Re: [users@httpd] Graceful draining of KeepAlive Connections
We had a similar issue with Keep-Alives so I catch USR1 in the application
code and set a flag and then at the end of that request I set connection
closed header and call child_terminate to kill off that child.
IIRC, MaxRequestsPerChild doesn't include the number of keep-alive
requests, so another thing to keep in mind.
Did you try reducing the keep-alive timeout? 60 seconds seems like a long
time to tie up a process.
On Tue, Nov 15, 2016 at 10:59 AM, Alex Kaiser <alextkai...@gmail.com> wrote:
> Hello,
>
> I am having trouble gracefully draining connections from httpd when we
> have KeepAlive turned on. The problem seems specific to idle KeepAlive
> connections. It looks like when a process has an established KeepAlive
> connection and we send the main httpd process a WINCH or a USR1 signal, the
> KeepAlive connection will stay alive until it gets another request, and
> then once it is finished with that request it will shut down. However, if
> it doesn't get another request on the connection, the process will hang
> around fro KeepAliveTimeout since you issued the signal. I would like for
> idle KeepAlive connections to shut down immediately, is this not
> technically possible for some reason? If it is possible, is it a bug that
> the connections stick around?
>
> The problem with them sticking around, is that when I want to fully shut
> down the server some of these KeepAlive connections might finally get a
> request, and thus if I hard kill a server before waiting KeepAliveTimeout,
> browsers can see errors.
>
> When I look at the server-status page, these processes change from K to G
> immediately, but will stay in the G mode the whole time they are waiting.
> When the mode of operation changes the SS column (seconds since last
> requests) doesn't get reset and will keep going up, so this could possibly
> go all the way up to KeepAliveTimeout * 2 if you start the restart process
> when a connection is near the KeepAliveTimeout.
>
> I've done most of my testing using Apache httpd 2.2.31 with mod_jk 1.2.31,
> I also did some testing with Apache httpd 2.4.23 with mod_jk 1.2.42 and saw
> the same behavior. I did most of my testing using the prefork module, but
> I also saw the same behavior when I twas testing with the event module.
> The KeepAlive settings I was using are:
>
> KeepAlive on
> KeepAliveTimeout 60
> MaxKeepAliveRequests 100
>
> The small python script I was using to test keepAlive connections (the
> behavior was the same when I was testing using browsers):
>
> import requests
> import time
>
> s = requests.Session()
> r = s.get("")
> print("Sleeping")
> time.sleep(500)
>
>
> Thanks,
> Alex Kaiser
>
--
Bill Moseley
mose...@hank.org
[users@httpd] HTTP status code 120020
Running: Apache/2.2.15 (Unix) Anyone see an HTTP status code "120020" in their logs? Our access logs include the HTTP status code so the format is ... GET "/some_path HTTP/1.1" 200 ... But sometimes I see: ... HTTP/1.1" 120020 ... And then there's an entry in the error log: (103) Software caused connection abort Very odd to see that status code.My assumption is those are clients that have disconnected before the response is returned. -- Bill Moseley mose...@hank.org
[users@httpd] How to use ScoreBoardFile?
I'm running Apache/2.2.15 (Unix) as prefork. In my httpd.conf I have: LoadModule status_module modules/mod_status.so ExtendedStatus On ScoreBoardFile /home/bill/scoreboard.score Location /server-status SetHandler server-status Allow from All /Location I can then go to /server-status and see the scoreboard data just fine. I'm running httpd as my own user, and it is creating a file, but it's only 8 bytes: $ ls -l ~/scoreboard.score -rw-rw-rw- 1 bill bill 8 May 19 11:11 /home/bill/scoreboard.score And the file contains: $ od -b ~/scoreboard.score 000 040 130 001 000 000 000 000 000 010 Which does not seem like it contains the scoreboard data. And lsof on either the parent or any child process doesn't show an open file to the scoreboard.score file. So, it appears that file is not being used. The reason I want to do this is because at times the web server is at MaxClients and can't access /server-status to see what request are using up all the child processes. I was looking to see if this Perl module would read the scoreboard file: http://search.cpan.org/~opi/Apache2-ScoreBoardFile-0.01/lib/Apache2/ScoreBoardFile.pm -- Bill Moseley mose...@hank.org
Re: [users@httpd] Prefork MPM: Locking of error logs during write?
On Sun, Sep 7, 2014 at 4:30 PM, Jeff Trawick traw...@gmail.com wrote: Apache httpd on Unix doesn't use locking. The file is opened in the parent with O_APPEND. If the writers inherit that descriptor, all is okay for small buffers; if a writer opens without O_APPEND, bad. Thanks Jeff, In my tests over the last few days it's clear that buffer is about 4K (On CentOS, anyway). I wrote tens of gigs of logs using 50 processes and never say any intermixing of the logs at all with the message 4K. With a larger log message it was easy to trigger the mixing of logs. Thanks for the information and confirmation. -- Bill Moseley mose...@hank.org
[users@httpd] Prefork MPM: Locking of error logs during write?
Apache 2.2.15 on Linux. When Apache children send output to stderr it ends up in my error_log file. Does Apache have any mechanism to prevent intermixing of this output? That is, if all Apache children write large ( but 4k) strings to stderr does Apache have anything to prevent inter mixing of the output? Apache doesn't do any locking or use semaphores to prevent concurrent writing to the log, correct? -- Bill Moseley mose...@hank.org
[users@httpd] mod_proxy SSL forward proxy
Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8r
OS X 10.6.8
I need help with a forward proxy setup and SSL.
I have created a simple httpd.conf file with two virtual hosts, listening on
8080 and 8443 (accepting SSL connections). I'm using a self-signed
certificate for testing. WIth this config both of these requests work just
fine:
http://localhost:8080/foo.txt
https://localhost:8443/foo.txt (issues a warning about the self-signed cert,
of course)
I enabled mod_proxy (and _http and _connect) and then I set up both Firefox
and Chrome to proxy http to localhost:8080 and https to localhost:8443.
The forward proxy works fine for non-SSL requests. Any non-SSL site I go to
is passed through my local Apache proxy. But, the SSL pages do not work,
and with LogLevel debug I see:
[Wed Aug 24 11:54:42 2011] [info] SSL Library Error: 336027803
error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request
speaking HTTP to HTTPS port!?
So, I assume I'm not understanding the configuration needed to proxy the SSL
requests.
Here's my httpd.config. Again, this config will serve local files over http
or https fine. And when a browser is set up to proxy via localhost:8080
normal http proxy works fine (and I can see all we pages I access logged as
they are proxied).
But, with the browser https proxy config set to localhost 8443 https
requests fails with the error above.
moseley@bair ~/Documents/apache $ cat httpd.conf
ServerRoot /Users/moseley/Documents/apache
PidFile apache.pid
Lockfile accept.lock
LoadModule ssl_module /usr/libexec/apache2/mod_ssl.so
LoadModule proxy_module /usr/libexec/apache2/mod_proxy.so
LoadModule proxy_http_module /usr/libexec/apache2/mod_proxy_http.so
LoadModule proxy_connect_module
/usr/libexec/apache2/mod_proxy_connect.so
LoadModule log_config_module /usr/libexec/apache2/mod_log_config.so
LogLevel Debug
CustomLog logs/access_log \
%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\ %b
Listen localhost:8080
Listen localhost:8443
DocumentRoot /Users/moseley/Documents/apache/htdocs
ServerName hank.org
SSLSessionCache dbm:ssl.cache
VirtualHost *:8080
ProxyRequests ON
/VirtualHost
VirtualHost *:8443
ProxyRequests ON
# This needed?
AllowCONNECT 443 8443
SSLEngine on
SSLCertificateFile certs3/server.crt
SSLCertificateKeyFile certs3/server.key
#SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
/VirtualHost
--
Bill Moseley
mose...@hank.org
Re: [users@httpd] mod_proxy SSL forward proxy
On Wed, Aug 24, 2011 at 12:47 PM, J-H Johansen ondeman...@gmail.com wrote: I've never used Apache like this before but I suspect that you may need the SSLProxyEngine directive as well. http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslproxyengine Thanks. I was just about to update my message --- I have tried that too, that is: ... VirtualHost *:8443 ProxyRequests ON SSLProxyEngine ON ... And I get the same results with using wget instead of a browser (just to isolate that part of the problem): moseley@bair ~/Documents/apache $ cat ~/.wgetrc https_proxy = https://localhost:8443 moseley@bair ~/Documents/apache $ wget https://mail.google.com/ --2011-08-24 12:48:42-- https://mail.google.com/ Resolving localhost... 127.0.0.1, ::1, fe80::1 Connecting to localhost|127.0.0.1|:8443... connected. Failed reading proxy response: Unknown error: 0 Retrying. Then in the logs same error: [Wed Aug 24 12:48:55 2011] [info] SSL Library Error: 336027803 error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request speaking HTTP to HTTPS port!? -- Bill Moseley mose...@hank.org
Re: [users@httpd] mod_proxy SSL forward proxy
On Wed, Aug 24, 2011 at 2:14 PM, Björn Zettergren bjorn.zetterg...@basefarm.se wrote: Hi Bill, I tried your config and i can recreate your problem. But as Eric just said in another mail, your browser is not using https to speak to https proxy. And i verified that wget speaks http when you point out the https_proxy environment variable. Ah, ok. I saw the CONNECT in a wireshark trace and just assumed I needed SSL enabled. Turning off SSLEngine and all woks as expected. Thanks, I get the same errors as you mention when i run lwp-request with HTTP (naturally): $ lwp-request -m GET -p http://localhost:8443/; https://www.google.com However, when i explicitly tell lwp-request to use HTTPS it works fine! $ lwp-request -m GET -p https://localhost:8443/; https://www.google.com So, your config is not at fault really, maybe the implementation is though. /Björn --**--**- The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/**userslist.htmlhttp://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.**apache.orgusers-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscribe@**httpd.apache.orgusers-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org -- Bill Moseley mose...@hank.org
[EMAIL PROTECTED] mod_access = mod_authz_host change
I have a httpd.conf file that runs on multiple machines -- where a different collection of modules are compiled in. So, I use IfModule to test if the module is loaded, and load if if needed. But, now I have one machine running 2.0.54 and another 2.2 so on one machine I need mod_access and the other mod_authz_host. Can I write httpd.conf to know which module to load so it will work on both versions? Both machines are Debian, with Stable showing: $ /usr/sbin/apache2 -l Compiled in modules: core.c mod_access.c mod_auth.c mod_log_config.c mod_logio.c mod_env.c mod_setenvif.c prefork.c http_core.c mod_mime.c mod_status.c mod_autoindex.c mod_negotiation.c mod_dir.c mod_alias.c mod_so.c And on Sid: $ /usr/sbin/apache2 -l Compiled in modules: core.c mod_log_config.c mod_logio.c prefork.c http_core.c mod_so.c Frankly, that seems a bit sparse for me. Hard to imagine never needing Allow. -- Bill Moseley [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] (75)Value too large for defined data type
Apache/2.0.54 on Debian Stable. The file is 2.3GB (2,398,513,344) so I assume that the file is just too large for this build of Apache. In the log file I get: [Fri Sep 29 10:34:38 2006] [error] (75)Value too large for defined data type: access to /training/webcasts/webcast_data/161/webcast.mov failed But, there's a few odd things that happen I'm not clear on: 1) Google for that error message turns up hits for gzip, but I'm not using mod_deflate or any other compression on this server so I'm confused about that connection. 2) I'm getting a forbidden error -- seems like the wrong error code: The error page is: Forbidden You don't have permission to access /training/webcasts/webcast_data/161/webcast.mov on this server. 3) I also get this: Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. Yet, there's no message in the log about that, and I'm not using an ErrorDocument 403 in the config, only a 502. $ fgrep -i errordocument production/front_httpd.conf ErrorDocument 502 /static/Error_502.html And, if I chmod foo.txt in the same directory and access it I get a normal 403 page. BTW, the server is AMD Opteron(tm) Processor 144 -- Bill Moseley [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Content-Length: 0 on SSL POSTs with IE
On Debian Stable: Apache/2.0.54 (Debian GNU/Linux) mod_ssl/2.0.54 OpenSSL/0.9.7e DAV/2 SVN/1.1.4 The front-end server is Internet facing and listens to port 80 and 443 SSL. It proxies request to a back-end Apache mod_perl server. I have one user that when they post a form *in SSL* mode the post fails due to lack of correctly posted data: The content-length header is zero. When they post to a form that is not SSL then it works fine. This seems to be the case of: http://support.microsoft.com/default.aspx?kbid=831167 And discussed here: http://geekswithblogs.net/timh/archive/2006/01/26/67183.aspx I can dump request headers on the mod_perl server and I can see the request has a content-length of zero: Here's the request headers on the back-end server: Cache-Control: no-cache Via: 1.1 foo Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */* Accept-Encoding: gzip, deflate Accept-Language: en-us Host: 127.0.0.1:10443 Max-Forwards: 10 Referer: https://foo/workshop/register/billing User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Content-Length: 0 Content-Type: application/x-www-form-urlencoded Cookie: session=2e4e14be71afa8ae92dea02cb9c4a4a389d3 X-Forwarded-For: 64.166... X-Forwarded-Host: foo X-Forwarded-Server: foo What I'm not clear on is that Microsoft report says this is a result of a change to IE that makes IE: ...retries POST requests when a Web server resets the connection. Programs that use Windows Internet (Wininet) application programming interface (API) functions to post data (such as a user name or a password) to a Web server retry the POST request without including the POST data if the Web server closes (or resets) the initial connection request. Since my SSL server is on the front end I can't (or don't know how to) see the actual request headers. But the front access_log only shows *one* POST so I don't see how it would be retrying the request. That is, how do I know if the front-end server is resetting the request? Is this something at the tcp level (I could see with ethereal) or something within the SSL http request that I couldn't see with ethereal/wireshark? Or is Microsoft making this up and just failing to submit the posted data for some reason when in SSL mode. -- Bill Moseley [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Using .htaccess in a front-end/back-end setup
I have a front-end apache that proxies most requests to a back end
server. I use mod_rewrite to determine what should go to the
back-end server.
Basically, I'm wonder when in the request cycle Apache deals with
.htaccess. I guess it would have to be after mod_rewrite because
mod_rewrite can, well, rewrite the request.
The problem is a request in our setup for /foo/bar.html is handled by
the back end server where /foo/bar.pdf is handled by the front end
server.
More specifically:
Basically, all request execpt /js, /css and requests that have an extension
that
*isn't* .html then it's handled by the front-end server (as pure
static content).
Then everything else goes to the back end server -- which is the app
server:
RewriteCond %{REQUEST_URI} !/js/
RewriteCond %{REQUEST_URI} !/css/
RewriteCond %{REQUEST_URI} \.\w+$
RewriteCond %{REQUEST_URI} !\.html$
RewriteRule ^/(.+)$ /domains/default/$1 [last]
# Proxy everything else
RewriteRule (.+) http://127.0.0.1:10080$1 [proxy]
It's a somewhat confusing setup in that the front-end and back-end
have basically the same document root so in a directory
docroot/foo
index.html - servered by the back end server
foo.pdf - served by the front end server.
Of course, now the client want to use .htaccess. But, for requests
that get proxied .htaccess is never read (because the request has
been sent to the backend server).
What I'd like to do is, before mod_rewrite looks at the request and
proxies to the back-end, be able to 1) Redirect, and 2) use Basic
Auth to control access.
Any suggestions?
--
Bill Moseley
[EMAIL PROTECTED]
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Using .htaccess in a front-end/back-end setup
This is on: Apache/2.0.55
On a related note, I can't seem to get access control working in my
.htaccess files. I'm wondering if my RewriteRule could be confusing
things.
The .htaccess file contains only these two lines:
deny from all
Redirect /foo/ls.apache http://apache.org/
Redirect in the .htaccess files works, so Apache is reading
the file (and can also be seen by the strace output below).
$ HEAD -S http://localhost/foo/ls.apache
HEAD http://localhost/foo/ls.apache -- 302 Found
HEAD http://apache.org/ -- 200 OK
But the deny isn't:
$ HEAD -S http://localhost/foo/ls.txt
HEAD http://localhost/foo/ls.txt -- 200 OK
So, I must be missing something obvious about access control.
Apache isn't complaining about the deny from all in .htaccess so
it must be processing that directive ok.
My document root is set and I allow overrides:
Directory /
AllowOverride none
Allow from none
/Directory
Options none
Options +FollowSymLinks
DocumentRoot /home/moseley/WS2/root
Directory /home/moseley/WS2/root/domains
AllowOverride All
/Directory
No other AllowOverride exists in httpd.conf.
And note that on my front-end server I have a RewriteRule to
prefix the path with /domains/default:
RewriteRule ^/(.+)$ /domains/default/$1 [last]
That is, a request for
/foo/ls.txt
gets serverd from
docroot/domains/default/foo/ls.txt
I have this directory:
$ ls -la /home/moseley/WS2/root/domains/default/foo
total 12
drwxr-xr-x 2 moseley moseley 35 2006-09-04 13:36 .
drwxr-xr-x 7 moseley moseley 4096 2006-09-04 13:14 ..
-rw-r--r-- 1 moseley moseley 14 2006-09-04 13:33 .htaccess
-rw-r--r-- 1 moseley moseley 336 2006-09-04 13:12 ls.txt
Here's the strace those that shows it reading the .htaccess file,
although that's obvious because the redirect works.
read(9, HEAD /foo/ls.txt HTTP/1.1\r\nTE: d..., 8000) = 123
stat64(/domains, 0xbfffe830) = -1 ENOENT (No such file or directory)
stat64(/home/moseley/WS2/root/domains/default/foo/ls.txt,
{st_mode=S_IFREG|0644, st_size=336, ...}) = 0
open(/home/moseley/WS2/root/domains/.htaccess, O_RDONLY) = 10
read(10, Redirect /foobar.html http://bum;..., 4096) = 95
read(10, , 4096) = 0
close(10) = 0
open(/home/moseley/WS2/root/domains/default/.htaccess, O_RDONLY) = -1 ENOENT
(No such file or directory)
open(/home/moseley/WS2/root/domains/default/foo/.htaccess, O_RDONLY) = 10
read(10, deny from all\nRedirect /foo/ls.a..., 4096) = 57
open(/home/moseley/WS2/root/domains/default/foo/ls.txt/.htaccess, O_RDONLY) =
-1 ENOTDIR (Not a directory)
open(/home/moseley/WS2/root/domains/default/foo/ls.txt, O_RDONLY) = 10
writev(9, [{HTTP/1.1 200 OK\r\nDate: Mon, 04 S..., 370}], 1) = 370
write(8, 127.0.0.1 - - [04/Sep/2006:13:42..., 100) = 100
# Proxy everything else
RewriteRule (.+) http://127.0.0.1:10080$1 [proxy]
It's a somewhat confusing setup in that the front-end and back-end
have basically the same document root so in a directory
docroot/foo
index.html - servered by the back end server
foo.pdf - served by the front end server.
Of course, now the client want to use .htaccess. But, for requests
that get proxied .htaccess is never read (because the request has
been sent to the backend server).
What I'd like to do is, before mod_rewrite looks at the request and
proxies to the back-end, be able to 1) Redirect, and 2) use Basic
Auth to control access.
Any suggestions?
--
Bill Moseley
[EMAIL PROTECTED]
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Bill Moseley
[EMAIL PROTECTED]
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Using .htaccess in a front-end/back-end setup
On Mon, Sep 04, 2006 at 05:10:23PM -0400, Joshua Slive wrote: In general, I think you should tell your clients that it isn't possible to use .htaccess in those cases. Even if you can get it to work, it would be a fragile config since you are having apache act at the file-system level to restrict requests that aren't served by apache out of the filesystem. Thanks, that's probably best advice. I've got a config file I use for creating httpd.conf, and it now has sections for Redirects and for protecting by basic auth (using Location) which seems to work. They are just going to have to learn to reload the server when they make changes. I don't like using .htaccess, in general. Thanks. Oh, and using order didn't help either. Not sure why, but have to move on. ;) -- Bill Moseley [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] troubleshooting apache performance
On Thu, Aug 17, 2006 at 07:48:45AM -0600, Ray wrote: The behaviour I am seeing is that sometimes page requests are normal, sometimes pages load slow, and sometimes they don't load at all and the user gets a 'cannot find server' error message, and all occur in no particular order within a short period of time on the same user machine. Same machine? I was going to suggest looking at DNS issues. -- Bill Moseley [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Help with mod_rewrite rules
I'm trying to use a skip rule after a RewriteCond, but then the
conditions are not checked.
I've got these rewrite rules:
RewriteCond %{REQUEST_URI} \.(jpe?g|gif|png|txt|doc|ppt|pdf)$
RewriteCond %{REQUEST_URI} !/css/
RewriteRule ^/(.+)$ /domains/default/$1 [last]
The goal is for any for those file types to rewrite the path. This
works fine and the log shows:
init rewrite engine with requested uri /foo.txt
applying pattern '^/(.+)$' to uri '/foo.txt'
RewriteCond: input='/foo.txt' pattern='\.(jpe?g|gif|png|txt|doc|ppt|pdf)$'
= matched
RewriteCond: input='/foo.txt' pattern='!/css/' = matched
rewrite /foo.txt - /domains/default/foo.txt
local path result: /domains/default/foo.txt
Now the problem. When there's a path prefix of Rural then I want
to not rewrite to /domains/default but rather to /domains/Rural.
So this is my attempt:
RewriteCond %{REQUEST_URI} \.(jpe?g|gif|png|txt|doc|ppt|pdf)$
RewriteCond %{REQUEST_URI} !/css/
RewriteRule ^/Rural - [skip=1,nocase]
RewriteRule ^/(.+)$ /domains/default/$1 [last]
RewriteRule ^/(?:Rural/)?(.+)$ /domains/Rural/$1[last,nocase]
So, the idea is if it matches /Rural it skips a rule and uses the
last rule to rewrite to /domains/Rural. Otherwise it rewrites to
/domains/default.
But when I do this the RewriteCond no longer is matched for /foo.txt:
init rewrite engine with requested uri /foo.txt
applying pattern '^/Rural' to uri '/foo.txt'
applying pattern '^/(.+)$' to uri '/foo.txt'
rewrite /foo.txt - /domains/default/foo.txt
local path result: /domains/default/foo.txt
prefixed with document_root to
/home/moseley/WS2/root/domains/default/foo.txt
go-ahead with /home/moseley/WS2/root/domains/default/foo.txt [OK]
but is for /Rural/foo.txt
init rewrite engine with requested uri /Rural/foo.txt
applying pattern '^/Rural' to uri '/Rural/foo.txt'
RewriteCond: input='/Rural/foo.txt'
pattern='\.(jpe?g|gif|png|txt|doc|ppt|pdf)$' = matched
RewriteCond: input='/Rural/foo.txt' pattern='!/css/' = matched
applying pattern '^/(?:Rural/)?(.+)$' to uri '/Rural/foo.txt'
rewrite /Rural/foo.txt - /domains/Rural/foo.txt
local path result: /domains/Rural/foo.txt
prefixed with document_root to /home/moseley/WS2/root/domains/Rural/foo.txt
go-ahead with /home/moseley/WS2/root/domains/Rural/foo.txt [OK]
It's vaguely familiar that it's a problem with how the RewriteCond
fires after the RewriteRule.
Am I not remembering how skip works? Can I not use RewriteCond this
way?
I suppose the simple way is the following:
RewriteCond %{REQUEST_URI} \.(jpe?g|gif|png|txt|doc|ppt|pdf)$
RewriteCond %{REQUEST_URI} !/css/
RewriteCond %{REQUEST_URI} ^/Rural [nocase]
RewriteRule ^/(?:Rural/)?(.+)$ /domains/Rural/$1[last,nocase]
# now non-rural, do the same.
RewriteCond %{REQUEST_URI} \.(jpe?g|gif|png|txt|doc|ppt|pdf)$
RewriteCond %{REQUEST_URI} !/css/
RewriteRule ^/(.+)$ /domains/default/$1 [last]
--
Bill Moseley
[EMAIL PROTECTED]
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Help with mod_rewrite rules
On Thu, Aug 10, 2006 at 08:38:32PM -0400, Joshua Slive wrote:
On 8/10/06, Bill Moseley [EMAIL PROTECTED] wrote:
I suppose the simple way is the following:
RewriteCond %{REQUEST_URI} \.(jpe?g|gif|png|txt|doc|ppt|pdf)$
RewriteCond %{REQUEST_URI} !/css/
RewriteCond %{REQUEST_URI} ^/Rural [nocase]
RewriteRule ^/(?:Rural/)?(.+)$ /domains/Rural/$1[last,nocase]
# now non-rural, do the same.
RewriteCond %{REQUEST_URI} \.(jpe?g|gif|png|txt|doc|ppt|pdf)$
RewriteCond %{REQUEST_URI} !/css/
RewriteRule ^/(.+)$ /domains/default/$1 [last]
RewriteConds apply only to the RewriteRule immediately following them.
There are various ways to avoid having to write the same conds
multiple times, for example:
RewriteCond %{REQUEST_URI} !\.(jpe?g|gif|png|txt|doc|ppt|pdf)$
RewriteCond %{REQUEST_URI} ^/css/
RewriteRule .* - [L]
RewriteRule ^/(.+)$ /domains/default/$1 [last]
RewriteRule ^/(?:Rural/)?(.+)$ /domains/Rural/$1[last,nocase]
I see. I was thinking the Skip feature wouldn't really count. ;)
I build the httpd.conf with templates so it's not much problem
repeating.
I also realized that only .html needs to get proxied to my backend,
so I can just look for any files with an extension that doesn't end
in .html:
RewriteCond %{REQUEST_URI} !/css/
RewriteCond %{REQUEST_URI} \.\w+$
RewriteCond %{REQUEST_URI} !\.html$
RewriteRule ^/(.+)$ /domains/default/$1 [last]
Thanks!
--
Bill Moseley
[EMAIL PROTECTED]
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Can't bind to port on boot
Foreign Address State PID/Program name tcp0 0 0.0.0.0:802 0.0.0.0:* LISTEN 1468/rpc.statd tcp0 0 0.0.0.0:56660.0.0.0:* LISTEN 1413/inetd tcp0 0 0.0.0.0:79 0.0.0.0:* LISTEN 1413/inetd tcp0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1246/portmap tcp0 0 0.0.0.0:113 0.0.0.0:* LISTEN 1422/oidentd tcp0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1464/sshd tcp0 0 0.0.0.0:23 0.0.0.0:* LISTEN 1413/inetd tcp0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 1435/postmaster connections Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name iptables Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination /usr/sbin/apache2 -k start -f /home/moseley/WS2/server_root/test_production/back_httpd.conf Server on port 10082/11443 Apache start for back/test_production: ok --- AFTER STARTING APACHE --- listening ports Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 127.0.0.1:10082 0.0.0.0:* LISTEN 1505/apache2 tcp0 0 0.0.0.0:802 0.0.0.0:* LISTEN 1468/rpc.statd tcp0 0 0.0.0.0:56660.0.0.0:* LISTEN 1413/inetd tcp0 0 0.0.0.0:79 0.0.0.0:* LISTEN 1413/inetd tcp0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1246/portmap tcp0 0 0.0.0.0:113 0.0.0.0:* LISTEN 1422/oidentd tcp0 0 127.0.0.1:11443 0.0.0.0:* LISTEN 1505/apache2 tcp0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1464/sshd tcp0 0 0.0.0.0:23 0.0.0.0:* LISTEN 1413/inetd tcp0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 1435/postmaster connections Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name -- Bill Moseley [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Can't bind to port on boot
On Fri, Jul 28, 2006 at 07:38:45AM -0700, Bill Moseley wrote: Cannot assign requested address: make_sock: could not bind to address 208.97.158.169:1443 no listening sockets available, shutting down Unable to open logs To follow up, I tried with a different port number and get the same thing: Cannot assign requested address: make_sock: could not bind to address 208.97.158.169:21443 no listening sockets available, shutting down Unable to open logs So now I'm even more lost. I'm not sure why it also says Unable to open logs -- both set of logs (front and back server) are written to the same directory. -- Bill Moseley [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Re: Can't bind to port on boot
On Fri, Jul 28, 2006 at 06:41:24PM +0200, Joost de Heer wrote: Cannot assign requested address: make_sock: could not bind to address 208.97.158.169:1443 no listening sockets available, shutting down Unable to open logs Is the network up before you start Apache? If your machine doesn't have this IP address yet, it'll fail. Well, of course. The machine has a number of IP addresses bound to the same interface. That indeed is the problem. I didn't even consider that because there's another web server bound to that same IP address. In fact there's a number of web servers that run and they are get spawned by an init.d script called httpd. The reason I didn't consider it is because of this: $ ls /etc/rc2.d/ | egrep '(ifp|httpd)' S20httpd S20httpd2 S91ifp_httpd S20httpd starts the server listening on port 80, and S91ifp_httpd starts the server listening on port 83/1443. So, logically you would think the interface is up when S91 runs if port 80 is coming up. I guess there's some Dreamhost magic happening in the background to make the port 80 server wait until the interface is up. I've got a support request into Dreamhost, but of course they will think it's not their problem since I'm running my own init.d script. That S91 script is the last in the run-level so the interfaces are coming up some other way. That's one of the problems with using a managed dedicated server. May I ask why you're binding on a specific address, instead of all interfaces? Multiple web servers. -- Bill Moseley [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] IE and redirect to SSL
[Sorry if you were on thelist and saw this already] Apache 2.0.55 - Debian Stable. I've got some odd log entries when using Internet Explorer. I have a site that when you click the login link it will do a http redirect to the SSL version of the site. I'm using correct URLs in my redirect and the fetched https page has all style sheets, javascript and images uisng full, absolute URLs. The page validates XHTML strict. Now, for testing I run on port 82 and 1443. Works fine in Firefox, and Opera, but in IE I get this in my logs. Here you can see IE making the inital /login request, and being redirected to the https version: 192.168.1.32 - - [21/Jun/2006:19:30:07 -0700] GET /login HTTP/1.1 302 - http://bumby:82/; Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; T312461) 192.168.1.32 - - [21/Jun/2006:19:30:18 -0700] GET /login HTTP/1.1 200 2373 http://bumby:82/; Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; T312461) Now, IE makes these requests -- I assume it's trying to fetch the images, css, and javascript files, but look at that odd request: 192.168.1.32 - - [21/Jun/2006:19:30:18 -0700] \x16\x03 200 7744 - - 192.168.1.32 - - [21/Jun/2006:19:30:18 -0700] \x16\x03 200 7743 - - 192.168.1.32 - - [21/Jun/2006:19:30:18 -0700] \x16\x03 200 7744 - - 192.168.1.32 - - [21/Jun/2006:19:30:19 -0700] \x16\x03 200 7742 - - 192.168.1.32 - - [21/Jun/2006:19:30:18 -0700] \x16\x03 200 7743 - - 192.168.1.32 - - [21/Jun/2006:19:30:19 -0700] \x16\x03 200 7744 - - 192.168.1.32 - - [21/Jun/2006:19:30:19 -0700] \x16\x03 200 7742 - - 192.168.1.32 - - [21/Jun/2006:19:30:19 -0700] \x16\x03 200 7742 - - And then IE displays the page without any styling or images. If I hit the reload button on IE then the page loads correctly (and the Apache logs show I get the same results using a different machine running IE, with slightly different requests: 7.62.247.1 - - [21/Jun/2006:18:50:31 -0700] GET /admin/registration/34982 HTTP/1.1 200 3110 http://bumby:82/admin/class/581; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) 7.62.247.1 - - [21/Jun/2006:18:50:31 -0700] \x16\x03 200 7711 - - 7.62.247.1 - - [21/Jun/2006:18:50:31 -0700] \x80L\x01\x03 200 7744 - - 7.62.247.1 - - [21/Jun/2006:18:50:31 -0700] \x16\x03 200 7742 - - 7.62.247.1 - - [21/Jun/2006:18:50:31 -0700] \x80L\x01\x03 200 7745 - - 7.62.247.1 - - [21/Jun/2006:18:50:31 -0700] \x80L\x01\x03 200 7711 - - 7.62.247.1 - - [21/Jun/2006:18:50:31 -0700] \x80L\x01\x03 200 7751 - - 7.62.247.1 - - [21/Jun/2006:18:50:31 -0700] \x80L\x01\x03 200 7749 - - 7.62.247.1 - - [21/Jun/2006:18:50:31 -0700] \x80L\x01\x03 200 7744 - - 7.62.247.1 - - [21/Jun/2006:18:50:32 -0700] \x80L\x01\x03 200 7711 - - Now, if I run at the standard ports of 80/443 then IE works fine and doesn't show this problem. Anyone seen this before? Any idea what's confusing IE? That https is not the standard port 443? -- Bill Moseley [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] mod_cache
Is there a better list to use for questions about core modules? I'm using mod_cache on Apache 2.0.55 (Debian Sid) with the following config: ProxyViaOn CacheRoot /var/cache/apache2/proxy CacheSize 1000 CacheMaxExpire 300 CacheIgnoreHeaders Set-Cookie ProxyReceiveBufferSize 16384 CacheEnable disk / proxy * allow from all /proxy And I'm using a reverse proxy to connect to the back end machine. The back end machine provides Last-Modified, Expires, and Cache-Control headers. When I first start up Apache files are cached. But, once they expire then they are no longer cached and *always* fetch from the back end server. It's as if the front end mod_cache server is not updating it's Expires date. Maybe I don't understand CacheMaxExpire setting?? For example here's two requests that were handled by the cache (note the Age: header. The back end server was not accessed for these requests. [EMAIL PROTECTED]:~/WS2$ HEAD http://bumby:82/css/style.css 200 OK Cache-Control: max-age=300 Connection: close Date: Fri, 19 May 2006 20:35:57 GMT Via: 1.1 localhost:82 Age: 223 Server: Apache/2.0.55 (Debian) mod_ssl/2.0.55 OpenSSL/0.9.8a Content-Length: 2264 Content-Type: text/css Expires: Fri, 19 May 2006 20:37:14 GMT Last-Modified: Sun, 29 Jan 2006 14:59:44 GMT Client-Date: Fri, 19 May 2006 20:35:57 GMT Client-Peer: 192.168.1.2:82 Client-Response-Num: 1 [EMAIL PROTECTED]:~/WS2$ date -u Fri May 19 20:36:19 UTC 2006 [EMAIL PROTECTED]:~/WS2$ HEAD http://bumby:82/css/style.css 200 OK Cache-Control: max-age=300 Connection: close Date: Fri, 19 May 2006 20:36:21 GMT Via: 1.1 localhost:82 Age: 247 Server: Apache/2.0.55 (Debian) mod_ssl/2.0.55 OpenSSL/0.9.8a Content-Length: 2264 Content-Type: text/css Expires: Fri, 19 May 2006 20:37:14 GMT Last-Modified: Sun, 29 Jan 2006 14:59:44 GMT Client-Date: Fri, 19 May 2006 20:36:21 GMT Client-Peer: 192.168.1.2:82 Client-Response-Num: 1 Now, once it got to 300 seconds the front-end server (running mod_cache) *always* fetches the document from the back-end server: [EMAIL PROTECTED]:~/WS2$ HEAD http://bumby:82/css/style.css 200 OK Cache-Control: max-age=300 Connection: close Date: Fri, 19 May 2006 20:37:41 GMT Via: 1.1 localhost:82 Server: Apache/2.0.55 (Debian) mod_perl/2.0.2 Perl/v5.8.8 Content-Length: 2264 Content-Type: text/css Expires: Fri, 19 May 2006 20:42:41 GMT Last-Modified: Sun, 29 Jan 2006 14:59:44 GMT Client-Date: Fri, 19 May 2006 20:37:42 GMT Client-Peer: 192.168.1.2:82 Client-Response-Num: 1 [EMAIL PROTECTED]:~/WS2$ HEAD http://bumby:82/css/style.css 200 OK Cache-Control: max-age=300 Connection: close Date: Fri, 19 May 2006 20:37:47 GMT Via: 1.1 localhost:82 Server: Apache/2.0.55 (Debian) mod_perl/2.0.2 Perl/v5.8.8 Content-Length: 2264 Content-Type: text/css Expires: Fri, 19 May 2006 20:42:47 GMT Last-Modified: Sun, 29 Jan 2006 14:59:44 GMT Client-Date: Fri, 19 May 2006 20:37:47 GMT Client-Peer: 192.168.1.2:82 Client-Response-Num: 1 Note that the back-end server returns both Cache-Control and Expires headers without regard to http/1.0 vs http/1.1. Not sure if that might be a problem or not. -- Bill Moseley [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users@httpd] Why sub-requests for docroot/extra path?
On Tue, Jun 07, 2005 at 09:28:25AM +0200, Boyle Owen wrote: I have a setup with the document root with no access, but then I allow access to individual subdirectories (normally via basic auth). I've read your post three times and can't decide if it's a general philosophical question or if you really have a problem. - what do you want to happen? - what is happening that you don't want? I have an error in the logs and not sure why -- so I'm looking to understand what's happening and why and how it can be resolved. I don't want to ignore errors. -- Bill Moseley [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
