from:"H"

On 04/09/2021 03:50 PM, H wrote:
> I have been trying to configure running both php 7.0 and 7.2 on one host, 
> certain sites using the former and others the latter. That's another thread 
> though.
>
> However, I have some more questions given that my configuration is 
> x.x.x.x/site1, x.x.x.x/site2 etc, I have separate conf files in 
> /etc/httpd/conf.d/, one for each of site1, site2 etc, using this format:
>
> 
>     ServerAdmin 
>     ServerName x.x.x.x
>     DocumentRoot /var/www/html/
>     Include /etc/httpd/conf.d/rh-php70-php-fpm.conf
>     ErrorLog /var/log/httpd/site1-error.log
>     CustomLog /var/log/httpd/site1-access.log combined
> 
>
> The above is for x.x.x.x/site1, the others are similar except using site2 etc 
> etc. The sites are in /var/www/html/site1, /var/www/html/site2 etc.
>
> - Is this the correct format? Ie, I shall have one  in each 
> of those files? Or, does this need to be configured differently?
>
> - I want to log x.x.x.x/site1 errors to its own file, site1-error.log, and 
> all accesses to site1 to its own file, the customlog file above. Site2 should 
> be logged to its files etc. Yet I seem to end up with logentries for 
> different subsites in the files which makes me suspect something is 
> incorrectly configured...
>
>
For some reason I can get either php version to work but not both in parallel. 
Looking at other webpages referencing Ubuntu, it seems that one needs to enable 
being able to use multiple php versions in apache using a2enmod or something 
like that?

Is this required in CentOS as well?


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Related question on having multiple subdomains on one host

On 04/09/2021 05:59 PM, Jonathon Koyle wrote:
> Do reach of your virtual hosts have a unique ServerName? x.x.x.x is not a 
> very descriptive example.

No, they all had just the external IP address where I put x.x.x.x.


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] Related question on having multiple subdomains on one host

I have been trying to configure running both php 7.0 and 7.2 on one host, 
certain sites using the former and others the latter. That's another thread 
though.

However, I have some more questions given that my configuration is 
x.x.x.x/site1, x.x.x.x/site2 etc, I have separate conf files in 
/etc/httpd/conf.d/, one for each of site1, site2 etc, using this format:


    ServerAdmin 
    ServerName x.x.x.x
    DocumentRoot /var/www/html/
    Include /etc/httpd/conf.d/rh-php70-php-fpm.conf
    ErrorLog /var/log/httpd/site1-error.log
    CustomLog /var/log/httpd/site1-access.log combined


The above is for x.x.x.x/site1, the others are similar except using site2 etc 
etc. The sites are in /var/www/html/site1, /var/www/html/site2 etc.

- Is this the correct format? Ie, I shall have one  in each 
of those files? Or, does this need to be configured differently?

- I want to log x.x.x.x/site1 errors to its own file, site1-error.log, and all 
accesses to site1 to its own file, the customlog file above. Site2 should be 
logged to its files etc. Yet I seem to end up with logentries for different 
subsites in the files which makes me suspect something is incorrectly 
configured...



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Running php 7.0 and 7.2 for different websites with apache

On 04/09/2021 11:29 AM, H wrote:
> On 04/08/2021 09:30 PM, Bender, Charles wrote:
>> You're making this very difficult for yourself by having 2 different 
>> versions of PHP installed on 1 server box. Even if you get working 
>> maintaining will be challenging.
>>
>> Suggestion- run PHP and PHP-FPM in separate Docker containers on same 
>> server, each with specific version of PHP you need. Then have Apache proxy 
>> to these containers as required
>> ------
>> *From:* H 
>> *Sent:* Thursday, April 8, 2021 9:26 PM
>> *To:* users@httpd.apache.org 
>> *Subject:* Re: [users@httpd] Running php 7.0 and 7.2 for different websites 
>> with apache
>>  
>> On 04/08/2021 08:57 PM, Daniel Ferradal wrote:
>> > There is no such thing as default php version for a site.
>> >
>> > You have to make sure you have really two different instances of
>> > php-fpm running for the different php versions you want to use.
>> >
>> > Chances are you have the same php-fpm service with two pools, so both
>> > may be with the same version.
>> >
>> > Apache doesn't care what you do from now on, since it is just reverse
>> > proxying requests to the selected servers. So it is up to you and your
>> > php-fpm config and how you start them now.
>> >
>> > El vie, 9 abr 2021 a las 1:55, H () escribió:
>> >> On 04/08/2021 07:34 PM, H wrote:
>> >>> On 04/08/2021 06:05 PM, Daniel Ferradal wrote:
>> >>>> Hello,
>> >>>>
>> >>>> What you must remove is all scriptalias, addhandler/action directives.
>> >>>> So I'd say with a directive for each virtualhost you mentioned you
>> >>>> have you just would need (and of course disable mod_php module):
>> >>>>
>> >>>> In one for one version pointing to 9002 port:
>> >>>> 
>> >>>> SetHandler  "proxy:fcgi://localhost:9002"
>> >>>> 
>> >>>>
>> >>>> In the other virtualhost you  want to have pointing to 9003:
>> >>>> 
>> >>>> SetHandler  "proxy:fcgi://localhost:9003"
>> >>>> 
>> >>>>
>> >>>> Apache is really much more simple and easier than many examples out
>> >>>> there try to show.
>> >>>>
>> >>>> El jue, 8 abr 2021 a las 23:54, H () escribió:
>> >>>>> On 04/08/2021 05:06 PM, Daniel Ferradal wrote:
>> >>>>>> Hello,
>> >>>>>>
>> >>>>>> You mention PHP is set to listen to different tcp ports, yet the
>> >>>>>> config you show from apache points to a unix socket with
>> >>>>>> mod_proxy_fcgi
>> >>>>>>
>> >>>>>> Also worth mentioning you don't need php7_module at all when pointing
>> >>>>>> to FPM with mod_proxy_fcgi, so I would just unload that module asap in
>> >>>>>> case you have some other config lying around taking precedence and
>> >>>>>> causing the problems you mention.
>> >>>>>>
>> >>>>>> Cheers
>> >>>>>>
>> >>>>>> El jue, 8 abr 2021 a las 22:40, H () escribió:
>> >>>>>>> Using CentOS 7 and need to run two different versions of php for the 
>> >>>>>>> websites, php 7.0 and 7.2. The set up is x.x.x.x/site1 and 
>> >>>>>>> x.x.x.x/site2 and I am using php-fm for both php v

Re: [users@httpd] Running php 7.0 and 7.2 for different websites with apache

On 04/09/2021 12:18 PM, Daniel Ferradal wrote:
> No, specifically pruning everything you don´t need.
>
> That list of modules is not normal, and there is probably lots of
> configuration associated with them you are not using either. If I were
> you I would end up with a quite simple config with only the modules I
> really need.
>
>
> El vie, 9 abr 2021 a las 18:10, H () escribió:
>> On 04/09/2021 11:48 AM, Daniel Ferradal wrote:
>>> That´s probably it. You still have php7_module, and are probably
>>> pointing to it somewhere in your config. For the looks of it you need
>>> a serious and thorough cleanup of your configuration that you haven´t
>>> done yet.
>>>
>>> Like we told you earlier, get rid of that module.
>>>
>>> As for your question:
>>> You just need mod_proxy and mod_proxy_fcgi to reverse proxy requests
>>> to php-fpm, that´s it, you are reverse proxying requests for php files
>>> to another service, and php-fpm will interpret those and return the
>>> dynamic content to apache.
>>> PHP libs have nothing to do in your Apache if you are using/want to
>>> use php-fpm, which is a good path imo. So no, no php modules of any
>>> kind in apache, apache will not do any more interpretation of php
>>> code.
>>>
>>> Also let me take the liberty to tell you that you could take the
>>> chance and clean that horrendous list of modules you will never use.
>>>
>>> Ideally you should just load those modules you use, no more no less.
>>>
>>> Ideally you will use mpm_event too, not mpm_prefork, but I don´t want
>>> to distract you too much, focus on ridding everything php but the
>>> mod_proxy mod_proxy_fcgi and the directives we mentioned earlier.
>>>
>>>
>>> Cheers
>>>
>>>
>>>
>>> El vie, 9 abr 2021 a las 17:36, H () escribió:
>>>> On 04/09/2021 06:03 AM, Daniel Ferradal wrote:
>>>>> Looks correct yes. But still lots of things you are not showing could be 
>>>>> wrong.
>>>>>
>>>>> To solve issues you have to go one thing at a time, you know for sure
>>>>> apache is pointing to different ports, if you disabled mod_php. Now
>>>>> you must make sure the fpm pools are correct, both versions listening
>>>>> to each port, that you disabled all mod_php stuff, etc. things we
>>>>> can't see because you don't show, so it is quite hard to hand-guide
>>>>> you with just small bits of info.
>>>>>
>>>>> El vie, 9 abr 2021 a las 3:26, H () escribió:
>>>>>> On 04/08/2021 08:57 PM, Daniel Ferradal wrote:
>>>>>>> There is no such thing as default php version for a site.
>>>>>>>
>>>>>>> You have to make sure you have really two different instances of
>>>>>>> php-fpm running for the different php versions you want to use.
>>>>>>>
>>>>>>> Chances are you have the same php-fpm service with two pools, so both
>>>>>>> may be with the same version.
>>>>>>>
>>>>>>> Apache doesn't care what you do from now on, since it is just reverse
>>>>>>> proxying requests to the selected servers. So it is up to you and your
>>>>>>> php-fpm config and how you start them now.
>>>>>>>
>>>>>>> El vie, 9 abr 2021 a las 1:55, H () escribió:
>>>>>>>> On 04/08/2021 07:34 PM, H wrote:
>>>>>>>>> On 04/08/2021 06:05 PM, Daniel Ferradal wrote:
>>>>>>>>>> Hello,
>>>>>>>>>>
>>>>>>>>>> What you must remove is all scriptalias, addhandler/action 
>>>>>>>>>> directives.
>>>>>>>>>> So I'd say with a directive for each virtualhost you mentioned you
>>>>>>>>>> have you just would need (and of course disable mod_php module):
>>>>>>>>>>
>>>>>>>>>> In one for one version pointing to 9002 port:
>>>>>>>>>> 
>>>>>>>>>> SetHandler  "proxy:fcgi://localhost:9002"
>>>>>>>>>> 
>>>>>>>>>>
>>>>>>>>>> In the other virtualhost you  want to have pointing to 9003:
>>>>>>>>>> 
>>>>>>>>>&g

Re: [users@httpd] Running php 7.0 and 7.2 for different websites with apache

On 04/09/2021 11:48 AM, Daniel Ferradal wrote:
> That´s probably it. You still have php7_module, and are probably
> pointing to it somewhere in your config. For the looks of it you need
> a serious and thorough cleanup of your configuration that you haven´t
> done yet.
>
> Like we told you earlier, get rid of that module.
>
> As for your question:
> You just need mod_proxy and mod_proxy_fcgi to reverse proxy requests
> to php-fpm, that´s it, you are reverse proxying requests for php files
> to another service, and php-fpm will interpret those and return the
> dynamic content to apache.
> PHP libs have nothing to do in your Apache if you are using/want to
> use php-fpm, which is a good path imo. So no, no php modules of any
> kind in apache, apache will not do any more interpretation of php
> code.
>
> Also let me take the liberty to tell you that you could take the
> chance and clean that horrendous list of modules you will never use.
>
> Ideally you should just load those modules you use, no more no less.
>
> Ideally you will use mpm_event too, not mpm_prefork, but I don´t want
> to distract you too much, focus on ridding everything php but the
> mod_proxy mod_proxy_fcgi and the directives we mentioned earlier.
>
>
> Cheers
>
>
>
> El vie, 9 abr 2021 a las 17:36, H () escribió:
>> On 04/09/2021 06:03 AM, Daniel Ferradal wrote:
>>> Looks correct yes. But still lots of things you are not showing could be 
>>> wrong.
>>>
>>> To solve issues you have to go one thing at a time, you know for sure
>>> apache is pointing to different ports, if you disabled mod_php. Now
>>> you must make sure the fpm pools are correct, both versions listening
>>> to each port, that you disabled all mod_php stuff, etc. things we
>>> can't see because you don't show, so it is quite hard to hand-guide
>>> you with just small bits of info.
>>>
>>> El vie, 9 abr 2021 a las 3:26, H () escribió:
>>>> On 04/08/2021 08:57 PM, Daniel Ferradal wrote:
>>>>> There is no such thing as default php version for a site.
>>>>>
>>>>> You have to make sure you have really two different instances of
>>>>> php-fpm running for the different php versions you want to use.
>>>>>
>>>>> Chances are you have the same php-fpm service with two pools, so both
>>>>> may be with the same version.
>>>>>
>>>>> Apache doesn't care what you do from now on, since it is just reverse
>>>>> proxying requests to the selected servers. So it is up to you and your
>>>>> php-fpm config and how you start them now.
>>>>>
>>>>> El vie, 9 abr 2021 a las 1:55, H () escribió:
>>>>>> On 04/08/2021 07:34 PM, H wrote:
>>>>>>> On 04/08/2021 06:05 PM, Daniel Ferradal wrote:
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>> What you must remove is all scriptalias, addhandler/action directives.
>>>>>>>> So I'd say with a directive for each virtualhost you mentioned you
>>>>>>>> have you just would need (and of course disable mod_php module):
>>>>>>>>
>>>>>>>> In one for one version pointing to 9002 port:
>>>>>>>> 
>>>>>>>> SetHandler  "proxy:fcgi://localhost:9002"
>>>>>>>> 
>>>>>>>>
>>>>>>>> In the other virtualhost you  want to have pointing to 9003:
>>>>>>>> 
>>>>>>>> SetHandler  "proxy:fcgi://localhost:9003"
>>>>>>>> 
>>>>>>>>
>>>>>>>> Apache is really much more simple and easier than many examples out
>>>>>>>> there try to show.
>>>>>>>>
>>>>>>>> El jue, 8 abr 2021 a las 23:54, H () escribió:
>>>>>>>>> On 04/08/2021 05:06 PM, Daniel Ferradal wrote:
>>>>>>>>>> Hello,
>>>>>>>>>>
>>>>>>>>>> You mention PHP is set to listen to different tcp ports, yet the
>>>>>>>>>> config you show from apache points to a unix socket with
>>>>>>>>>> mod_proxy_fcgi
>>>>>>>>>>
>>>>>>>>>> Also worth mentioning you don't need php7_module at all when pointing
>>>>>>>>>> to FPM wit

Re: [users@httpd] Running php 7.0 and 7.2 for different websites with apache

On 04/09/2021 06:03 AM, Daniel Ferradal wrote:
> Looks correct yes. But still lots of things you are not showing could be 
> wrong.
>
> To solve issues you have to go one thing at a time, you know for sure
> apache is pointing to different ports, if you disabled mod_php. Now
> you must make sure the fpm pools are correct, both versions listening
> to each port, that you disabled all mod_php stuff, etc. things we
> can't see because you don't show, so it is quite hard to hand-guide
> you with just small bits of info.
>
> El vie, 9 abr 2021 a las 3:26, H () escribió:
>> On 04/08/2021 08:57 PM, Daniel Ferradal wrote:
>>> There is no such thing as default php version for a site.
>>>
>>> You have to make sure you have really two different instances of
>>> php-fpm running for the different php versions you want to use.
>>>
>>> Chances are you have the same php-fpm service with two pools, so both
>>> may be with the same version.
>>>
>>> Apache doesn't care what you do from now on, since it is just reverse
>>> proxying requests to the selected servers. So it is up to you and your
>>> php-fpm config and how you start them now.
>>>
>>> El vie, 9 abr 2021 a las 1:55, H () escribió:
>>>> On 04/08/2021 07:34 PM, H wrote:
>>>>> On 04/08/2021 06:05 PM, Daniel Ferradal wrote:
>>>>>> Hello,
>>>>>>
>>>>>> What you must remove is all scriptalias, addhandler/action directives.
>>>>>> So I'd say with a directive for each virtualhost you mentioned you
>>>>>> have you just would need (and of course disable mod_php module):
>>>>>>
>>>>>> In one for one version pointing to 9002 port:
>>>>>> 
>>>>>> SetHandler  "proxy:fcgi://localhost:9002"
>>>>>> 
>>>>>>
>>>>>> In the other virtualhost you  want to have pointing to 9003:
>>>>>> 
>>>>>> SetHandler  "proxy:fcgi://localhost:9003"
>>>>>> 
>>>>>>
>>>>>> Apache is really much more simple and easier than many examples out
>>>>>> there try to show.
>>>>>>
>>>>>> El jue, 8 abr 2021 a las 23:54, H () escribió:
>>>>>>> On 04/08/2021 05:06 PM, Daniel Ferradal wrote:
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>> You mention PHP is set to listen to different tcp ports, yet the
>>>>>>>> config you show from apache points to a unix socket with
>>>>>>>> mod_proxy_fcgi
>>>>>>>>
>>>>>>>> Also worth mentioning you don't need php7_module at all when pointing
>>>>>>>> to FPM with mod_proxy_fcgi, so I would just unload that module asap in
>>>>>>>> case you have some other config lying around taking precedence and
>>>>>>>> causing the problems you mention.
>>>>>>>>
>>>>>>>> Cheers
>>>>>>>>
>>>>>>>> El jue, 8 abr 2021 a las 22:40, H () escribió:
>>>>>>>>> Using CentOS 7 and need to run two different versions of php for the 
>>>>>>>>> websites, php 7.0 and 7.2. The set up is x.x.x.x/site1 and 
>>>>>>>>> x.x.x.x/site2 and I am using php-fm for both php versions configuring 
>>>>>>>>> port 9002 for php 7.0 and 9003 for php 7.2.
>>>>>>>>>
>>>>>>>>> I have a conf file for each site (this is site 1 which is supposed to 
>>>>>>>>> run php 7.0) and called site1.conf, similar to:
>>>>>>>>>
>>>>>>>>> 
>>>>>>>>> ServerAdmin xxx
>>>>>>>>> ServerName x.x.x.x/site1
>>>>>>>>> DocumentRoot /var/www/html/
>>>>>>>>> DirectoryIndex info.php
>>>>>>>>> ErrorLog /var/log/httpd/site1-error.log
>>>>>>>>> CustomLog /var/log/httpd/site1-access.log combined
>>>>>>>>>
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> SetHandler 
>>>>>>>>> "proxy:unix:/var/opt/rh/rh-php70/run/php-fpm/www.sock|fcgi://local

Re: [users@httpd] Running php 7.0 and 7.2 for different websites with apache

On 04/09/2021 04:00 AM, Dino Ciuffetti wrote:
>> This is from ps aux | grep fpm:
>>
>> root 17004  0.0  0.6 339008 11244 ?Ss   01:18   0:00 php-fpm: 
>> master process
>> (/etc/opt/rh/rh-php70/php-fpm.conf)
>> apache   17005  0.0  0.3 339112  7352 ?S01:18   0:00 php-fpm: 
>> pool www
>> apache   17006  0.0  0.3 339112  7356 ?S01:18   0:00 php-fpm: 
>> pool www
>> apache   17007  0.0  0.4 339252  8452 ?S01:18   0:00 php-fpm: 
>> pool www
>> apache   17008  0.0  0.3 339112  7360 ?S01:18   0:00 php-fpm: 
>> pool www
>> apache   17009  0.0  0.3 339112  7368 ?S01:18   0:00 php-fpm: 
>> pool www
>> root 17036  0.0  0.9 562800 18540 ?Ss   01:18   0:00 php-fpm: 
>> master process
>> (/etc/opt/rh/rh-php72/php-fpm.conf)
>> apache   17037  0.0  0.3 562800  6976 ?S01:18   0:00 php-fpm: 
>> pool www
>> apache   17038  0.0  0.3 562800  6976 ?S01:18   0:00 php-fpm: 
>> pool www
>> apache   17039  0.0  0.3 562800  6976 ?S01:18   0:00 php-fpm: 
>> pool www
>> apache   17040  0.0  0.3 562800  6976 ?S01:18   0:00 php-fpm: 
>> pool www
>> apache   17041  0.0  0.3 562800  6980 ?S01:18   0:00 php-fpm: 
>> pool www
>>
>> Does this not look correct?
>
> Yes. It seems correct.
>
> This is just one way, there are many, but it would work:
> # 1) disable mod_php
> # 2) enable mod_proxy and mod_proxy_fcgi
> # 3) create a file called php7.0-fpm.conf that will handle PHP7.0 requests
>
> 
> # Enable http authorization headers
> 
> SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
> 
> 
> SetHandler "proxy:unix:/run/php/php7.0-fpm.sock|fcgi://localhost"
>   # or if you prefer use TCP instead of UX socket
>   #SetHandler "proxy:fcgi://localhost:9002"
> 
> 
>
> # 4) create a file called php7.2-fpm.conf that will handle PHP7.2 requests
>
> 
> # Enable http authorization headers
> 
> SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
> 
> 
> SetHandler "proxy:unix:/run/php/php7.2-fpm.sock|fcgi://localhost"
>   # or if you prefer use TCP instead of UX socket
>   #SetHandler "proxy:fcgi://localhost:9003"
> 
> 
>
> # 5) inside your virtualhosts, include the desired PHP conf file:
> # eg: Include /yourconfpath/php7.2-fpm.conf
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
I did this but still not working so I must be missing something more. Do you 
know of a link to how to set this up to work? I have visited several webpages 
but still missing something.


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Running php 7.0 and 7.2 for different websites with apache

On 04/08/2021 09:30 PM, Bender, Charles wrote:
> You're making this very difficult for yourself by having 2 different versions 
> of PHP installed on 1 server box. Even if you get working maintaining will be 
> challenging.
>
> Suggestion- run PHP and PHP-FPM in separate Docker containers on same server, 
> each with specific version of PHP you need. Then have Apache proxy to these 
> containers as required
> --
> *From:* H 
> *Sent:* Thursday, April 8, 2021 9:26 PM
> *To:* users@httpd.apache.org 
> *Subject:* Re: [users@httpd] Running php 7.0 and 7.2 for different websites 
> with apache
>  
> On 04/08/2021 08:57 PM, Daniel Ferradal wrote:
> > There is no such thing as default php version for a site.
> >
> > You have to make sure you have really two different instances of
> > php-fpm running for the different php versions you want to use.
> >
> > Chances are you have the same php-fpm service with two pools, so both
> > may be with the same version.
> >
> > Apache doesn't care what you do from now on, since it is just reverse
> > proxying requests to the selected servers. So it is up to you and your
> > php-fpm config and how you start them now.
> >
> > El vie, 9 abr 2021 a las 1:55, H () escribió:
> >> On 04/08/2021 07:34 PM, H wrote:
> >>> On 04/08/2021 06:05 PM, Daniel Ferradal wrote:
> >>>> Hello,
> >>>>
> >>>> What you must remove is all scriptalias, addhandler/action directives.
> >>>> So I'd say with a directive for each virtualhost you mentioned you
> >>>> have you just would need (and of course disable mod_php module):
> >>>>
> >>>> In one for one version pointing to 9002 port:
> >>>> 
> >>>> SetHandler  "proxy:fcgi://localhost:9002"
> >>>> 
> >>>>
> >>>> In the other virtualhost you  want to have pointing to 9003:
> >>>> 
> >>>> SetHandler  "proxy:fcgi://localhost:9003"
> >>>> 
> >>>>
> >>>> Apache is really much more simple and easier than many examples out
> >>>> there try to show.
> >>>>
> >>>> El jue, 8 abr 2021 a las 23:54, H () escribió:
> >>>>> On 04/08/2021 05:06 PM, Daniel Ferradal wrote:
> >>>>>> Hello,
> >>>>>>
> >>>>>> You mention PHP is set to listen to different tcp ports, yet the
> >>>>>> config you show from apache points to a unix socket with
> >>>>>> mod_proxy_fcgi
> >>>>>>
> >>>>>> Also worth mentioning you don't need php7_module at all when pointing
> >>>>>> to FPM with mod_proxy_fcgi, so I would just unload that module asap in
> >>>>>> case you have some other config lying around taking precedence and
> >>>>>> causing the problems you mention.
> >>>>>>
> >>>>>> Cheers
> >>>>>>
> >>>>>> El jue, 8 abr 2021 a las 22:40, H () escribió:
> >>>>>>> Using CentOS 7 and need to run two different versions of php for the 
> >>>>>>> websites, php 7.0 and 7.2. The set up is x.x.x.x/site1 and 
> >>>>>>> x.x.x.x/site2 and I am using php-fm for both php versions configuring 
> >>>>>>> port 9002 for php 7.0 and 9003 for php 7.2.
> >>>>>>>
> >>>>>>> I have a conf file for each site (this is site 1 which is supposed to 
> >>>>>>> run php 7.0) and called site1

Re: [users@httpd] Running php 7.0 and 7.2 for different websites with apache

On 04/08/2021 08:57 PM, Daniel Ferradal wrote:
> There is no such thing as default php version for a site.
>
> You have to make sure you have really two different instances of
> php-fpm running for the different php versions you want to use.
>
> Chances are you have the same php-fpm service with two pools, so both
> may be with the same version.
>
> Apache doesn't care what you do from now on, since it is just reverse
> proxying requests to the selected servers. So it is up to you and your
> php-fpm config and how you start them now.
>
> El vie, 9 abr 2021 a las 1:55, H () escribió:
>> On 04/08/2021 07:34 PM, H wrote:
>>> On 04/08/2021 06:05 PM, Daniel Ferradal wrote:
>>>> Hello,
>>>>
>>>> What you must remove is all scriptalias, addhandler/action directives.
>>>> So I'd say with a directive for each virtualhost you mentioned you
>>>> have you just would need (and of course disable mod_php module):
>>>>
>>>> In one for one version pointing to 9002 port:
>>>> 
>>>> SetHandler  "proxy:fcgi://localhost:9002"
>>>> 
>>>>
>>>> In the other virtualhost you  want to have pointing to 9003:
>>>> 
>>>> SetHandler  "proxy:fcgi://localhost:9003"
>>>> 
>>>>
>>>> Apache is really much more simple and easier than many examples out
>>>> there try to show.
>>>>
>>>> El jue, 8 abr 2021 a las 23:54, H () escribió:
>>>>> On 04/08/2021 05:06 PM, Daniel Ferradal wrote:
>>>>>> Hello,
>>>>>>
>>>>>> You mention PHP is set to listen to different tcp ports, yet the
>>>>>> config you show from apache points to a unix socket with
>>>>>> mod_proxy_fcgi
>>>>>>
>>>>>> Also worth mentioning you don't need php7_module at all when pointing
>>>>>> to FPM with mod_proxy_fcgi, so I would just unload that module asap in
>>>>>> case you have some other config lying around taking precedence and
>>>>>> causing the problems you mention.
>>>>>>
>>>>>> Cheers
>>>>>>
>>>>>> El jue, 8 abr 2021 a las 22:40, H () escribió:
>>>>>>> Using CentOS 7 and need to run two different versions of php for the 
>>>>>>> websites, php 7.0 and 7.2. The set up is x.x.x.x/site1 and 
>>>>>>> x.x.x.x/site2 and I am using php-fm for both php versions configuring 
>>>>>>> port 9002 for php 7.0 and 9003 for php 7.2.
>>>>>>>
>>>>>>> I have a conf file for each site (this is site 1 which is supposed to 
>>>>>>> run php 7.0) and called site1.conf, similar to:
>>>>>>>
>>>>>>> 
>>>>>>> ServerAdmin xxx
>>>>>>> ServerName x.x.x.x/site1
>>>>>>> DocumentRoot /var/www/html/
>>>>>>> DirectoryIndex info.php
>>>>>>> ErrorLog /var/log/httpd/site1-error.log
>>>>>>> CustomLog /var/log/httpd/site1-access.log combined
>>>>>>>
>>>>>>> 
>>>>>>> 
>>>>>>> SetHandler 
>>>>>>> "proxy:unix:/var/opt/rh/rh-php70/run/php-fpm/www.sock|fcgi://localhost"
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>>
>>>>>>> The other site is identical and supposed to run php 7.2 so the file 
>>>>>>> obviously uses site2 instead of site1 and php72 instead of php70.
>>>>>>>
>>>>>>> I have installed both php versions and can successfully switch between 
>>>>>>> them on the commandline but have run into problem getting apache to use 
>>>>>>> both. I consulted 
>>>>>>> https://www.digitalocean.com/community/tutorials/how-to-run-multiple-php-versions-on-one-server-using-apache-and-php-fpm-on-centos-7
>>>>>>>  but apachectl configtest complains that "module php7_module is already 
>>>>>>> loaded, skipping". I can successfully get the websites to use the same 
>>>>>>> php version, either 7.0 or 7.2.
>>>>>>>
>>>>>>> I must have missed some configuration step and would appreciate any 
>>>>>

Re: [users@httpd] Running php 7.0 and 7.2 for different websites with apache

On 04/08/2021 07:34 PM, H wrote:
> On 04/08/2021 06:05 PM, Daniel Ferradal wrote:
>> Hello,
>>
>> What you must remove is all scriptalias, addhandler/action directives.
>> So I'd say with a directive for each virtualhost you mentioned you
>> have you just would need (and of course disable mod_php module):
>>
>> In one for one version pointing to 9002 port:
>> 
>> SetHandler  "proxy:fcgi://localhost:9002"
>> 
>>
>> In the other virtualhost you  want to have pointing to 9003:
>> 
>> SetHandler  "proxy:fcgi://localhost:9003"
>> 
>>
>> Apache is really much more simple and easier than many examples out
>> there try to show.
>>
>> El jue, 8 abr 2021 a las 23:54, H () escribió:
>>> On 04/08/2021 05:06 PM, Daniel Ferradal wrote:
>>>> Hello,
>>>>
>>>> You mention PHP is set to listen to different tcp ports, yet the
>>>> config you show from apache points to a unix socket with
>>>> mod_proxy_fcgi
>>>>
>>>> Also worth mentioning you don't need php7_module at all when pointing
>>>> to FPM with mod_proxy_fcgi, so I would just unload that module asap in
>>>> case you have some other config lying around taking precedence and
>>>> causing the problems you mention.
>>>>
>>>> Cheers
>>>>
>>>> El jue, 8 abr 2021 a las 22:40, H () escribió:
>>>>> Using CentOS 7 and need to run two different versions of php for the 
>>>>> websites, php 7.0 and 7.2. The set up is x.x.x.x/site1 and x.x.x.x/site2 
>>>>> and I am using php-fm for both php versions configuring port 9002 for php 
>>>>> 7.0 and 9003 for php 7.2.
>>>>>
>>>>> I have a conf file for each site (this is site 1 which is supposed to run 
>>>>> php 7.0) and called site1.conf, similar to:
>>>>>
>>>>> 
>>>>> ServerAdmin xxx
>>>>> ServerName x.x.x.x/site1
>>>>> DocumentRoot /var/www/html/
>>>>> DirectoryIndex info.php
>>>>> ErrorLog /var/log/httpd/site1-error.log
>>>>> CustomLog /var/log/httpd/site1-access.log combined
>>>>>
>>>>> 
>>>>> 
>>>>> SetHandler 
>>>>> "proxy:unix:/var/opt/rh/rh-php70/run/php-fpm/www.sock|fcgi://localhost"
>>>>> 
>>>>> 
>>>>> 
>>>>>
>>>>> The other site is identical and supposed to run php 7.2 so the file 
>>>>> obviously uses site2 instead of site1 and php72 instead of php70.
>>>>>
>>>>> I have installed both php versions and can successfully switch between 
>>>>> them on the commandline but have run into problem getting apache to use 
>>>>> both. I consulted 
>>>>> https://www.digitalocean.com/community/tutorials/how-to-run-multiple-php-versions-on-one-server-using-apache-and-php-fpm-on-centos-7
>>>>>  but apachectl configtest complains that "module php7_module is already 
>>>>> loaded, skipping". I can successfully get the websites to use the same 
>>>>> php version, either 7.0 or 7.2.
>>>>>
>>>>> I must have missed some configuration step and would appreciate any 
>>>>> pointers.
>>>>>
>>>>> Thank you.
>>>>>
>>>>>
>>>>> -
>>>>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>>>>> For additional commands, e-mail: users-h...@httpd.apache.org
>>>>>
>>> Thank you for your quick reply. I am sort of dabbling with apache and am 
>>> not 100% sure what I need to change but would the following change to the 
>>> above conf file be what you are telling me?
>>>
>>>  SetHandler "proxy:fcgi://localhost:9002
>>>  ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
>>>  AddHandler php70-fcgi .php
>>>  Action php70-fcgi /cgi-bin/php70.fcgi
>>>
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>>> For additional commands, e-mail: users-h...@httpd.apache.org
>>>
> This is what I did:
>
> - I disabled what I think are the php_mod statements in bo

Re: [users@httpd] Running php 7.0 and 7.2 for different websites with apache

On 04/08/2021 06:05 PM, Daniel Ferradal wrote:
> Hello,
>
> What you must remove is all scriptalias, addhandler/action directives.
> So I'd say with a directive for each virtualhost you mentioned you
> have you just would need (and of course disable mod_php module):
>
> In one for one version pointing to 9002 port:
> 
> SetHandler  "proxy:fcgi://localhost:9002"
> 
>
> In the other virtualhost you  want to have pointing to 9003:
> 
> SetHandler  "proxy:fcgi://localhost:9003"
> 
>
> Apache is really much more simple and easier than many examples out
> there try to show.
>
> El jue, 8 abr 2021 a las 23:54, H () escribió:
>> On 04/08/2021 05:06 PM, Daniel Ferradal wrote:
>>> Hello,
>>>
>>> You mention PHP is set to listen to different tcp ports, yet the
>>> config you show from apache points to a unix socket with
>>> mod_proxy_fcgi
>>>
>>> Also worth mentioning you don't need php7_module at all when pointing
>>> to FPM with mod_proxy_fcgi, so I would just unload that module asap in
>>> case you have some other config lying around taking precedence and
>>> causing the problems you mention.
>>>
>>> Cheers
>>>
>>> El jue, 8 abr 2021 a las 22:40, H () escribió:
>>>> Using CentOS 7 and need to run two different versions of php for the 
>>>> websites, php 7.0 and 7.2. The set up is x.x.x.x/site1 and x.x.x.x/site2 
>>>> and I am using php-fm for both php versions configuring port 9002 for php 
>>>> 7.0 and 9003 for php 7.2.
>>>>
>>>> I have a conf file for each site (this is site 1 which is supposed to run 
>>>> php 7.0) and called site1.conf, similar to:
>>>>
>>>> 
>>>> ServerAdmin xxx
>>>> ServerName x.x.x.x/site1
>>>> DocumentRoot /var/www/html/
>>>> DirectoryIndex info.php
>>>> ErrorLog /var/log/httpd/site1-error.log
>>>> CustomLog /var/log/httpd/site1-access.log combined
>>>>
>>>> 
>>>> 
>>>> SetHandler 
>>>> "proxy:unix:/var/opt/rh/rh-php70/run/php-fpm/www.sock|fcgi://localhost"
>>>> 
>>>> 
>>>> 
>>>>
>>>> The other site is identical and supposed to run php 7.2 so the file 
>>>> obviously uses site2 instead of site1 and php72 instead of php70.
>>>>
>>>> I have installed both php versions and can successfully switch between 
>>>> them on the commandline but have run into problem getting apache to use 
>>>> both. I consulted 
>>>> https://www.digitalocean.com/community/tutorials/how-to-run-multiple-php-versions-on-one-server-using-apache-and-php-fpm-on-centos-7
>>>>  but apachectl configtest complains that "module php7_module is already 
>>>> loaded, skipping". I can successfully get the websites to use the same php 
>>>> version, either 7.0 or 7.2.
>>>>
>>>> I must have missed some configuration step and would appreciate any 
>>>> pointers.
>>>>
>>>> Thank you.
>>>>
>>>>
>>>> -----
>>>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>>>> For additional commands, e-mail: users-h...@httpd.apache.org
>>>>
>> Thank you for your quick reply. I am sort of dabbling with apache and am not 
>> 100% sure what I need to change but would the following change to the above 
>> conf file be what you are telling me?
>>
>>  SetHandler "proxy:fcgi://localhost:9002
>>  ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
>>  AddHandler php70-fcgi .php
>>  Action php70-fcgi /cgi-bin/php70.fcgi
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>>
>
This is what I did:

- I disabled what I think are the php_mod statements in both 
15-rh-php70-php.conf and 15-rh-php72-php.conf by inserting #disabled in front 
of "LoadModule php7_module modules/librh-php70-php7.so" in the former and the 
equivalent in the latter.

- For the the site1.conf I have:


    ServerAdmin xxx
    ServerName x.x.x.x
    DocumentRoot /var/www/html/
    ErrorLog /var/log/httpd/site1-error.log
    CustomLog /var/log/httpd/site1-acce

Re: [users@httpd] Running php 7.0 and 7.2 for different websites with apache

On 04/08/2021 05:06 PM, Daniel Ferradal wrote:
> Hello,
>
> You mention PHP is set to listen to different tcp ports, yet the
> config you show from apache points to a unix socket with
> mod_proxy_fcgi
>
> Also worth mentioning you don't need php7_module at all when pointing
> to FPM with mod_proxy_fcgi, so I would just unload that module asap in
> case you have some other config lying around taking precedence and
> causing the problems you mention.
>
> Cheers
>
> El jue, 8 abr 2021 a las 22:40, H () escribió:
>> Using CentOS 7 and need to run two different versions of php for the 
>> websites, php 7.0 and 7.2. The set up is x.x.x.x/site1 and x.x.x.x/site2 and 
>> I am using php-fm for both php versions configuring port 9002 for php 7.0 
>> and 9003 for php 7.2.
>>
>> I have a conf file for each site (this is site 1 which is supposed to run 
>> php 7.0) and called site1.conf, similar to:
>>
>> 
>> ServerAdmin xxx
>> ServerName x.x.x.x/site1
>> DocumentRoot /var/www/html/
>> DirectoryIndex info.php
>> ErrorLog /var/log/httpd/site1-error.log
>> CustomLog /var/log/httpd/site1-access.log combined
>>
>> 
>> 
>> SetHandler 
>> "proxy:unix:/var/opt/rh/rh-php70/run/php-fpm/www.sock|fcgi://localhost"
>> 
>> 
>> 
>>
>> The other site is identical and supposed to run php 7.2 so the file 
>> obviously uses site2 instead of site1 and php72 instead of php70.
>>
>> I have installed both php versions and can successfully switch between them 
>> on the commandline but have run into problem getting apache to use both. I 
>> consulted 
>> https://www.digitalocean.com/community/tutorials/how-to-run-multiple-php-versions-on-one-server-using-apache-and-php-fpm-on-centos-7
>>  but apachectl configtest complains that "module php7_module is already 
>> loaded, skipping". I can successfully get the websites to use the same php 
>> version, either 7.0 or 7.2.
>>
>> I must have missed some configuration step and would appreciate any pointers.
>>
>> Thank you.
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>>
>
Thank you for your quick reply. I am sort of dabbling with apache and am not 
100% sure what I need to change but would the following change to the above 
conf file be what you are telling me?

     SetHandler "proxy:fcgi://localhost:9002
 ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
 AddHandler php70-fcgi .php
 Action php70-fcgi /cgi-bin/php70.fcgi


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] Running php 7.0 and 7.2 for different websites with apache

Using CentOS 7 and need to run two different versions of php for the websites,
php 7.0 and 7.2. The set up is x.x.x.x/site1 and x.x.x.x/site2 and I am using
php-fm for both php versions configuring port 9002 for php 7.0 and 9003 for php
7.2.

I have a conf file for each site (this is site 1 which is supposed to run php
7.0) and called site1.conf, similar to:

ServerAdmin xxx
ServerName x.x.x.x/site1
DocumentRoot /var/www/html/
DirectoryIndex info.php
ErrorLog /var/log/httpd/site1-error.log
CustomLog /var/log/httpd/site1-access.log combined

SetHandler
"proxy:unix:/var/opt/rh/rh-php70/run/php-fpm/www.sock|fcgi://localhost"

The other site is identical and supposed to run php 7.2 so the file obviously
uses site2 instead of site1 and php72 instead of php70.

I have installed both php versions and can successfully switch between them on
the commandline but have run into problem getting apache to use both. I
consulted
https://www.digitalocean.com/community/tutorials/how-to-run-multiple-php-versions-on-one-server-using-apache-and-php-fpm-on-centos-7
but apachectl configtest complains that "module php7_module is already loaded,
skipping". I can successfully get the websites to use the same php version,
either 7.0 or 7.2.

I must have missed some configuration step and would appreciate any pointers.

Thank you.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] Combine two AuthType at the same location?

2021-02-18 Thread Mark H. Wood

We need to allow access to a resource when authenticated either by our
corporate ID management service OR by a "local" table of
username/password (for folks who are not in the corporate service).

Unfortunately, this means that I need a way to combine "AuthType CAS"
and "AuthType Basic".  Is there a way to do that in HTTPD 2.4?

-- 
Mark H. Wood
Lead Technology Analyst

University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu


signature.asc
Description: PGP signature

[users@httpd] Details on writing an authentication module?

2021-02-08 Thread Mark H. Wood

I found some help on writing modules in general, but nothing on
requirements specific to authentication modules.  Would someone please
point me in the right direction.

-- 
Mark H. Wood
Lead Technology Analyst

University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu


signature.asc
Description: PGP signature

[users@httpd] Authenticate with one Authtype, authorize with another?

2020-06-30 Thread Mark H. Wood

Our corporate identity service is Microsoft Active Directory.  I've
set up various things in HTTPD to authenticate/authorize against it
via LDAP, but users who are used to SSO run into that AuthBasic
credentials prompt and assume that they don't have access to the
resource.  What they are used to is CAS, which is plumbed into ADS
behind the scenes.

Now I have a resource that I want to make available only to members of
an ADS group.  This works fine using LDAP alone, but it throws up that
prompt that people don't understand.  I've verified that I can
authenticate via CAS and authorize with 'Require valid-user', but CAS
doesn't return any group membership info (either because it just
doesn't, or because our identity management people don't want to do
it).

So what I think I want to do is to use Apereo mod_auth_cas for
authentication and Apache mod_authnz_ldap for authorization.  These
are two different 'Authtype's.  Am I out of luck?

-- 
Mark H. Wood
Lead Technology Analyst

University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu


signature.asc
Description: PGP signature

Re: [users@httpd] Two web-servers with different IP in LAN

2020-04-17 Thread Walter H.


On 17.04.2020 19:25, mail mail wrote:

Hello.
There are two web servers in LAN:
192.168.1.10
- site1.mydom.com
- site2.mydom.com
- site3.mydom.com
192.168.1.20
- portal.mydom.com
in iptables, all requests for ports 80 and 443 are redirected to 
192.168.1.10.
The certificates received from letsencrypt for site1,2,3 are stored 
and connected on 192.168.1.10 - and here everything works, there are 
no questions.
The certificates received from letsencrypt for the portal are stored 
and connected to 192.168.1.20 - and the question is:
How to write VirtualHost to 192.168.1.10 so that all requests (http, 
https) for portal.mydom.com go to 192.168.1.20?

Thank you in advance!


you can configure 192.168.1.10 as a proxy for 192.168.1.20 for 
accessing  portal.mydom.com


this looks simiar to this:


ServerName portal.mydom.com:80

ProxyPass / http://192.168.1.20/
ProxyPassReverse / http://192.168.1.20/


similar with 443 (https)





smime.p7s
Description: S/MIME Cryptographic Signature

[users@httpd] mod_ajp: adding "secret=xxx" parameter to config yields syntax error

2020-02-13 Thread Mark H. Wood

HTTPD 2.4.41

I'm trying to set up authenticated proxying between HTTPD and Tomcat.
I have, for example:

  ProxyPass "/host-manager/" \
"ajp://[::1]:8009/host-manager/" \
secret="secret"

When I run configtest, the result is:
 * apache2 has detected an error in your setup:
AH00526: Syntax error on line 101 of 
/etc/apache2/vhosts.d/default_vhost.include:
ProxyPass unknown Worker parameter

Line 101 is the one with the 'secret' keyword.  If I un-fold the
directive to a single line, the same error is called against line 99
(the same ProxyPass directive).  The directive was previously working
before I added the 'secret' parameter.

What am I missing?

-- 
Mark H. Wood
Lead Technology Analyst

University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu


signature.asc
Description: PGP signature

Re: [users@httpd] Expose my server to internet

2019-07-12 Thread Walter H.


On 12.07.2019 22:01, rexkogit...@gmx.at wrote:


If so, there is no way to access your host from outside (from the
Internet zone). There is also no way to access your host from within
another host of your ISP's network, because the intrazone traffic is
usally blocked.

not at all;
get an HE-IPv6-Tunnel and you have IPv6-connectivity from anywhere



smime.p7s
Description: S/MIME Cryptographic Signature

Re: [users@httpd] configuring mod_proxy_ftp for client ip logging

2018-07-25 Thread Walter H.


On 24.07.2018 19:28, Harbo, Peter wrote:
The mod_proxy_ftp module is working fine for me using release 2.4.25 
to send urls matching a pattern to a proftpd server running on the 
same system.  I have noticed that the source IP address in the ftpd 
log is the same as the httpd running the mod_proxy_ftp module.  Am I 
correct in assuming that neither mod_remoteip nor any other 
configuration options of httpd can cause httpd's ftp proxy module to 
spoof the IP address of the client sending the request to httpd?  
Otherwise this works nicely but we need the correct IP addresses in 
the proftpd log for metrics.

why not just letting the folks directly to the FTP with anonymous?
so there is no need of this proxy module and you have the real IP 
addresses in the log;




smime.p7s
Description: S/MIME Cryptographic Signature

[users@httpd] Re: Warning from users@httpd.apache.org

2018-05-29 Thread Walter H.


On 29.05.2018 22:01, users-h...@httpd.apache.org wrote:

Hi! This is the ezmlm program. I'm managing the
users@httpd.apache.org mailing list.


Messages to you from the users mailing list seem to
have been bouncing. I've attached a copy of the first bounce
message I received.

If this message bounces too, I will send you a probe. If the probe bounces,
I will remove your address from the users mailing list,
without further notice.


I've kept a list of which messages from the users mailing list have
bounced from your address.

Copies of these messages may be in the archive.
To retrieve a set of messages 123-145 (a maximum of 100 per request),
send a short message to:


To receive a subject and author list for the last 100 or so messages,
send a short message to:


Here are the message numbers:

117374
117386
117390
117391
117406

--- Enclosed is a copy of the bounce message I received.

Return-Path:<>
Received: (qmail 94236 invoked for bounce); 19 May 2018 18:04:16 -
Date: 19 May 2018 18:04:16 -
From: mailer-dae...@apache.org<--- that is not my mail server
To: users-return-1173...@httpd.apache.org
Subject: failure notice






smime.p7s
Description: S/MIME Cryptographic Signature

[users@httpd] Security Headers, ISP, no root won't work

2018-05-10 Thread i...@h-c-b.de

Hi!

I want to enable some security headers. I don't have access to my =
vhosts, and not to the apache config, so I used my .htaccess.


Header set X-Frame-Options SAMEORIGIN
Header set X-XSS-Protection "1; mode=3Dblock"
Header set X-Content-Type-Options "nosniff"
Header always set Referrer-Policy "no-referrer"
Header set Content-Security-Policy "default-src 'self' ; =
referrer no-referrer ;"
Header unset X-Powered-By


According to my ISP there are the following directives:

apache2.config: AllowOverride none
vhosts  AllowOverride All

None of the above security headers are working. Any tips?

Thank you!
hc


smime.p7s
Description: S/MIME cryptographic signature

Re: [users@httpd] .htaccess mobil client

2018-01-13 Thread Walter H.


On 12.01.2018 22:23, Gokan Atmaca wrote:

Hello

I am redirecting Apache mobile clients to the mobile site. But the 
files like cs,js,font,img are not working.


Can you help with this ?

config:
RewriteCond %{HTTP_USER_AGENT} ^.*(android|iPhone).*$ [NC]
RewriteRule ^ /msite/$1 [R=301,L]

what is $1?

this should be something like

RewriteRule ^(.*)$ /msite$1 [L,R=301]


smime.p7s
Description: S/MIME Cryptographic Signature

[users@httpd] Strrange behavior of VirtualHosts in Apache (Apache 2.2.15 - CentOS6)

2017-11-13 Thread Walter H.

Hello,

there is a short explanation about virtual hosts in Apache ...
https://wiki.centos.org/TipsAndTricks/ApacheVhostDefault

the `hostname` gives a different donmain name than what should be hosted ...
e.g.  `hostname` is  host.example.org and the domain to be hosted is
example.com, so I did this:


ServerName host.example.org
DocumentRoot /var/www/default


# used to get let's encrypt for the mail server

ServerName mail.example.org
ServerAlias smtp.example.org
DocumentRoot /var/www/mail



ServerName www.example.com
DocumentRoot /var/www/domain



ServerAlias *.example.com
DocumentRoot /var/www/catchall


the DocumentRoot directories are empty,
only in /var/www/default I have a PHP script:  host.php


now the strange behavior;

http://mail.example.org/ <-- works
http://smtp.example.org/ <-- doen't work
http://smtp.example.org/host.php <-- gives the HTTP_HOST (PHP-script),
 but why?

http://www.example.com/  <-- works
http://hello.example.com/ <-- doesn't work
http://hello.example.com/host.php <-- gives the HTTP_HOST (PHP-script),
  but why?

doesn't work does mean, that access/errors are logged in a logfile of a
wrong virtual host ...

where is my mistake?

is it problematic, if some virtual hosts have different IPv6 addresses but
the same IPv4 address?

Thanks,
Walter



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Update HTML files every 1 sec by getting info from another application.

2017-03-28 Thread Mark H. Wood

On Mon, Mar 27, 2017 at 10:36:59PM +0300, Zvi Vered wrote:
> My target is an embedded PC which runs windows \ linux.
> The target contains HTML pages that are displayed in the host using httpd.
> 
> The problem: The data in the HTML pages is updated (every 1 sec) by
> another application that runs on the target.
> 
> This application collects some telemetry info from the target. This
> info should be displayed some how in the HTML pages.
> 
> What is the right way doing this ?
> 
> The HTML project contains also angular 2 java script files.

Well, What's the Simplest Thing That Could Work?  The collector could
write out the HTML pages each time it takes a sample.  I suspect that
most versions of the files would be wasted motion, since they won't be
read before they are replaced.

Second approximation:  have the collector write out the current
sample's values as simple script-language assignment statements.
Write a CGI script that creates the pages as needed, sourcing the
sample file.  The collector modification will be simpler and faster,
but you still write that file every second whether you use it or not.

I don't see enough of the design to go beyond that.  The "right way"
will depend on details of the data collection process.  There may be
several ways that are equally "right", or that all work but trade off
among space, time, and complexity.  All three of those can be
particularly expensive in embedded systems.

-- 
Mark H. Wood
Lead Technology Analyst

University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu

signature.asc
Description: PGP signature

Re: [users@httpd] How to get notify on new releases

2016-12-24 Thread Julian H. Stacey

> Hi,
> 
> Any one know how to get the notification of new releases or security fixe=
> s on apache webservers and is there any way to automate the apache upgrad=
> e process to a newerversion.
> 
> Diligenta Limited (Company No. 5535029) is a subsidiary of Tata Consultan=

When one asks for help, avoid an annoying mess.

Avoid pointless HTML duplicate junk. Plain text suffices.  
Avoid lines > 80 chars.
Avoid Content-Transfer-Encoding: quoted-printable - mangles in some editors.
Avoid pointless gifs, eg your white .gif
Use a standard .sig delimiter of ^-- $" before verbose corporate excretia.

Cheers,
Julian
--
Julian Stacey, BSD Linux Unix Sys Eng Consultant Munich
 Reply below, Prefix '> '. Plain text, No .doc, base64, HTML, quoted-printable.
 http://berklix.eu/brexit/#stolen_votes

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] 答复: httpd access is denied error in win server 2012

2016-11-19 Thread h d

me too,use administror?


发件人: Robert Ramoutar 
发送时间: 2016年11月18日 12:29:20
收件人: users@httpd.apache.org
主题: [users@httpd] httpd access is denied error in win server 2012



Hi Guys,


I am using the following command to launch Apache on server 2012:


c:\Apache24\bin\httpd.exe"  -d C:/Apache24 -k runservice

However i keep getting the error access is denied, even though i run cmd as 
administrator.

Can anyone help me with this ?


Regards,

Robert Ramoutar.

This email is intended for the intended recipient(s) and may contain 
confidential information.
Reproduction, dissemination or distribution of this message is prohibited 
unless authorized by
 the sender. If you are not the intended recipient, please notify the sender 
immediately and you
must not read, keep, use, disclose, copy or distribute this email without the 
sender's
 prior permission.

答复: [users@httpd] apache 2.4 core dump on launch, no error logging

2016-11-17 Thread h d

use administartor run it[??]


?件人: Nick Kew 
?送??: 2016年11月17日 2:56:04
收件人: users@httpd.apache.org
主?: Re: [users@httpd] apache 2.4 core dump on launch, no error logging

On Wed, 2016-11-16 at 12:12 -0700, @lbutlr wrote:
> When launching apache 2.4 I get a core dump. Nothing is logged to the 
> http-error log. I’ve tried rebuilding it to no avail. Ideas?
>
At the top of your coredump is libpcre.  Could it be that your
httpd has been built against a different/slightly incompatible
pcre version?

--
Nick Kew


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] first quest by english,apache2.4 service can't start!

2016-11-17 Thread h d

httpd.conf file has checked ,syntax is correct，my system is win2012,x64, run 
httpd.exe  by cmd console  is ok, but as windos servcies it can't start.


I change service's log user to administrator ,running,,why?

anthor pc win10 coun't have to do this,

Re: [users@httpd] Perl prg RewriteMap always returns blank

2016-10-08 Thread Julian H. Stacey

Hi, Reference:
> From: spggw...@posteo.eu
> Reply-to: users@httpd.apache.org
> Date: Sat, 8 Oct 2016 11:34:46 +0200

spggw...@posteo.eu wrote:
> Hello Julian,
> 
> Thanks for your recommendation. However, my problem is not about how
> this mapping should be used or how to detect what language my page
> should be displayed in. It's rather about the map not returning any
> value when referenced in my Apache configuration.

Understood, but mis-use of IP number to country code seems to be growing,
so more code that could later get copied & mis-used worries.  But
if you comment code & feed back to perl script source, more callers
can learn IP# to country name should Not over ride HTTP_ACCEPT_LANGUAGE.

> 
> Regards,
> 
> K.
> 
> Am 08.10.2016 um 11:28 schrieb Julian H. Stacey:
> > Hi, Reference:
> >> From:  spggw...@posteo.eu
> >> Reply-to:  users@httpd.apache.org
> >> Date:  Sat, 8 Oct 2016 09:54:01 +0200
> > spggw...@posteo.eu wrote:
> >> Hello experts!
> >>
> >> I'm working with a Perl script that should do geoIP mapping (IP to
> >> two-letter country code).
> > Then please ensure a comment in your code, so callers dont mis-use it:
> >   "Do Not Assume every inhabitant of a country wants to read the
> >language etc of the country the IP# suggests.  Environment
> >variable HTTP_ACCEPT_LANGUAGE should over ride this IP, to allow for
> >eg British in Germany, Poles in London, Spanish in USA etc."

Cheers,
Julian
--
Julian Stacey, BSD Linux Unix Sys Eng Consultant Munich
 Reply below, Prefix '> '. Plain text, No .doc, base64, HTML, quoted-printable.
 http://berklix.eu/brexit/#stolen_votes

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Perl prg RewriteMap always returns blank

2016-10-08 Thread Julian H. Stacey

Hi, Reference:
> From: spggw...@posteo.eu
> Reply-to: users@httpd.apache.org
> Date: Sat, 8 Oct 2016 09:54:01 +0200

spggw...@posteo.eu wrote:
> Hello experts!
> 
> I'm working with a Perl script that should do geoIP mapping (IP to
> two-letter country code).

Then please ensure a comment in your code, so callers dont mis-use it:
  "Do Not Assume every inhabitant of a country wants to read the
   language etc of the country the IP# suggests.  Environment
   variable HTTP_ACCEPT_LANGUAGE should over ride this IP, to allow for
   eg British in Germany, Poles in London, Spanish in USA etc."

Cheers,
Julian
--
Julian Stacey, BSD Linux Unix Sys Eng Consultant Munich
 Reply below, Prefix '> '. Plain text, No .doc, base64, HTML, quoted-printable.
 http://berklix.eu/brexit/#stolen_votes

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Re: throttling IP addresses

2016-02-03 Thread Mark H. Wood

A long time ago I played around with mod-cband.  My memory of that is
dim, but I thought it worth mentioning in case it would help.

-- 
Mark H. Wood
Lead Technology Analyst

University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu


signature.asc
Description: Digital signature

Re: [users@httpd] Blocking of users [was: Apache Server Access]

2016-01-14 Thread Julian H. Stacey

urrently responsible for the inbox is
> just unable to cope with all this - in his or her eyes - weird tech
> stuff.
> 
> Therefore my proposal to manually remove/block the address. But it
> seems that this has happened.
> 
> Kind regards,
> Tobias
>   
> 
> 
> 
> --001a11c31322051df305294e7fde--
> 


Cheers,
Julian
--
Julian Stacey,  BSD Linux Unix Sys. Eng. Consultant Munich http://berklix.com
 Reply After previous text to preserve context, as in a play script.
 Indent previous text with >Insert new lines before 80 chars.
 Use plain text, Not quoted-printable, Not HTML, Not base64, Not MS.doc.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: Fwd: [users@httpd] Possible virus via httpd server

2016-01-13 Thread Julian H. Stacey

William A Rowe Jr wrote:
> --001a1140ef84ac7e4505294022a9
> Content-Type: text/plain; charset=UTF-8
> 
> Is there a kind soul fluent enough Spanish to write a note to this user and
> help them out of their perhaps-unsolicited subscription in their native
> tongue?

Hi,
I dont speak Spanish, but solved a similar problem with German:
I put links from graphic flags on
http://www.berklix.org/help/
http://www.berklix.org/help/majordomo/
to an index of automatic multi lingual translation engines 
http://www.berklix.org/trans/
apache.org lists could append an http: in footers with links to similar.

Cheers,
Julian
--
Julian Stacey,  BSD Linux Unix Sys. Eng. Consultant Munich http://berklix.com
 Reply After previous text to preserve context, as in a play script.
 Indent previous text with >Insert new lines before 80 chars.
 Use plain text, Not quoted-printable, Not HTML, Not base64, Not MS.doc.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Re: confirm unsubscribe from users@httpd.apache.org

2015-06-26 Thread Julian H. Stacey

Dien-Foon Wu wrote:
> Yes, please remove the related address from the list for I am
> currently have no time to check these emails. Thanks.

> 2015-06-25 21:42 GMT+08:00 Hanns Mattes :
> >
> > Zitat von users-h...@httpd.apache.org:

To unsubscribe yourself: do it yourself: see footer & header.

Cheers,
Julian
--
Julian Stacey, BSD Linux Unix C Sys Eng Consultant Munich http://berklix.com
 Reply after previous text, like a play - Not before, which looses context.
 Indent previous text with "> " Insert new lines before 80 chars.
 Send plain text, Not quoted-printable, Not HTML, Not ms.doc, Not base64.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] how to get httpd to use a proxy, cascading to a 2nd proxy ?

2015-04-01 Thread Julian H. Stacey

I wrote:
> & no manuals, & I'm new to Android (but familiar with Apache & FreeBSD)

"route add default gw 192.168.42.139 dev rndis0" 
fails with: Not permitted, (I need to root the device),

So I'd still like to solve the double proxy question please.

Cheers,
Julian
--
Julian Stacey, BSD Linux Unix C Sys Eng Consultant Munich http://berklix.com
Indent previous with "> ".  Reply Below as a play script.
Send plain text, Not quoted-printable, HTML, or base64.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] how to get httpd to use a proxy, cascading to a 2nd proxy ?

2015-04-01 Thread Julian H. Stacey

Hi all on users@httpd.apache.org
Can httpd _use_ (not just _be_) a proxy, cascading to a 2nd proxy on a gate ?

(Not just the common case of httpd serving as a proxy for down stream clients,
 though I need that too on same httpd,  I already have that part working)

I want to get httpd on an internal host to serve as a proxy to a
USB tethered android (which it is already doing), + to pass requests
over ethernet LAN to a 2nd proxy on a LAN gateway. 

This may seem unusual, here's the reason:
An android is tethered (IP over USB) to a FreeBSD PC laptop,
Orweb browser on Android allows use of a proxy, FreeBSD
laptop runs apache 2.2.29 httpd (listening on the USB IP)
with httpd proxy enabled & PC allows android to reach various httpd PCs
on local LAN of the PC.

I now want to tell the httpd on the PC interfacing the android,
to pass android requests to a 2nd httpd running on the gateway host,
to reach the internet.

Why ? Why dont I just configure the FreeBSD PC to bridge packets
from USB to LAN ethernet, & on to LAN gate ?
  - I may later want a firewall on the laptop ( to protect LAN from lots of
untrusted android binaries, + android WLAN & SIM interfaces).
  - Pragmaticaly , I've tried & failed to create a bridge, 
I think the FreeBSD PC side is OK:
/etc/rc.conf gateway_enable="YES"  + 
sysctl net.inet.ip.forwarding=1
But Android rejects syntaxes such as
route add default 192.168.42.139
route add default gw 192.168.42.139
route add default gw 192.168.42.139 dev eth0
& no manuals, & I'm new to Android (but familiar with Apache & FreeBSD)

If httpd wont use a proxy, maybe I'll try packet diversion
via FreeBSD's ipfw,  but I'm hoping Apache httpd can use a proxy ?

I've read
http://httpd.apache.org/docs/2.2/urlmapping.html#proxy
& contemplated nasty cludges eg:
1st httpd on PC connected to android:

ServerName  play.google.com
Redirect temp /store/apps http://gate/playgoogle
2nd httpd on LAN gate:
Redirect temp /playgoogle http://play.google.com/store/apps
But it would be Ugly & wouldnt work for other URLs, eg when android map apps
go other places to load maps etc.

Maybe there's some clever mapping with
http://httpd.apache.org/docs/2.2/rewrite/
1st httpd to be receive request
http://domain/url_under_domain
& emit
http://gate/indirect_trigger/domain/url_under_domain
& 2nd=gate to redirect to
http://domain/url_under_domain

Ideas / suggestions please ?

Cheers,
Julian
--
Julian Stacey, BSD Linux Unix C Sys Eng Consultant Munich http://berklix.com
Indent previous with "> ".  Reply Below as a play script.
Send plain text, Not quoted-printable, HTML, or base64.

-----
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Proxy problems when using subdirectory

So I put this in a  block so that only those URLs get written. No 
success. Thanks for the suggestion though.

> On Nov 19, 2014, at 3:26 PM, Otis DeWitt  wrote:
> 
> Try adding:
> 
> RewriteRule   ^(.*)$   http://www.domain.com/ <http://www.domain2.com/>$1   
> [R=301,L]
> 
> Sent from my iPhone
> 
> On Nov 18, 2014, at 8:38 PM, H Plato  <mailto:hpl...@gmail.com>> wrote:
> 
>> I’m having problems getting a reverse proxy to work as a subdirectory. Using 
>> the following configuration, Apache can full proxy an internal site:
>> 
>> 
>>ServerName www.domain.com <http://www.domain.com/>
>>DocumentRoot /data/www/www
>>ErrorLog /var/log/apache2/www_error_log
>>TransferLog /var/log/apache2/www_access_log
>> 
>>
>>Options Indexes FollowSymLinks ExecCGI
>>AllowOverride AuthConfig
>>Order allow,deny
>>Allow from all
>>AllowOverride All
>>Require all granted
>> 
>> 
>>   ProxyRequests Off
>>   ProxyPass / http://192.168.0.51:80/ <http://192.168.0.51/> 
>>   ProxyPassReverse / http://192.168.0.51:80/ <http://192.168.0.51/> 
>>   ServerAlias www.proxy.domain.com <http://www.proxy.domain.com/>
>>   ServerName proxy.domain.com <http://proxy.domain.com/>
>>
>> 
>> 
>> However, when I change the proxy statements to use a subdomain:
>> 
>>   ProxyPass /a/ http://192.168.0.51:80/ <http://192.168.0.51/> 
>>   ProxyPassReverse /a/ http://192.168.0.51:80/ <http://192.168.0.51/> 
>> 
>> then I get inconsistent results. Any link on the internal site that has root 
>> link (i.e.. href=“/docs” ) none of these are proxied to /a/docs. Any link 
>> with a relative link (i.e. href=“docs”) works.
>> 
>> I’m using Ubuntu 14.04.1 with  Apache/2.4.7 (Ubuntu) Server built:   Jul 22 
>> 2014 14:36:38
>> 
>> I’ve been struggling with this for days, so any ideas or help would be 
>> greatly appreciated.
>> 
>> 
>> 
>> -
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org 
>> <mailto:users-unsubscr...@httpd.apache.org>
>> For additional commands, e-mail: users-h...@httpd.apache.org 
>> <mailto:users-h...@httpd.apache.org>
>>

Re: [users@httpd] Proxy problems when using subdirectory

Thanks for the suggestion, but still no success. Again /a/ works, but any link 
in the proxied site that begins with “/“ does not.

Nothing interesting in the logs, either: the error log has a few of these 
entries:

[Wed Nov 19 19:51:58.309834 2014] [include:warn] [pid 22620] [client 
192.168.3.184:63724] AH01374: mod_include: Options +Includes (or 
IncludesNoExec) wasn't set, INCLUDES filter removed: /a/site/menu.shtml, 
referer: http://www/a/site/index.shtml

From the access log, I can see the problematic URLs and the resulting 404 
errors:

192.168.3.184 - - [19/Nov/2014:19:51:55 -0700] "GET /a/site/top.shtml HTTP/1.1" 
200 485
192.168.3.184 - - [19/Nov/2014:19:51:55 -0700] "GET /default.css HTTP/1.1" 404 
277
192.168.3.184 - - [19/Nov/2014:19:51:55 -0700] "GET /site/images/lo.gif 
HTTP/1.1" 404 294
192.168.3.184 - - [19/Nov/2014:19:51:55 -0700] "GET /site/images/pa.gif 
HTTP/1.1" 404 289
192.168.3.184 - - [19/Nov/2014:19:51:55 -0700] "GET /a/site/menu.shtml 
HTTP/1.1" 200 1414
192.168.3.184 - - [19/Nov/2014:19:51:55 -0700] "GET /default.css HTTP/1.1" 404 
277
192.168.3.184 - - [19/Nov/2014:19:51:55 -0700] "GET /default.css HTTP/1.1" 404 
277
192.168.3.184 - - [19/Nov/2014:19:51:58 -0700] "GET /a/site/index.shtml 
HTTP/1.1" 200 374
192.168.3.184 - - [19/Nov/2014:19:51:58 -0700] "GET /default.css HTTP/1.1" 404 
277

> On Nov 19, 2014, at 2:37 PM, Igor Cicimov  wrote:
> 
> 
> On 20/11/2014 1:04 AM, "H Plato" mailto:hpl...@gmail.com>> 
> wrote:
> >
> > Thanks Eric,
> >
> > I've tried so many combinations of this with no success, both in and out of 
> > a location block. This should work according to the docs, but it doesn't 
> > (i'm writing this from memory so might have syntax wrong):
> >
> > 
> >   ProxyHTMLURLMap / /a/
> >   ProxyHTMLURLMap /bin/  /a/bin/
> > 
> >
> > Sent from my mobile device.
> >
> Try this in the vhost
> 
> ProxyHTMLEnable On
> ProxyPass /a/ http://192.168.0.51:80/ <http://192.168.0.51/>
> ProxyPassReverse /a/ http://192.168.0.51:80/ <http://192.168.0.51/>
> ProxyHTMLURLMap http://192.168.0.51:80/ <http://192.168.0.51/> /a/

Re: [users@httpd] Proxy problems when using subdirectory

Thanks Eric,  

I've tried so many combinations of this with no success, both in and out of a 
location block. This should work according to the docs, but it doesn't (i'm 
writing this from memory so might have syntax wrong):


  ProxyHTMLURLMap / /a/
  ProxyHTMLURLMap /bin/  /a/bin/


Sent from my mobile device. 

> On Nov 19, 2014, at 6:02 AM, Eric Covener  wrote:
> 
>> On Tue, Nov 18, 2014 at 8:38 PM, H Plato  wrote:
>> then I get inconsistent results. Any link on the internal site that has root 
>> link (i.e.. href=“/docs” ) none of these are proxied to /a/docs. Any link 
>> with a relative link (i.e. href=“docs”) works.
> 
> mod_proxy_html can fix your links.
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
> 

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Proxy problems when using subdirectory

Just a cut’n’paste typo.
> On Nov 19, 2014, at 1:27 AM, Igor Cicimov  wrote:
> 
> 
> On 19/11/2014 12:39 PM, "H Plato"  <mailto:hpl...@gmail.com>> wrote:
> >
> > I’m having problems getting a reverse proxy to work as a subdirectory. 
> > Using the following configuration, Apache can full proxy an internal site:
> >
> > http://192.168.0.50/>>
> > ServerName www.domain.com <http://www.domain.com/>
> > DocumentRoot /data/www/www
> > ErrorLog /var/log/apache2/www_error_log
> > TransferLog /var/log/apache2/www_access_log
> >
> > 
> > Options Indexes FollowSymLinks ExecCGI
> > AllowOverride AuthConfig
> > Order allow,deny
> > Allow from all
> > AllowOverride All
> > Require all granted
> > 
> >
> >ProxyRequests Off
> >ProxyPass / http://192.168.0.51:80/ <http://192.168.0.51/>
> >ProxyPassReverse / http://192.168.0.51:80/ <http://192.168.0.51/>
> >ServerAlias www.proxy.domain.com <http://www.proxy.domain.com/>
> >ServerName proxy.domain.com <http://proxy.domain.com/>
> >
> > 
> Do you really have two ServerName statements in the vhost or is it just a 
> typo?

[users@httpd] Proxy problems when using subdirectory

2014-11-18 Thread H Plato

I’m having problems getting a reverse proxy to work as a subdirectory. Using 
the following configuration, Apache can full proxy an internal site:


ServerName www.domain.com
DocumentRoot /data/www/www
ErrorLog /var/log/apache2/www_error_log
TransferLog /var/log/apache2/www_access_log


Options Indexes FollowSymLinks ExecCGI
AllowOverride AuthConfig
Order allow,deny
Allow from all
AllowOverride All
Require all granted
 

   ProxyRequests Off
   ProxyPass / http://192.168.0.51:80/ 
   ProxyPassReverse / http://192.168.0.51:80/ 
   ServerAlias www.proxy.domain.com
   ServerName proxy.domain.com



However, when I change the proxy statements to use a subdomain:

   ProxyPass /a/ http://192.168.0.51:80/ 
   ProxyPassReverse /a/ http://192.168.0.51:80/ 

 then I get inconsistent results. Any link on the internal site that has root 
link (i.e.. href=“/docs” ) none of these are proxied to /a/docs. Any link with 
a relative link (i.e. href=“docs”) works.

I’m using Ubuntu 14.04.1 with  Apache/2.4.7 (Ubuntu) Server built:   Jul 22 
2014 14:36:38

I’ve been struggling with this for days, so any ideas or help would be greatly 
appreciated.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] mod_reqtimeout and security

2014-09-05 Thread Jani H Rautiainen


Hi!

I have set up forward proxy for SSH connection to my box. For a long 
time I was troubleshooting timeout issue which caused the session to 
timeout after 30 seconds. Finally I was able to trace down the issue to 
mod_reqtimeout module. To keep the session alive I need to add the 
following to my virtualhosts conf (and yes, I'm just started to fine 
tune the params):


RequestReadTimeout header=60-3600,MinRate=10

I need to run proxy service either on port 80 or 443 as these are the 
only open ports. These are of course used to serve other content as well.


However the thing I'm now concerned is that what kind of impact this 
RequestReadTimeout setting has to overall security of the server? Is it 
making it more vulnerable to attacks and can something be done to make 
it more secure if needed? And of course, please point if there's a more 
clever solution to keep the sessions alive :-)



Thanks,

Jani



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] RewriteEngine conditions?

2014-08-07 Thread Walter H.


On 07.08.2014 15:48, Igor Cicimov wrote:



On 07/08/2014 2:47 PM, "Mark jensen" > wrote:

>
> I want to redirect all the inside network IPs to an error page 
except some IPs, A condition like this:

>
> if ( IP_from_Network = 192.168.1.0 and ((IP != 192.168.1.4) or (IP 
!= 192.168.1.5) or (IP != 192.168.1.6)) )

> {
> redirect to an error page
> }
>
> so I' trying to achieve this using RewriteEngine:
>
>  RewiteEngine On
>   RewriteCond   %{REMOTE_ADDR}   !^192\.168\.1\.4$  [NC]
>   RewriteCond   %{REMOTE_ADDR}   !^192\.168\.1\.5$  [NC]
>   RewriteCond   %{REMOTE_ADDR}   !^192\.168\.1\.6$  [NC]
>   RewriteCond   %{REMOTE_ADDR}   ^192\.168\.1\.*$  [NC]
>   RewriteCond%{REQUEST_URI}   ^/test/manager/.* [NC]
>   RewriteRule^(.*)$   - [R=404,L]
>
> Is this would do what I want or should I use other tags like [OR]?
Can't you just use:
  RewriteCond   %{REMOTE_ADDR}   ^192\.168\.1\.*$
  RewriteCond   %{REMOTE_ADDR}   !^192\.168\.1\.4$
  RewriteCond   %{REMOTE_ADDR}   !^192\.168\.1\.5$
  RewriteCond   %{REMOTE_ADDR}   !^192\.168\.1\.6$
No need to complicate.


the first RewriteCond seems to be syntactically not what you want
try this:

RewriteCond   %{REMOTE_ADDR}   ^192\.168\.1\.[0-9]+$

or just simplier this:

RewriteCond   %{REMOTE_ADDR}   ^192\.168\.1\.

Walter

Re: [users] login form

2014-06-09 Thread Walter H.


On 09.06.2014 20:44, Tim Daley wrote:


I am struggling with getting a login form working. I am attempting to 
do it pretty much all in html/httpd2.4. It looks like this method 
ought to work. service httpd24-httpd configtest shows no errors.



Here are my login pages:





...




smime.p7s
Description: S/MIME Cryptographic Signature

Re: [users] Only allow access from specific domains?

2014-06-04 Thread Walter H.


On 04.06.2014 14:33, Brad Harris wrote:

the match strings are wrong, should be!^http://$

Thanks Walter, I tried your suggestion but get the same result. I inherited 
this site from another company and I've already let my users know that it's an 
insecure way of doing it and demonstrated with a  simple Chrome extension how 
easy it is to bypass. Is there another way to do this?


yes, session cookies;

Walter



smime.p7s
Description: S/MIME Cryptographic Signature

Re: [users] Only allow access from specific domains?

2014-06-04 Thread Walter H.


On 03.06.2014 21:05, Brad Harris wrote:

I've been trying to configure a website to send a 403 forbidden error unless 
the user comes from a specific website/domain, which is a logon page hosted on 
another server.
Design error, because, the Referer is fakeable and makes the logon page 
not neccessary ...




RewriteEngine On
# this is the domain hosting the login page
RewriteCond %{HTTP_REFERER} !logon_domain.com [NC]
# this is the domain hosting the WordPress site
RewriteCond %{HTTP_REFERER} !wordpress_site.com [NC]
RewriteRule .* - [F]
ErrorDocument 403 http://logon_domain.com/Login.aspx

The last line of my rewrite error log:
forcing responsecode 403 for /var/www/html/...


the match strings are wrong, should be!^http://$

Walter



smime.p7s
Description: S/MIME Cryptographic Signature

Re: [users@httpd] SSI not using locale settings for dates

2014-05-04 Thread Walter H.


On 04.05.2014 12:29, Roel Wagenaar wrote:

L.S.

In spite of the fact that all my webservers are set to my locale, dates inserted
via ssi are always in "C", as it appears, is this intentional or have I missed a
config option?

Apache2 2.22 on Debian 7



try to set the time format
e.g.
||
if this works, you have done all correct ...


smime.p7s
Description: S/MIME Cryptographic Signature

Re: [users@httpd] Why is debian-hosted 2.2.x giving 403 on CGI's?

2014-04-22 Thread Walter H.

On Tue, April 22, 2014 15:46, Jonathan Hayward wrote:
> I have a fresh Debian installation (if that's not an oxymoron), with
> Apache
> 2.2.x which I am migrating to after using Ubuntu Saucy and Apache 2.4.x,
> and I'm pulling my hair out about why
> http://dev.JonathansCorner.com/index.cgi<http://dev.jonathanscorner.com/index.cgi>
> (used
> to serve the homepage) is giving a 403. An old, static
> http://dev.JonathansCorner.com/index.html<http://dev.jonathanscorner.com/index.html>
> is
> working just fine, as well as other static pages within the site.
>

can you look on the corresponding log files
/var/log/apache2/error.log and access.log
you might find the solution in there ...

a few hints
- access rights are equal to 755?
- the owner of the CGI script?



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache 2.4 - non adoption reasons??

2014-04-10 Thread Mark H. Wood

On Thu, Apr 10, 2014 at 12:43:17PM -0500, Joey J wrote:
> Apache 2.4 has had a stable release out for over 2 years but is only 
> used by 2.5% of active Apache sites.   Why is the adoption so low?? The 
> Apache foundation has been recommending upgrading to 2.4 for some time 
> and looking at the improvements I see significant value in several.  I 
> don't see any reason why anybody wouldn't want to use it but the 
> community seems to think it's bad.

Perhaps it's not yet available, in the way that many in the community
consume it.

Gentoo Linux briefly stabilized 2.4.3 some time ago, but there were
problems with the ebuild and it was withdrawn.  No 2.4 release has
been stabilized since.

I was one of the lucky? ones who noticed the 2.4 ebuild before it was
keyworded and merged it, and I'm still running it.  (Actually I'm
running 2.4.9, because I overrode the keyword and there *have* been
unstable updates.)  It works well.  I had to figure out how to adapt
to a few of the changes, but it wasn't bad.  Every once in a while I
ask "whatever happened to stabilizing 2.4?"  I've had to do without a
module or two, but nothing that couldn't be done almost as well in
another way.  So far keeping it (after I made it run) has been less
work than falling back to 2.2 would be.

That's on my development environment, though.  We still run 2.2 in
production, and will until Gentoo stabilizes another 2.4.x.

-- 
Mark H. Wood, Lead System Programmer   mw...@iupui.edu
Machines should not be friendly.  Machines should be obedient.

signature.asc
Description: Digital signature

Re: [users@httpd] dynamic virtual hosts

2014-03-12 Thread Walter H.


Hi,

On 12.03.2014 16:15, Rose, John B wrote:
We have been experimenting with "mod vhost alias" and "mod rewrite" 
methods of dynamic virtual hosting


They both work fine for …
abc.persons.domain.com
xyz.persons.domain.com
 Etc.

We would also like to be able to do dynamic virtual hosting for a 
mixture of sub domains and domains …

111.subdomain1.domain.com
subdomain1.domain.com
222.subdomain2.domain.com
subdomain2.domain.com
subdomain3.domain2.com
subdomain4.domain2.com

   1. Does any have preferences, pros, cons, what is best for scaling
  to hundreds of virtual hosts over years, etc between the
  alternative methods of dynamic virtual hosts configurations?
   2. Has anyone used a method they think is best for dynamic virtual
  hosting for a mixture of domains and subdomains




Is there a semantic reason for having this many subdomains?
in present I can see many sites that make use of many subdomains for a 
not logic reason;
for restrictive smart surfing this can be a very good feature - just 
block a subdomain, to prevent stupid javascripts or css files to be 
downloaded ;-)
using scripts from foreign sites that are only used on client side is 
the worst, you can do;


if these represent sites of individuals than it is a good idea to have 
each one his own subdomain for the complete individual's website;


Greetings,
Walter



smime.p7s
Description: S/MIME Cryptographic Signature

Re: [users@httpd] Multiple choices

2014-01-22 Thread Walter H.


Hello,

not here, normal access to this PDF as expected ...; the only fact: I 
can't read it - of course its in an unknown language ...


Walter

On 22.01.2014 19:09, Marcos R. Cardoso wrote:
My web server is having such a strange behavior (actually, I think 
it's the web server).


I work at the university's library and we host here academic works in 
PDF format for public access, but we have received reports that some 
links return the "Multiple choices" error.


For example this link: http://www.bc.furb.br/docs/MO/2013/355007_1_1.pdf
I managed to access this file from my work computer and even my tablet 
(using Safari browser), bot some users here at work (librarians) and 
from outside (students trying to retrieve from home) report that the 
"Multiple choices" error has returned from their browsers (Google 
Chrome, for instance).


Tried to set the CheckSpelling directive Off but I had no success, so 
I'm asking here for some help.


The configuration here:
Debian 6.0.8
Apache/2.2.16 (Debian)
PHP Version 5.3.3-7+squeeze18

Mods enabled (among others):
alias
negotiation
rewrite
speling


TIA







smime.p7s
Description: S/MIME Cryptographic Signature

Re: [users@httpd] SSL certificate error

2014-01-14 Thread Walter H.

Hello,

do you have another "SSL check" site, because this is somewhat buggy;

two hosts resolve to the same IP Address, and with one it says, that port
443 is not open(!)

On Wed, January 15, 2014 06:40, Yehuda Katz wrote:
> If your site is publicly available, you can check that the server is
> serving the correct chain with a number of websites including this one:
> http://www.sslshopper.com/ssl-checker.html
> Just put your website in and it will tell you if the chain is correctly
> configured.
>



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Configure 2 virtuals hosts: 1 for a specific subdomain and 1 for as a catch-all

2013-12-04 Thread Walter H.

Hi,

these two files have names with numbers,
give the catch all file a file name that is alphabetical the later one;
then this works;

Walter

On Wed, December 4, 2013 09:07, Niels Rymenams wrote:
> Hi,
>
> I'm sorry for the n00b question, but this is the first time that I need to
> configure Apache myself and I can't seem to get my configuration right.
>
> I want to set up a webserver hosting a site (/home/user/www/website) under
> a subdomain: website.example.org
> Although I want to catch all other requests to the webserver on the domain
> and/or subdomains: example.org, host.example.org, www.example.org, ...
>
> I have a default Ubuntu 12.10 installation and have copied the default
> configuration in /etc/apache2/sites-available to user-site. I modified
> both
> (only the first few lines defining the ServerName/ServerAlias and
> DocumentRoot) using the Apache documentation.
> [Configurations are below this e-mail]
>
> When surfing to www.example.org I see the catch-all website, but any other
> subdomain goes to the main website.
>
> Any suggestions on what I'm doing wrong?
>
> Kind regards,
> Niels R.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] Disabling Web Directories Listing in Apache

2013-11-05 Thread Kaplan, Andrew H.

Hello --

I am going through the motions of securing our Apache webserver. The server is 
the 2.2.15 package bundled with the CentOS 6.3 distribution.
One of the items that is being dealt with is the web directories listing 
vulnerability. My plan is to modify the following line in the httpd.conf file:

Options Indexes FollowSymLinks

to read as follows:

Options FollowSymLinks

Is this the correct course of action, or is there another line that should be 
modified either in addition to or instead of the aforementioned line?

Thanks.




The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Partners Compliance HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in error
but does not contain patient information, please contact the sender and properly
dispose of the e-mail.

Re: [users@httpd] building a web farm

2013-10-31 Thread Mark H. Wood

On Thu, Oct 31, 2013 at 09:54:14AM +0100, trifo wrote:
> I am running a web site using Apache httpd on several server nodes to
> provide high availability and performance. At present, the web content
> resides on a clustered filesystem (GPFS) to ensure that all the nodes serve
> the same content in any moment.
> 
> Well, GPFS is quite an expensive product, thus the management tries to get
> rid of it. Now my question is this: how to build a high performance
> environement without a clustered filesystem? Where to store the html files,
> and how to ensure the consistency between nodes?

Get a cheaper product?  DRBD perhaps? GFS2? Lustre? can iRODS do what
you need?  If I understand how GPFS works, you might wind up buying
much more storage, but everyone keeps saying that storage is cheap

> (we have mostly static html pages, but over 400k of them. And there is a
> part which changes regularly)

Does the content have to be absolutely identical 100% of the time, or
can occasional changes ripple through the system on a scale of seconds
to minutes?  rsync is free.  How volatile are your volatile pages?

-- 
Mark H. Wood, Lead System Programmer   mw...@iupui.edu
Machines should not be friendly.  Machines should be obedient.

signature.asc
Description: Digital signature

Re: [users@httpd] Is this an Apache config problem?

2013-05-25 Thread Walter H.


On 25.05.2013 02:48, John Iliffe wrote:

Every day I get a number of lines like the following in the Apache access
log.  Note that the response code is 200, successful.  The requested URL is
NOT on my web site.


can you image that you connect within your site to this host?

Does this imply that I have actually created an open proxy or relay?  I
would expect some form of error response such as 404.


then the 200-respone sounds logic;

176.8.88.90 - - [23/May/2013:18:46:46 -0400] "GET / HTTP/1.1" 200 5406
"http://www.world-mmo.com/"; 29135 289
176.8.88.90 - - [23/May/2013:18:46:47 -0400] "GET / HTTP/1.1" 200 5406
"http://www.world-mmo.com/"; 29136 217


http://www.world-mmo.com is a valid website;




smime.p7s
Description: S/MIME Cryptographic Signature

Re: [users@httpd] Apache Upgrade Question ...

2013-04-11 Thread Mark H. Wood

On Wed, Apr 10, 2013 at 10:44:33PM +, CR Rajesh wrote:
>   I'm currently running Apache version Apache/2.2.11 in Ubuntu 9.04. I 
> want to update this to atleast Apache 2.2.24 for PCI compliance.
> 
> Can you help me in getting the instructions for a safe and successful upgrade?

Upgrade a test box first?  Run your local regression test suite
against the test box?  Run your regular security scans against the
test box?

Keep notes as you go, to update what you did to upgrade the test box.
Merging all that together should give you step-by-step instructions
for upgrading the production box.

Then run your regression tests and security scans against the
production box(es).

-- 
Mark H. Wood, Lead System Programmer   mw...@iupui.edu
There's an app for that:  your browser

pgpYPf0sYXvrO.pgp
Description: PGP signature

Re: [users@httpd] rewritecond problem

2013-02-24 Thread Walter H.


Hello,

consider, that / must be escaped ...

Walter




smime.p7s
Description: S/MIME Cryptographic Signature

Re: [users@httpd] htaccess file and computer names

2013-02-19 Thread Walter H.


Hello,

DNS names won't work here;
because the connection is made by an IP host,
for this a reverse DNS request would be neccessary;

the apache log files also also don't contain DNS names, just IP addresses;

I wouldn't do this, because this decreases performance;

Walter

On 19.02.2013 19:49, Marc Fromm wrote:


I am using some htaccess files to control access to a few web pages.

The htaccess file works if I use the ip address of the computer to 
grant access, but not its name.


Is there another setting to enable for  "Allow from 
computername.domain.name" to work like using the ip address "Allow 
from ###.###.###.###" ?


Order deny,allow

Deny from all

Allow from computername.domain.name //this does not grant access

Allow from ###.###.###.### //this grants access

The computers and the server are all on the same network

Thanks

Marc





smime.p7s
Description: S/MIME Cryptographic Signature

Re: [users@httpd] Graceful Restart fails because of SSL Keys with Passphrase?

2013-02-12 Thread Walter H.

Hello,

you need either SSLPassPhraseDialog or remove the passphrase;

On Tue, February 12, 2013 21:56, Shahriar Aghajani wrote:
> Any ideas?  Leads?
>
> I've seen people recommending removing the passphrase or using
> SSLPassPhraseDialog.  But I'd prefer to use pass-phrases and graceful
> restart if possible.
>
> Thanks for your help,
> Shahriar Aghajani.


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Issue with redirection from HTTP to HTTPS

2013-02-06 Thread Walter H.

On Wed, February 6, 2013 07:14, Nikolas Kallis wrote:

> I already thought of 'Redirect / https://nikolaskallis.com/' but don't
> want to use it because if someone enters from
> 'http://nikolaskallis.com', then they should be taken to its HTTPS
> equivalent, which is 'https://nikolaskallis.com' - not
> 'https://nikolaskallis.com/'.
>
> 'Redirect . https://nikolaskallis.com' didn't work for me. I got a 404
> because of the way my server is setup.
>
> I have HTTP and HTTPS data kept in separate folders:
>
> '/var/www/http/nikolaskallis.com/' is for HTTP and contains one file
> only - '.htaccess', which redirects to HTTPS, which is kept in
> '/var/www/https/nikolaskallis.com/'.

then you should have in your .htaccess something like

RewriteEngine  on
RewriteCond%{HTTPS} !=on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Greetings,
Walter



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Issue with redirection from HTTP to HTTPS

2013-02-05 Thread Walter H.

On Wed, February 6, 2013 01:17, Nikolas Kallis wrote:
> Hello,
>
> I have an issue with redirection from HTTP to HTTPS.
>
> The problem is that when someone visits a directory on my website in
> HTTP, such as 'http://nikolaskallis.com/contact/', they are redirected
> to 'https://nikolaskallis.comcontact/', which doesn't include a forward
> slash between '.com' and 'contact'.
>
> I am using the redirect method of placing 'Redirect /
> https://nikolaskallis.com' in my HTTP htaccess file.
>
> Can someone please tell me what I have done wrong, why this error is
> occurring, and what I can do to to get the forward slash included in the
> redirect?

you have the following two possibilities

either
'Redirect / https://nikolaskallis.com/'
or
'Redirect . https://nikolaskallis.com'

then it works correct

Greetings,
Walter



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] MIME types not delivering

2012-10-26 Thread Mark H. Wood

On Thu, Oct 25, 2012 at 04:34:50PM -0400, J.Lance Wilkinson wrote:
> J.Lance Wilkinson wrote:
> > The file itself is being genrated not via a CGI but some Oracle
> > process (this IS an Apache configured by Oracle after all), so he's
> > trying to figure out now just what might be generated by that
> > procedure, which DOES seem to generate a Content-Type header.  If
> > we can determine that it gets OMITTED in this case that would explain
> > the type/plain from the DefaultType, perhaps, even with the DefaultType
> > directive being removed.   Another possibility is the process itself
> > has no idea what to assign as a Content-Type, and thus it backpedals
> > and assigns text/plain because it has nothing better  to assign
> > (although application/octet would be better, eh?).
> 
>   I was wondering if there was an apache module or perhaps some obscure
>   directive that would cause a CGI script or a handler or whatever
>   the user's Oracle process would be considered to "Tee" out the output
>   sent back to Apache HTTPD for delivery to the browser and dump that
>   output into a file.   So we could see what headers if any are
>   generated by that process.
> 
>   Thoughts?

If it were using CGI then you could just run the Oracle thing from a
commandline prompt and look at the output there.  You might have to
provide some environment variables to get it to run sensibly:

  http://en.wikipedia.org/wiki/Common_Gateway_Interface

It's kind of hard to debug this without knowing how HTTPD is
communicating with the Oracle thingy.  Could we get a look at the
HTTPD configuration?  Does the Oracle bit have a name?

It ought to be doing one of three things, I think:

o  Some program is run once per request.  It could be a tiny thing that
   just makes contact with the real information provider.  In this
   case I would just make that per-request thing speak CGI; I can't
   imagine a reason to invent some other protocol.  So you could just
   run it and see what it says.

o  HTTPD is a proxy for this other process.  There ought to be
   configuration to reveal that.  If you can figure out the host:port
   for the connection then you could use tcpdump or Wireshark or
   whatever to just snoop the packets.

o  There's (a) persistent connection(s) between HTTPD and the main Oracle
   thing.  In this case there should be an HTTPD module a la mod_dbd
   to set up and run the connection, and there should be configuration
   to lead us to it, or you could at least see it in server_info.  I'd
   guess there would be an AddHandler directive to have it called
   under the right conditions.  You'd probably have to get Oracle to
   tell you how to turn on debug logging.

Come to think of it, if Oracle set it all up then making it work ought
to be one of the reasons you're paying them bales of money.

-- 
Mark H. Wood, Lead System Programmer   mw...@iupui.edu
Asking whether markets are efficient is like asking whether people are smart.

pgpbcCE0DwEMa.pgp
Description: PGP signature

Re: [users@httpd] help on directive

2012-04-17 Thread Mark H. Wood

On Tue, Apr 17, 2012 at 09:40:03AM +0300, Brestin Sebastian wrote:
> Hello,
> Why if I am using  and the server is offline I get
> invalid path and apache will not start? How could I manage this?

More detail would be helpful, but it looks like you are mounting a
storage server across a network onto /server, yes?  If there is
nothing mounted at /server, what do you see?  If there is not a local
path /server/dir and the server is not mounted over /server then
"/server/dir" is indeed an invalid path.  (So far as the local
filesystem is concerned, it is the same case as if the storage *is*
mounted at /server but there is no subdirectory "dir" in the root of
that remote volume.)

If HTTPD must start even though the storage server is not mounted, you
could make an empty directory "dir" under the local "/server" and I
think that would satisfy the HTTPD configuration interpreter.

-- 
Mark H. Wood, Lead System Programmer   mw...@iupui.edu
Asking whether markets are efficient is like asking whether people are smart.

pgpoG4INg0EoR.pgp
Description: PGP signature

Re: [users@httpd] OpenSSL and apache2 wildcard self-signed certificate for nested subdomain

2011-12-14 Thread Mark H. Wood

On Wed, Dec 14, 2011 at 02:04:37PM +0100, rey sebastien wrote:
[browsers don't trust certificates they haven't been told to trust]
> Is there any solution to bypass this problem ? With another type of 
> self signed certificate wich need no CA ? or contain the Ca i don't 
> know ?

That would be like taking the front door off of your house because
you're tired of unlocking it every day.

A self-signed certficate is, essentially, its own CA.  (Every "root"
CA certificate is self-signed.)  Browsers come with lists of CAs'
certificates which they are "told" to trust out-of-the-box.  If the
browser encounters a certificate which is not in that list, and which
is not signed by some unbroken chain of certificates which leads back
to a certificate in that list, then it complains, because it has no
way to know that you trust that certificate.  If you tell the browser
to trust that certificate, the browser will thereafter assume that you
know your own business and will not complain about it anymore.  The
dialog is asking:  whom do you trust?

If it were possible for a website to evade this, SSL/TLS would be
useless for verifying that you are talking to the website you think
you are.  The conversation would still be encrypted, but having an
encrypted conversation with an unknown party doesn't sound secure to
me.

-- 
Mark H. Wood, Lead System Programmer   mw...@iupui.edu
Asking whether markets are efficient is like asking whether people are smart.

pgpBsuZ3mGCW6.pgp
Description: PGP signature

Re: [users@httpd] Fw: favicon.ico

2011-10-14 Thread Mark H. Wood

On one hand:  favicon.ico must be readable by the process which runs
the web server.  Check the ACL on that file.

On the other hand: it is not an error if favicon.ico does not exist.
That's the small image which is typically displayed just to the left
of the URL entry field near the top of the browser window.  If there
is no favicon, the browser just leaves the space blank or substitutes
a default.  Your actual problem is somewhere else.  Check the ACLs on
the other files in htdocs to ensure that httpd can read them, and also
check all of your Allow and Deny commands in httpd.conf to ensure that
your client machine is allowed access to the page you requested.

You may see other errors in the log which will help you to pin down
the actual problem.  Favicon is not it.

> > A message in the archives said no problem just add the folder favicon.ico
> > to the tree. Tried that but it still would not recognize the folder and I 
> > get the same

Woops, I read this again.  favicon.ico is not a folder; it's an image
file.  Find more than you ever wanted to know here:

  http://en.wikipedia.org/wiki/Favicon

-- 
Mark H. Wood, Lead System Programmer   mw...@iupui.edu
Asking whether markets are efficient is like asking whether people are smart.


pgpUFPs3Otef9.pgp
Description: PGP signature

Re: [users@httpd] mod_dbd, mod_authn_dbd examples

2011-09-19 Thread Mark H. Wood

Indeed, the configuration manpage doesn't tell us much at all about
DBD support.

I just got a copy of the 2.2.21 source kit and tried out a few
'configure's.

If you have shared APR and APU installed, then by default it just uses
those.  In that case, you would need APU (apr-utils) to have ODBC
support built in.  Or you can specify --with-included-apr --with-included-apu
to build HTTPD with its own copies of APR and APU.

If you don't have shared APR and APU then building HTTPD also builds
private APR and APU.

In either case, it appears that the APU configuration script will
search for various DBMS support libraries and use them if it can.  In
my case it found odbc_config and set up to build with ODBC support.
This was the --with-included-apr --with-included-apu case.  So, it
looks to me as though, if ODBC is installed and findable in the build
environment, then HTTPD (or shared APU) will be built to use it.

If your ODBC library is in a "nonstandard" location then you can point
to it using --with-odbc=DIR .

I'm sorry to be a bit vague myself, but I usually just use the Gentoo
Linux packaging system to install/upgrade HTTPD and it sorts all this
out, so I'm not writing from fresh experience of actually making it
work.

-- 
Mark H. Wood, Lead System Programmer   mw...@iupui.edu
Asking whether markets are efficient is like asking whether people are smart.


pgpTROI8kRlyl.pgp
Description: PGP signature

Re: [users@httpd] mod_rewrite?

2011-09-19 Thread J-H Johansen

On Mon, Sep 19, 2011 at 2:51 PM, topinambour  wrote:

> Hi
>
> I have some problems about
> to write rewriterule in .htaccess
> I use spip and URL_propre
>
> URL read by google as :
> #URL_site/#URL_ARTICLE?page=fr
> i would want to use to remove:?lang=fr and do :
> /#URL_SITE/#URL_ARTICLE
>
> Summary, it would be :
> http://monsite.org/-Description-?lang=fr
> to redirect to
> http://monsite.org/-Description-
>
> I write :
> RewriteRule  ^\?lang=fr$^[^\.]$ [L,R=302]
> nothing do
>
> any ideas please
>

Something like this maybe?

RewriteRule  ^(.*)\?lang=fr$ $1 [L,R=302]


-- 
Jens-Harald Johansen
--
There are 10 kinds of people in the world: Those who understand binary and
those who don't...

Re: [users@httpd] mod_dbd, mod_authn_dbd examples

2011-09-16 Thread Mark H. Wood

Some clues at:

  http://old.nabble.com/help-with-mod_authn_dbd-and-oracle-td20562832.html

The actual DBMS drivers are built into apr-util, or supplied
separately since they can be dynamically loaded.  In your environment,
if it's supplied separately then just be sure you got it; otherwise,
if you're using a shared apr-util, it needs to be built for Oracle
support; otherwise (HTTPD using its own inbuilt apr-util) HTTPD will
need to be built for Oracle support.

For a quick test, you could try just changing 'pgsql' to 'oracle' and
see what happens.  I agree with others that 'DBDriver pgsql' asks for
the PostgreSQL driver.

-- 
Mark H. Wood, Lead System Programmer   mw...@iupui.edu
Asking whether markets are efficient is like asking whether people are smart.


pgpoD2BbaTSu3.pgp
Description: PGP signature

Re: [users@httpd] mod_proxy SSL forward proxy

2011-08-24 Thread J-H Johansen

On Wed, Aug 24, 2011 at 11:16 AM, Bill Moseley  wrote:

> Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8r
> OS X 10.6.8
>
> I need help with a forward proxy setup and SSL.
>
> I have created a simple httpd.conf file with two virtual hosts, listening
> on 8080 and 8443 (accepting SSL connections).  I'm using a self-signed
> certificate for testing.  WIth this config both of these requests work just
> fine:
>
> http://localhost:8080/foo.txt
> https://localhost:8443/foo.txt (issues a warning about the self-signed
> cert, of course)
>
>
> I enabled mod_proxy (and _http and _connect) and then I set up both Firefox
> and Chrome to proxy http to localhost:8080 and https to localhost:8443.
>
> The forward proxy works fine for non-SSL requests.  Any non-SSL site I go
> to is passed through my local Apache proxy.  But, the SSL pages do not work,
> and with LogLevel debug I see:
>
> [Wed Aug 24 11:54:42 2011] [info] SSL Library Error: 336027803
> error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request
> speaking HTTP to HTTPS port!?
>
> So, I assume I'm not understanding the configuration needed to proxy the
> SSL requests.
>
> Here's my httpd.config.  Again, this config will serve local files over
> http or https fine.  And when a browser is set up to proxy via
> localhost:8080 normal http proxy works fine (and I can see all we pages I
> access logged as they are proxied).
>
> But, with the browser https proxy config set to localhost 8443 https
> requests fails with the error above.
>
>
> moseley@bair ~/Documents/apache $ cat httpd.conf
>
> ServerRoot /Users/moseley/Documents/apache
> PidFile apache.pid
> Lockfile accept.lock
>
> LoadModule ssl_module /usr/libexec/apache2/mod_ssl.so
>
> LoadModule proxy_module /usr/libexec/apache2/mod_proxy.so
> LoadModule proxy_http_module /usr/libexec/apache2/mod_proxy_http.so
> LoadModule proxy_connect_module
> /usr/libexec/apache2/mod_proxy_connect.so
>
> LoadModule log_config_module  /usr/libexec/apache2/mod_log_config.so
>
> LogLevel Debug
>
>
> CustomLog logs/access_log \
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
>
>
> Listen localhost:8080
> Listen localhost:8443
>
>
> DocumentRoot /Users/moseley/Documents/apache/htdocs
>
> ServerName hank.org
>
> SSLSessionCache dbm:ssl.cache
>
> 
> ProxyRequests ON
> 
>
> 
> ProxyRequests ON
>
> # This needed?
> AllowCONNECT 443 8443
>
> SSLEngine on
>

I've never used Apache like this before but I suspect that you may need the
SSLProxyEngine directive as well.
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslproxyengine


>
>  SSLCertificateFile certs3/server.crt
> SSLCertificateKeyFile certs3/server.key
>
> #SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> 
>
> --
> Bill Moseley
> mose...@hank.org
>



-- 
Jens-Harald Johansen
--
There are 10 kinds of people in the world: Those who understand binary and
those who don't...

Re: [users@httpd] Mutual Authentication issue in 2.2.17 openssl 1.0.0d

2011-08-20 Thread J-H Johansen

On Thu, Aug 18, 2011 at 5:44 PM, paddy carroll wrote:

> I don't accept it is an openssl issue.
> I have already verified that the client connection from openssl to the
> apache server is reporting the correct certificates, and likewise that the
> server is returning a correct unexpired certificate and CA chain to the
> client.
> It is not an openssl issue as openssl works when used at both ends it is an
> apache server issue that causes it to reject the client connection with:
> SSLv3
> server:
>
> client 172.22.10.5] Certificate Verification: Error (19): self signed
>> certificate in certificate chain
>
> client:
> SSL 3
> 11820:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
> certificate:s3_pkt.c:1102:SSL alert number 42
> 11820:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
> failure:s3_pkt.c:539:
>
> TLS1
> 9124:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown
> ca:s3_pkt.c:1102:SSL alert number 48
> 9124:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
> failure:s3_pkt.c:539:
>
>
I've had some issues running Apache with SSLProxyEngine as well and was made
aware of a bug in mod_ssl where it fails to use the correct (or any) client
certificate for communicating with the server you're proxing to.

Take a look at this bugzilla bug report and see if it fits your problem:

https://issues.apache.org/bugzilla/show_bug.cgi?id=47134

I was using Apache 2.2.17 at the time as a rev.proxy communicating with a
client certificate to the server at the other end. I had to make a few
modifications to the mod_ssl code but after recompilation it worked as
intended (at least from my point of view).


> On 18 Aug 2011, at 12:04, J-H Johansen wrote:
>
> On Sun, Aug 14, 2011 at 11:42 AM, paddy carroll wrote:
>
>> Hi,
>>
>> I have spent too long staring at my crypto material and apache logs. I'm
>> stuck.
>> I have checked and also had a colleague check my crypto trust chain,
>> certificates and keys more than once.
>> I have a reverse proxy setup
>>
>> client --> firewall --> reverse proxy --> tomcat
>>
>> firewall presents all requests to reverse proxy as coming from the same
>> address, but on different ports
>> The server appears to be rejecting client negotiations after the discovery
>> of our self signed root certificate, we have two certificates in the chain,
>> a RooCA and a subca
>> when I emulate the connection using openssl as a server on a different
>> port it succeeds
>>
>> CLIENT FAILURE
>>
>> from client
>> 
>> $ openssl s_client -connect lltpdxc001:443 -CApath test-ssl.crt  -cert
>> test.pem  -verify 3  -ssl3
>> verify depth is 3
>> CONNECTED(0003)
>> depth=2 /CN=TEST-Msad-Root-CA
>> verify return:1
>> depth=1 /DC=com/DC=horizonng/DC=internal/DC=Msad/CN=TEST-Msad-Sub-CA
>> verify return:1
>> depth=0 /CN=lltpdxc001
>> verify return:1
>> 70352:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
>> certificate:s3_pkt.c:1102:SSL alert number 42
>> 70352:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
>> failure:s3_pkt.c:539:
>> 
>> Server says
>> 
>> Sun Aug 14 10:20:34 2011] [debug] ssl_engine_kernel.c(1321): [client
>> 172.22.10.5] Certificate Verification: depth: 2, subject:
>> /CN=TEST-Msad-Root-CA, issuer: /CN=TEST-Msad-Root-CA
>> Sun Aug 14 10:20:34 2011] [error] [client 172.22.10.5] Certificate
>> Verification: Error (19): self signed certificate in certificate chain
>> Sun Aug 14 10:20:34 2011] [debug] ssl_engine_kernel.c(1884): OpenSSL:
>> Write: SSLv3 read client certificate B
>> Sun Aug 14 10:20:34 2011] [debug] ssl_engine_kernel.c(1903): OpenSSL:
>> Exit: error in SSLv3 read client certificate B
>> Sun Aug 14 10:20:34 2011] [debug] ssl_engine_kernel.c(1903): OpenSSL:
>> Exit: error in SSLv3 read client certificate B
>> Sun Aug 14 10:20:34 2011] [info] [client 172.22.10.5] SSL library error 1
>> in handshake (server lltpdxc001:443)
>> Sun Aug 14 10:20:34 2011] [info] SSL Library Error: 336105650
>> error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate
>> returned
>> Sun Aug 14 10:20:34 2011] [info] [client 172.22.10.5] Connection closed to
>> child 6 with abortive shutdown (server lltpdxc001:443)
>> +
>> relevant server config from server-info
>> +
>> `   In file: /data/httpd/conf/extra/proxydefs/lltpest001_443.conf
>>   1: 
>>   2:   SSLEngine on
>>   3:   SSLProxyEngine on
>

Re: [users@httpd] Mutual Authentication issue in 2.2.17 openssl 1.0.0d

2011-08-18 Thread J-H Johansen

-Msad-Root-CA
> verify return:1
> depth=1 /DC=com/DC=horizonng/DC=internal/DC=Msad/CN=TEST-Msad-Sub-CA
> verify return:1
> depth=0 /CN=lltpdxc001
> verify return:1
> ---
> Certificate chain
>  0 s:/CN=lltpdxc001
>   i:/DC=com/DC=horizonng/DC=internal/DC=Msad/CN=TEST-Msad-Sub-CA
>  1 s:/DC=com/DC=horizonng/DC=internal/DC=Msad/CN=TEST-Msad-Sub-CA
>   i:/CN=TEST-Msad-Root-CA
>  2 s:/CN=TEST-Msad-Root-CA
>   i:/CN=TEST-Msad-Root-CA
> ---
> Server certificate
> -BEGIN CERTIFICATE-
> MIIFbjCCBFagAwIBAgIKGMspqwAABj
> .
> 9jo=
> -END CERTIFICATE-
> subject=/CN=lltpdxc001
> issuer=/DC=com/DC=horizonng/DC=internal/DC=Msad/CN=TEST-Msad-Sub-CA
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 4429 bytes and written 4449 bytes
> ---
> New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
> Server public key is 1024 bit
> Secure Renegotiation IS supported
> Compression: NONE
> Expansion: NONE
> SSL-Session:
>Protocol  : TLSv1
>Cipher: DHE-RSA-AES256-SHA
>Session-ID:
> BB3AE2B7F2AB96802985F0C131C7AA51AD2D3673E82F12999418D788467A4506
>Session-ID-ctx:
>Master-Key:
> DA5D9DED5CBCD6E57A687B87FAC0E034C2D7CD0DFFAA877847C5AB1E973C43BC2FB1D7A9B5C5135CC41FBCE9F037CC31
>Key-Arg   : None
>Start Time: 1313313462
>Timeout   : 300 (sec)
>Verify return code: 0 (ok)
> ++
>
> Help!
>
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>   "   from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>


-- 
Jens-Harald Johansen
--
There are 10 kinds of people in the world: Those who understand binary and
those who don't...

Re: [users@httpd] What is %D in access log meassuring?

Thanks for your reply. I'll do my best to answer your questions below.

> > ipA [31/Mar/2011] "GET /file.jpg HTTP/1.0" 200 42981
> "-" "ApacheBench/2.3" 3560
> > ipB [31/Mar/2011] "GET /file.jpg HTTP/1.0" 200 42981
> "-" "ApacheBench/2.3" 93574
> > 
> > (the ipA is much "closer" to the server than ipB).
> 
> First, are these results consistently repeatable over a
> large number of measurements?  If not, then it is
> likely just normal statistical variation due to normal
> network traffic, CPU scheduling, or something similar. 
> Otherwise...

apache log gives numbers in the ranges 3000-4000   vs.  8-12 so I'd say 
they are consistent. (running ab -c 1 -n 100 )
 
> What does 'much "closer"' mean?
The server is in Amazon EC2 cloud, and ipA is another EC2 instance.
ipB is from the office, and ab reports a noticeble difference in latency, about 
43 ms when accessing from ipB.

 
> What is the hardware (number and speed of CPUs, amount of
> RAM, etc.) for ipA and ipB?  What OS and version are
> each running?  How heavily loaded is each one during
> the test (CPU, I/O)?  How is the kernel and networking
> stack on each one configured?

There is almost zero load on the machines. The EC2 machines are small instances 
(1 core each) and the office machine a common PC with two cores.
They are all running Ubuntu Linux (LTS 10.04 in EC2) and 10.10 in office PC.

I'm not sure how to answer about the kernel and networking stacks.

 
> I recommend using a network sniffer to analyze differences
> in network traffic for a request sent from ipA versus a
> request sent from ipB.  Try and find out where the
> delay is occurring for ipB.

I will try to do that.

> If (and only if) the network trace shows that the delay is
> in waiting for your server to generate and send packets to
> ipB -- as opposed to your server waiting for packets from
> ipB -- then use performance analysis tools on your server
> such as strace, truss, DTrace, or SystemTap to figure out
> what your kernel, and web server processes are doing during
> that time.
> 
> Keep in mind that you're looking at a 90 millisecond
> (90,000 microsecond) difference between the two
> clients.  Depending on your situation, this may or may
> not actually be a significant real-world problem, and hence
> it may or may not justify a large amount of time and effort
> for finding the cause.
>
> 
> 
> > i also tried a curl download with a limit on 1000
> bytes/s but the time logged in access-log many orders of
> magnitute away from the acctual time it took to receive the
> image (about 42 seconds) So I guess the time that is logged
> is "when apache has sent the final bytes to the level below
> in the network stack?
> 
> %D measures how long Apache spends processing the
> request.  It does not measure how long other things on
> your server (kernel, host-based firewall, etc.) take to
> process the data, nor does it measure how long it takes data
> to actually reach the client.  If you are interested in
> how long the request takes on the client (including how long
> it takes the response to travel from the server to the
> client), then you will need to measure that on the client,
> not on the server.

On the client side the speed difference is a factor of not 30 as above but more 
like 60 or even more.

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] What is %D in access log meassuring?

--- On Thu, 3/31/11, Mark Montague  wrote:

> > In the access log, what is acctually meassured with
> the %D option?
> > 
> > %D The time taken to serve the request, in
> microseconds.
> > 
> > but what is included in this time? Is the stopwatch
> started when the last byte of the request is received and
> stoped when the first  byte of the response is ready to
> be sent?
> > 
> > Or is the stopwatch started when the first byte of the
> request is received and stoped when the last byte of the
> response has been sent? That is, it is including network
> sending time?
> From the source code for httpd-2.2.17,
> modules/loggers/mod_log_config.c, line 650, %D is:
> 
> apr_time_now() - r->request_time)
> 
> "now" in this context means "the time at which the log line
> is being written".  This is after all data has been
> sent to the client (logging the amount of data sent the the
> client is one of the things that can be logged).  Note
> that the connection may remain open past the last byte being
> sent to the client (keepalive, etc.).
> 
> r->request_time gets set in server/protocol.c, line 617,
> after the first non-blank line of the request (e.g., "GET /
> HTTP/1.1\r\n")
> made by the client is completely received.  This is
> close to, but a little bit after (16 bytes after, in the
> example I just gave) the first byte of the request was
> received.  So the time to receive the first line of the
> request is not counted in %D, but the time to receive any
> subsequent lines of the same request are counted.
> 
> I hope this helps.
> 

Well, I'm still a little confused.
I'm trying to find out why the accesslog shows the line

ipA [31/Mar/2011] "GET /file.jpg HTTP/1.0" 200 42981 "-" "ApacheBench/2.3" 3560
ipB [31/Mar/2011] "GET /file.jpg HTTP/1.0" 200 42981 "-" "ApacheBench/2.3" 93574

(the ipA is much "closer" to the server than ipB).

i also tried a curl download with a limit on 1000 bytes/s but the time logged 
in access-log many orders of magnitute away from the acctual time it took to 
receive the image (about 42 seconds) So I guess the time that is logged is 
"when apache has sent the final bytes to the level below in the network stack?

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] What is %D in access log meassuring?

> From the source code for httpd-2.2.17,
> modules/loggers/mod_log_config.c, line 650, %D is:
> 
> apr_time_now() - r->request_time)
> 
> "now" in this context means "the time at which the log line
> is being written".  This is after all data has been
> sent to the client (logging the amount of data sent the the
> client is one of the things that can be logged).  Note
> that the connection may remain open past the last byte being
> sent to the client (keepalive, etc.).

Thank you!

It explained everything!

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] What is %D in access log meassuring?