

One Tomcat thread processes one request at a time.
So the Tomcats, together, can process 390 requests at a time.

There seems to be a mismatch between the number of requests you accept 
in Apache (2500), and the number of threads available to process them in 
Tomcat (390). At the limit, you could have 390 requests being processed 
in Tomcat, and 2110 waiting to get a free Tomcat thread.


That is probably what you are seeing with this log message :
> [Fri Oct 30 14:47:43 2009] [error] (70007)The timeout specified has
> expired: ajp_ilink_receive() can't receive header

In other words, probably Apache/mod_proy_ajp got tired of waiting.

On the other hand, you indicate that the poor Tomcats are already 
struggling to cope with the load.  Increasing their number of threads is 
thus unlikely to help much.

So it looks like you need more Tomcats.
Or else reduce the MaxClients in Apache.
Or optimise your Tomcat webapps.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] accessing REMOTE_USER through an Apache proxy

[André Warnier]

Hi.

Glad to have been of help.
One more nitpick however, below, lest you remain partly confused.

Devin Bougie wrote:
...

With the latest posted configuration,
I am able to see the REMOTE_USER HTTP header from the backend GlassFish 
Web Application (using HttpServletRequest.getHeader("REMOTE_USER")).

OK, and correct.

  As
you explain, HttpServletRequest.getRemoteUser and getUserPrincipal both 
return null because they are looking for the REMOTE_USER cgi-bin 
environment variable.

No, they are not.
A cgi-bin environment variable is only set by a webserver when running a 
cgi-bin program.
A servlet is not a cgi-bin program, and the servlet container which runs 
it, does not set any "environment variables" for the servlet.
If HttpServletRequest.getRemoteUser and 
HttpServletRequest.getUserPrincipal return null, it is because they both 
look into the UserPrincipal object, which is probably not set, because 
you have not done any authentication (yet) in your servlet container.


You have just read a HTTP header, and gotten back a String as a result. 
 That does not, for the servlet container, constitute reason enough to 
take that String, consider it as a bona fide user-id, and set it into 
the UserPrincipal object so that HttpServletRequest.getRemoteUser would 
nicely return it. Hence the nulls.


So it looks like you still have some work to do.
But that is now a question which belongs to the GlassFish forum.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] VirtualHost Directory Not Found

[André Warnier]

Igor Cicimov wrote:

"
 


Which is usually a Bad Idea.
Tomcat knows that it should not serve, e.g., the contents of a WEB-INF 
directory.

Apache httpd does not know that.
So unless you proxy *everything* to Tomcat (which would then raise the 
question of why you have Apache), Apache will happily serve your 
WEB-INF/web.xml for instance (and anything else in there you thought was 
private).




-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org