Re: [users@httpd] acme-challenge folder exists but 404 contents

2019-01-02 Thread Jens-U. Mozdzen 

Hi Jerry,

Zitat von Jerry Malcolm :
I have an apache install that has been up and running for months.  I  
use LetEncrypt for certificates.  I went to renew all of my  
certificates using an automated script that worked fine 3 months ago  
on the last refresh.  It failed on every domain saying the challenge  
file was not found.  I put a test.html file in  
/.well-known/acme-challenge folder, and tried to access it with a  
browser, and it gave me a 404.  After moving the test.html file  
around into other folders, it was found correctly in every folder  
except acme-challenge. [...]


what's in the Apache logs? The access log should report the 404, is  
there anything related in the error logs?


Regards,
J


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Problem setting up ssl

2018-08-14 Thread Jens-U. Mozdzen 

Hi,

Zitat von Mahmood Naderan :

what's in the logs of your httpd server? Any errors reported during 
httpd startup and/or your accesses?


When I restart apache2 service, I see these lines in the syslog
Aug 13 22:19:36 webshub systemd[1]: Stopping The Apache HTTP Server...
Aug 13 22:19:36 webshub apachectl[20543]: AH00558: apache2: Could  
not reliably determine the server's fully qualified domain name,  
using 127.0.1.1. Set the 'ServerName' directive globally to suppress  
this message

Aug 13 22:19:37 webshub systemd[1]: Stopped The Apache HTTP Server.
Aug 13 22:19:37 webshub systemd[1]: Starting The Apache HTTP Server...
Aug 13 22:19:37 webshub apachectl[20554]: AH00558: apache2: Could  
not reliably determine the server's fully qualified domain name,  
using 127.0.1.1. Set the 'ServerName' directive globally to suppress  
this message

Aug 13 22:19:37 webshub systemd[1]: Started The Apache HTTP Server.


nothing that points to the root cause, then. OTOH, seems to be some  
special setup, defaulting to an address from the loopback network  
(127.0.1.1).


However, apache/error.log and apache/access.log show nothing when I  
enter the IP address in the browser.


As you seem to receive some resources via HTTP, the request should get  
logged somewhere.



Another guess: what do you see in the browser if you try to access 
http://w.x.y.z:443 (so actually trying to access your "SSL site" via 
regular HTTP)? I believe to remember having seen that error when the 
server spat out regular HTTP.



http://w.x.y.z:443 works. I mean I can see the page. However it is  
not https.https://w.x.y.z:443 says the same error as before.


So your server (on port 443) is handing out http, not https. Seems to  
be some configuration issue then. The browser error (when using  
https://...) is just telling you "cannot interpret the server output  
as SSL/TLS traffic".


As one more step of diagnosis, you might want to ask httpd for it's  
current (v)host setup (see "-S" option) and in your place, I'd try to  
find out where the accesses actually end up - there should be some  
logging somewhere. Another test would be to change the content of your  
html page (the one you believe to receive when reuqesting  
http://w.x.y.z:443) and double-check that the browser then receives  
the modified version. Because:


Might it be that the request ends up in a totally different  
server/httpd process? You always tell you're accessing "w.x.y.z" and  
said "the server's page is reachble by an IP address", so I understand  
you're not using a host name, but IP address to connect. w.x.y.z reads  
like an IPv4 address, while your earlier report of open ports just  
gave an IPv6 port open for listening:


root@webshub:~# netstat -tulpn | grep 443
tcp6   0  0 :::443  :::* 
LISTEN  14709/apache2


So there might be a chance your browser's requests doesn't even end up  
in *your* server.


Regards,
J


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Problem setting up ssl

2018-08-14 Thread Jens-U. Mozdzen 

Hi,

Zitat von Mahmood Naderan :

what's in the logs of your httpd server? Any errors reported during 
httpd startup and/or your accesses?


When I restart apache2 service, I see these lines in the syslog
Aug 13 22:19:36 webshub systemd[1]: Stopping The Apache HTTP Server...
Aug 13 22:19:36 webshub apachectl[20543]: AH00558: apache2: Could  
not reliably determine the server's fully qualified domain name,  
using 127.0.1.1. Set the 'ServerName' directive globally to suppress  
this message

Aug 13 22:19:37 webshub systemd[1]: Stopped The Apache HTTP Server.
Aug 13 22:19:37 webshub systemd[1]: Starting The Apache HTTP Server...
Aug 13 22:19:37 webshub apachectl[20554]: AH00558: apache2: Could  
not reliably determine the server's fully qualified domain name,  
using 127.0.1.1. Set the 'ServerName' directive globally to suppress  
this message

Aug 13 22:19:37 webshub systemd[1]: Started The Apache HTTP Server.


nothing that points to the root cause, then. OTOH, seems to be some  
special setup, defaulting to an address from the loopback network  
(127.0.1.1).


However, apache/error.log and apache/access.log show nothing when I  
enter the IP address in the browser.


As you seem to receive some resources via HTTP, the request should get  
logged somewhere.



Another guess: what do you see in the browser if you try to access 
http://w.x.y.z:443 (so actually trying to access your "SSL site" via 
regular HTTP)? I believe to remember having seen that error when the 
server spat out regular HTTP.



http://w.x.y.z:443 works. I mean I can see the page. However it is  
not https.https://w.x.y.z:443 says the same error as before.


So your server (on port 443) is handing out http, not https. Seems to  
be some configuration issue then. The browser error (when using  
https://...) is just telling you "cannot interpret the server output  
as SSL/TLS traffic".


As one more step of diagnosis, you might want to ask httpd for it's  
current (v)host setup (see "-S" option) and in your place, I'd try to  
find out where the accesses actually end up - there should be some  
logging somewhere. Another test would be to change the content of your  
html page (the one you believe to receive when reuqesting  
http://w.x.y.z:443) and double-check that the browser then receives  
the modified version. Because:


Might it be that the request ends up in a totally different  
server/httpd process? You always tell you're accessing "w.x.y.z" and  
said "the server's page is reachble by an IP address", so I understand  
you're not using a host name, but IP address to connect. w.x.y.z reads  
like an IPv4 address, while your earlier report of open ports just  
gave an IPv6 port open for listening:


root@webshub:~# netstat -tulpn | grep 443
tcp6   0  0 :::443  :::* 
LISTEN  14709/apache2


So there might be a chance your browser's requests doesn't even end up  
in *your* server.


Regards,
J


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Problem setting up ssl

2018-08-13 Thread Jens-U. Mozdzen 

Zitat von Mahmood Naderan :
Now, when I open https://w.x.y.z in the browser, I get>>>An error  
occurred during a connection to w.x.y.z. SSL received a record that  
exceeded the maximum permissible >length. Error code:  
SSL_ERROR_RX_RECORD_TOO_LONG





Excuse me... Isn't there any idea?


what's in the logs of your httpd server? Any errors reported during  
httpd startup and/or your accesses?


Another guess: what do you see in the browser if you try to access  
http://w.x.y.z:443 (so actually trying to access your "SSL site" via  
regular HTTP)? I believe to remember having seen that error when the  
server spat out regular HTTP.


Regards,
J


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] websocket header not passing a long with ProxyPass and mod_headers

2018-02-08 Thread Jens-U. Mozdzen 

Hi Rainer, hi Mark,

Zitat von Rainer Jung :

Hi Mark,

Am 08.02.2018 um 16:49 schrieb Mark Nenadov:
Hello, I have an operational setup where Apache httpd is proxying  
secure websockets traffic to an Apache Tomcat server. In other  
words, I'm using ProxyPass to pass traffic along to a WSS url.


I'm now having some issues trying to throw mod_headers into the  
mix. I'm attempting to manipulate the "Upgrade" header like so in  
my Apache httpd Virtual Host:


< LocationMatch "/somewhere" >
  RequestHeader set Upgrade websocket
  ProxyPass wss://192.168.1.77/some_url_on_tomcat  


< / LocationMatch >

So, supposing the client sends something funky for Upgrade like  
"WebSocket" (as an older version of a certain websocket library  
does), this RequestHeader directive should, by my understanding,  
replace it with "websocket".


However, when I place %{Upgrade}i in both my Apache httpd and  
Apache Tomcat access logs, I'm finding that the modified Upgrade  
header appears only in my httpd access logs, Tomcat says it is  
getting the original unmodified value!


This is rather perplexing to me as my understanding is that  
RequestHeader should permanently alter that request header. The  
Tomcat setup I have is very straightforward and there should be no  
surprises there.


I've tried changing my RequestHeader usage to do an unset and add  
I've also tried adding the "early" directive to the end of  
RequestHeader, but that does not alter the behavior.


It sure seems like the problem is with how Apache httpd is passing  
things along somehow, but my research hasn't come up with an answer  
that explains it or offers a resolution. Am I missing something here?


Versions: Apache httpd 2.4.18 / Apache Tomcat 8.5.24


You are probably proxying with mod_proxy_wstunnel. It seems to me  
that "Upgrade: WebSocket" is hard-coded in that module.


according to the docs, you can actually specify the protocol:

https://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html :

"In fact the module can be used to upgrade to other protocols, you can  
set the upgrade parameter in the ProxyPass directive to allow the  
module to accept other protocol."


From https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass :

"Parameter "upgrade", default "WebSocket": Protocol accepted in the  
Upgrade header by mod_proxy_wstunnel. See the documentation of this  
module for more details."


So maybe setting "upgrade=websocket" as a ProxyPass parameter might  
already achieve what Mark is looking for?


Regards
Jens


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] help interpreting an Apache 2.2 segmentation fault backtrace. [I]

2015-08-06 Thread Jens-U. Mozdzen 

Hi Mark,

Zitat von Mark Blackman mark.black...@db.com:

Classification: For internal use only

Hi guys,

I wonder if you could me some clues about how to interpret the  
following, frequently observed, backtrace from an Apache 2.2  
segmentation fault (Apache 2.2.29, 32-bit, Linux, kernel  
2.6.32.59-0.7-default SLES11 SP2).

[...]
To me it looks like some kind of APR pool corruption or a corruption  
of the pointer for the APR pool, and it looks like the mod_wl  
handler is called first and then parts of the libct module are  
getting called and finally segfaulting inside the APR routines.


Anyone care to improve that interpretation?


it might be as simple as a heap corruption. Does apache22 use glibc  
malloc() routines? Then you might give setting MALLOC_CHECK_ to a  
non-zero value a try. OTOH, this may significantly reduce the  
performance of your httpd.



[...]
Program terminated with signal 11, Segmentation fault.
#0  0xf7612ac1 in allocator_alloc ()
   from /versions/apache-2.2.29/lib/libapr-1.so.0
(gdb) bt
#0  0xf7612ac1 in allocator_alloc ()
   from /versions/apache-2.2.29/lib/libapr-1.so.0
#1  0xf6f12f40 in apr_sdbm_rdonly ()
   from /apache22/modules/libct_apache22_agent.so
#2  0x0010 in ?? ()
#3  0xf7026ea8 in apr_sdbm_rdonly ()
   from /apache22/modules/libct_apache22_agent.so
#4  0x0007 in ?? ()
#5  0x001f in ?? ()
#6  0xffceaa08 in ?? ()
#7  0xf6e931a3 in ct_malloc () from /apache22/modules/libct_apache22_agent.so
#8  0xf76134e1 in apr_pool_create_ex ()
   from /versions/apache-2.2.29/lib/libapr-1.so.0
#9  0x0b97af00 in ?? ()
#10 0x1fe8 in ?? ()
#11 0xffceaa4c in ?? ()
#12 0xf70f74d7 in operator new () from /usr/lib/libstdc++.so.6
#13 0xf71410bb in _ZN6ReaderC9EP10apr_pool_tiP10LogContext ()
   from /versions/wlsplugins_generic_11.1.1.7.0/lib/mod_wl.so
[...]


Regards,
Jens


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Documentation for /etc/sysconfig/httpd file

2015-06-05 Thread Jens-U. Mozdzen 

Hi Dirk,

Zitat von Dirk Devos dirk.de...@usa.net:

So, if I understand this correctly I should be putting my changes in
/usr/sbin/apachectl and not /etc/sysconfig/httpd.


this depends on your distribution's setup. In my case I can see that  
apache(2)ctl does *source* /etc/sysconfig/apache2, which would be then  
the proper place for local customization. How your distro handles  
this, is something you will have to find out (i.e. by looking at your  
apachectl script).



So if I want to have a variable available to me in httpd.conf that contains
the server's host name that I am running on, what do I need. I have tried
variable=$(hostname) and variable=`hostname` and when I use that variable in
httpd.conf is always resolves to the actual literal $(hostname) or
`hostname`.


Why your variables aren't set properly is a different (shell  
scripting) story, maybe running your script via set -x will give you  
a clue.


Regards,
Jens


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Documentation for /etc/sysconfig/httpd file

2015-06-04 Thread Jens-U. Mozdzen 

Hi Dirk,

Zitat von Dirk Devos dirk.de...@usa.net:
I am confused. Based on the documentation on apache's website we  
need to use apachectl but in that module it says to use  
apachectl. So what is the right place.


hm, looks identical to me ;) And on a random machine I picked to look  
things up, it's apache2ctl :D


I realize that the variables are different and that was done on  
purpose. I wanted to compare the two ways of assigning a value.


and what happens if you dynamically assign a value to the variable  
that's currently working statically and vice versa?


To me it looks like you have to find out if either

a - it's a problem assigning the value (including finding the right  
place to do so), which is more of a shell programming question, or


b - it's a problem of accessing the content of a shell variable from  
where you're trying to do so (which might be an httpd question)


Regards,
Jens


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Documentation for /etc/sysconfig/httpd file

2015-06-03 Thread Jens-U. Mozdzen 

Hi Andy,

Zitat von Andy Wang aw...@ptc.com:

On 06/03/2015 10:31 AM, Jens-U. Mozdzen wrote:

Hi Dirk,

Zitat von Dirk Devos dirk.de...@usa.net:

Hi,

I am running Redhat 7.1 and apache 2.4 but I am not able to find any
documentation on the /etc/sysconfig/httpd file.
[...]
This works.

HTTPD_ENV_NAME=devl


I have tried the following with no success.

HTTPD_HOSTNAME=`hostname`
HTTPD_HOSTNAME=${hostname}
HTTPD_HOSTNAME=$(hostname)


the first an the last line should work (while I prefer the $() version)
- what catches the eye is the change in variable names (HTTPD_ENV_NAME
vs. HTTPD_HOSTNAME)...

Regards,
Jens



Couple of starter points
1) the apache httpd project is not responsible for the distribution  
specific builds.  The /etc/sysconfig/httpd thing is a red hat-ism.


just for the records, you'll see that with SUSE Linux Enterprise  
(SLES) as well, at least up to (still widely used) SLES11.



2) you should contact red hat for support on that

In general /etc/sysconfig/httpd (which at some point will be  
deprected -it already is with fedora as systemd generally doesn't  
use /etc/sysconfig files) are simply ./sourced into the init script


well, had you redirected the OP to some shell scripting list, I'd have  
agreed, but...


[...] So you'll want to look more closely at the init script and the  
httpd configuration files to even know if what you're trying to do  
in /etc/sysconfig/httpd is doable.


...obviously he already found a working way of setting the value  
statically, but didn't manage to do so dynamically. Hence I thought it  
polite to point out that mismatch in variable names between these two  
variants.


Regards,
Jens


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Documentation for /etc/sysconfig/httpd file

2015-06-03 Thread Jens-U. Mozdzen 

Hi Dirk,

Zitat von Dirk Devos dirk.de...@usa.net:

Hi,

I am running Redhat 7.1 and apache 2.4 but I am not able to find any
documentation on the /etc/sysconfig/httpd file.
[...]
This works.

HTTPD_ENV_NAME=devl


I have tried the following with no success.

HTTPD_HOSTNAME=`hostname`
HTTPD_HOSTNAME=${hostname}
HTTPD_HOSTNAME=$(hostname)


the first an the last line should work (while I prefer the $()  
version) - what catches the eye is the change in variable names  
(HTTPD_ENV_NAME vs. HTTPD_HOSTNAME)...


Regards,
Jens


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Download

2014-07-02 Thread Jens-U. Mozdzen 

Hi James,

Zitat von James Kerwin jkerwin2...@gmail.com:

Hello all,

I'm incredibly new to Apache, apologies if this is stupid but if I didn't
need help I wouldn't ask.

I'm using Apche2 on my laptop and on an actual server. The webpage I'm
using has a download button that points to a .zip file. On my laptop it
works and allows me to download the .zip. On the actual real server it
refuses to work.

Does anybody have any experience of this or know what settings I need to
change?


the proper approach to this would be to

- check the link that is invoked when you press your download button  
(What request is issued to which server?)


- if that request looks ok, check the access and error log of the  
accessed server for messages


If that doesn't give you any/sufficent clues, please come back with  
details (what was the request that was sent, what's in the server's  
access log for that request). If you see error messages you cannot  
make anything of, please include these in your message.


With regards,
Jens


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Mailman CGI scripts served instead of executed

2014-07-01 Thread Jens-U. Mozdzen 

Hi Remco,

Zitat von Remco Poelstra re...@beryllium.net:

Op 30 jun. 2014, om 21:39 heeft Miles Fidelman  
mfidel...@meetinghouse.net het volgende geschreven:



Remco Poelstra wrote:
Op 30 jun. 2014, om 20:23 heeft Miles Fidelman  
mfidel...@meetinghouse.net het volgende geschreven:



Remco Poelstra wrote:
Op 30 jun. 2014, om 19:56 heeft Miles Fidelman  
mfidel...@meetinghouse.net mailto:mfidel...@meetinghouse.net  
het volgende geschreven:



Remco Poelstra wrote:

Hi,

I'm migrating a mailman server to a newer machine. The new  
machine runs apache 2.4. My problem is that the mailman cgi  
scripts are served instead of being executed.

My configuration looks like the following:
VirtualHost *:80
ServerName lists.xxx
DocumentRoot /home/www/lists.xxx
ScriptAlias /mailman/ /var/www/w-lists/

SuexecUserGroup w-lists w-lists

Directory /home/www/lists.xxx
Require all granted
AddHandler fcgid-script .php
Options +ExecCGI
FCGIWrapper /var/www/w-lists/php5-cgi .php
/Directory
/VirtualHost

In the document root there is a php script that redirects to  
/mailman/listinfo. The php5-cgi wrapper is in  
/var/www/w-lists. The php script gets properly executed, but  
the mailman scripts (also in /var/www/w-lists) are served  
directly instead of being executed.


I've tried adding a SetHandler fcgid-script on the  
/var/www/w-lists directory, but that gives me a server error.
Basically the same configuration works nicely on the old  
machine (running apache 2.2).


Silly question: are the any chance that the scripts aren't  
executable (chmod +x)?  Permissions can screw you - they're the  
first thing I always check.

They are all -rwxr-xr-x and w-lists:w-lists, so I believe that's OK.


hmm

Just to be clear - you're saying that SOME php scripts in  
/var/www/w-lists execute properly, and others (the mailman  
scripts) do not?


If that's the case, you might want to really carefully examine  
what's different between the scripts that run and the ones that  
download - things like perhaps .php vs. php5 suffixes, and such.


You might also want to look around for extraneous .htaccess files  
that have conflicting information than what's in your config file.


I guess you should also see if the .php setup is different on  
your new machine.
To be more clear, ONLY the php script gets executed. The others  
are ELF binaries and have no extension. So it's difficult to  
compare why the php script works and the others do not. Maybe the  
difference is that the php script itself is in the document root  
and only the wrapper is in the scripts folder, while the other  
scripts are called directly.
There are no errors or warnings generated, apache just happily  
hands over the binary file.




Now that's a whole other kettle of fish:
- So the AddHandler fcgid-script .php line is working properly, but,
- ScriptAlias /mailman/ /var/www/w-lists/  is not

Maybe try upping your log level and looking at what happens when  
you try to access one of the scripts - it might give you some clues.


And.. I think I just figured out what's happening: There's no  
handler defined for files that don't have a suffix.


You might try replacing the AddHandler line with SetHandler  
fcgid-script - which should make EVERYTHING in that directory  
executable.


On the other hand, if some files in that directory are NOT  
executable, then maybe do this instead

- add a .fcgi extension to each of your binary scripts
- change the AddHandler fcgid-script .php to AddHandler  
fcgid-script .php .fcgi


Adding an extension to the binaries had the same effect as adding the entry:
Directory /var/www/w-lists
SetHandler fcgid-script
/Directory

I now get an Internal Server Error page and when I check the  
error.log I see the output of the script, which is a basic html  
page. It’s followed by:
(104)Connection reset by peer: [client 127.0.0.1:56565] mod_fcgid:  
error reading data from FastCGI server

[client 127.0.0.1:56565] End of script output before headers: listinfo


are those binaries actually FastCGI binaries, or just CGI programs?  
FastCGI programs would run in a loop, handling one request after the  
other, by serving a specific API. Plani CGI programs are invoked once  
per HTTP request and output the complete response.



The php wrapper keeps functioning like it should.
Is this a step forward or a step backward?


Sideways, I'd say. You now get the programs called, but probably via  
the wrong interface ;)


Regards,
Jens


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Client certificate auth behind f5 loadbalancer

2014-06-25 Thread Jens-U. Mozdzen 

Hi Marc,

Zitat von Marc Schöchlin m...@256bit.org:

Hello apache-users,

i'm trying to implement client certificate authentication behind a f5
loadbalancer.

My loadbalancer terminates ssl, and dispatches the decrypted
communication via network address translation to the backend apache server.
The client certificate auth should be performed at the webserver.

Unfortunately the SSLVerifyClient directive is ignored and access is
always granted.
It seems that without enabled ssl transport encryption, the logic for
SSLVerifyClient is deactivated.


Any hints?


yes, your web server is only seeing the plain HTTP traffic - all the  
SSL stuff got stripped at the load balancer.


You're so to speak asking to look at the post stamp of a letter, while  
you only received the content because your mail service already  
unpacked everything and dumped the envelope...


Regards,
Jens



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] proxy squid and apache

2014-04-16 Thread Jens-U. Mozdzen 

Hi Cain,

Zitat von Cain Dickens caindick...@gmail.com:

I have installed apache and squid in my debian server.

but squid does not work, as it shows in the firefox:
access control configuration prevents your request from being  
allowed at this time.

please  so and so.

squid/2.7

does anyone know why ?


who's reporting? Squid or Apache httpd?

If the former, squid is most probably mis-configured.

This then has nothing to do with httpd, either.

IOW - if you believe it's httpd's fault, please give more information.

Regards,
Jens


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Error :usr/include/unistd.h:1058: error: expected ')' before '[' token

2013-11-15 Thread Jens-U. Mozdzen 

Hi Baskaran, Paul,

Zitat von Stormy storm...@stormy.ca:

At 07:36 PM 11/15/2013 +0800, you wrote:

Dear Paul,
Thank you for your reply.
Now I am trying to install (httpd 2.2.25) version  and we get the  
below error. Kindly help us to resolve the problem.


Sorry - I have little (very old) or no experience on AIX; anyone else?

Paul



make
Making all in srclib
Making all in apr
   /bin/sh  
/GPFS/install/SAP/apache/httpd-2.2.25/srclib/apr/libtool --silent  
--mode=compile gcc -g -O2   -DHAVE_CONFIG_H -U__STR__  
-D_THREAD_SAFE   -I./include  
-I/GPFS/install/SAP/apache/httpd-2.2.25/srclib/apr/include/arch/unix  
-I./include/arch/unix  
-I/GPFS/install/SAP/apache/httpd-2.2.25/srclib/apr/include/arch/unix  
-I/GPFS/install/SAP/apache/httpd-2.2.25/srclib/apr/include  -o  
file_io/unix/filedup.lo -c file_io/unix/filedup.c  touch  
file_io/unix/filedup.lo

file_io/unix/filedup.c: In function 'file_dup':
file_io/unix/filedup.c:49: error: 'F_GETFD' undeclared (first use  
in this function)
file_io/unix/filedup.c:49: error: (Each undeclared identifier is  
reported only once

file_io/unix/filedup.c:49: error: for each function it appears in.)
file_io/unix/filedup.c:52: error: 'FD_CLOEXEC' undeclared (first  
use in this function)
file_io/unix/filedup.c:53: error: 'F_SETFD' undeclared (first use  
in this function)

make: 1254-004 The error code from the last command is 1.

Stop.
make: 1254-004 The error code from the last command is 1.
Stop.
make: 1254-004 The error code from the last command is 1.


Thanks  Regards,
Baskaran.V


please try this with a copy of XL C for AIX - iirc gcc assumes these  
macros to be available from glibc, but on AIX (without glibc) these  
are in libc instead. xlc ought to compile/link Apache's httpd properly.


Regards,
Jens

PS: The IBM XL C 60-day trial download is at  
http://www.ibm.com/developerworks/downloads/r/xlcplusaix/index.html -  
you may need to have to register, though.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Issues building apache httpd-2.4.6-1.x86_64 on SUSE Linux Enterprise Server 11 (x86_64) - Kindly help

2013-09-18 Thread Jens-U. Mozdzen 

Hi Balaji,

Zitat von Balaji Katika balaji.kat...@gmail.com:

Hi all,

I have downloaded httpd-2.4.6.tar.bz2 from
http://httpd.apache.org/download.cgi#apache24 onto my SuSE Linux Enterprise
Server 11 (64-bit) machine (11.2) and trying to build an rpm through it as
per the instructions mentioned at
http://httpd.apache.org/docs/2.4/platform/rpm.html

I have resolved the missing -devel packages (several reported earlier like
pcre,libuuid-devel etc.,). However, I couldn't found the source for the
below dependencies.


*  Is there any readily available rpm for the specific version (or the
compliant) of SuSE Linux 11.2 ?


please make that SLES11SP2 - SuSE Linux 11.2 will typically be  
interpreted as openSUSE 11.2 :/


There's a build on software.opensuse.org for SP1 and SP3 - the SP1  
version should work:  
https://build.opensuse.org/package/show?project=home%3Acsbuild%3ADBApackage=dba-apache-246



*  Can someone point me to any apache specific repository for SuSE Linux ?


I again take it as SuSE Linux Enterprise Server, AKA SLES - and  
that platform was created for *stability*, so your best bet will be  
some user build like the one I referenced above. You're leaving the  
supported platform when using such an update, but as support is the  
main reason for the enterprise versions of Linux, that is no  
widely-used path.



*  Any relevant information shall be appreciated ?


Indeed ;)



The repos's mentioned at
http://en.opensuse.org/Additional_package_repositories#Apache doesn't seem
to be pointing to a valid URL.


What makes you think so? I just checked two of them, and they take me  
directly to each repository.



blr-3rd-2-dhcp330:~/apache # rpmbuild -ts httpd-2.4.6.tar.bz2
error: Failed build dependencies:
apr-devel = 1.4.0 is needed by httpd-2.4.6-1.x86_64
apr-util-devel = 1.4.0 is needed by httpd-2.4.6-1.x86_64
openldap-devel is needed by httpd-2.4.6-1.x86_64
distcache-devel is needed by httpd-2.4.6-1.x86_64

My zypper is currently referring to the repository
http://download.opensuse.org/distribution/11.4/repo/oss/suse


That's an openSUSE 11.4 repository - not SLES11SP2. As you can see on  
the page you mention above, no SLES11 repository (for none of the SPs)  
is given... only SLE(S|D)10, which won't help you either :(


Regards,
Jens

PS: You might want to ask that question over at forums.suse.com, too  
(SLES forums, Updates sub-forum) - that's where the SLES folks hang out.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Issue with URL Rewriting

2013-07-09 Thread Jens-U. Mozdzen 

Hi yvand,

Zitat von yvand yvand.sw...@gmail.com:

Hi all,

I want to redirect all requests like /icon.png to  
/pictures/icon.png, if the file exists in the pictures folder.

It seems really trivial but I didn't manage to set up.

Here is my .htaccess :
RewriteEngine On
RewriteCond /pictures/%{REQUEST_FILENAME} -f
RewriteRule ^(.+) /pictures/$1 [L]

If I request /pictures/icon.png it works, but if I request /icon.png  
I get a 404 error.


What is wrong with my .htaccess?


as you are in .htaccess (and not in global server/vhost context), I'd  
expect REQUEST_FILENAME to be the full path of the resource. From  
http://httpd.apache.org/docs/2.4/mod/mod_rewrite.html#rewritecond :


The full local filesystem path to the file or script matching the  
request, if this has already been determined by the server at the time  
REQUEST_FILENAME is referenced.


You may want to set up mod_rewrite logging  
(http://httpd.apache.org/docs/2.4/mod/mod_rewrite.html#logging) to  
verify this... the logging is generally *very* helpful in debugging  
such problems.


Regards,
Jens


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] htpasswd permissions

2013-07-04 Thread Jens-U. Mozdzen 

Hi Dave,

Zitat von Isenhower, Dave dave.isenho...@siemens.com:
We’re running prefork.  I can see the processes running under the  
correct user:


$ ps -ef | grep httpd
apache 14638 26766  0 11:32 ?00:00:00 /usr/sbin/httpd -d  
/www/etc/apache/config -c Pidfile /web/logs/pid-files/httpd.pid -f  
/www/etc/apache/config/httpd.conf


$ groups apache
apache : apache

Even adding read and execute to others on the config directory isn’t  
sufficient.  I still have to add read to the htpasswd file itself.


Thanks,
Dave


have you double-checked the effective user/group of your processes?

# ps -ax -o pid,euser,egroup,args|grep httpd

Regards,

Jens


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache virtualhost order deny, allow works only on localhost; ignores public IP for allow

2013-06-25 Thread Jens-U. Mozdzen 

Hi Kirk,

Zitat von Kirk Woellert kdwo...@gmail.com:

It's a good point but I need to able to access this site from one public IP
in particular. I thought an entry in /etc/hosts currently as:

127.0.0.1 [redacted alias for 3rd vhost]

would be sufficient but maybe not? If not, how can I get Apache to 'route'
to that 3rd vhost? What would people typically do in this case? BTW, I'm


as already said by Eric: put the /etc/hosts entry on the *client*,  
where you run your browser.


The browser will take the name from the URL, convert it to your  
server's (internal) IP and send the request there - stating it's for  
FQDN. httpd then will take that name and match it to the vhost  
setting.



not the DNS manager and won't get a FQDN for this stage of development.


no need for that.


On Tue, Jun 25, 2013 at 10:55 AM, Eric Covener cove...@gmail.com wrote:


 As a reminder- I don't have a FQDN for the third vhost site- so I just
made
 a /etc/host temporary entry as mentioned earlier in my post. Therefore


How should that help? The browser doesn't even send the FQDN of the  
vhost, but asks for the IP you give in the URL:



when
 I try to check for public access, I'm always using a physical path in the
 browser as:

 http://[redacted public IP]/~[redacted user for 3rd vhost]/[redacted
site
 directory for 3rd vhost]/index.php
 [...]
How would Apache know to route  that to the third name-based vhost
when you use the IP address only and no matching servername?  You
should mock the hostname in your hosts file from the client you test
on.


Regards,
Jens


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] .htaccess {QUERY_STRING} and issue with append a value

2013-05-24 Thread Jens-U. Mozdzen 

Hi Joydeep,

Zitat von Joydeep Bakshi joydeep.bak...@netzrezepte.de:

[...]
Thanks but without the leading slash it still fails to provide the  
redirection.

Now I have

RewriteRule ^ALP33211$  /ALP33211L=1 [R=301]


what's in mod_rewrite's debug log?

Regards,
Jens



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] .htaccess {QUERY_STRING} and issue with append a value

2013-05-24 Thread Jens-U. Mozdzen 

Hi Joydeep,

Zitat von Joydeep Bakshi joydeep.bak...@netzrezepte.de:

On 24-May-2013, at 6:23 PM, Jens-Uwe Mozdzen jmozd...@nde.ag wrote:


Hi Joydeep,

Zitat von Joydeep Bakshi joydeep.bak...@netzrezepte.de:

On 24-May-2013, at 6:06 PM, Jens-U. Mozdzen jmozd...@nde.ag wrote:


Hi Joydeep,

Zitat von Joydeep Bakshi joydeep.bak...@netzrezepte.de:

[...]
Thanks but without the leading slash it still fails to provide  
the redirection.

Now I have

RewriteRule ^ALP33211$  /ALP33211L=1 [R=301]


what's in mod_rewrite's debug log?

Regards,
Jens




Hello Jens,

I get repeated


sorry, I missed the other response.



`
applying pattern '^ALP33211$' to uri

``


That's not very helpful yet - increase the log level so you see  
that a new request is being handled and which rules apply and which  
don't - RewriteLogLevel 5 might be a good start.


It was level 5 and now I have set level 9.
From log it seems that the pattern is blindly applied to every link  
rather than matching the query_string


that's not how I read it:


applying pattern '^ALP33211$' to uri 'index.php'
applying pattern '^ALP33211$' to uri  
'uploads/repository/02/1276_cn74_1001.gif'
applying pattern '^ALP33211$' to uri  
'fileadmin/templates/images/btnAddCart.png'

……..
….

where te ruleset I have at .htaccess is

RewriteCond %{QUERY_STRING} ^Id=7572doi=10.5414/ALP33211$
RewriteRule ^/ALP33211$  /ALP33211L=1 [R=301]


The first rule to check is does the URI match ^/ALP33211$? And  
that's of course applied to all incoming requests, which is what the  
debug log confirms.


The actual url is
http://www.mydomain.com/index.php?id=7artId=7572doi=10.5414/ALP33211


Then where does your regexp ^/ALP33211$ come from? Shouldn't you  
rather match ^index.php$?
RewriteCond is just *another* condition the request has to match. And  
make sure your replacement string is correct - as it is now, you  
defined to turn /ALP33211 (which will never match - no leading  
slash, please) to /ALP33211L1... even if you fix the condition, the  
replacement looks wrong to me ;)



and it has to become

http://www.mydomain.com/index.php?id=7artId=7572doi=10.5414/ALP33211L=5


hm... might it be you got confused by the format of the query  
parameters? The final element of the resource is index.php,  
everything after the ? are parameters. Seems that's where your  
current regexp comes from.


Watch your debug log - it tells you what URI is being thrown into the  
rule sets - the first one from your quote above is index.php, and  
it's that URI which needs to be matched in RewriteRule.



The L=5 has to be appended

Thanks


Regards,
Jens


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Failure to start 2.4.4

2013-04-10 Thread Jens-U. Mozdzen 

Hi Steve,

Zitat von Redalert Commander redalert.comman...@gmail.com:

Hello list,

I compiled version 2.4.4 from source and created an RPM package, I
used a spec file for a 2.2.3 package and changed it where required in
order to build successfully.
The httpd.conf file used was also for 2.2.3 (with minor changes as
defined in the section  Common problems when upgrading from
http://httpd.apache.org/docs/2.4/upgrading.html).

After going through some errors about modules, for which the solution
was described in the documentation, I'm left with a more obscure
error.
The only thing I can see is in /var/log/httpd/error_log A file
authdigest_shm.pid is also created, but left empty.
Selinux is set to permissive, no entries appear to be logged here.
Apr and apr-util versions are 1.4.6 and 1.5.2 respectively.

Does anyone have any idea about what's wrong here?

# cat /var/log/httpd/error_log
[Wed Apr 10 12:44:44.796571 2013] [suexec:notice] [pid 23907] AH01232:
suEX= EC mechanism enabled (wrapper: /usr/sbin/suexec) [Wed Apr 10
12:44:44.819405 2013] [auth_digest:notice] [pid 23908] AH01757:=
generating secret for digest authentication ...
[Wed Apr 10 12:44:44.819655 2013] [auth_digest:error] [pid 23908]
(13)Permi= ssion denied: AH01762: Failed to create shared memory
segment on file /etc/=
httpd/logs/authdigest_shm.23908
[Wed Apr 10 12:44:44.819796 2013] [auth_digest:error] [pid 23908]
(13)Permi= ssion denied: AH01760: failed to initialize shm - all
nonce-count checking,=  one-time nonces, and MD5-sess algorithm
disabled [Wed Apr 10 12:44:44.819807 2013] [:emerg] [pid 23908]
AH00020: Configurati= on Failed, exiting

In httpd.conf, both 'User apache' en 'Group apache' are specified.


I believe you have no or a wrong path set for the shared memory  
location... it shouldn't point to  
/etc/httpd/logs/authdigest_shm.23908, but more probably to  
/var/log/httpd/... or even better to /var/run/httpd/... (or  
similar)?


Regards,
Jens


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Failure to start 2.4.4

2013-04-10 Thread Jens-U. Mozdzen 

Hi Steven,

Zitat von Redalert Commander redalert.comman...@gmail.com:

Hi Jens, thanks for having a look.

2013/4/10 Jens-U. Mozdzen jmozd...@nde.ag:

Hi Steve,

Zitat von Redalert Commander redalert.comman...@gmail.com:


[...]


# cat /var/log/httpd/error_log
[Wed Apr 10 12:44:44.796571 2013] [suexec:notice] [pid 23907] AH01232:
suEX= EC mechanism enabled (wrapper: /usr/sbin/suexec) [Wed Apr 10
12:44:44.819405 2013] [auth_digest:notice] [pid 23908] AH01757:=
generating secret for digest authentication ...
[Wed Apr 10 12:44:44.819655 2013] [auth_digest:error] [pid 23908]
(13)Permi= ssion denied: AH01762: Failed to create shared memory
segment on file /etc/=
httpd/logs/authdigest_shm.23908
[Wed Apr 10 12:44:44.819796 2013] [auth_digest:error] [pid 23908]
(13)Permi= ssion denied: AH01760: failed to initialize shm - all
nonce-count checking,=  one-time nonces, and MD5-sess algorithm
disabled [Wed Apr 10 12:44:44.819807 2013] [:emerg] [pid 23908]
AH00020: Configurati= on Failed, exiting

In httpd.conf, both 'User apache' en 'Group apache' are specified.



I believe you have no or a wrong path set for the shared memory location...
it shouldn't point to /etc/httpd/logs/authdigest_shm.23908, but more
probably to /var/log/httpd/... or even better to /var/run/httpd/... (or
similar)?


/etc/httpd/logs is a symlink to /var/log/httpd.


ah, I should have thought of that.

In your original message you wrote that httpd is running as user (and  
group) apache, and that /var/log/httpd is owned by root:root with  
700 permission.


Judging from that and the error message, httpd attempts to open the  
shm file as user apache (not root) and thus fails. Is there any  
specific reason /var/log/httpd is not owned by your httpd user?



Although /var/run/httpd does look like a better location for such a
file, so where would I configure this?
Is it a configure option when compiling or a directive in httpd.conf?
I couldn't find a reference to it on a quick search.


Me neither - might be you'd have to look at the documentation written  
in that other language (I'm talking about the module's source code ;)  
) to see if it is configurable. The online man page at least lists *no  
hint at all* that you may influence the location. Sorry for putting  
you on that wrong track.


Regards,
Jens


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] PHP script not executing with empty POST when using chunked encoding

2013-03-04 Thread Jens-U. Mozdzen 

Hi Ashley,

Zitat von Ashly Pridmore ashly.pridm...@juniperbridge.com:

[...]
The NBG on the other hand, sends the following:

POST /{URL} HTTP/1.1
HOST: {Host}
User-Agent: workssys.com
Transfer-Encoding: chunked
Content-Length: 0
Cookie2: $Version=1
Cookie: PHPSESSID=l47r1bf2erk870i8n3m9sm4v65\r\n
\r\n
0\r\n
\r\n


What might be confusing the server is that the content actually isn't  
empty, although Content-Length is set to 0.


Regards,
Jens


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] SSL session problem

2013-03-03 Thread Jens-U. Mozdzen 

Zitat von Jens-Uwe Mozdzen jmozd...@nde.ag:

Zitat von Jens-U. Mozdzen jmozd...@nde.ag:

Hi list,

I could use a helping hand with a SSL problem.

[...]


Anything I should do differently to get at least an ack from this  
list? Or is there some other, more appropriate list? I'd then be  
grateful for some pointer...


Regards,
Jens


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] SSL session problem

2013-02-17 Thread Jens-U. Mozdzen 

Hi list,

I could use a helping hand with a SSL problem. And my excuses for the  
lengthy message... I've been doing plenty of tests so far, these are  
my current results...


It's about a web mail site (running Horde5 on SLES11SP2 with latest  
Novell updates, that's i.e. apache2-2.2.12-1.10.1 and  
openssl-0.9.8j-0.44.1). Client-side certificates are one of the  
elements to secure access to the server.


Users reported that sometimes access to the site stalls - one specific  
case, 100% reproducible in our test environment, is uploading files  
that exceed a specific size limit.


Symptoms on the client side is that the upload never seems to finish.  
On the server side, we then see in Apache's error log Re-negotiation  
handshake failed: Not accepted by client!? (and no other errors).


This is *not* the problem of a standard reneg buffer overflow - we  
have SSLRenegBufferSize 50486000 in the according Location section  
(and the log message would have been different... been there ;) ).


Generally, access to the https server works nicely, even with the  
client-side certificates. It are just some very specific POST  
request situations that trigger the symptoms.


As this is perfectly reproducible in our test environment, I've had a  
look at the trace from both server and client side and can hopefully  
provide any required details to follow-up questions.


My test case is attaching files to a new email message, which is  
implemented as an HTML form with POST action. When I attach a file  
below some limit (3714 bytes) it works, 4480 bytes don't. HTML-wise,  
the POST contains multiple MIME elements (text email body plus current  
file attachment), I don't know if it's just that extra size or the  
multi-part situation - but when I have no body, then larger files  
work, too.


Client is i.e. Firefox from OpenSUSE (MozillaFirefox-18.0-2.29.2) or  
via MS Windows (at least version 18.0, if not newer).


I could track things down to the POST request (HTTP content-length:  
7795), which (according to the Wireshark traces) simply aborts,  
meaning the server side seems to just shut down the connection. To  
limit any side-effects, I restart httpd right before submitting each  
POST request.


Looking at the traces, what catches the eye is the ordering of the  
packet flow, which might contribute to the problem:


client view:
... session setup, incl. TLS certificates exchange, session ticket...
cs HTTP POST request (7 TCP segments, seq 9909 ack 3993)
sc TCP ACK (seq 3393 ack 5773)
sc TCP ACK (seq 3393 ack 8513)
sc TCP ACK (seq 3393 ack 11253)
sc TLSv1 Hello request
cs TLSv1 Client Hello
sc TCP FIN,ACK (seq 4022 ack 11636)
cs TLSv1 Alert (warn/close notify)
cs TCP FIN,ACK (seq 11871 ack 4023)
sc TCP RST (seq 4022)
sc TCP RST (seq 4023)
sc TCP RST (seq 4023)

server view:
... session setup, incl. TLS certificates exchange, session ticket...
sc: TCP ACK (seq 3993 ack 11253)
cs: HTTP POST request (7 TCP segments, seq 11253 ack 3993)
sc: TLSv1 Hello request
sc: TCP FIN,ACK (seq 4022 ack 11636)
cs: TLSv1 Client hello
sc: TCP RST (seq 4022)
cs: TLSv1 Alert (warn/close notify)
sc: TCP RST (seq 4023)
cs: TCP FIN,ACK (seq 11871 ack 4023)
sc: TCP RST (seq 4023)

So the server immediately shuts down the TCP connection after starting  
the hello sequence, without even giving the client a chance to respond.


When I look at the POST request that works (HTTP content-length:  
7042), from the server side it's

cs HTTP POST
sc TCP ACK
sc TLSv1 Hello Request
cs TLSv1 Client Hello
sc TLSv1 Server Hello
sc TLSv1 Certificate request, Server hello done
...
just as one would expect it.

When I set up mod_ssl tracing, I see i.e. the following messages  
during such an exchange:


--- cut here: error_log.ssl ---
[Sun Feb 17 17:39:09 2013] [info] Initial (No.1) HTTPS request  
received for child 0 (server testserver.hh.nde.ag:443)
[Sun Feb 17 17:39:09 2013] [debug] ssl_engine_kernel.c(487): [client  
192.168.101.26] Changed client verification type will force  
renegotiation, referer:  
https://testserver.hh.nde.ag/horde5/imp/dynamic.php?page=composetype=templatemailbox=SU5CT1gvVGVtcGxhdGVzuid=4token=SToMqgkSgG6XH-dspiQTJA1uniq=1361109712088
[Sun Feb 17 17:39:09 2013] [debug] ssl_engine_io.c(1532): [client  
192.168.101.26] filling buffer, max size 50486000 bytes
[Sun Feb 17 17:39:09 2013] [debug] ssl_engine_io.c(1584): [client  
192.168.101.26] total of 7813 bytes in buffer, eos=1
[Sun Feb 17 17:39:09 2013] [info] [client 192.168.101.26] Requesting  
connection re-negotiation, referer:  
https://testserver.hh.nde.ag/horde5/imp/dynamic.php?page=composetype=templatemailbox=SU5CT1gvVGVtcGxhdGVzuid=4token=SToMqgkSgG6XH-dspiQTJA1uniq=1361109712088
[Sun Feb 17 17:39:09 2013] [debug] ssl_engine_kernel.c(724): [client  
192.168.101.26] Performing full renegotiation: complete handshake  
protocol, referer: